how to see ssl certificate of peer in python

Question

hello i would like to know what are the steps of ssl certificate verification that i receive from the server, i opened certifi module and found fingerprints and md5 and base64 encoded key i know the finger prints are generated from the key but what are the steps of the verification itself does it use the sha256 or sha1 fingerprint with the base64 key and how i can see the certificate of the server that im verifying ... i tried ssl.getpeercert() after i established the connection and it didn't receive anythong i tried it with getpeercert(False) to get der and still nothing showed empty {}

import socket
import ssl
s = socket.socket(socket.AF_INET , socket.SOCK_STREAM)
superSock = ssl.wrap_socket(s)
superSock.connect(("www.blabla.com" , 443)) #ofc not blabla.com it was google
x = superSock.getpeercert(False)
superSock.close()
print(x) # and i got the empty {}

Answer 1

The reason why getpeercert returns an empty dict is descibed in the help:

If the binary_form parameter is False, and a certificate was received from the peer, this method returns a dict instance. If the certificate was not validated, the dict is empty.

You can test that the certificate is not validated by using an host that uses a self-signed certificate like self-signed.badssl.com. The connection is established without problem because no cert validation is performed.

Therefore if you want the certificate you have to use getpeercert(True) and parse the certificate yourself from the returned bytes.