themighty1
commented
10 years ago https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/How_to_check_the_secruity_state_of_an_XMLHTTPRequest_over_SSL This code snippet shows how to extract TLS cert info
AdamISZ
This is probably a critical requirement - although technically very difficult, an attacker who 'owned' your network connection may be able to redirect the tls socket connection from the python and feed you a fake site response using a fake cert/pubkey. Although it's true that the auditor can double check the correct pubkey, it's probably necessary that the auditee immediately recognises that such an attack is taking place.