From a1491a6ae037b7874dd71de11f5cd43e10aa46e7 Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Thu, 28 Jun 2012 08:15:55 +1200
Subject: Add a get_remote_cert method to tcp client.

---
 netlib/certutils.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'netlib/certutils.py')

diff --git a/netlib/certutils.py b/netlib/certutils.py
index 6c9a5c57..180e1ac0 100644
--- a/netlib/certutils.py
+++ b/netlib/certutils.py
@@ -2,6 +2,7 @@ import os, ssl, hashlib, socket, time, datetime
 from pyasn1.type import univ, constraint, char, namedtype, tag
 from pyasn1.codec.der.decoder import decode
 import OpenSSL
+import tcp
 
 CERT_SLEEP_TIME = 1
 CERT_EXPIRY = str(365 * 3)
@@ -218,7 +219,8 @@ class SSLCert:
         return altnames
 
 
-def get_remote_cert(host, port): # pragma: no cover
-    addr = socket.gethostbyname(host)
-    s = ssl.get_server_certificate((addr, port))
-    return SSLCert(s)
+def get_remote_cert(host, port, sni):
+    c = tcp.TCPClient(host, port)
+    c.connect()
+    c.convert_to_ssl(sni=sni)
+    return c.cert
-- 
cgit v1.2.3