Issue 18379: SSLSocket.getpeercert(): OCSP and CRL DP URIs

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/62579

classification

Title:	SSLSocket.getpeercert(): OCSP and CRL DP URIs
Type:	enhancement	Stage:	resolved
Components:	Extension Modules	Versions:	Python 3.4

process

Dependencies:	Superseder:
Status:	closed	Resolution:	fixed
Assigned To:	christian.heimes	Nosy List:	christian.heimes, pitrou, python-dev
Priority:	normal	Keywords:	patch

Created on 2013年07月06日 12:30 by christian.heimes, last changed 2022年04月11日 14:57 by admin. This issue is now closed.

Files
File name	Uploaded	Description	Edit
ssl_ocsp_crldp.patch	christian.heimes, 2013年07月06日 22:39	review
ssl_ocsp_crldp2.patch	christian.heimes, 2013年07月18日 11:50	review

Messages (10)
msg192426 - (view)	Author: Christian Heimes (christian.heimes) * (Python committer)	Date: 2013年07月06日 12:30
The patch implements OCSP and CRL distribution point access for getpeercert(). I'll add tests and doc updates later. Output for https://info.pca.dfn.de/ {'OCSP': ('http://ocsp.pca.dfn.de/OCSP-Server/OCSP',), 'crlDistributionPoints': ('http://cdp1.pca.dfn.de/global-services-ca/pub/crl/cacrl.crl', 'http://cdp2.pca.dfn.de/global-services-ca/pub/crl/cacrl.crl'), 'issuer': ((('countryName', 'DE'),), (('organizationName', 'DFN-Verein'),), (('organizationalUnitName', 'DFN-PKI'),), (('commonName', 'DFN-Verein CA Services'),)), 'notAfter': 'Oct 18 09:07:09 2014 GMT', 'notBefore': 'Oct 19 09:07:09 2009 GMT', 'serialNumber': '0EFBA9CC', 'subject': ((('countryName', 'DE'),), (('organizationName', 'DFN-Verein'),), (('organizationalUnitName', 'DFN-PKI'),), (('commonName', 'info.pca.dfn.de'),)), 'version': 3}
msg192495 - (view)	Author: Christian Heimes (christian.heimes) * (Python committer)	Date: 2013年07月06日 22:39
Updated patch with test, doc updates and a third field. I have added CDP and two AIA URIs: crlDistributionPoints, caIssuers and OCSP
msg193277 - (view)	Author: Antoine Pitrou (pitrou) * (Python committer)	Date: 2013年07月18日 10:06
Do you have to put those certs in capath? Things would probably be simpler if you didn't have to trigger capath loading using an actual SSL connection. Also, please a versionadded tag in the doc entry.
msg193283 - (view)	Author: Christian Heimes (christian.heimes) * (Python committer)	Date: 2013年07月18日 11:50
It's just one certificate. The hash format of OpenSSL has changed over the years so we have to duplicate all certificates. But I don't need the extra stuff. I figured out that the Nokia test certificate has all new fields. My initial patch has a versionchanged doc update. Did you have too much French wine again? scnr :)
msg193285 - (view)	Author: Antoine Pitrou (pitrou) * (Python committer)	Date: 2013年07月18日 12:27
> It's just one certificate. Indeed, it's just the decision to use capath that I'm arguing with. > My initial patch has a versionchanged doc update. Did you have too > much French wine again? scnr :) Not too much, no ;-)
msg203188 - (view)	Author: Christian Heimes (christian.heimes) * (Python committer)	Date: 2013年11月17日 14:59
Are you satisfied with my patch? I'd like to commit it before beta 1
msg203566 - (view)	Author: Roundup Robot (python-dev) (Python triager)	Date: 2013年11月21日 02:40
New changeset 468d18bffdea by Christian Heimes in branch 'default': Issue #18379: SSLSocket.getpeercert() returns CA issuer AIA fields, OCSP http://hg.python.org/cpython/rev/468d18bffdea
msg203567 - (view)	Author: Christian Heimes (christian.heimes) * (Python committer)	Date: 2013年11月21日 02:41
memo to me: update whatsnew
msg203639 - (view)	Author: Roundup Robot (python-dev) (Python triager)	Date: 2013年11月21日 15:27
New changeset 40bfddda43d4 by Christian Heimes in branch 'default': Issue #19682: Fix compatibility issue with old version of OpenSSL that http://hg.python.org/cpython/rev/40bfddda43d4
msg212975 - (view)	Author: Roundup Robot (python-dev) (Python triager)	Date: 2014年03月09日 19:17
New changeset 7885876b6503 by R David Murray in branch 'default': whatsnew: SSLSocket.getpeercert new values returned. (#18379) http://hg.python.org/cpython/rev/7885876b6503

History
Date	User	Action	Args
2022年04月11日 14:57:47	admin	set	github: 62579
2014年03月09日 19:17:43	python-dev	set	messages: + msg212975
2013年12月22日 20:47:36	pitrou	set	status: open -> closed
2013年11月21日 15:27:41	python-dev	set	status: pending -> open messages: + msg203639
2013年11月21日 02:41:01	christian.heimes	set	status: open -> pending messages: + msg203567 assignee: christian.heimes resolution: fixed stage: patch review -> resolved
2013年11月21日 02:40:29	python-dev	set	nosy: + python-dev messages: + msg203566
2013年11月17日 14:59:07	christian.heimes	set	messages: + msg203188
2013年07月18日 12:27:10	pitrou	set	messages: + msg193285
2013年07月18日 11:50:49	christian.heimes	set	files: + ssl_ocsp_crldp2.patch messages: + msg193283
2013年07月18日 10:06:17	pitrou	set	messages: + msg193277
2013年07月06日 22:39:11	christian.heimes	set	files: - ssl_ocsp_crldp.patch
2013年07月06日 22:39:03	christian.heimes	set	files: + ssl_ocsp_crldp.patch messages: + msg192495
2013年07月06日 12:30:20	christian.heimes	create

homepage