mirror of
https://github.com/python/cpython.git
synced 2025-10-24 15:36:26 +00:00

The internal `_ssl._SSLSocket` object now provides methods to retrieve the peer cert chain and verified cert chain as a list of Certificate objects. Certificate objects have methods to convert the cert to a dict, PEM, or DER (ASN.1). These are private APIs for now. There is a slim chance to stabilize the approach and provide a public API for 3.10. Otherwise I'll provide a stable API in 3.11. Signed-off-by: Christian Heimes <christian@python.org>
34 lines
816 B
C
34 lines
816 B
C
#include "Python.h"
|
|
#include "../_ssl.h"
|
|
|
|
#include "openssl/bio.h"
|
|
|
|
/* BIO_s_mem() to PyBytes
|
|
*/
|
|
static PyObject *
|
|
_PySSL_BytesFromBIO(_sslmodulestate *state, BIO *bio)
|
|
{
|
|
long size;
|
|
char *data = NULL;
|
|
size = BIO_get_mem_data(bio, &data);
|
|
if (data == NULL || size < 0) {
|
|
PyErr_SetString(PyExc_ValueError, "Not a memory BIO");
|
|
return NULL;
|
|
}
|
|
return PyBytes_FromStringAndSize(data, size);
|
|
}
|
|
|
|
/* BIO_s_mem() to PyUnicode
|
|
*/
|
|
static PyObject *
|
|
_PySSL_UnicodeFromBIO(_sslmodulestate *state, BIO *bio, const char *error)
|
|
{
|
|
long size;
|
|
char *data = NULL;
|
|
size = BIO_get_mem_data(bio, &data);
|
|
if (data == NULL || size < 0) {
|
|
PyErr_SetString(PyExc_ValueError, "Not a memory BIO");
|
|
return NULL;
|
|
}
|
|
return PyUnicode_DecodeUTF8(data, size, error);
|
|
}
|