Reputation: 622
I'm looking for a way to get to the information about SSL certificate used by the remote site using requests (CA and CN would suffice).
I can easily get those when I use for example socket + OpenSSL, but in my code I use a special resolver ( Python 'requests' library - define specific DNS? ), so I need to use Requests or urllib2 - so far I examined most of the requests code through inspect module, and I see no way of getting to these values.
I'd appreciate any hints at this point, maybe I'm missing something obvious :)
[edit]:
To be more precise - I'm patching part of the requests lib (from 'socket' up to urllib2), to use a custom name resolver- it comes down to this:
self.my_opener = urllib2.build_opener(MyHTTPHandler,MyHTTPSHandler) (urllib2.OpenerDirector instance)
my_opener.open(url) returns an urllib.addinfourl object - from which I would need to extract certificate info if that's at all posible.
Unfortunately this is not the case for the question after which this one was marked as a duplicate.
Upvotes: 3
Views: 3889
Reputation: 622
Found it.
Example:
f=my_opener.open(url)
f.fp._sock.fp._sock._sslobj # here's the ssl object holding the 'issuer' (CA) and 'server' (CN) attributes.
This is valid when you use the patching from this question: Python 'requests' library - define specific DNS?
This case is so peculiar, that I hope no one else will ever have to use this. However, if you're using requests, switching between custom name resolvers and have to check the SSL cert CA/CN, I hope this helps :)
Upvotes: 0
Reputation: 11775
Requests source code is quite explicit when it comes to validating certificates, see:
Either monkey-patch this code, or track down where it is called from:
Upvotes: 1