sockets - Python get ssl certificate information getpeercert() -
i want informations of ssl certificate domain name. using following code wired responses. code :
import ssl import socket sock = socket.socket(socket.af_inet, socket.sock_stream) sock.settimeout(1) wrappedsocket = ssl.wrap_socket(sock) try: wrappedsocket.connect(('www.google.com', 443)) except: response = false else: der_cert = wrappedsocket.getpeercert(false) der_cert_bin = wrappedsocket.getpeercert(true) print(der_cert) print(der_cert_bin) pem_cert = ssl.der_cert_to_pem_cert(wrappedsocket.getpeercert(true)) print(pem_cert) wrappedsocket.close() this code display :
{} b'0\x82\x04v0\x82\x03^\xa0\x03\x02\x01\x02\x02\x08\x19\xab\x97n|\x13q\xc20\r\x06\t*\x86h\x86\xf7\r\x01\x01\x05\x05\x000i1\x0b0\t\x06\x03u\x04\x06\x13\x02us1\x130\x11\x06\x03u\x04\n\x13\ngoogle inc1%0#\x06\x03u\x04\x03\x13\x1cgoogle internet authority g20\x1e\x17\r150618085256z\x17\r150916000000z0h1\x0b0\t\x06\x03u\x04\x06\x13\x02us1\x130\x11\x06\x03u\x04\x08\x0c\ncalifornia1\x160\x14\x06\x03u\x04\x07\x0c\rmountain view1\x130\x11\x06\x03u\x04\n\x0c\ngoogle inc1\x170\x15\x06\x03u\x04\x03\x0c\x0ewww.google.com0\x82\x01"0\r\x06\t*\x86h\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xca\xa9\\\x03\xb4\x07g\xb4\x87b\xeb\xf6\xd3\xc7,\xeb\ta\x07j\xaa\xab\xf80,\xd3\xbc9:p%-d\xe9\x94\xb4\xac\x12\x84p$\nuv\x15\xe3\r\xb8,\xb1[<\xc6\xf6\x8c\xf1\x8f\xbb\xfc\xc3\xec\x9f!\xee\xc4\xc9\xa4\xfc/\x8b\x02\xeb\xce\xa5\xc5\xb8\xc9[n3\xeet\x91\\\xf7\x1e\xd6\xf7|\xde\xd0\xd1\x11\xeal\xc5\r\x8c\x0b\x8c\xb4/\x8a\xc1\xbb>\x1e\xa1,\x1d01\xc1k\xdc\xca\x9b\xebh-\xa9\x19\xfc\xff\x81<\xb8\xefm\xf0\x8b\x91\x02\xf9\xe9\x07(\'\xed\xe6\x98|4\xe7\xef\x9c\xea;\x13\xcf1\xaa\xe3}\x96\x95?\xef]\x1f\x86\xc5,\xed\xbf k9j \xaad6\xf2\x10g\xcdy\x9c\xd0\x89\xeb\xc1\x11\xc3\xa5\xd5\xac\x17)\xf7\xff\x01\x9d\xa5\xd1\x1an\xc1[\xa8\xd3l\xb1\x8b\xa7`\xac\x12\xc2\xcf\xc6rf\x88\x02\x8f4\x1ak1\xad\xeeom}\x1d"\xdc\x84~\xe2\x9d\xfe\xf2\xd9\r\xa0jh\xd6>3.\xb6j\xd4\xde\xa1x\xd5\x9c\x9b\xc3\xb8\xab\x02\x03\x01\x00\x01\xa3\x82\x01a0\x82\x01=0\x1d\x06\x03u\x1d%\x04\x160\x14\x06\x08+\x06\x01\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x020\x19\x06\x03u\x1d\x11\x04\x120\x10\x82\x0ewww.google.com0h\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04\\0z0+\x06\x08+\x06\x01\x05\x05\x070\x02\x86\x1fhttp://pki.google.com/giag2.crt0+\x06\x08+\x06\x01\x05\x05\x070\x01\x86\x1fhttp://clients1.google.com/ocsp0\x1d\x06\x03u\x1d\x0e\x04\x16\x04\x14\x14\xd9\xa1\xe1\x91@$\xf3\x03\xf1\xd0\xfaig\x11r\xe4 ht0\x0c\x06\x03u\x1d\x13\x01\x01\xff\x04\x020\x000\x1f\x06\x03u\x1d#\x04\x180\x16\x80\x14j\xdd\x06\x16\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb\x1a\xbaz\x81/0\x17\x06\x03u\x1d \x04\x100\x0e0\x0c\x06\n+\x06\x01\x04\x01\xd6y\x02\x05\x0100\x06\x03u\x1d\x1f\x04)0\'0%\xa0#\xa0!\x86\x1fhttp://pki.google.com/giag2.crl0\r\x06\t*\x86h\x86\xf7\r\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00q]\x07r\x9e\x9b\xc1\xb0\xe7\xb7av\xd9m%\xdf\xa4\x9c\xfd\xbc\x10\xc1,!8\xc2\xe2\x81f\x87\xf6\xc9\x95\x14\xe8\x99@\xb8\x97xh\x9d\\\xd6\xe9zvdq\\o\x9axd\xfd\x15\xead<@u!\xc2\x84\x14&\x91\xdb\x85/ek\xdc\x80\xc4\xf4\xd9\xe0\x00\xca\xbb=\x0f\xcd5\xd0.\xbb\xd3 4\xab\xfa\xec\xe9]\x040\xfc\xe8\xea\xee\xe6*\xe8\xf5\x8e\xf8\x91\x0b\xba\xf92\x02\xe6\x04<v\xac^\x9a\x95\xa3;\t\xd8\x8b\n\x8ab\xf3\x8b\x91\xe3\x87,\x85\xf3\xad3?x\x8d\xc6n\xdcr\xcd\xb9\x16f\xab\xc6\xa5v\xe5\xb2kqv\xba\xd8\xb2\xf8g\xb7\x1a\xd7+m\xe1s\x0f\xdb\x8f/\x08\x07\xd1y*[\x8ap\x8c\x01p\xa8\xb9/\x98\x1f\xd2y\xef\xf9\x8fx\x19<jy\xa5\x85\xb5(\xcd1\x9c\xff\x1b\xe2j62+*\xc3\x9b\x81\xe5:\xa2\x82*m\xb53\x00\x88\x0e\x08t\x99\xce\x91]drg\xf3\xach\xd1\x92d\x95og;9\x95\x11\x1d\xde9' -----begin certificate----- miiedjcca16gawibagiigauxbnwtcciwdqyjkozihvcnaqefbqawstelmakga1ue bhmcvvmxezarbgnvbaotckdvb2dszsbjbmmxjtajbgnvbamthedvb2dszsbjbnrl cm5ldcbbdxrob3jpdhkgrziwhhcnmtuwnje4mdg1mju2whcnmtuwote2mdawmdaw wjbomqswcqydvqqgewjvuzetmbega1uecawkq2fsawzvcm5pytewmbqga1uebwwn tw91bnrhaw4gvmlldzetmbega1uecgwkr29vz2xlieluyzexmbuga1ueawwod3d3 lmdvb2dszs5jb20wggeima0gcsqgsib3dqebaquaa4ibdwawggekaoibaqdkqvwd tadntidi6/btxyzrcwehaqqr+das07w5onallutpllsseorqjapvvhxjdbgssvs8 xvam8y+7/mpsnyhuxmmk/c+lauvopcw4yvtom+50kvz3htb3fn7q0rhqbmunjaum tc+kwbs+hqeshtaxwwvcypvrsc2pgfz/gty4723wi5ec+ekhkcft5ph8nofvnoo7 e88xqun9lpu/710fhsus7b8gszlqikpknviqr81znncj68erw6xvrbcp9/8bnaxr gk7bw6jttlglp2cseslpxljgiakpnbprma3ub219hslchh7inf7y2q2gskjwpjmu tkru3qfy1zybw7iragmbaagjggfbmiibptadbgnvhsuefjaubggrbgefbqcdaqyi kwybbquhawiwgqydvr0rbbiweiiod3d3lmdvb2dszs5jb20waayikwybbquhaqee xdbamcsgccsgaqufbzachh9odhrwoi8vcgtplmdvb2dszs5jb20vr0lbrziuy3j0 mcsgccsgaqufbzabhh9odhrwoi8vy2xpzw50czeuz29vz2xllmnvbs9vy3nwmb0g a1uddgqwbbqu2ahhkuak8wpx0ppjzxfs5cbovdambgnvhrmbaf8eajaamb8ga1ud iwqymbaaferdbhybvpzotxb1gba7yhq6woevmbcga1udiaqqma4wdaykkwybbahw eqifatawbgnvhr8ektanmcwgi6ahhh9odhrwoi8vcgtplmdvb2dszs5jb20vr0lb rziuy3jsma0gcsqgsib3dqebbquaa4ibaqbxxqdynpvbsoe3yvbztsxfpjz9vbdb lce4wukbzof2yzuu6jlaujdyaj1c1ulavkrrxg+awet9fepkpebvickefcar24uv rwvcgmt02eaayrs9d8010c670ya0q/rs6v0empzo6u7mkuj1jvirc7r5mglmbdxw rf6alam7cdilcopi84ur44cshfotmz94jczo3flnurzmq8alvuwys3f2utiy+ge3 gtcrbefzd9uplwgh0vkqw4pqjafwqlkvmb/see/5j1gzpgpzpyw1km0xnp8b4mo2 misqw5ub5tqigiptttmaia4idjnokv1eumfzrejrkksvb0c7ozurhd45 -----end certificate----- do know why first print display {} ?
the documentation (https://docs.python.org/3.2/library/ssl.html#ssl.sslsocket.getpeercert) indicate it's empty because certificate not valid. in case, why 2 following print display non-empty certificate ?
the documentation pretty clear:
if parameter binary_form false, , certificate received peer, method returns dict instance. if certificate not validated, dict empty. if certificate validated, returns dict several keys, amongst them subject (the principal certificate issued) , issuer (the principal issuing certificate). if certificate contains instance of subject alternative name extension (see rfc 3280), there subjectaltname key in dictionary.
if want validate certificate must pass cert_reqs=ssl.cert_required ssl.wrap_socket(here's definition):
ssl.wrap_socket(sock, keyfile=none, certfile=none, server_side=false, cert_reqs=cert_none, ssl_version={see docs}, ca_certs=none, do_handshake_on_connect=true, suppress_ragged_eofs=true, ciphers=none).
as see default passes cert_none, doesn't validate peer certificate, therefore empty dict.
Comments
Post a Comment