PyOpenSSL在OpenSSL.SSL.Context上设置验证标志_Openssl_Pyopenssl

PyOpenSSL在OpenSSL.SSL.Context上设置验证标志

openssl

PyOpenSSL在OpenSSL.SSL.Context上设置验证标志,openssl,pyopenssl,Openssl,Pyopenssl,在PyOpenSSL中，脱机验证证书链时，我可以设置验证标志： # # # # # # # # # # # OpenSSL.Crypto # # # # # # # # # # # trusted_certs = X509Store() # init Certificate store check.trusted_certs.set_flags(0x80000) #

在

PyOpenSSL

中，脱机验证证书链时，我可以设置验证标志：

# # # # # # # # # # # OpenSSL.Crypto # # # # # # # # # # #
    trusted_certs = X509Store()                                   # init Certificate store
    check.trusted_certs.set_flags(0x80000)                        # X509_V_FLAG_PARTIAL_CHAIN
    int_cert = load_certificate(FILETYPE_PEM, int_ca_cert_pem)
    check.trusted_certs.add_cert(int_cert)

这很有效。“如果信任存储中至少有一个证书，则允许部分链”

当我创建到服务器的实际连接时，我找不到设置\u标志的API。我是否缺少API

# # # # # # # # # # # Socket # # # # # # # # # # #
sock = socket()
sock.setblocking(True)
sock.connect_ex(sock.getsockname())
des = (host, 443)
print('[*]Connect issued...')
sock.connect(des)
print('[*]connected: {0}\t{1}'.format(host, sock.getpeername()))

# # # # # # # # # # # Context # # # # # # # # # # #
context = Context(TLSv1_2_METHOD)
context.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_NO_TLSv1)
ca_dir = Path(getcwd() + '/ca_files')
context.load_verify_locations(cafile=None, capath=ca_dir.__bytes__())
context.set_verify(VERIFY_PEER, verify_cb)

# # # # # # # # # # # Create TLS client  # # # # # # # # # # #
tls_client = Connection(context, sock)
tls_client.set_connect_state()                          

try:
    tls_client.do_handshake()

好的，找到答案了

context.get_cert_store().set_flags(0x80000)

对于使用

PyOpenSSL

和

set_flags

遇到相同问题的其他人，请将此选项保持为启用状态