[PATCH] Re: ssl: ensure the cert is parsable with a dict to check the hostname
Nicolas Sebrecht
nicolas.s-dev at laposte.net
Mon Jan 17 21:11:28 UTC 2011
On Mon, Jan 17, 2011 at 08:41:48PM +0100, Johannes Stezenbach wrote:
>
> On Mon, Jan 17, 2011 at 07:32:45PM +0100, Nicolas Sebrecht wrote:
> > The SSL library gives choice between DER-encoded/binary data and a dict format.
> > Explicitly ask for a dict to parse it.
> >
> > http://docs.python.org/library/ssl.html?highlight=getpeercert#ssl.SSLSocket.getpeercert
>
> The documentation says binary_form=False is default. It also says:
>
> "If the certificate was not validated, the dict is empty."
I wondered about a API change.
> "if CERT_NONE was used to establish the connection, the certificate,
> if present, will not have been validated."
Did you check we're in this use case?
--
Nicolas Sebrecht
More information about the OfflineIMAP-project
mailing list