Reputation: 755
Manually verify certificates in Python3 ssl
I am developing the client- and server-side of a Python3 application. They must communicate over TLS using self-signed certs.
The connection should always be established, even if both have never seen the other, thus neither has the other's cert in its trust store. Verification shall happen after the handshake with a custom method.
However, Python's ssl library attempts to verify the certificate during handshake and this fails if the incoming cert is unknown and has no valid certificate chain. Setting verify_mode to CERT_NONE is also not an option, since I do require the certificates from both sides for my custom verification method.
So my question: How can I require a certificate from the other side but turn off automatic verification during handshake? Or maybe I can pass a custom verifyer-method that gets called?
Thanks!
Upvotes: 2
Views: 1220
Answers (1)
Reputation: 506
You can use ssl.get_server_certificate((host,port)). It will return the certificate in PEM format.
Upvotes: 0
Related Questions
- pip install fails with "connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)"
- How do you use StringIO in Python3 for numpy.genfromtxt()?
- why doesn't java send the client certificate during SSL handshake?
- Trusting all certificates using HttpClient over HTTPS
- How to determine SSL cert expiration date from a PEM encoded certificate?
- How are ssl certificates verified?
- SSL: unable to obtain common name from peer certificate
- Manually raising (throwing) an exception in Python