pepoluan
Reputation: 6808
Emulate openssl s_client verify facility in Python
I want to do something similar to this:
openssl s_client -verify_return_error -quiet -strict -verifyCAfile CA_file.crt server.name:4443
The Certificate installed on server.name is a partial chain containing (in order): Server's cert, and the Intermediate1 cert.
Running the above command will return (for instance) something like this:
### Successful chain traversal
depth=2 C = ..., CN = ROOT, emailAddress = ...
verify return:1
depth=1 C = ..., CN = Intermediate1, emailAddress = ...
verify return:1
depth=0 C = ..., CN = server.name
verify return:1
### UNsuccessful chain traversal (e.g., wrong CA_file)
depth=1 C = ..., CN = Intermediate1, emailAddress = ...
verify error:num=20:unable to get local issuer certificate
How do I do that with Python?
I've tried reading the documentation of pyOpenSSL but it's really ... sparse. No code examples, no guide on how to do things.
Notes:
- I just need a boolean return;
trueif certificate chain is valid,falseif certificate chain is invalid (any reason, be it wrong local CA_file or wrong chain installed server-side) - It's not necessary to use pyOpenSSL; any other methods that produce the boolean result I want, will do.
Upvotes: 1
Views: 29
Answers (0)
Related Questions
- Does Python have a ternary conditional operator?
- What does the "yield" keyword do in Python?
- Convert bytes to a string in Python 3
- What is the difference between @staticmethod and @classmethod in Python?
- How slicing in Python works
- How do I merge two dictionaries in a single expression in Python?
- What are metaclasses in Python?
- How do I get the current time in Python?
- Manually raising (throwing) an exception in Python