pyopenssl_certificate_hostname_verification_with_service_identity.py

1from pyOpenSSL import SSL
2from service_identity import verify_hostname
3from service_identity.exceptions import VerificationError
4
5# 1. Get a certificate from a connection (standard PyOpenSSL usage)
6# For this example, we assume `conn` is an established OpenSSL.SSL.Connection
7cert = conn.get_peer_certificate()
8
9# 2. Verify that the certificate is valid for the given hostname
10try:
11    verify_hostname(cert, "example.com")
12except VerificationError:
13    print("Certificate verification failed!")
14except Exception as e:
15    print(f"An error occurred: {e}")
16else:
17    print("Certificate is valid for example.com")