Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssl.SSLObject and ssl.SSLSocket should expose method to get certificate chain #109109

Closed
matiuszka opened this issue Sep 7, 2023 · 1 comment
Closed

ssl.SSLObject and ssl.SSLSocket should expose method to get certificate chain #109109

matiuszka opened this issue Sep 7, 2023 · 1 comment
Labels
3.13 new features, bugs and security fixes topic-SSL type-feature A feature request or enhancement

Comments

@matiuszka
Copy link
Contributor

matiuszka commented Sep 7, 2023
edited by bedevere-bot

Feature or enhancement

Proposal:

Being able to get a certificate chain is needed to perform OCSP revocation checks.
Starting from py3.10 we can at least call C-level API directly, but I guess such a crucial functionality should be documented and exposed in Python API:

ssl_socket._sslobj.get_unverified_chain()

Has this already been discussed elsewhere?

No response given

Links to previous discussion of this feature:

No response

Linked PRs
@matiuszka matiuszka added the type-feature A feature request or enhancement label Sep 7, 2023
@matiuszka matiuszka mentioned this issue Sep 7, 2023
Merged
@gpshead gpshead added 3.13 new features, bugs and security fixes type-security A security issue topic-SSL and removed type-security A security issue labels Sep 7, 2023
gpshead added a commit that referenced this issue Sep 20, 2023
@matiuszka @gpshead
gh-109109: Expose retrieving certificate chains in SSL module (#109113)
5a740cd 
Adds APIs to get the TLS certificate chains, verified or full unverified, from SSLSocket and SSLObject.

Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
@gpshead
Copy link
Member

gpshead commented Sep 20, 2023

Thanks for the contribution!

@gpshead gpshead closed this as completed Sep 20, 2023
csm10495 pushed a commit to csm10495/cpython that referenced this issue Sep 28, 2023
@matiuszka @gpshead @csm10495
pythongh-109109: Expose retrieving certificate chains in SSL module (p…
67622e5 
…ython#109113)

Adds APIs to get the TLS certificate chains, verified or full unverified, from SSLSocket and SSLObject.

Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
This was referenced Dec 22, 2023
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3.13 new features, bugs and security fixes topic-SSL type-feature A feature request or enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gpshead @matiuszka