def printcert(host, port, hostname): con = Connection(Context(TLSv1_METHOD), socket(AF_INET, SOCK_STREAM)) con.connect((host, port)) con.set_tlsext_host_name(hostname if hostname else host) con.do_handshake() con.shutdown() con.close() print dump_certificate(FILETYPE_PEM, walkchain(con.get_peer_cert_chain()))
def _dump_all_certs(self, cert_file, address): # This will also include intermediate certs context = Context(SSLv23_METHOD) context.set_default_verify_paths() client = socket.socket() client.connect((address, 443)) clientSSL = Connection(context, client) clientSSL.set_connect_state() clientSSL.do_handshake() chains = clientSSL.get_peer_cert_chain() for chain in chains: cert_file.write(dump_certificate(FILETYPE_PEM, chain).decode())
def main(): """ Connect to an SNI-enabled server and request a specific hostname, specified by argv[1], of it. """ if len(argv) < 2: print 'Usage: %s <hostname> [port]' % (argv[0], ) return 1 port = 443 if len(argv) == 3: port = int(argv[2]) hostname = argv[1] client = socket() #client.settimeout(2) #print 'Connecting...', stdout.flush() client.connect((hostname, port)) #print 'connected', client.getpeername() client_ssl = Connection(Context(TLSv1_METHOD), client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(hostname) client_ssl.do_handshake() host = client_ssl.getpeername() servername = client_ssl.get_servername() x509 = client_ssl.get_peer_certificate() notAfter = datetime.strptime(x509.get_notAfter(), '%Y%m%d%H%M%SZ') cert_chain = client_ssl.get_peer_cert_chain() now = datetime.now() timedelta = notAfter - now DNS = '' for i in xrange(x509.get_extension_count()): ret = str(x509.get_extension(i)) if re.match('^DNS:', ret): DNS = ret.replace('DNS:', '') print "servername: %s, host: %s, port: %s" % (servername, host[0], host[1]) print "\tnotAfter: %s, remain: %s days" % (notAfter, timedelta.days) print "\tDNS: ", DNS print '\tCert Chain:' for i, v in enumerate(cert_chain): print '\t%s,i,%s' % (i, v.get_subject()) print '\t%s,s,%s' % (i, v.get_issuer()) client_ssl.close()
def main(): def err_exit(ret, msg): ret['failed'] = True ret['msg'] = msg module.fail_json(**ret) module = AnsibleModule(argument_spec=dict( host=dict(required=True, type='str'), certificates=dict(required=True, type='dict'), ), ) host = module.params['host'] certificates = copy.copy(module.params['certificates']) split = host.split(':') split.reverse() host = split.pop() ret['host'] = host ret['port'] = None ret['downloaded'] = False ret['ansible_facts'] = dict(certificates=certificates) try: port = int(split.pop()) if split else 443 hostport = "{}:{}".format(host, port) ret['port'] = port if host in certificates and hostport not in certificates: certificates[hostport] = certificates[host] if hostport not in certificates or certificates[hostport] is None: s = socket(AF_INET, SOCK_STREAM) ctx = Context(TLSv1_METHOD) con = Connection(ctx, s) con.connect((host, port)) con.do_handshake() x509 = con.get_peer_cert_chain()[-1] con.shutdown() con.close() ret['downloaded'] = True certificates[hostport] = dump_certificate(FILETYPE_PEM, x509) if host not in certificates or certificates[host] is None: certificates[host] = certificates[hostport] module.exit_json(**ret) except Exception as e: msg_ = traceback.format_exc() module.fail_json(msg="{}: {}".format(repr(e), msg_))
def main(): if len(argv) < 3: print('Usage: %s <hostname> <port>'.format(argv[0])) return 1 hostname = str(argv[1]) port = int(argv[2]) client = socket() print('Connecting...') stdout.flush() client.connect((hostname, port)) print('Connected to', client.getpeername()) client_ssl = Connection(Context(TLSv1_METHOD), client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(hostname.encode('utf-8')) client_ssl.do_handshake() chain = client_ssl.get_peer_cert_chain() print("\n>> Certificate Chain:\n") i = 0 for cert in reversed(chain): i += 1 asterisks = "*" * i print(" [+] {:<10} {}".format(asterisks, cert.get_subject())) print("\n>> Certificate Details:\n") for cert in reversed(chain): pkey = cert.get_pubkey() print("." * 80) print("- [Subject]:\t\t{}".format(cert.get_subject())) print("- [Issuer]:\t\t{}".format(cert.get_issuer())) print("- [Valid from]:\t\t{}".format(cert.get_notBefore())) print("- [Valid until]:\t{}".format(cert.get_notAfter())) print("- [Has Expired]:\t{}".format(cert.has_expired())) print("\n") client_ssl.close() return 0
ip = gethostbyname(hostname) except Exception, e: print e return None try: s = socket() s.connect((ip, port)) sslcontext = Context(TLSv1_METHOD) sslcontext.set_timeout(30) c = Connection(sslcontext, s) c.set_connect_state() c.set_tlsext_host_name(hostname) proto_v_name = c.get_protocol_version_name() print "try to handshake with server: %s using %s" % (ip, proto_v_name) c.do_handshake() cert_chain = c.get_peer_cert_chain() c.shutdown() s.close() except Exception, e: print e return None else: return cert_chain def read_cert_object(x509_object): """ - 解析单个x509对象并返回解析结果,自定义字典 - 参数 x509_object: OpenSSL.crypto.X509 对象 - 返回值: 自定义字典,包含常见的x509格式信息 """