python3::ssl::_local_证书验证
[英]python3::ssl:: _local_ certificate validation
问题描述
I am trying to do (python 3.6) the equivalent of
我正在尝试做(python 3.6)相当于
openssl verify -CApath my_dir_of_CA_certs my_cert_from_one_of_those_CAs
I keep looking over ssl and pyOpenSSL but nothing seems apparent.. any form of verification for these modules require a connection which is not what the above command do.我一直在查看 ssl 和 pyOpenSSL,但似乎没有什么明显的.. 这些模块的任何形式的验证都需要一个连接,这不是上述命令所做的。 Do i miss something obvious here or it's just not possible?我在这里错过了一些明显的东西还是不可能? (and i will have to run it as system command) (我必须将它作为系统命令运行)
1 个解决方案
解决方案1
1 2020-12-05 14:17:40
so, @patrick-mevzek was right, to do certificate verification against a (collection of) CA, with python3, one can use pyOpenSSL and do:所以,@patrick-mevzek 是对的,使用 python3 对(集合)CA 进行证书验证,可以使用 pyOpenSSL 并执行以下操作:
x509store = OpenSSL.crypto.X509Store()
x509store.load_locations(None, capath = ca_verify_location)
OR或者x509store.load_locations(cafile = ca_verify_location) if the CAs are store in a file x509store.load_locations(cafile = ca_verify_location)如果 CA 存储在文件中store_ctx = OpenSSL.crypto.X509StoreContext(x509store, x509)
where x509 is the x509 cert object, and then其中 x509 是 x509 证书 object,然后store_ctx.verify_certificate()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.