当我使用python ssl和socket测试crl撤销
当我尝试使用python crl文件检查对等证书是否被吊销时, 我查阅了python的官方文档,但内容很少。 我的基本步骤:
def tls_check(domain, port):
addr = domain
ctx = ssl.create_default_context()
ctx.options &= ssl.CERT_REQUIRED
ctx.verify_flags = ssl.VERIFY_CRL_CHECK_CHAIN
ctx.check_hostname = False
ctx.load_verify_locations(cafile="/home/linux/CloudBrahma_release/Utils/pre_crl.pem")
sock = ctx.wrap_socket(socket.socket(socket.AF_INET, socket.SOCK_STREAM), server_hostname=addr)
sock.connect((addr, port))
print("TLS Ceritificate:")
pprint.pprint(sock.getpeercert())
print("TLS Version:", sock.version())
print("TLS Cipher:", sock.cipher()[0])
exit()
tls_check("xxxxx", 8080)
我遇到了这个错误
Traceback (most recent call last):
File "test.py", line 28, in <module>
tls_check("100.94.2.17", 8443)
File "test.py", line 21, in tls_check
sock.connect((addr, port))
File "/home/linux/py3env/lib/python3.7/ssl.py", line 1150, in connect
self._real_connect(addr, False)
File "/home/linux/py3env/lib/python3.7/ssl.py", line 1141, in _real_connect
self.do_handshake()
File "/home/linux/py3env/lib/python3.7/ssl.py", line 1117, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)