Python 使用M2Crypto验证自签名证书的已签名消息
我正在尝试用M2Crypto复制这个openssl命令Python 使用M2Crypto验证自签名证书的已签名消息,python,openssl,m2crypto,Python,Openssl,M2crypto,我正在尝试用M2Crypto复制这个openssl命令 openssl smime -verify -in local_files/auth_data.pem.pk7 -inform PEM -certfile certificate.crt -noverify 我的代码如下所示: smime = M2Crypto.SMIME.SMIME() x509_store = M2Crypto.X509.X509_Store() x509_store.load_info(ca_file) smime
openssl smime -verify -in local_files/auth_data.pem.pk7 -inform PEM -certfile certificate.crt -noverify
我的代码如下所示:
smime = M2Crypto.SMIME.SMIME()
x509_store = M2Crypto.X509.X509_Store()
x509_store.load_info(ca_file)
smime.set_x509_store(x509_store)
x509_stack = M2Crypto.X509.X509_Stack()
x509_cert = M2Crypto.X509.load_cert(cert_file)
x509_stack.push(x509_cert)
smime.set_x509_stack(x509_stack)
p7 = M2Crypto.SMIME.load_pkcs7_bio(M2Crypto.BIO.MemoryBuffer(cipher_text))
decrypted_data = smime.verify(p7)
但我在最后一行得到了这个错误:
PKCS7_Error: certificate verify error
我不能让M2Crypto像带有'-noverify'标志的openssl那样运行
我尝试在X509_存储中加载相同的证书,但结果是相同的。我花了一些时间,但在源代码中找到了答案 这是允许自签名证书的代码:
decrypted_data = smime.verify(p7, flags=M2Crypto.SMIME.PKCS7_NOVERIFY)