[PATCH] ssl: ensure the cert is parsable with a dict to check the hostname

[Johannes Stezenbach]

On Mon, Jan 17, 2011 at 07:32:45PM +0100, Nicolas Sebrecht wrote:
> The SSL library gives choice between DER-encoded/binary data and a dict format.
> Explicitly ask for a dict to parse it.
> 
> http://docs.python.org/library/ssl.html?highlight=getpeercert#ssl.SSLSocket.getpeercert

The documentation says binary_form=False is default.  It also says:

"If the certificate was not validated, the dict is empty."
...
"if CERT_NONE was used to establish the connection, the certificate,
if present, will not have been validated."


HTH
Johannes