I struggled with that months ago. The SSL library that ships with Python is primitive, but M2Crypto can do that. M2Crypto will actually verify the certificate chain. The documentation is weak, it's hard to build, and there are bugs, but it's the best Python has right now.
John Nagle Hamish Moffatt wrote: > Hi, > I'm fetching some files over HTTPS from Python and I want to verify the > server certificate. (Not just the name etc provided in certificate.) > > How can I get access to this information? > > urllib2 doesn't seem to provide it. Even a raw SSL socket only appears > to provide access to the CN, OU etc in string form (not the raw > certificate). > > I tried pycurl, which allows you to setopt(pycurl.SSL_VERIFYPEER) and > VERIFYHOST, but the getinfo(pycurl.SSL_VERIFYRESULT) call always returns > 0. Perhaps it's unimplememented? > > I couldn't get the M2Crypto API documentation to generate; perhaps it > allows it. > > TLS Lite on to of M2Crypto? Something else again? > > > Thanks > Hamish -- http://mail.python.org/mailman/listinfo/python-list