summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAntoine Pitrou <solipsis@pitrou.net>2012-01-06 19:09:29 (GMT)
committerAntoine Pitrou <solipsis@pitrou.net>2012-01-06 19:09:29 (GMT)
commitdeec7566ae4905ec4b61495bbeb06adaa98f70ef (patch)
tree305e72fc75f579819e80d7894eb5265564398c41
parentb1d44dbf1f21be116768ca5c4adf0f0b9bd7616c (diff)
parent441ae043df1f56af879840ed6d0e29188ba52ee5 (diff)
downloadcpython-deec7566ae4905ec4b61495bbeb06adaa98f70ef.zip
cpython-deec7566ae4905ec4b61495bbeb06adaa98f70ef.tar.gz
cpython-deec7566ae4905ec4b61495bbeb06adaa98f70ef.tar.bz2
Update printout of SSL certificate examples for 3.2+.
-rw-r--r--Doc/library/ssl.rst45
1 files changed, 40 insertions, 5 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index 44f0506..6ffdc76 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -981,10 +981,19 @@ This example connects to an SSL server and prints the server's certificate::
# note that closing the SSLSocket will also close the underlying socket
ssl_sock.close()
-As of October 6, 2010, the certificate printed by this program looks like
+As of January 6, 2012, the certificate printed by this program looks like
this::
- {'notAfter': 'May 25 23:59:59 2012 GMT',
+ {'issuer': ((('countryName', 'US'),),
+ (('organizationName', 'VeriSign, Inc.'),),
+ (('organizationalUnitName', 'VeriSign Trust Network'),),
+ (('organizationalUnitName',
+ 'Terms of use at https://www.verisign.com/rpa (c)06'),),
+ (('commonName',
+ 'VeriSign Class 3 Extended Validation SSL SGC CA'),)),
+ 'notAfter': 'May 25 23:59:59 2012 GMT',
+ 'notBefore': 'May 26 00:00:00 2010 GMT',
+ 'serialNumber': '53D2BEF924A7245E83CA01E46CAA2477',
'subject': ((('1.3.6.1.4.1.311.60.2.1.3', 'US'),),
(('1.3.6.1.4.1.311.60.2.1.2', 'Delaware'),),
(('businessCategory', 'V1.0, Clause 5.(b)'),),
@@ -996,7 +1005,16 @@ this::
(('streetAddress', '487 East Middlefield Road'),),
(('organizationName', 'VeriSign, Inc.'),),
(('organizationalUnitName', ' Production Security Services'),),
- (('commonName', 'www.verisign.com'),))}
+ (('commonName', 'www.verisign.com'),)),
+ 'subjectAltName': (('DNS', 'www.verisign.com'),
+ ('DNS', 'verisign.com'),
+ ('DNS', 'www.verisign.net'),
+ ('DNS', 'verisign.net'),
+ ('DNS', 'www.verisign.mobi'),
+ ('DNS', 'verisign.mobi'),
+ ('DNS', 'www.verisign.eu'),
+ ('DNS', 'verisign.eu')),
+ 'version': 3}
This other example first creates an SSL context, instructs it to verify
certificates sent by peers, and feeds it a set of recognized certificate
@@ -1027,9 +1045,26 @@ Visual inspection shows that the certificate does identify the desired service
(that is, the HTTPS host ``linuxfr.org``)::
>>> pprint.pprint(cert)
- {'notAfter': 'Jun 26 21:41:46 2011 GMT',
+ {'issuer': ((('organizationName', 'CAcert Inc.'),),
+ (('organizationalUnitName', 'http://www.CAcert.org'),),
+ (('commonName', 'CAcert Class 3 Root'),)),
+ 'notAfter': 'Jun 7 21:02:24 2013 GMT',
+ 'notBefore': 'Jun 8 21:02:24 2011 GMT',
+ 'serialNumber': 'D3E9',
'subject': ((('commonName', 'linuxfr.org'),),),
- 'subjectAltName': (('DNS', 'linuxfr.org'), ('othername', '<unsupported>'))}
+ 'subjectAltName': (('DNS', 'linuxfr.org'),
+ ('othername', '<unsupported>'),
+ ('DNS', 'linuxfr.org'),
+ ('othername', '<unsupported>'),
+ ('DNS', 'dev.linuxfr.org'),
+ ('othername', '<unsupported>'),
+ ('DNS', 'prod.linuxfr.org'),
+ ('othername', '<unsupported>'),
+ ('DNS', 'alpha.linuxfr.org'),
+ ('othername', '<unsupported>'),
+ ('DNS', '*.linuxfr.org'),
+ ('othername', '<unsupported>')),
+ 'version': 3}
Now that you are assured of its authenticity, you can proceed to talk with
the server::