我有这个代码作为我正在尝试编写的另一个程序的测试人员,这不会提供证书。
import socket, ssl, pprint
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(s,
ca_certs="etc/ca_certs_file",
cert_reqs=ssl.CERT_REQUIRED)
ssl_socket.connect (('www.google.com', 443))
pprint.pprint(ssl_sock.getpeercert())
ssl_sock.close()
我的其他项目的代码无法使用以下代码获取证书链。
def get_peer_cert_chain(host, port):
try:
port = int(port)
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
sock = OpenSSL.SSL.Connection(ctx, socket.socket())
SSLSocket.connect((host, port))
SSLSocket.do_handshake()
SSLSocket.getpeercert(binary_form=False)
return sock.get_peer_cert_chain()
except:
print('INFO: Unable to retrieve certificate chain from ' + str(host) + ':' + str(port))
exit(1)
def cert_chain_interpreter(host, port, chain):
if chain != None:
output_csv = open(args.output,"a")
writer = csv.writer(output_csv)
for cert in chain:
x509Name = OpenSSL.crypto.X509.get_subject(cert)
PKey = OpenSSL.crypto.X509.get_pubkey(cert)
issuer = OpenSSL.crypto.X509.get_issuer(cert)
writer_data = [host, port, OpenSSL.crypto.X509Name.get_components(x509Name), OpenSSL.crypto.X509.has_expired(cert), OpenSSL.crypto.X509.get_notBefore(cert), OpenSSL.crypto.X509.get_notAfter(cert), OpenSSL.crypto.X509Name.get_components(issuer), OpenSSL.crypto.X509.get_signature_algorithm(cert), OpenSSL.crypto.X509.get_serial_number(cert), OpenSSL.crypto.X509.get_version(cert), OpenSSL.crypto.PKey.bits(PKey)]
writer.writerow(writer_data)
output_csv.close()
此代码打印出无法检索证书链。