patch for HTTPRequest.get_ssl_certificate() to return the whole certificate

[tiadobatima]

Hello there,

For some weird reason I can't understand, pythons ssl's SSLSocket.getpeercert()  method doesn't return all the information contained in the client certificate when the method is called without arguments. This is really annoying for anybody that needs the serial number, Issuer, etc.

Calling SSLSocket.getpeercert(binary_form=True) will return the whole cert in binary DER format, that we can later be parsed by openssl or M2Crypto modules. While it would be better if getpeercert() just returned all the info in the result tuple, the following patch would allow us to at least get the missing information which is impossible now in tornado:

It would be great if the maintainers commited the patch below:

-------

--- httpserver.py       2012-08-08 18:42:52.000000000 -0700

+++ httpserver.py.new   2012-08-17 12:21:23.305876560 -0700

@@ -443,7 +443,7 @@

         else:

             return self._finish_time - self._start_time

 

-    def get_ssl_certificate(self):

+    def get_ssl_certificate(self,binary_form=False):

         """Returns the client's SSL certificate, if any.

 

         To use client certificates, the HTTPServer must have been constructed

@@ -461,7 +461,7 @@

         http://docs.python.org/library/ssl.html#sslsocket-objects

         """

         try:

-            return self.connection.stream.socket.getpeercert()

+            return self.connection.stream.socket.getpeercert(binary_form=binary_form)

         except ssl.SSLError:

             return None

-------

Thank you very much for the consideration,

g.

[Ben Darnell]

Done. Thanks for the report.