我正在尝试使用python 2.7.15从(IP,destport 443)获取SNI,并且我正在使用最新版本的OpenSSL和ssl模块。
这是我的代码:
public class LinksAndKeys {
public static String BASE_URL = "http://11.111.111.11:8000/";
public static double TAXABLE_AMOUNT = 0.18;
public static int DAYS_INTERVAL_FOR_RATE_ME_DIALOG = 50000;
}
这有效,但是对于指定的地址(在我在此处发布的代码段中),出现此错误:
import OpenSSL as OSsl #This two modules are imported for the only purpose of getting the SNI using function defined by us down here getSNI
import ssl
ip = "52.85.25.17"
dport = "443"
#With this function we get the Server Name Identification for the trasmissions with Secure Socket Layer identified by the port 443. We only care about the destinationIP and the destinationPort
def getSNI(ip, dport):
if dport != "443":
commonName = "Not SSL"
print commonName
else:
server_certificate = ssl.get_server_certificate((ip, dport))
x509 = OSsl.crypto.load_certificate(OSsl.crypto.FILETYPE_PEM, server_certificate) #x509 is referred to the standard used for PKI (Public Key Infrastructure) used in this case for ciphering our informations about certificate
#FILETYPE_PEM serializes data to a Base64-Encoded
#getting the informations about Certificate
certInfo = x509.get_subject()
commonName = certInfo.commonName
print (commonName)
return commonName
getSNI(ip,dport)
我已经升级了所有模块和软件包,我读了很多有关此主题的问题,而且我不知道如何解决此问题
Edit1:执行whois我发现此IpAddress已连接到Amazon,那么关于Amazon和SNI是否有任何特殊问题?
答案 0 :(得分:1)
SNI的要点是可能存在多个解析为具体IP地址的域。因此,您提供的IP(52.85.25.17)就是这样的地址之一。服务器无法确定您请求的是哪个域的证书,因此它会终止连接并出错。
附录1.捕获SSLError异常
您可以这样捕获ssl.SSLError:
try:
server_certificate = ssl.get_server_certificate((ip, dport))
...
except ssl.SSLError as e:
common_name = "Handshake Failed"