Skip to content

Commit

Permalink
Allow Connection.get_peer_certificate to return a cryptography certif…
Browse files Browse the repository at this point in the history
…icate
  • Loading branch information
alex committed Aug 9, 2024
1 parent 38d8b04 commit 3252a58
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 10 deletions.
2 changes: 1 addition & 1 deletion CHANGELOG.rst
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ Deprecations:
Changes:
^^^^^^^^

* ``OpenSSL.SSL.Connection.get_certificate`` now takes an ``as_cryptography`` keyword-argument. When ``True`` is passed then a ``cryptography.x509.Certificate`` is returned, instead of an ``OpenSSL.crypto.X509``. In the future, passing ``False`` (the default) will be deprecated.
* ``OpenSSL.SSL.Connection.get_certificate`` and ``OpenSSL.SSL.Connection.get_peer_certificate`` now take an ``as_cryptography`` keyword-argument. When ``True`` is passed then a ``cryptography.x509.Certificate`` is returned, instead of an ``OpenSSL.crypto.X509``. In the future, passing ``False`` (the default) will be deprecated.


24.2.1 (2024-07-20)
Expand Down
37 changes: 28 additions & 9 deletions src/OpenSSL/SSL.py
Original file line number Diff line number Diff line change
Expand Up @@ -2708,14 +2708,10 @@ def get_certificate(
) -> X509 | None:
pass

@typing.overload
def get_certificate(
self, *, as_cryptography: bool = False
) -> X509 | x509.Certificate | None:
pass

def get_certificate(
self, *, as_cryptography: bool = False
self,
*,
as_cryptography: typing.Literal[True] | typing.Literal[False] = False,
) -> X509 | x509.Certificate | None:
"""
Retrieve the local certificate (if any)
Expand All @@ -2735,15 +2731,38 @@ def get_certificate(
return pycert
return None

def get_peer_certificate(self) -> X509 | None:
@typing.overload
def get_peer_certificate(
self, *, as_cryptography: typing.Literal[True]
) -> x509.Certificate | None:
pass

@typing.overload
def get_peer_certificate(
self, *, as_cryptography: typing.Literal[False] = False
) -> X509 | None:
pass

def get_peer_certificate(
self,
*,
as_cryptography: typing.Literal[True] | typing.Literal[False] = False,
) -> X509 | x509.Certificate | None:
"""
Retrieve the other side's certificate (if any)
:param bool as_cryptography: Controls whether a
``cryptography.x509.Certificate`` or an ``OpenSSL.crypto.X509``
object should be returned.
:return: The peer's certificate
"""
cert = _lib.SSL_get_peer_certificate(self._ssl)
if cert != _ffi.NULL:
return X509._from_raw_x509_ptr(cert)
pycert = X509._from_raw_x509_ptr(cert)
if as_cryptography:
return pycert.to_cryptography()
return pycert
return None

@staticmethod
Expand Down
8 changes: 8 additions & 0 deletions tests/test_ssl.py
Original file line number Diff line number Diff line change
Expand Up @@ -1073,6 +1073,14 @@ def _load_verify_locations_test(self, *args):
cert = clientSSL.get_peer_certificate()
assert cert.get_subject().CN == "Testing Root CA"

cryptography_cert = clientSSL.get_peer_certificate(
as_cryptography=True
)
assert (
cryptography_cert.subject.rfc4514_string()
== "CN=Testing Root CA,O=Testing,L=Chicago,ST=IL,C=US"
)

def _load_verify_cafile(self, cafile):
"""
Verify that if path to a file containing a certificate is passed to
Expand Down

0 comments on commit 3252a58

Please sign in to comment.