Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement getpeercert #56

Closed
1 of 2 tasks
skelsec opened this issue Mar 7, 2022 · 5 comments
Closed
1 of 2 tasks

Implement getpeercert #56

skelsec opened this issue Mar 7, 2022 · 5 comments

Comments

@skelsec
Copy link

skelsec commented Mar 7, 2022
edited
Loading

NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.

I am submitting a …

  • bug report
  • feature request

Description

I need to obtain the server's certificate after a successful handshake. In PEP there is a function documented getpeercert but I see in the code this is not implemented (commented out).
Would it be possible to obtain the server's certificate in some other way? If not, I'd like to ask you to add this feature.

Current behavior

getpeercert is not implemented

Expected behavior

getpeercert to be implemented

Steps to reproduce

N/A

Minimal demo of the problem

N/A

Other information

I don't need it in parsed form, binary DER is more than enough.
@Synss
Copy link
Owner

Synss commented Mar 7, 2022

Hi! That seems reasonable, I will see what I can do.

@Synss
Copy link
Owner

Synss commented Mar 7, 2022

The standard SSLSocket.getpeercert() returns a dict for binary_form=False but I have wrapped the x509 part of mbedTLS so I would rather return an mbedtls.x509.CRT instance. They can be converted to DER with bytes() and PEM with str().

Synss added a commit that referenced this issue Mar 7, 2022
@Synss
tls: Implement context.getpeercert()
ecf9d42 
Closes #56.
@skelsec
Copy link
Author

skelsec commented Mar 7, 2022

I have got it working by

def getpeercert(self, binary_form=False):
        crt = _tls.mbedtls_ssl_get_peer_cert(&self._ctx)
        if binary_form is False:
            raise Exception('Not supported!')
        return crt.raw.p[0:crt.raw.len]

This is what is expected by PEP when binary_form=True. I'm just not sure what to do with the pointer. Should it be freed?

@skelsec
Copy link
Author

skelsec commented Mar 7, 2022

sorry I haven't noticed you already pushed, it's okay for me

Synss added a commit that referenced this issue Mar 8, 2022
@Synss
tls: Implement context.getpeercert()
f116588 
Closes #56.
Synss added a commit that referenced this issue Mar 8, 2022
@Synss
tls: Implement context.getpeercert()
e57ab6a 
Closes #56.
@Synss
Copy link
Owner

Synss commented Mar 8, 2022

sorry I haven't noticed you already pushed, it's okay for me

sure, no problem.

I'm just not sure what to do with the pointer. Should it be freed?

I don't think so. I think it is a view on the peer certificate. At least, that is how I interpret the documentation and the fact that it is returned as a const *. So copying and returning looks good to me.

@Synss Synss closed this as completed in 385fd86 Mar 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Synss @skelsec