requests icon indicating copy to clipboard operation
requests copied to clipboard
verified publisher icon psf

Option for retrieving peer's TLS certificate

Open martingalvan opened this issue 7 years ago • 2 comments

It would be good to have an option to retrieve the peer's TLS certificate after a request is performed. For example, this is what libcurl provides with CURLINFO_CERTINFO.

There's a StackOverflow thread which offers some rather ugly methods to do this: https://stackoverflow.com/questions/16903528/how-to-get-response-ssl-certificate-from-requests-in-python

martingalvan avatar Oct 24 '18 21:10 martingalvan

I actually managed to fix this via an adapter, but would like for this to be natively supported. Also, TLS certificate is fetched prior a connection is fully established, as the certificate is checked for validity and only then "fully" connected.

Requests actually fetches the certificate at some pint, but it does not allow it to be stored saved somewhere, which might further complicate in situations where TLS pinning is needed.

calexandru2018 avatar Aug 24 '20 15:08 calexandru2018

We are currently trying to add support for Channel Bindings for TLS (RFC5929) in python-requests-gssapi (https://github.com/pythongssapi/requests-gssapi/pull/57).

The big question is how do we get access to the peer certificate in order to calculate a fingerprint for it.

cryptomilk avatar Jul 24 '25 11:07 cryptomilk