ssl.get_server_certificate 用于具有 SNI(服务器名称指示)的站点

2022-01-25 00:00:00 python ssl ssl-certificate sni

问题描述

我正在尝试获取 badssl.com 子域的服务器证书(例如 https://expired.badssl.com).

I am trying to get the server certificate of badssl.com subdomains (ex. https://expired.badssl.com).

import ssl ssl.get_server_certificate(('expired.badssl.com', 443))

但是在检查上面生成的证书时，我看到证书有

But when examining the above generated certificate I see that the certificate has

身份:badssl-fallback-unknown-subdomain-or-no-sni

Identity: badssl-fallback-unknown-subdomain-or-no-sni

这意味着 SNI 失败.如何获取 badssl.com 不同子域的服务器证书?(我使用的是python 2.7.12)

which means SNI is failing. How can I get the server certificate of different subdomains of badssl.com? (I am using python 2.7.12)

解决方案

找到答案了.

import ssl hostname = "expired.badssl.com" port = 443 conn = ssl.create_connection((hostname, port)) context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) sock = context.wrap_socket(conn, server_hostname=hostname) certificate = ssl.DER_cert_to_PEM_cert(sock.getpeercert(True))

相关文章