Python 检查远程主机是否在TLS握手(mTLS)期间请求客户端证书
我正在尝试编写一个函数,该函数接收URL,执行部分TLS握手,并告知远程服务器是否在所有版本的TLS握手过程中请求客户端证书 如何做到这一点?这是迄今为止尝试的:Python 检查远程主机是否在TLS握手(mTLS)期间请求客户端证书,python,ssl,Python,Ssl,我正在尝试编写一个函数,该函数接收URL,执行部分TLS握手,并告知远程服务器是否在所有版本的TLS握手过程中请求客户端证书 如何做到这一点?这是迄今为止尝试的: import socket import ssl from urllib.parse import urlparse def is_mtls_required(url): url_info = urlparse(url) if url_info.scheme != 'https': return F
import socket
import ssl
from urllib.parse import urlparse
def is_mtls_required(url):
url_info = urlparse(url)
if url_info.scheme != 'https':
return False
host = url_info.netloc
port = url_info.port if url_info.port else 443
sock = None
connection = None
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((host, port))
ssl_context = ssl.SSLContext()
connection = ssl_context.wrap_socket(sock, do_handshake_on_connect=False)
connection.do_handshake()
except ssl.SSLError as e:
if "CERTIFICATE_UNKNOWN" in e.reason:
return True
finally:
if connection:
connection.close()
if sock:
sock.close()
return False
测试:
assert is_mtls_required("https://amazon.com") == False # Ok
assert is_mtls_required("https://secure.court.gov.il") == True # Ok
assert is_mtls_required("https://server.cryptomix.com/secure") == True # Fail the test, when browsing in chrome it prompts with selection of client certificate to use