ssl.get_server_certificate用于具有SNI(服务器名称指示)的站点 [英] ssl.get_server_certificate for sites with SNI (Server Name Indication)
本文介绍了ssl.get_server_certificate用于具有SNI(服务器名称指示)的站点的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试获取badssl.com子域的服务器证书(例如 https://expired.badssl.com ).
I am trying to get the server certificate of badssl.com subdomains (ex. https://expired.badssl.com).
import ssl
ssl.get_server_certificate(('expired.badssl.com', 443))
但是在检查上面生成的证书时,我看到该证书具有
But when examining the above generated certificate I see that the certificate has
身份:badssl-fallback-unknown-subdomain-or-no-sni
Identity: badssl-fallback-unknown-subdomain-or-no-sni
,这意味着SNI失败.如何获得badssl.com的不同子域的服务器证书? (我正在使用python 2.7.12)
which means SNI is failing. How can I get the server certificate of different subdomains of badssl.com? (I am using python 2.7.12)
推荐答案
找到了答案.
import ssl
hostname = "expired.badssl.com"
port = 443
conn = ssl.create_connection((hostname, port))
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
sock = context.wrap_socket(conn, server_hostname=hostname)
certificate = ssl.DER_cert_to_PEM_cert(sock.getpeercert(True))
这篇关于ssl.get_server_certificate用于具有SNI(服务器名称指示)的站点的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文