Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSLSocket.getpeercert(): OCSP and CRL DP URIs #62579

Closed
tiran opened this issue Jul 6, 2013 · 10 comments
Closed

SSLSocket.getpeercert(): OCSP and CRL DP URIs #62579

tiran opened this issue Jul 6, 2013 · 10 comments
Assignees
Labels
extension-modules C modules in the Modules dir type-feature A feature request or enhancement

Comments

@tiran
Copy link
Member

tiran commented Jul 6, 2013

BPO 18379
Nosy @pitrou, @tiran
Files
  • ssl_ocsp_crldp.patch
  • ssl_ocsp_crldp2.patch
  • Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/tiran'
    closed_at = <Date 2013-12-22.20:47:36.871>
    created_at = <Date 2013-07-06.12:30:20.657>
    labels = ['extension-modules', 'type-feature']
    title = 'SSLSocket.getpeercert(): OCSP and CRL DP URIs'
    updated_at = <Date 2014-03-09.19:17:43.776>
    user = 'https://github.com/tiran'

    bugs.python.org fields:

    activity = <Date 2014-03-09.19:17:43.776>
    actor = 'python-dev'
    assignee = 'christian.heimes'
    closed = True
    closed_date = <Date 2013-12-22.20:47:36.871>
    closer = 'pitrou'
    components = ['Extension Modules']
    creation = <Date 2013-07-06.12:30:20.657>
    creator = 'christian.heimes'
    dependencies = []
    files = ['30834', '30965']
    hgrepos = []
    issue_num = 18379
    keywords = ['patch']
    message_count = 10.0
    messages = ['192426', '192495', '193277', '193283', '193285', '203188', '203566', '203567', '203639', '212975']
    nosy_count = 3.0
    nosy_names = ['pitrou', 'christian.heimes', 'python-dev']
    pr_nums = []
    priority = 'normal'
    resolution = 'fixed'
    stage = 'resolved'
    status = 'closed'
    superseder = None
    type = 'enhancement'
    url = 'https://bugs.python.org/issue18379'
    versions = ['Python 3.4']

    @tiran
    Copy link
    Member Author

    tiran commented Jul 6, 2013

    The patch implements OCSP and CRL distribution point access for getpeercert(). I'll add tests and doc updates later.

    Output for https://info.pca.dfn.de/

    {'OCSP': ('http://ocsp.pca.dfn.de/OCSP-Server/OCSP',),
    'crlDistributionPoints': ('http://cdp1.pca.dfn.de/global-services-ca/pub/crl/cacrl.crl',
    'http://cdp2.pca.dfn.de/global-services-ca/pub/crl/cacrl.crl'),
    'issuer': ((('countryName', 'DE'),),
    (('organizationName', 'DFN-Verein'),),
    (('organizationalUnitName', 'DFN-PKI'),),
    (('commonName', 'DFN-Verein CA Services'),)),
    'notAfter': 'Oct 18 09:07:09 2014 GMT',
    'notBefore': 'Oct 19 09:07:09 2009 GMT',
    'serialNumber': '0EFBA9CC',
    'subject': ((('countryName', 'DE'),),
    (('organizationName', 'DFN-Verein'),),
    (('organizationalUnitName', 'DFN-PKI'),),
    (('commonName', 'info.pca.dfn.de'),)),
    'version': 3}

    @tiran tiran added extension-modules C modules in the Modules dir type-feature A feature request or enhancement labels Jul 6, 2013
    @tiran
    Copy link
    Member Author

    tiran commented Jul 6, 2013

    Updated patch with test, doc updates and a third field. I have added CDP and two AIA URIs: crlDistributionPoints, caIssuers and OCSP

    @pitrou
    Copy link
    Member

    pitrou commented Jul 18, 2013

    Do you have to put those certs in capath? Things would probably be simpler if you didn't have to trigger capath loading using an actual SSL connection.
    Also, please a versionadded tag in the doc entry.

    @tiran
    Copy link
    Member Author

    tiran commented Jul 18, 2013

    It's just one certificate. The hash format of OpenSSL has changed over the years so we have to duplicate all certificates. But I don't need the extra stuff. I figured out that the Nokia test certificate has all new fields.

    My initial patch has a versionchanged doc update. Did you have too much French wine again? *scnr* :)

    @pitrou
    Copy link
    Member

    pitrou commented Jul 18, 2013

    It's just one certificate.

    Indeed, it's just the decision to use capath that I'm arguing with.

    My initial patch has a versionchanged doc update. Did you have too
    much French wine again? *scnr* :)

    Not *too much*, no ;-)

    @tiran
    Copy link
    Member Author

    tiran commented Nov 17, 2013

    Are you satisfied with my patch? I'd like to commit it before beta 1

    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Nov 21, 2013

    New changeset 468d18bffdea by Christian Heimes in branch 'default':
    Issue bpo-18379: SSLSocket.getpeercert() returns CA issuer AIA fields, OCSP
    http://hg.python.org/cpython/rev/468d18bffdea

    @tiran
    Copy link
    Member Author

    tiran commented Nov 21, 2013

    memo to me: update whatsnew

    @tiran tiran self-assigned this Nov 21, 2013
    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Nov 21, 2013

    New changeset 40bfddda43d4 by Christian Heimes in branch 'default':
    Issue bpo-19682: Fix compatibility issue with old version of OpenSSL that
    http://hg.python.org/cpython/rev/40bfddda43d4

    @pitrou pitrou closed this as completed Dec 22, 2013
    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Mar 9, 2014

    New changeset 7885876b6503 by R David Murray in branch 'default':
    whatsnew: SSLSocket.getpeercert new values returned. (bpo-18379)
    http://hg.python.org/cpython/rev/7885876b6503

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    extension-modules C modules in the Modules dir type-feature A feature request or enhancement
    Projects
    None yet
    Development

    No branches or pull requests

    2 participants