有没有办法在 Python 中获取禁用证书验证(CERT_NONE)的远程对等证书?
我使用的是 Python 3.我使用的是 ssl 库中的 SSLContext.
I am using Python 3. I am using a SSLContext from the ssl library.
我想知道如何在 CERT_NONE 模式下请求和获取远程对等证书(与 SSLSocket.getpeercert() 一样).目前,我得到一个空的 dict(这是按照文档预期的).那么,我可以在不深入研究私人内容的情况下做到这一点吗?
I would like to know how to request and get the remote peer certificate (as with SSLSocket.getpeercert()) but in the CERT_NONE mode. Currently, I get an empty dict (which is expected as per the documentation). So, can I do that without digging into private stuff?
我不尝试重新实现加密.实际上,我不需要任何加密,但是我需要上下文(和一个套接字)和远程证书(同样,为了提供信息,不进行身份验证或实际加密任何东西).
I am not trying to reimplement crypto. Actually, I don't need any crypto, however I need the context (and a socket) and the remote certificate (again, for information purpose, not to authenticate or actually encrypt anything).
我找到了一种不偏离默认 ssl 库的方法(它的优点是存在):
I found a way without straying away from the default ssl library (which has the advantage of being there):
socket.getpeercert(binary_form=True)
以 DER 格式提供证书,这足以满足我的需要.
gives the certificate in DER format which is good enough for what I have to do.
Afaik,返回一个空的 dict 是为了避免盲目相信人们以明文形式发送且未经验证的内容.
Afaik, returning an empty dict is to avoid blindly trusting what people send in clear text and has not been verified.