python - ssl.get_server_certificate for sites with SNI (Server Name Indication)

Question

Welcome To Ask or Share your Answers For Others

python - ssl.get_server_certificate for sites with SNI (Server Name Indication)

asked Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

python - ssl.get_server_certificate for sites with SNI (Server Name Indication)

I am trying to get the server certificate of badssl.com subdomains (ex. https://expired.badssl.com).

import ssl
ssl.get_server_certificate(('expired.badssl.com', 443))

But when examining the above generated certificate I see that the certificate has

Identity: badssl-fallback-unknown-subdomain-or-no-sni

which means SNI is failing. How can I get the server certificate of different subdomains of badssl.com? (I am using python 2.7.12)

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Answer

深蓝 · Answer 1 · 2021-10-23T19:38:22+0000

Found the answer.

import ssl
hostname = "expired.badssl.com"
port = 443
conn = ssl.create_connection((hostname, port))
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
sock = context.wrap_socket(conn, server_hostname=hostname)
certificate = ssl.DER_cert_to_PEM_cert(sock.getpeercert(True))

Categories

python - ssl.get_server_certificate for sites with SNI (Server Name Indication)

python - ssl.get_server_certificate for sites with SNI (Server Name Indication)

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags