rev*_*ler 5 python ssl openssl pyopenssl verify
我正在python2和pyOpensSSL中编写一个测试装置,它实际上是一个SSL工厂。该文本装置创建其自己的CA证书和密钥,然后创建由该CA签名的证书。
目前,我无法使用openssl verify来验证证书。这就是我得到的:
server.pem: OU = Hosting Platform CA Testing, CN = test.com
error 7 at 0 depth lookup:certificate signature failure
139891057788744:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
139891057788744:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:797:
139891057788744:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:221:
CA以及证书的密钥生成如下:
def createKey(self):
self.key = OpenSSL.crypto.PKey()
self.key.generate_key(OpenSSL.crypto.TYPE_RSA, self.bits)
我已经验证了-subject,-subject-hash,-issuer并-issuer-hash为证书和发行者CA证书两种:
server.pem:
subject= /OU=Hosting Platform CA Testing/CN=test.com
e209e907
issuer= /C=US/ST=Arizona/L=Gilbert/O=GoDaddy Hosting Platform/OU=Hosting Platform CA Testing/CN=ca.reveller.me
f04ea969
/etc/pki/tls/certs/f04ea969.0:
subject= /C=US/ST=Arizona/L=Gilbert/O=GoDaddy Hosting Platform/OU=Hosting Platform CA Testing/CN=ca.reveller.me
f04ea969
issuer= /C=US/ST=Arizona/L=Gilbert/O=GoDaddy Hosting Platform/OU=Hosting Platform CA Testing/CN=ca.reveller.me
f04ea969
我正在使用X509v3扩展,并已验证密钥标识符哈希以确保它们匹配:
server.pem:
X509v3 Subject Key Identifier:
12:A1:CF:8A:FE:4C:BF:AD:3B:7D:1E:5F:8B:9B:B3:49:0E:D8:9D:91
X509v3 Authority Key Identifier:
keyid:24:13:EF:DC:9D:A6:09:28:08:FB:34:76:E0:56:AA:EF:42:02:99:2F
/etc/pki/tls/certs/f04ea969.0:
X509v3 Subject Key Identifier:
24:13:EF:DC:9D:A6:09:28:08:FB:34:76:E0:56:AA:EF:42:02:99:2F
X509v3 Authority Key Identifier:
24:13:EF:DC:9D:A6:09:28:08:FB:34:76:E0:56:AA:EF:42:02:99:2F
为什么会出现填充错误?关于在哪里可以找到不匹配项的任何想法?
| 归档时间: |
|
| 查看次数: |
2307 次 |
| 最近记录: |