From: <msj...@gm...> - 2004-07-14 14:40:56
|
On Wed, 14 Jul 2004 14:34:10 +0200, Jos Vos <jo...@xo...> wrote: > Hi, > > I have started to experiment with client certificates and I want > to check some information of these certificates, but I can't get > that part working. > > What I do: > > ctx.set_verify(SSL.VERIFY_PEER|SSL.VERIFY_FAIL_IF_NO_PEER_CERT, cb) > > And in the cb function I do: > > def cb(conn, cert, errnum, depth, ok): > subject = cert.get_subject() > print subject > > This actually works and gives me: > > <X509Name object '/CN=Simple Client'> > > (I'm using some sample certificates of Red Hat Linux 9's Apache). What this tells you is that the only field of the X509Name that actually has a value is the CN field, or "common name". > But now I want to retrieve some information from that certificate... > In the manual section about X509Name objects it says "X509Name objects > have the following members", but I don't succeed in getting any of > that information. Well, subject.CN should work. Nothing else should, since they don't actually have any values. There are, of course, properties of the certificate itself that you could check, like whether it has expired and so forth. Hope that helps. /Martin |