Issue 18616: enable more ssl socket options with get_server_certificate (original) (raw)

Created on 2013-08-01 15:56 by underrun, last changed 2022-04-11 14:57 by admin.

Files
File name	Uploaded	Description	Edit
ssl_get_server_certificate_kwargs.patch	underrun,2013-08-01 15:56	review

Messages (4)
msg194083 - (view)	Author: Derek Wilson (underrun)	Date: 2013-08-01 15:56
ssl.get_server_certificate does not allow advanced options like what ciphers to use (for ssl2 for instance) or SNI for virtual hosts with multiple ssl sites on one IP address. Adding **kwargs enables any current and future SSLSocket options to be passed along to the underlying connection. wrap_socket doesn't include all the options (npn and sni for instance), so I use SSLSocket instead.
msg205728 - (view)	Author: Derek Wilson (underrun)	Date: 2013-12-09 18:50
any thoughts on this? there's a lot of room for improvement in python ssl...
msg217448 - (view)	Author: Antoine Pitrou (pitrou) *	Date: 2014-04-28 23:43
To be frank, it's quite easy to open the connection and read the cert yourself, so I don't think complicating this API is very useful. Still, I'm leaving this open so that other developers can chime in.
msg275030 - (view)	Author: Christian Heimes (christian.heimes) *	Date: 2016-09-08 14:55
I would accept a patch that adds a ssl_context argument to get_server_certificate().

History
Date	User	Action	Args
2022-04-11 14:57:48	admin	set	status: pending -> opengithub: 62816
2016-09-08 14:55:00	christian.heimes	set	status: open -> pendingmessages: + versions: + Python 3.6, Python 3.7, - Python 3.4, Python 3.5
2014-04-28 23:43:11	pitrou	set	nosy: + janssen, pitrou, giampaolo.rodola, christian.heimes, dstufftmessages: +
2013-12-09 18:50:51	underrun	set	messages: + versions: + Python 3.5
2013-08-01 15:56:02	underrun	create