On Fri, 5 Feb 2010, johansen_at_sun.com wrote:

>>
>> Is there a way of getting to this from pycurl?
>
> Not at the moment. There's support in
> curl_easy_getinfo(CURLINFO_CERTINFO), but that was added in 7.19.1.
> Pycurl hasn't had features added since 7.19.0. When I run into this
> problem, I typically use openssl s_client to connect to the peer.
>
> If you do something like:
>
> $ openssl s_client -connect <peer>
>
> The first part of the output contains the certificate chain that the
> peer sends to you:
>
> $ openssl s_client -connect pkg.sun.com:443
> CONNECTED(00000004)
> depth=1 /O=Sun Microsystems Inc/OU=VeriSign Trust Network/OU=Class 3 MPKI Secure Server CA/CN=Sun Microsystems Inc SSL CA
> verify error:num=20:unable to get local issuer certificate
> verify return:0
> ---
> Certificate chain
> 0 s:/C=US/ST=California/L=San Francisco/O=Sun Microsystems Inc/OU=Software Packaging/OU=Class B/CN=pkg.sun.com
> i:/O=Sun Microsystems Inc/OU=VeriSign Trust Network/OU=Class 3 MPKI Secure Server CA/CN=Sun Microsystems Inc SSL CA
> 1 s:/O=Sun Microsystems Inc/OU=VeriSign Trust Network/OU=Class 3 MPKI Secure Server CA/CN=Sun Microsystems Inc SSL CA
> i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
> ---
> <...>
>
> HTH,
>

Johansen,
  I was hoping there was a way that didn't involve shelling out so I could
deliver a sensible error message to the user.

thanks,
-sv

_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-python
Received on 2010-02-05