mirror of
https://github.com/python/cpython.git
synced 2025-08-13 05:19:08 +00:00
f55aa80b37
svn+ssh://svn.python.org/python/branches/py3k ........ r85820 | georg.brandl | 2010-10-24 16:20:22 +0200 (So, 24 Okt 2010) | 1 line Remove usage of exception indexing. ........ r85823 | georg.brandl | 2010-10-24 16:32:45 +0200 (So, 24 Okt 2010) | 1 line Fix style. ........ r85825 | georg.brandl | 2010-10-24 17:16:02 +0200 (So, 24 Okt 2010) | 1 line Add documentation about the default warnings filters. ........ r85840 | georg.brandl | 2010-10-25 19:50:20 +0200 (Mo, 25 Okt 2010) | 1 line #3018: tkinter demo fixes for py3k. ........ r85843 | georg.brandl | 2010-10-26 08:59:23 +0200 (Di, 26 Okt 2010) | 1 line Markup fix. ........ r85844 | georg.brandl | 2010-10-26 12:39:14 +0200 (Di, 26 Okt 2010) | 1 line Work a bit more on tkinter demos. ........ r85845 | georg.brandl | 2010-10-26 12:42:16 +0200 (Di, 26 Okt 2010) | 1 line faqwiz is removed. ........ r85849 | georg.brandl | 2010-10-26 21:31:06 +0200 (Di, 26 Okt 2010) | 1 line #10200: typo. ........ r85850 | georg.brandl | 2010-10-26 21:58:11 +0200 (Di, 26 Okt 2010) | 1 line #10200: typo. ........ r85851 | georg.brandl | 2010-10-26 22:12:37 +0200 (Di, 26 Okt 2010) | 1 line Fix import. ........ r85855 | georg.brandl | 2010-10-27 09:21:54 +0200 (Mi, 27 Okt 2010) | 1 line Encoding fix. ........ r85867 | georg.brandl | 2010-10-27 22:01:51 +0200 (Mi, 27 Okt 2010) | 1 line Add David. ........ r85875 | georg.brandl | 2010-10-28 10:38:30 +0200 (Do, 28 Okt 2010) | 1 line Fix bytes/str issues in get-remote-certificate.py. ........ r85907 | georg.brandl | 2010-10-29 06:54:13 +0200 (Fr, 29 Okt 2010) | 1 line #10222: fix for overzealous AIX compiler. ........ r85908 | georg.brandl | 2010-10-29 07:22:17 +0200 (Fr, 29 Okt 2010) | 1 line send_bytes obviously needs bytes... ........ r85911 | georg.brandl | 2010-10-29 07:36:28 +0200 (Fr, 29 Okt 2010) | 1 line Fix markup error and update false positive entries from "make suspicious". ........ r85914 | georg.brandl | 2010-10-29 08:17:38 +0200 (Fr, 29 Okt 2010) | 1 line (?:...) is a non-capturing, but still grouping construct. ........
83 lines
2.5 KiB
Python
83 lines
2.5 KiB
Python
#!/usr/bin/env python
|
|
#
|
|
# fetch the certificate that the server(s) are providing in PEM form
|
|
#
|
|
# args are HOST:PORT [, HOST:PORT...]
|
|
#
|
|
# By Bill Janssen.
|
|
|
|
import re
|
|
import os
|
|
import ssl
|
|
import sys
|
|
import tempfile
|
|
|
|
|
|
def fetch_server_certificate (host, port):
|
|
|
|
def subproc(cmd):
|
|
from subprocess import Popen, PIPE, STDOUT
|
|
proc = Popen(cmd, stdout=PIPE, stderr=STDOUT, shell=True)
|
|
status = proc.wait()
|
|
output = proc.stdout.read()
|
|
return status, output
|
|
|
|
def strip_to_x509_cert(certfile_contents, outfile=None):
|
|
m = re.search(br"^([-]+BEGIN CERTIFICATE[-]+[\r]*\n"
|
|
br".*[\r]*^[-]+END CERTIFICATE[-]+)$",
|
|
certfile_contents, re.MULTILINE | re.DOTALL)
|
|
if not m:
|
|
return None
|
|
else:
|
|
tn = tempfile.mktemp()
|
|
fp = open(tn, "wb")
|
|
fp.write(m.group(1) + b"\n")
|
|
fp.close()
|
|
try:
|
|
tn2 = (outfile or tempfile.mktemp())
|
|
status, output = subproc(r'openssl x509 -in "%s" -out "%s"' %
|
|
(tn, tn2))
|
|
if status != 0:
|
|
raise OperationError(status, tsig, output)
|
|
fp = open(tn2, 'rb')
|
|
data = fp.read()
|
|
fp.close()
|
|
os.unlink(tn2)
|
|
return data
|
|
finally:
|
|
os.unlink(tn)
|
|
|
|
if sys.platform.startswith("win"):
|
|
tfile = tempfile.mktemp()
|
|
fp = open(tfile, "w")
|
|
fp.write("quit\n")
|
|
fp.close()
|
|
try:
|
|
status, output = subproc(
|
|
'openssl s_client -connect "%s:%s" -showcerts < "%s"' %
|
|
(host, port, tfile))
|
|
finally:
|
|
os.unlink(tfile)
|
|
else:
|
|
status, output = subproc(
|
|
'openssl s_client -connect "%s:%s" -showcerts < /dev/null' %
|
|
(host, port))
|
|
if status != 0:
|
|
raise OSError(status)
|
|
certtext = strip_to_x509_cert(output)
|
|
if not certtext:
|
|
raise ValueError("Invalid response received from server at %s:%s" %
|
|
(host, port))
|
|
return certtext
|
|
|
|
|
|
if __name__ == "__main__":
|
|
if len(sys.argv) < 2:
|
|
sys.stderr.write(
|
|
"Usage: %s HOSTNAME:PORTNUMBER [, HOSTNAME:PORTNUMBER...]\n" %
|
|
sys.argv[0])
|
|
sys.exit(1)
|
|
for arg in sys.argv[1:]:
|
|
host, port = arg.split(":")
|
|
sys.stdout.buffer.write(fetch_server_certificate(host, int(port)))
|
|
sys.exit(0)
|