我正在尝试使用Python中的
OpenSSL我的窗口
opensslopenssl verify -partial_chain -CAfile Intermediate.pem UserCert.pem您能建议我用 Python 实现与此等效的功能吗?
要求:这需要通过
OpenSSLos.system刚刚遇到了同样的问题,最终使用纯 pyopenssl 解决了它:
import OpenSSL
import ssl
host = 'my.endpoint.com'
port = 443
partial_chain = ... # The partial chain to verify against, as a list of strings
urlcert = ssl.get_server_certificate((host, port))
certificate = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, urlcert)
store = OpenSSL.crypto.X509Store()
# populate store
for i in partial_chain:
store.add_cert(OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, i))
# Set partial chain validation
store.set_flags(OpenSSL.crypto.X509StoreFlags.PARTIAL_CHAIN)
store_ctx = OpenSSL.crypto.X509StoreContext(store, certificate)
try:
store_ctx.verify_certificate()
return True
except Exception as e:
print(str(e))
return False