Hello there, SSL.Socket.getpeercert() doesn't return essential information present in the client certificate (issuer, serial number, not before, etc), and it looks it is by design:
http://docs.python.org/library/ssl.html#ssl.SSLSocket.getpeercert http://hg.python.org/cpython/file/b878df1d23b1/Modules/_ssl.c#l866 By deliberately removing all that information, further verification/manipulation of the cert becomes impossible. Revocation lists, OCSP, and any other extra layers of certificate checking cannot be done properly without all the information in the cert being available. Is there anyway around this? There should be at least a flag for folks that need all the information in the certificate. Thanks! g.
-- http://mail.python.org/mailman/listinfo/python-list
