我致力于处理Alexa语音意图的服务.我需要验证每个请求的签名,我几乎成功了.唯一不起作用的部分是证书链的验证.
从文档中我知道:
此证书链按顺序由(1)Amazon签名证书和(2)一个或多个其他证书组成,这些证书为根证书颁发机构(CA)证书创建信任链.
我的代码看起来像这样:
certificates = pem.parse_file("chain.pem")
store = crypto.X509Store()
for cert in certificates[:-1]:
loaded_cert = crypto.load_certificate(crypto.FILETYPE_PEM,
cert.as_bytes())
store.add_cert(loaded_cert)
intermediate_cert = crypto.load_certificate(
crypto.FILETYPE_PEM,
certificates[-1].as_bytes()
)
# Create a certificate context
store_ctx = crypto.X509StoreContext(store, intermediate_cert)
# Verify the certificate
store_ctx.verify_certificate()
我收到以下错误:
OpenSSL.crypto.X509StoreContextError: [20, 0, 'unable to get local issuer certificate']
我不知道我做错了什么,也许有人已经实现了这个并且可以提示.
我正在编写一个需要在客户端浏览器中安装证书的应用程序.我在PyOpenSSL文档中找到了这个"Context"对象,但是我看不出回调应该如何验证证书,只是它应该以某种方式.
set_verify(mode, callback)
Set the verification flags for this Context object to mode and
specify that callback should be used for verification callbacks.
mode should be one of VERIFY_NONE and VERIFY_PEER. If
VERIFY_PEER is used, mode can be OR:ed with
VERIFY_FAIL_IF_NO_PEER_CERT and VERIFY_CLIENT_ONCE to further
control the behaviour. callback should take five arguments: A
Connection object, an X509 object, and three integer variables,
which are in turn potential error number, error depth and return
code. callback should return true if … 我有西班牙当局(FNMT)颁发的有效证书,我想玩它以了解更多相关信息.该文件的扩展名为.p12
我想阅读其中的信息(名字和姓氏)并检查证书是否有效.用pyOpenSSL可以做到吗?我想我必须在OpenSSL中使用加密模块.任何帮助或有用的链接?试着在这里阅读:http://packages.python.org/pyOpenSSL/openssl-crypto.html但信息不多:-(
这可能只是另一个未解决的线程,但无论如何我会填写一些信息.
我甚至连一秒钟都无法将我的SSL包装在一起.对我的wrap_socket()和do_handshake()做错了什么想法?
关键文件似乎100%完美,我在握手之前尝试过没有.recv()的AND.这只是根据我放置recv()的位置生成这些:
SSL3_GET_CLIENT_HELLO:版本号错误
SSL3_GET_RECORD:版本号错误
class Server():
def __init__(self, listen = '', port = 8080, ssl = False):
self.sock = socket.socket()
self.sock.bind((listen, port))
self.sock.listen(5)
def accept(self):
newsocket, fromaddr = self.sock.accept()
newsocket.recv(32)
newsocket.setblocking(0)
sslsock = ssl.wrap_socket(newsocket,
server_side=True,
certfile="./kernel/sock/server.crt",
keyfile="./kernel/sock/server.key",
cert_reqs=ssl.CERT_NONE,
ssl_version=ssl.PROTOCOL_TLSv1,
do_handshake_on_connect=False,
suppress_ragged_eofs=True)
sslsock.do_handshake()
return sslsock, fromaddr
为了记录,如果它不明显或我错了,这是握手失败:)
我稍微修改了代码,尝试SSLv3并且还改变了包装的位置:
import socket, ssl, time, select
class Server():
def __init__(self, listen = '', port = 443, ssl = False):
self.sock = socket.socket()
self.sock.bind((listen, port))
self.sock.listen(5)
def accept(self):
self.sock = ssl.wrap_socket(self.sock,
server_side=True,
certfile="./kernel/sock/server.crt",
keyfile="./kernel/sock/server.key", …我很难运行带有EXPORT级密码的M2Crypto SSLServer.
LOW/MEDIUM/HIGH级密码的工作没有任何问题,但EXPORT不会.此外,当OpenSSL从命令行以服务器模式运行时,它接受EXPORT级密码而没有任何问题.
所以,要么我丢失了某些东西,要么M2Crypto模块中存在问题.任何帮助表示赞赏.
使用过的python代码(ssl-server.py)如下所示:
import M2Crypto
import socket
CERTFILE = "dummy_cert.pem"
KEYFILE = "dummy_key.pem"
PROTOCOL = "sslv3"
HOST = "0.0.0.0"
PORT = 4433
def main():
print "[i] Initializing context ..."
ctx = M2Crypto.SSL.Context(protocol=PROTOCOL, weak_crypto=True)
ctx.load_cert_chain(certchainfile=CERTFILE, keyfile=KEYFILE)
ctx.set_options(M2Crypto.m2.SSL_OP_ALL)
ctx.set_cipher_list("ALL")
print "[i] Initializing socket ..."
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.bind((HOST, PORT))
sock.listen(1)
conn, addr = sock.accept()
print "[i] SSL handshake ..."
ssl_conn = M2Crypto.SSL.Connection(ctx=ctx, sock=conn)
ssl_conn.setup_ssl()
try:
ssl_conn_res = ssl_conn.accept_ssl()
except Exception, ex:
print "[x] SSL connection failed: '%s'" …我有签名的PKCS7消息.它包含数据和签名证书(具有整个信任链).
我有一个代码,它使用m2crypto来获取证书.
bio = BIO.MemoryBuffer(pkcs7message)
p7 = SMIME.PKCS7(m2.pkcs7_read_bio_der(bio._ptr()))
sk = X509.X509_Stack()
certStack = p7.get0_signers(sk)
有用.但是,certStack只返回一个证书(而不是返回整个证书链.
两个问题:
我想在我的echo客户端/服务器程序中进行相互身份验证.我正在使用python 2.7.12 and thessl`模块
Distributor ID: Ubuntu
Description: Ubuntu 14.04.5 LTS
Release: 14.04
Codename: trusty
我使用openssl命令生成了客户端和服务器的证书和密钥:
openssl req -new -x509 -days 365 -nodes -out client.pem -keyout client.key
openssl req -new -x509 -days 365 -nodes -out server.pem -keyout server.key
我希望客户端验证服务器,我希望服务器验证客户端.但是,下面的代码显示了服务器端的一些错误:
Traceback (most recent call last):
File "ssl_server.py", line 18, in <module>
secure_sock = ssl.wrap_socket(client, server_side=True, certfile="server.pem", keyfile="server.key")
File "/usr/lib/python2.7/ssl.py", line 933, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py", line 601, in __init__
self.do_handshake()
File "/usr/lib/python2.7/ssl.py", line 830, in do_handshake …我希望能够将证书传递给Python的ssl库,而无需临时文件.似乎Python的ssl模块不能这样做.
要解决此问题,我想从本机模块中检索SSL_CTX存储在ssl._ssl._SSLContext类中的基础结构_ssl.使用ctypes然后我可以SSL_CTX_*使用该上下文从libssl 手动调用相应的函数.这里显示了如何在C中执行此操作,我将通过ctypes执行相同的操作.
不幸的是,我陷入了我设法挂钩load_verify_locations函数的地步,ssl._ssl._SSLContext但似乎无法获得ssl._ssl._SSLContext结构实例的正确内存地址.load_verify_locations看到的所有函数都是父ssl.SSLContext对象.
我的问题是,如何从ssl.SSLContext对象的实例到本机基类的内存ssl._ssl._SSLContext?如果我愿意,我可以轻松访问其ctx成员.
到目前为止,这是我的代码.关于如何将本机Python模块进行monkeypatch的信用转到Lincoln Clarete的禁果项目
Py_ssize_t = hasattr(ctypes.pythonapi, 'Py_InitModule4_64') and ctypes.c_int64 or ctypes.c_int
class PyObject(ctypes.Structure):
pass
PyObject._fields_ = [
('ob_refcnt', Py_ssize_t),
('ob_type', ctypes.POINTER(PyObject)),
]
class SlotsProxy(PyObject):
_fields_ = [('dict', ctypes.POINTER(PyObject))]
class PySSLContext(ctypes.Structure):
pass
PySSLContext._fields_ = [
('ob_refcnt', Py_ssize_t),
('ob_type', ctypes.POINTER(PySSLContext)),
('ctx', ctypes.c_void_p),
]
name = …我正在尝试安装 pyOpenSSl 并显示以下错误
已满足要求: /home/tony/hx-preinstaller-venv/lib/python3.6/site-packages 中的六个>=1.5.2(来自 pyOpenSSL) 收集加密>=3.3(来自 pyOpenSSL) 使用缓存的https:// files.pythonhosted.org/packages/cc/98/8a258ab4787e6f835d350639792527d2eb7946ff9fc0caca9c3f4cf5dcfe/cryptography-3.4.8.tar.gz 命令 python setup.py Egg_info 的完整输出:
=============================DEBUG ASSISTANCE==========================
If you are seeing an error here please try the following to
successfully install cryptography:
Upgrade to the latest pip and try again. This will fix errors for most
users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip
=============================DEBUG ASSISTANCE==========================
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/tmp/pip-build-8toyhikv/cryptography/setup.py", line 14, in <module>
from setuptools_rust import RustExtension
ModuleNotFoundError: No module named 'setuptools_rust'
我运行的命令 …
在使用scrapy的抓取过程中,我的日志中会不时出现一个错误.它似乎不在我的代码中的任何地方,看起来像twisted\openssl里面的东西.是什么原因造成了这个以及如何摆脱它?
Stacktrace在这里:
[Launcher,27487/stderr] Error during info_callback
Traceback (most recent call last):
File "/opt/webapps/link_crawler/lib/python2.7/site-packages/twisted/protocols/tls.py", line 415, in dataReceived
self._write(bytes)
File "/opt/webapps/link_crawler/lib/python2.7/site-packages/twisted/protocols/tls.py", line 554, in _write
sent = self._tlsConnection.send(toSend)
File "/opt/webapps/link_crawler/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1270, in send
result = _lib.SSL_write(self._ssl, buf, len(buf))
File "/opt/webapps/link_crawler/lib/python2.7/site-packages/OpenSSL/SSL.py", line 926, in wrapper
callback(Connection._reverse_mapping[ssl], where, return_code)
--- <exception caught here> ---
File "/opt/webapps/link_crawler/lib/python2.7/site-packages/twisted/internet/_sslverify.py", line 1055, in infoCallback
return wrapped(connection, where, ret)
File "/opt/webapps/link_crawler/lib/python2.7/site-packages/twisted/internet/_sslverify.py", line 1157, in _identityVerifyingInfoCallback
transport = connection.get_app_data()
File "/opt/webapps/link_crawler/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1589, in get_app_data
return self._app_data
File …pyopenssl ×10
python ×9
openssl ×3
ssl ×3
cryptography ×2
m2crypto ×2
python-3.x ×2
alexa ×1
certificate ×1
cpython ×1
ctypes ×1
pip ×1
pkcs#7 ×1
scrapy ×1
setuptools ×1
sockets ×1
twisted ×1
ubuntu ×1
validation ×1