我尝试了crypto.X509Extension('subjectDirAttrs', ...)
,但Python给出的错误类似于“未知扩展名”。
任何人都可以提供解决方案吗?提前谢谢!
#! /usr/bin/env python
from OpenSSL import crypto
newSubject=crypto.X509Name(crypto.X509().get_subject())
newSubject.C='US'
newSubject.ST='California'
newSubject.O='University of California, Davis'
newSubject.OU='Computer Science, UCDavis'
newSubject.CN='www.cs.ucdavis.edu'
newCert=crypto.X509()
newCert.set_version(2)
newCert.set_serial_number(2016120711)
newCert.set_notBefore('20161207125959Z')
newCert.set_notAfter('20171207125959Z')
newCert.set_issuer(newSubject)
newCert.set_subject(newSubject)
pkObject=crypto.PKey()
pkObject.generate_key(crypto.TYPE_RSA,2048)
newCert.set_pubkey(pkObject)
newExt=crypto.X509Extension('basicConstraints', True, 'CA:true')
newCert.add_extensions([newExt])
newExt=crypto.X509Extension('subjectDirAttrs', True, 'something')
newCert.add_extensions([newExt])
newCert.sign(pkObject,'sha256')
with open('ask_stackoverflow.pem','w') as f:
f.write(crypto.dump_certificate(crypto.FILETYPE_PEM,newCert))
我尝试了'subjectDirectoryAttributes'和'subjectDirAttrs',但它们都不能正常工作。