我正在尝试使用Python中的
OpenSSL
模块进行证书验证。
我的窗口
openssl
命令为:
openssl verify -partial_chain -CAfile Intermediate.pem UserCert.pem
您能建议我用 Python 实现与此等效的功能吗?
要求:这需要通过
OpenSSL
或任何Python3模块来完成。使用os.system
可以解决问题,但这不能满足要求。
刚刚遇到了同样的问题,最终使用纯 pyopenssl 解决了它:
import OpenSSL
import ssl
host = 'my.endpoint.com'
port = 443
partial_chain = ... # The partial chain to verify against, as a list of strings
urlcert = ssl.get_server_certificate((host, port))
certificate = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, urlcert)
store = OpenSSL.crypto.X509Store()
# populate store
for i in partial_chain:
store.add_cert(OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, i))
# Set partial chain validation
store.set_flags(OpenSSL.crypto.X509StoreFlags.PARTIAL_CHAIN)
store_ctx = OpenSSL.crypto.X509StoreContext(store, certificate)
try:
store_ctx.verify_certificate()
return True
except Exception as e:
print(str(e))
return False