#!/usr/bin/env python3## fetch the certificate that the server(s) are providing in PEM form## args are HOST:PORT [, HOST:PORT...]## By Bill Janssen.import reimport osimport sysimport tempfiledef fetch_server_certificate (host, port):def subproc(cmd):from subprocess import Popen, PIPE, STDOUTproc = Popen(cmd, stdout=PIPE, stderr=STDOUT, shell=True)status = proc.wait()output = proc.stdout.read()return status, outputdef strip_to_x509_cert(certfile_contents, outfile=None):m = re.search(br"^([-]+BEGIN CERTIFICATE[-]+[\r]*\n"br".*[\r]*^[-]+END CERTIFICATE[-]+)$",certfile_contents, re.MULTILINE | re.DOTALL)if not m:return Noneelse:tn = tempfile.mktemp()fp = open(tn, "wb")fp.write(m.group(1) + b"\n")fp.close()try:tn2 = (outfile or tempfile.mktemp())status, output = subproc(r'openssl x509 -in "%s" -out "%s"' %(tn, tn2))if status != 0:raise RuntimeError('OpenSSL x509 failed with status %s and ''output: %r' % (status, output))fp = open(tn2, 'rb')data = fp.read()fp.close()os.unlink(tn2)return datafinally:os.unlink(tn)if sys.platform.startswith("win"):tfile = tempfile.mktemp()fp = open(tfile, "w")fp.write("quit\n")fp.close()try:status, output = subproc('openssl s_client -connect "%s:%s" -showcerts < "%s"' %(host, port, tfile))finally:os.unlink(tfile)else:status, output = subproc('openssl s_client -connect "%s:%s" -showcerts < /dev/null' %(host, port))if status != 0:raise RuntimeError('OpenSSL connect failed with status %s and ''output: %r' % (status, output))certtext = strip_to_x509_cert(output)if not certtext:raise ValueError("Invalid response received from server at %s:%s" %(host, port))return certtextif __name__ == "__main__":if len(sys.argv) < 2:sys.stderr.write("Usage: %s HOSTNAME:PORTNUMBER [, HOSTNAME:PORTNUMBER...]\n" %sys.argv[0])sys.exit(1)for arg in sys.argv[1:]:host, port = arg.split(":")sys.stdout.buffer.write(fetch_server_certificate(host, int(port)))sys.exit(0)
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。