SSL 错误 ssl.get_server_certificate 在某些网站上但在其他网站上没有
[英]SSL Errors for ssl.get_server_certificate on some websites but not on others
问题描述
So I am trying to get some domains certificates using: (port is first retrieved from a nmap and secondly I try to use 443)
所以我正在尝试使用以下方法获取一些域证书:(首先从 nmap 检索端口,然后我尝试使用 443)
ssl.get_server_certificate((hostname, port))
But for some domains, like the following ones(only a couple of them): q1.insightsnow.redbull.com, mib-cdn.redbull.com, internalauditdb-uux-d.redbull.com, smg20.redbull.com, ssmg11-q.redbull.com, pm.redbull.com. But for some domains, like the following ones(only a couple of them): q1.insightsnow.redbull.com, mib-cdn.redbull.com, internalauditdb-uux-d.redbull.com, smg20.redbull.com, ssmg11 -q.redbull.com,pm.redbull.com。 For this subdomains and many other ones I am getting a bunch of different errors:对于这个子域和许多其他子域,我收到了一堆不同的错误:
- [SSL: WRONG_VERSION_NUMBER] wrong version number [SSL: WRONG_VERSION_NUMBER] 错误的版本号
- timed out时间到
- EOF occurred in violation of protocol EOF 发生违反协议
- [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 警报握手失败
I need to mention that for a lot of other subdomains (somewhere around 1000), everything works fine and I can get their certificate.我需要提一下,对于许多其他子域(大约 1000 个),一切正常,我可以获得他们的证书。 But for ~200 of them I am getting the errors from above repeatedly and I can not find their source on the internet.但是对于其中约 200 个,我反复从上面得到错误,我无法在互联网上找到它们的来源。
Do you happen to know why I can not use ssl.get_server_certificate on those website or where am I doing something wrong?您是否知道为什么我不能在这些网站上使用 ssl.get_server_certificate 或者我在哪里做错了什么?
Thanks!谢谢!
1 个解决方案
解决方案1
0 2022-02-05 06:05:23
Most if the sites here require SNI.大多数如果这里的网站需要 SNI。 It was a long standing issue that SNI was not done with ssl.get_server_certificate - see ssl.get_server_certificate for sites with SNI (Server Name Indication) and Python issue 36076 . It was a long standing issue that SNI was not done with ssl.get_server_certificate - see ssl.get_server_certificate for sites with SNI (Server Name Indication) and Python issue 36076 . It is finally solved with 3.10:终于用3.10解决了:
$ python3.8 -c 'import ssl; print(ssl.get_server_certificate(("q1.insightsnow.redbull.com", 443)))'
...
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1123)
$ python3.10 -c 'import ssl; print(ssl.get_server_certificate(("q1.insightsnow.redbull.com", 443)))'
-----BEGIN CERTIFICATE-----
MIIHnjCCBoagAwIBAgIRAPcBO50Fz5QaF+JxeyoL1vEwDQYJKoZIhvcNAQELBQAw
gZUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
...
For older Python versions see the answers to this question on how to get the certificate without using ssl.get_server_certificate .对于较旧的 Python 版本,请参阅此问题的答案,了解如何在不使用ssl.get_server_certificate的情况下获取证书。
As for smg20.redbull.com and ssmg11-q.redbull.com - these sites do not seem to be reachable from the internet in the first place, ie they are also not accessible by other tools or the browser.至于 smg20.redbull.com 和 ssmg11-q.redbull.com - 首先似乎无法从互联网访问这些站点,即其他工具或浏览器也无法访问它们。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.