#!/usr/bin/env python3
# /// script
# requires-python = ">=3.10"
# dependencies = ["pyopenssl"]
# ///
from OpenSSL import SSL, crypto
import socket
import select

ctx = SSL.Context(SSL.TLS_CLIENT_METHOD)
ctx.set_verify(SSL.VERIFY_NONE, lambda *a: True)

sock = socket.create_connection(('gp.se', 443), timeout=10)
conn = SSL.Connection(ctx, sock)
conn.set_tlsext_host_name(b'gp.se')
conn.set_connect_state()

# Retry handshake — needed when socket has timeout set
while True:
    try:
        conn.do_handshake()
        break
    except SSL.WantReadError:
        select.select([sock], [], [], 5)
    except SSL.WantWriteError:
        select.select([], [sock], [], 5)

chain = conn.get_peer_cert_chain()
print(f'Chain: {len(chain) if chain else 0} certs')

if chain:
    for i, c in enumerate(chain):
        print(f'  [{i}] {c.get_subject().CN}')

peer = conn.get_peer_certificate()
print(f'Peer: {peer.get_subject().CN if peer else None}')

conn.shutdown()
sock.close()