[PATCH] Re: ssl: ensure the cert is parsable with a dict to check the hostname

Nicolas Sebrecht nicolas.s-dev at laposte.net
Mon Jan 17 21:11:28 GMT 2011


On Mon, Jan 17, 2011 at 08:41:48PM +0100, Johannes Stezenbach wrote:
> 
> On Mon, Jan 17, 2011 at 07:32:45PM +0100, Nicolas Sebrecht wrote:
> > The SSL library gives choice between DER-encoded/binary data and a dict format.
> > Explicitly ask for a dict to parse it.
> > 
> > http://docs.python.org/library/ssl.html?highlight=getpeercert#ssl.SSLSocket.getpeercert
> 
> The documentation says binary_form=False is default.  It also says:
> 
> "If the certificate was not validated, the dict is empty."

I wondered about a API change.

> "if CERT_NONE was used to establish the connection, the certificate,
> if present, will not have been validated."

Did you check we're in this use case?

-- 
Nicolas Sebrecht




More information about the OfflineIMAP-project mailing list