我正在尝试与Python的远程ESMTP服务器进行交互。我需要捕获客户端证书并在发送STARTTLS命令后发出命令。这可以通过OpenSSL命令行工具轻松完成,我可以从命令行轻松完成。但是,当我使用子进程从Python执行此操作时,它会失败。
以下是从命令行执行的操作:
[ec2-user@ec2 dane2]$ openssl s_client -starttls smtp -host aspmx.l.google.com -port 25
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = mx.google.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com
i:/C=US/O=Google Inc/CN=Google Internet Authority G2
1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGhDCCBWygAwIBAgIIWBl3p3vZ2gQwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwMjE4MTAxNDE1WhcNMTUxMjMxMDAwMDAw
WjBnMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEWMBQGA1UEAwwNbXgu
Z29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMv7SO16
/zsSbvvLqhtjFfg4D3D316mnl7kiPeyJZmPGJSUOc9Dat7mlvzEmREgVteM7rUJ+
dujErZR2BgqjE0Exet2q57F047ta8+jjIiZYmMpGoiyr8ArICutDSh/jkg43Sxvc
VvKyF93prWBAqWk9DlBdtYzmCGqa6afsV9Ar5C86wyyjjPihIXzAqXGO0qixMckT
x58xPVw5EcaK0OBnD/CD9U+y5FQAjTxSZCmA8BA+3O29I4yQYGHkwYWzZ/QGWx0U
jVGuoDn64ZVl8arpWVqQk+vlx3DT3+w73wazCIV4nVMW415OhoYUupS9F1hwt5Xl
fwi5rcWpSjIvRdMCAwEAAaOCA1AwggNMMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjCCAiYGA1UdEQSCAh0wggIZghJhc3BteC5sLmdvb2dsZS5jb22CF2Fs
dDEuYXNwbXgubC5nb29nbGUuY29tghdhbHQyLmFzcG14LmwuZ29vZ2xlLmNvbYIX
YWx0My5hc3BteC5sLmdvb2dsZS5jb22CF2FsdDQuYXNwbXgubC5nb29nbGUuY29t
ghpnbWFpbC1zbXRwLWluLmwuZ29vZ2xlLmNvbYIfYWx0MS5nbWFpbC1zbXRwLWlu
LmwuZ29vZ2xlLmNvbYIfYWx0Mi5nbWFpbC1zbXRwLWluLmwuZ29vZ2xlLmNvbYIf
YWx0My5nbWFpbC1zbXRwLWluLmwuZ29vZ2xlLmNvbYIfYWx0NC5nbWFpbC1zbXRw
LWluLmwuZ29vZ2xlLmNvbYIYZ21yLXNtdHAtaW4ubC5nb29nbGUuY29tgh1hbHQx
Lmdtci1zbXRwLWluLmwuZ29vZ2xlLmNvbYIdYWx0Mi5nbXItc210cC1pbi5sLmdv
b2dsZS5jb22CHWFsdDMuZ21yLXNtdHAtaW4ubC5nb29nbGUuY29tgh1hbHQ0Lmdt
ci1zbXRwLWluLmwuZ29vZ2xlLmNvbYINbXguZ29vZ2xlLmNvbYIVYXNwbXgyLmdv
b2dsZW1haWwuY29tghVhc3BteDMuZ29vZ2xlbWFpbC5jb22CFWFzcG14NC5nb29n
bGVtYWlsLmNvbYIVYXNwbXg1Lmdvb2dsZW1haWwuY29tMGgGCCsGAQUFBwEBBFww
WjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNydDAr
BggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2NzcDAdBgNV
HQ4EFgQU+dGlczrTqRIeX+KOJZGoZuvSbH4wDAYDVR0TAQH/BAIwADAfBgNVHSME
GDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAOMAwGCisGAQQB1nkC
BQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcy
LmNybDANBgkqhkiG9w0BAQUFAAOCAQEATvYWP0PucWPe09a4R1AiCI4hgskaUpXN
MZYWuD42qj5Ogp/ViajPlVjFowPeMoWfKzi2k3+4+aFCcsHHXMEe2umrTLyzonwF
X6jmzHj+5NGXuRRlGmPnHzzVWjEVbMhBwTQMneVkKVEL1HuAJlCoFr0uK2FtpYvt
CBfDr39PppsYS7Y3sB8ji3+bHhB3FMGXZLViJqVVPODMlDF6G7vRold08GHO9Led
nNSDImoOPhqj+pCJRv31GiDvI7PrlQQq5RRWGiFs09flqOKRnpyeMgqVicho/R3+
mjGh7k4tiUobGAvzYExi9gLydQIlNIf7SSxRPQ0rix9NIYMMa1jMXA==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 4491 bytes and written 408 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: F06DFB02F54C5D50F5077CDEE8878948BA288386D5BD51E78F4EB546FD56A277
Session-ID-ctx:
Master-Key: 3E53A3737CBD3C947F10BCE048B922996DA7E90EFC478AA780DC20CD9521FED7A56E0686ACC772215C9B6019119595BE
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 100800 (seconds)
TLS session ticket:
0000 - ea 82 db c4 9e 33 6d 42-d1 1e bc 1c 3d a0 a6 4b .....3mB....=..K
0010 - bb 6e 1c 1a a8 03 bb 71-90 2f bd 91 3d 90 9e a6 .n.....q./..=...
0020 - d5 40 93 03 8d a7 34 6e-f5 bd 4e 10 42 7b 2a 5a .@....4n..N.B{*Z
0030 - e9 be 6a 85 4e e5 6d 34-62 74 43 47 0a 81 82 c7 ..j.N.m4btCG....
0040 - 15 8b 1e fb 0f 2c 4f 51-2b a0 57 ad a7 90 4c 56 .....,OQ+.W...LV
0050 - 3c a8 53 f3 9d 3f 39 03-52 4b e3 11 5a ce 46 19 <.S..?9.RK..Z.F.
0060 - a2 2a 82 d2 72 aa 85 9c-31 06 fa fb 9c 07 9e 62 .*..r...1......b
0070 - 35 a5 0a 60 a5 33 5f 24-2a 05 bd bb 6d 5d 2f 4d 5..`.3_$*...m]/M
0080 - 23 66 d0 6e 5c fc 2c ce-84 a5 61 7e b6 e4 53 6d #f.n\.,...a~..Sm
0090 - 42 36 96 1a 5e f5 71 c8-52 dc 11 8b 9c a8 29 58 B6..^.q.R.....)X
00a0 - be 56 3b 09 .V;.
Start Time: 1436368455
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
250 SMTPUTF8
EHLO THERE
250-mx.google.com at your service, [52.7.167.73]
250-SIZE 35882577
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
QUIT
DONE
这是一个应该执行的python程序:
openssl_exe = 'openssl'
import subprocess,os,sys
cmd = [openssl_exe,'s_client','-starttls','smtp','-host','aspmx.l.google.com','-port','25']
p = subprocess.Popen(cmd,stdin=subprocess.PIPE,stdout=subprocess.PIPE)
w = p.communicate(b"EHLO THERE\r\n")
print("STDOUT={}".format(w[0]))
但这是python程序的结果:
$ python stest.py
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
250 SMTPUTF8
DONE
STDOUT=CONNECTED(00000005)
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com
i:/C=US/O=Google Inc/CN=Google Internet Authority G2
1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGhDCCBWygAwIBAgIIWBl3p3vZ2gQwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwMjE4MTAxNDE1WhcNMTUxMjMxMDAwMDAw
WjBnMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEWMBQGA1UEAwwNbXgu
Z29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMv7SO16
/zsSbvvLqhtjFfg4D3D316mnl7kiPeyJZmPGJSUOc9Dat7mlvzEmREgVteM7rUJ+
dujErZR2BgqjE0Exet2q57F047ta8+jjIiZYmMpGoiyr8ArICutDSh/jkg43Sxvc
VvKyF93prWBAqWk9DlBdtYzmCGqa6afsV9Ar5C86wyyjjPihIXzAqXGO0qixMckT
x58xPVw5EcaK0OBnD/CD9U+y5FQAjTxSZCmA8BA+3O29I4yQYGHkwYWzZ/QGWx0U
jVGuoDn64ZVl8arpWVqQk+vlx3DT3+w73wazCIV4nVMW415OhoYUupS9F1hwt5Xl
fwi5rcWpSjIvRdMCAwEAAaOCA1AwggNMMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjCCAiYGA1UdEQSCAh0wggIZghJhc3BteC5sLmdvb2dsZS5jb22CF2Fs
dDEuYXNwbXgubC5nb29nbGUuY29tghdhbHQyLmFzcG14LmwuZ29vZ2xlLmNvbYIX
YWx0My5hc3BteC5sLmdvb2dsZS5jb22CF2FsdDQuYXNwbXgubC5nb29nbGUuY29t
ghpnbWFpbC1zbXRwLWluLmwuZ29vZ2xlLmNvbYIfYWx0MS5nbWFpbC1zbXRwLWlu
LmwuZ29vZ2xlLmNvbYIfYWx0Mi5nbWFpbC1zbXRwLWluLmwuZ29vZ2xlLmNvbYIf
YWx0My5nbWFpbC1zbXRwLWluLmwuZ29vZ2xlLmNvbYIfYWx0NC5nbWFpbC1zbXRw
LWluLmwuZ29vZ2xlLmNvbYIYZ21yLXNtdHAtaW4ubC5nb29nbGUuY29tgh1hbHQx
Lmdtci1zbXRwLWluLmwuZ29vZ2xlLmNvbYIdYWx0Mi5nbXItc210cC1pbi5sLmdv
b2dsZS5jb22CHWFsdDMuZ21yLXNtdHAtaW4ubC5nb29nbGUuY29tgh1hbHQ0Lmdt
ci1zbXRwLWluLmwuZ29vZ2xlLmNvbYINbXguZ29vZ2xlLmNvbYIVYXNwbXgyLmdv
b2dsZW1haWwuY29tghVhc3BteDMuZ29vZ2xlbWFpbC5jb22CFWFzcG14NC5nb29n
bGVtYWlsLmNvbYIVYXNwbXg1Lmdvb2dsZW1haWwuY29tMGgGCCsGAQUFBwEBBFww
WjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNydDAr
BggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2NzcDAdBgNV
HQ4EFgQU+dGlczrTqRIeX+KOJZGoZuvSbH4wDAYDVR0TAQH/BAIwADAfBgNVHSME
GDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAOMAwGCisGAQQB1nkC
BQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcy
LmNybDANBgkqhkiG9w0BAQUFAAOCAQEATvYWP0PucWPe09a4R1AiCI4hgskaUpXN
MZYWuD42qj5Ogp/ViajPlVjFowPeMoWfKzi2k3+4+aFCcsHHXMEe2umrTLyzonwF
X6jmzHj+5NGXuRRlGmPnHzzVWjEVbMhBwTQMneVkKVEL1HuAJlCoFr0uK2FtpYvt
CBfDr39PppsYS7Y3sB8ji3+bHhB3FMGXZLViJqVVPODMlDF6G7vRold08GHO9Led
nNSDImoOPhqj+pCJRv31GiDvI7PrlQQq5RRWGiFs09flqOKRnpyeMgqVicho/R3+
mjGh7k4tiUobGAvzYExi9gLydQIlNIf7SSxRPQ0rix9NIYMMa1jMXA==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4493 bytes and written 478 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: E4CA9A02C02D18C3078ECA0265855F7D7791D0B369305E12CC9DD4811020016C
Session-ID-ctx:
Master-Key: CF0092DADDECFE4CE1FFDB581624DB7CB88E9BF7815EDEBAD39D43E94AEE47C681590981825B9A734006351D92984432
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 100800 (seconds)
TLS session ticket:
0000 - ea 82 db c4 9e 33 6d 42-d1 1e bc 1c 3d a0 a6 4b .....3mB....=..K
0010 - 65 ce b1 40 f3 99 bc 54-9e 97 8c 63 40 dc d2 6b e..@...T...c@..k
0020 - 8f 1e 8f 7f c2 7f 4a 57-e3 f1 4f cb 6b 65 ed 87 ......JW..O.ke..
0030 - 8d fb ea a3 40 46 f2 05-82 ea 96 6e 5e de 48 56 ....@F.....n^.HV
0040 - b9 24 f5 39 e5 11 1c bc-7b 7f e5 c8 d6 d8 a8 1e .$.9....{.......
0050 - 81 59 8c 52 24 43 39 b5-ff f4 d8 f8 1d b6 52 02 .Y.R$C9.......R.
0060 - ab 24 11 76 18 1e ba c5-8c 49 7e 57 29 8f 91 d4 .$.v.....I~W)...
0070 - 5d ab 5b 1e d4 bc 0f 08-ba 89 c8 d1 4c dc 6a 3a ].[.........L.j:
0080 - 38 6d 5e 89 ba 53 67 54-53 64 82 a9 79 93 f0 69 8m^..SgTSd..y..i
0090 - 05 40 79 33 84 54 25 50-34 d2 af c7 99 3a a8 63 .@y3.T%P4....:.c
00a0 - 13 95 46 02 ..F.
Start Time: 1436368538
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
为什么我没有得到EHLO THERE命令的输出?