Python openssl验证中的RSA填充检查失败
我正在用python2和pyOpensSSL编写一个测试夹具,它本质上是一个SSL工厂。此文本装置创建其自己的CA证书和密钥,然后创建由此CA签名的证书 目前,我无法使用openssl验证来验证证书。这就是我得到的:Python openssl验证中的RSA填充检查失败,python,ssl,openssl,verify,pyopenssl,Python,Ssl,Openssl,Verify,Pyopenssl,我正在用python2和pyOpensSSL编写一个测试夹具,它本质上是一个SSL工厂。此文本装置创建其自己的CA证书和密钥,然后创建由此CA签名的证书 目前,我无法使用openssl验证来验证证书。这就是我得到的: server.pem: OU = Hosting Platform CA Testing, CN = test.com error 7 at 0 depth lookup:certificate signature failure 139891057788744:error:040
server.pem: OU = Hosting Platform CA Testing, CN = test.com
error 7 at 0 depth lookup:certificate signature failure
139891057788744:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
139891057788744:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:797:
139891057788744:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:221:
CA和证书的密钥如下所示:
def createKey(self):
self.key = OpenSSL.crypto.PKey()
self.key.generate_key(OpenSSL.crypto.TYPE_RSA, self.bits)
我已验证证书和颁发者CA证书的-subject
、-subject hash
、-issuer
和-issuer hash
:
server.pem:
subject= /OU=Hosting Platform CA Testing/CN=test.com
e209e907
issuer= /C=US/ST=Arizona/L=Gilbert/O=GoDaddy Hosting Platform/OU=Hosting Platform CA Testing/CN=ca.reveller.me
f04ea969
/etc/pki/tls/certs/f04ea969.0:
subject= /C=US/ST=Arizona/L=Gilbert/O=GoDaddy Hosting Platform/OU=Hosting Platform CA Testing/CN=ca.reveller.me
f04ea969
issuer= /C=US/ST=Arizona/L=Gilbert/O=GoDaddy Hosting Platform/OU=Hosting Platform CA Testing/CN=ca.reveller.me
f04ea969
我正在使用X509v3扩展,并已验证密钥标识符散列,以确保它们匹配:
server.pem:
X509v3 Subject Key Identifier:
12:A1:CF:8A:FE:4C:BF:AD:3B:7D:1E:5F:8B:9B:B3:49:0E:D8:9D:91
X509v3 Authority Key Identifier:
keyid:24:13:EF:DC:9D:A6:09:28:08:FB:34:76:E0:56:AA:EF:42:02:99:2F
/etc/pki/tls/certs/f04ea969.0:
X509v3 Subject Key Identifier:
24:13:EF:DC:9D:A6:09:28:08:FB:34:76:E0:56:AA:EF:42:02:99:2F
X509v3 Authority Key Identifier:
24:13:EF:DC:9D:A6:09:28:08:FB:34:76:E0:56:AA:EF:42:02:99:2F
为什么我会出现填充错误?关于哪里可以找到不匹配的问题,有什么想法吗?我有同样的问题:p你找到解决方案了吗?