mirror of
https://github.com/python/cpython.git
synced 2025-10-31 10:26:02 +00:00
05e8be17fd
svn+ssh://pythondev@svn.python.org/python/trunk ........ r60990 | eric.smith | 2008-02-23 17:05:26 +0100 (Sat, 23 Feb 2008) | 1 line Removed duplicate Py_CHARMASK define. It's already defined in Python.h. ........ r60991 | andrew.kuchling | 2008-02-23 17:23:05 +0100 (Sat, 23 Feb 2008) | 4 lines #1330538: Improve comparison of xmlrpclib.DateTime and datetime instances. Remove automatic handling of datetime.date and datetime.time. This breaks backward compatibility, but python-dev discussion was strongly against this automatic conversion; see the bug for a link. ........ r60994 | andrew.kuchling | 2008-02-23 17:39:43 +0100 (Sat, 23 Feb 2008) | 1 line #835521: Add index entries for various pickle-protocol methods and attributes ........ r60995 | andrew.kuchling | 2008-02-23 18:10:46 +0100 (Sat, 23 Feb 2008) | 2 lines #1433694: minidom's .normalize() failed to set .nextSibling for last element. Fix by Malte Helmert ........ r61000 | christian.heimes | 2008-02-23 18:40:11 +0100 (Sat, 23 Feb 2008) | 1 line Patch #2167 from calvin: Remove unused imports ........ r61001 | christian.heimes | 2008-02-23 18:42:31 +0100 (Sat, 23 Feb 2008) | 1 line Patch #1957: syslogmodule: Release GIL when calling syslog(3) ........ r61002 | christian.heimes | 2008-02-23 18:52:07 +0100 (Sat, 23 Feb 2008) | 2 lines Issue #2051 and patch from Alexander Belopolsky: Permission for pyc and pyo files are inherited from the py file. ........
79 lines
2.5 KiB
Python
79 lines
2.5 KiB
Python
#!/usr/bin/env python
|
|
#
|
|
# fetch the certificate that the server(s) are providing in PEM form
|
|
#
|
|
# args are HOST:PORT [, HOST:PORT...]
|
|
#
|
|
# By Bill Janssen.
|
|
|
|
import sys
|
|
|
|
def fetch_server_certificate (host, port):
|
|
|
|
import re, tempfile, os, ssl
|
|
|
|
def subproc(cmd):
|
|
from subprocess import Popen, PIPE, STDOUT
|
|
proc = Popen(cmd, stdout=PIPE, stderr=STDOUT, shell=True)
|
|
status = proc.wait()
|
|
output = proc.stdout.read()
|
|
return status, output
|
|
|
|
def strip_to_x509_cert(certfile_contents, outfile=None):
|
|
m = re.search(r"^([-]+BEGIN CERTIFICATE[-]+[\r]*\n"
|
|
r".*[\r]*^[-]+END CERTIFICATE[-]+)$",
|
|
certfile_contents, re.MULTILINE | re.DOTALL)
|
|
if not m:
|
|
return None
|
|
else:
|
|
tn = tempfile.mktemp()
|
|
fp = open(tn, "w")
|
|
fp.write(m.group(1) + "\n")
|
|
fp.close()
|
|
try:
|
|
tn2 = (outfile or tempfile.mktemp())
|
|
status, output = subproc(r'openssl x509 -in "%s" -out "%s"' %
|
|
(tn, tn2))
|
|
if status != 0:
|
|
raise OperationError(status, tsig, output)
|
|
fp = open(tn2, 'rb')
|
|
data = fp.read()
|
|
fp.close()
|
|
os.unlink(tn2)
|
|
return data
|
|
finally:
|
|
os.unlink(tn)
|
|
|
|
if sys.platform.startswith("win"):
|
|
tfile = tempfile.mktemp()
|
|
fp = open(tfile, "w")
|
|
fp.write("quit\n")
|
|
fp.close()
|
|
try:
|
|
status, output = subproc(
|
|
'openssl s_client -connect "%s:%s" -showcerts < "%s"' %
|
|
(host, port, tfile))
|
|
finally:
|
|
os.unlink(tfile)
|
|
else:
|
|
status, output = subproc(
|
|
'openssl s_client -connect "%s:%s" -showcerts < /dev/null' %
|
|
(host, port))
|
|
if status != 0:
|
|
raise OSError(status)
|
|
certtext = strip_to_x509_cert(output)
|
|
if not certtext:
|
|
raise ValueError("Invalid response received from server at %s:%s" %
|
|
(host, port))
|
|
return certtext
|
|
|
|
if __name__ == "__main__":
|
|
if len(sys.argv) < 2:
|
|
sys.stderr.write(
|
|
"Usage: %s HOSTNAME:PORTNUMBER [, HOSTNAME:PORTNUMBER...]\n" %
|
|
sys.argv[0])
|
|
sys.exit(1)
|
|
for arg in sys.argv[1:]:
|
|
host, port = arg.split(":")
|
|
sys.stdout.write(fetch_server_certificate(host, int(port)))
|
|
sys.exit(0)
|