stackoom
  简体   繁体   中英

SSL Errors for ssl.get_server_certificate on some websites but not on others

 原文  2022-02-05 01:11:20       python/ ssl/ server/ openssl/ tls1.2

Question

So I am trying to get some domains certificates using: (port is first retrieved from a nmap and secondly I try to use 443)

ssl.get_server_certificate((hostname, port))

But for some domains, like the following ones(only a couple of them): q1.insightsnow.redbull.com, mib-cdn.redbull.com, internalauditdb-uux-d.redbull.com, smg20.redbull.com, ssmg11-q.redbull.com, pm.redbull.com. For this subdomains and many other ones I am getting a bunch of different errors:

  • [SSL: WRONG_VERSION_NUMBER] wrong version number
  • timed out
  • EOF occurred in violation of protocol
  • [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure

I need to mention that for a lot of other subdomains (somewhere around 1000), everything works fine and I can get their certificate. But for ~200 of them I am getting the errors from above repeatedly and I can not find their source on the internet.

Do you happen to know why I can not use ssl.get_server_certificate on those website or where am I doing something wrong?

Thanks!

1 answers

solution1
 0  2022-02-05 06:05:23

Most if the sites here require SNI. It was a long standing issue that SNI was not done with ssl.get_server_certificate - see ssl.get_server_certificate for sites with SNI (Server Name Indication) and Python issue 36076 . It is finally solved with 3.10:

$ python3.8 -c 'import ssl; print(ssl.get_server_certificate(("q1.insightsnow.redbull.com", 443)))'
...
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1123)


$ python3.10 -c 'import ssl; print(ssl.get_server_certificate(("q1.insightsnow.redbull.com", 443)))'
-----BEGIN CERTIFICATE-----
MIIHnjCCBoagAwIBAgIRAPcBO50Fz5QaF+JxeyoL1vEwDQYJKoZIhvcNAQELBQAw
gZUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
...

For older Python versions see the answers to this question on how to get the certificate without using ssl.get_server_certificate .

As for smg20.redbull.com and ssmg11-q.redbull.com - these sites do not seem to be reachable from the internet in the first place, ie they are also not accessible by other tools or the browser.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Python ssl.get_server_certificate downloads wrong certificate? Is python's ssl.get_server_certificate safe? ssl.get_server_certificate for sites with SNI (Server Name Indication) Python Twisted : SSL routines , ssl3_get_server_certificate errors Suppress 'SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed' errors in python url open returns errors on some websites and not others Authentication failed: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed SSL error : routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed SSLError: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Python - SSL Client/Server Certificate
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM