David Fifield david@bamsoftware.com writes:
I'm less sure about how to get the certificate chain. I did some searching and didn't find a way to get the certificate chain from the twisted.web.client.Agent that templates/httpt.py uses (maybe you provide it a twisted.internet.ssl.ContextFactory somehow?).
There's probably a better way, but there is some code in "carml" which does verification of certificate-chains and might give you some hints:
https://github.com/meejah/carml/blob/master/carml/command/downloadbundle.py#...
(As the FIXME above this says, I believe Twisted >= 14 can do that too out of the box). With the above, extracting the chain would involve registering an OpenSSL callback and recording the cert for each depth -- perhaps there is an easier way in newer Twisted releases.
HTH,