我已经尝试采用@StephanSchlect的这个很好的答案来检查个人证书上的OCSP响应,该证书由CA颁发用于数字签名,而不是网页证书
我已将get_cert_for_hostname()
函数重新写入get_cert_from_der_file
,该函数从DER格式的.cer文件中读取证书,并以相同的方式返回PEM:
def get_cert_from_der_file(path):
with open(path, 'rb') as f:
certDER = f.read()
print("certDER: ", certDER)
certPEM = ssl.DER_cert_to_PEM_cert(certDER)
return x509.load_pem_x509_certificate(certPEM.encode('ascii'), default_backend())
其他一切都没变
但不幸的是,这导致了一个错误:
certDER: b'0\x82\x05\xc60\x82\x04\ .... and so on'
certPEM returned: <Certificate(subject=<Name(1.2.840.113549.1.9.1=[deleted],C=LT,CN=
[deleted],2.5.4.4=[deleted],2.5.4.42=[deleted],2.5.4.5=[deleted])>, ...)>
issuer -> http://csp2.rcsc.lt/aia/RCSC_IssuingCA.crt
Issuer cert: <Certificate(subject=<Name(C=LT,OU=RCSC,O=VI Registru centras - i.k.
124110246,CN=RCSC IssuingCA)>, ...)>
ocsp_server -> http://ocsp2.rcsc.lt/ocspresponder.rcsc
Traceback (most recent call last):
File "<input>", line 1, in <module>
File "C:\Programs\PyCharm\plugins\python\helpers\pydev\_pydev_bundle\pydev_umd.py",
line 197, in runfile
pydev_imports.execfile(filename, global_vars, local_vars) # execute the script
File
"C:\Programs\PyCharm\plugins\python\helpers\pydev\_pydev_imps\_pydev_execfile.py",
line 18, in execfile
exec(compile(contents+"\n", file, 'exec'), glob, loc)
File "C:/Projects/RPA_RRT/ocsp_checker_cert.py", line 92, in <module>
status = get_cert_status_for_host(FILE_TEST_PERS_CER)
File "C:/Projects/RPA_RRT/ocsp_checker_cert.py", line 89, in get_cert_status_for_host
return get_ocsp_cert_status(ocsp_server, cert, issuer_cert)
File "C:/Projects/RPA_RRT/ocsp_checker_cert.py", line 77, in get_ocsp_cert_status
raise Exception(f'fetching ocsp cert status failed with response status:
{ocsp_resp.status_code}')
Exception: fetching ocsp cert status failed with response status: 404
请您评论一下这里可能出现的错误以及我应该在哪里查找错误
目前没有回答
相关问题 更多 >
编程相关推荐