我对比较自签名SSL证书的指纹感兴趣。为此,我想到了:
import ssl, socket
from m2crypto import X509
cert_pem = ssl.get_server_certificate(addr)
x509 = X509.load_cert_string(cert_pem, X509.FORMAT_PEM)
fp = x509.get_fingerprint('sha1')
if fp==allowed_fp:
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(addr)
但我看到的偏见是,证书可能会在验证和连接之间发生变化。实际使用相同的ssl.get_server_certificate连接是很好的。是否有更好的方法来比较指纹?