#!/usr/bin/python
import sys
import OpenSSL, OpenSSL.crypto, OpenSSL.SSL
import socket

def get_cert(host, port):
	s = socket.socket()
	# We'll guess here.
	cx = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)   #SSLv23_METHOD)
	cn = OpenSSL.SSL.Connection(cx, s)
	cn.connect((host, port))
	# Force the SSL handshake to go.
	cn.do_handshake()
	if cn.state_string() != "SSL negotiation finished successfully":
		print "bad state:", cn.state_string()
		return None
	cert = cn.get_peer_certificate()
	cn.shutdown()
	cn.close()
	return cert

def dump_cert(cert):
	#print "cert issuer:", cert.get_issuer()
	#print "cert subject:", cert.get_subject()
	# This is badly documented, to put it one way.
	print "cert CN:", cert.get_subject().CN
	print "cert SHA1:", cert.digest("sha1")
	print "cert PEM:"
	print OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,
					      cert)

def process(args):
	if len(args) != 2:
		sys.stderr.write("usage: getcertinfo host port\n")
		sys.exit(1)
	port = int(args[1])
	dump_cert(get_cert(args[0], port))

if __name__ == "__main__":
	process(sys.argv[1:])