| msg192426 - (view) |
Author: Christian Heimes (christian.heimes) *  |
Date: 2013-07-06 12:30 |
| The patch implements OCSP and CRL distribution point access for getpeercert(). I'll add tests and doc updates later. Output for https://info.pca.dfn.de/ {'OCSP': ('http://ocsp.pca.dfn.de/OCSP-Server/OCSP',), 'crlDistributionPoints': ('http://cdp1.pca.dfn.de/global-services-ca/pub/crl/cacrl.crl', 'http://cdp2.pca.dfn.de/global-services-ca/pub/crl/cacrl.crl'), 'issuer': ((('countryName', 'DE'),), (('organizationName', 'DFN-Verein'),), (('organizationalUnitName', 'DFN-PKI'),), (('commonName', 'DFN-Verein CA Services'),)), 'notAfter': 'Oct 18 09:07:09 2014 GMT', 'notBefore': 'Oct 19 09:07:09 2009 GMT', 'serialNumber': '0EFBA9CC', 'subject': ((('countryName', 'DE'),), (('organizationName', 'DFN-Verein'),), (('organizationalUnitName', 'DFN-PKI'),), (('commonName', 'info.pca.dfn.de'),)), 'version': 3} |
|
|
| msg192495 - (view) |
Author: Christian Heimes (christian.heimes) * |
Date: 2013-07-06 22:39 |
| Updated patch with test, doc updates and a third field. I have added CDP and two AIA URIs: crlDistributionPoints, caIssuers and OCSP |
|
|
| msg193277 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2013-07-18 10:06 |
| Do you have to put those certs in capath? Things would probably be simpler if you didn't have to trigger capath loading using an actual SSL connection. Also, please a versionadded tag in the doc entry. |
|
|
| msg193283 - (view) |
Author: Christian Heimes (christian.heimes) * |
Date: 2013-07-18 11:50 |
| It's just one certificate. The hash format of OpenSSL has changed over the years so we have to duplicate all certificates. But I don't need the extra stuff. I figured out that the Nokia test certificate has all new fields. My initial patch has a versionchanged doc update. Did you have too much French wine again? *scnr* :) |
|
|
| msg193285 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2013-07-18 12:27 |
| > It's just one certificate. Indeed, it's just the decision to use capath that I'm arguing with. > My initial patch has a versionchanged doc update. Did you have too > much French wine again? *scnr* :) Not *too much*, no ;-) |
|
|
| msg203188 - (view) |
Author: Christian Heimes (christian.heimes) * |
Date: 2013-11-17 14:59 |
| Are you satisfied with my patch? I'd like to commit it before beta 1 |
|
|
| msg203566 - (view) |
Author: Roundup Robot (python-dev)  |
Date: 2013-11-21 02:40 |
| New changeset 468d18bffdea by Christian Heimes in branch 'default': Issue #18379: SSLSocket.getpeercert() returns CA issuer AIA fields, OCSP http://hg.python.org/cpython/rev/468d18bffdea |
|
|
| msg203567 - (view) |
Author: Christian Heimes (christian.heimes) * |
Date: 2013-11-21 02:41 |
| memo to me: update whatsnew |
|
|
| msg203639 - (view) |
Author: Roundup Robot (python-dev) |
Date: 2013-11-21 15:27 |
| New changeset 40bfddda43d4 by Christian Heimes in branch 'default': Issue #19682: Fix compatibility issue with old version of OpenSSL that http://hg.python.org/cpython/rev/40bfddda43d4 |
|
|
| msg212975 - (view) |
Author: Roundup Robot (python-dev) |
Date: 2014-03-09 19:17 |
| New changeset 7885876b6503 by R David Murray in branch 'default': whatsnew: SSLSocket.getpeercert new values returned. (#18379) http://hg.python.org/cpython/rev/7885876b6503 |
|
|