On Wed, Feb 03, 2010 at 11:11:27AM -0500, Seth Vidal wrote:
> Hi,
> I'm trying to get more detailed information out of curl when I run into
>
> CURLE_SSL_CACERT (60)
>
> Peer certificate cannot be authenticated with known CA certificates.
>
> in python.
>
> Ideally I'd like to have access to what certificate the peer was
> advertising so I could produce better error results.
>
> Is there a way of getting to this from pycurl?

Not at the moment. There's support in
curl_easy_getinfo(CURLINFO_CERTINFO), but that was added in 7.19.1.
Pycurl hasn't had features added since 7.19.0. When I run into this
problem, I typically use openssl s_client to connect to the peer.

If you do something like:

$ openssl s_client -connect <peer>

The first part of the output contains the certificate chain that the
peer sends to you:

$ openssl s_client -connect pkg.sun.com:443
CONNECTED(00000004)
depth=1 /O=Sun Microsystems Inc/OU=VeriSign Trust Network/OU=Class 3 MPKI Secure Server CA/CN=Sun Microsystems Inc SSL CA
verify error:num=20:unable to get local issuer certificate
verify return:0

---
Certificate chain
 0 s:/C=US/ST=California/L=San Francisco/O=Sun Microsystems Inc/OU=Software Packaging/OU=Class B/CN=pkg.sun.com
   i:/O=Sun Microsystems Inc/OU=VeriSign Trust Network/OU=Class 3 MPKI Secure Server CA/CN=Sun Microsystems Inc SSL CA
 1 s:/O=Sun Microsystems Inc/OU=VeriSign Trust Network/OU=Class 3 MPKI Secure Server CA/CN=Sun Microsystems Inc SSL CA
   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
---
<...>
HTH,
-j
_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-python