You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I try to get the list of client CAs, that a server allows.
with openssl I can call: openssl s_client -connect hostname:443 -servername hostname and I can see the CAs after the lines
---
Acceptable client certificate CA names
for most servers I succeed with following code, that I borrowed from stackoverflow
import socket
from OpenSSL import SSL
def get_client_cert_cas(hostname, port):
ctx = SSL.Context(SSL.SSLv23_METHOD)
sock = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
# next line for SNI
sock.set_tlsext_host_name(hostname.encode("utf-8"))
sock.connect((hostname, port))
sock.send(b"G") # must send at least one byte
return sock.get_client_ca_list())
For some servers (F5) however I always get an empty answer. Though the openssl command returns the correct information.
The sending of "G" is a little strange as is already mentioned in the stackoverflow article.
Is it a bug if I don't receive the correct CAs for given F5 servers or is above code wrong?
The text was updated successfully, but these errors were encountered:
feenes
changed the title
sock.do_handshake() returns empty result on a F5 server
sock.do_handshake() returns empty result on an F5 server
Mar 30, 2021
feenes
changed the title
sock.do_handshake() returns empty result on an F5 server
sock.get_client_ca_list() returns empty result on an F5 server
Apr 2, 2021
I try to get the list of client CAs, that a server allows.
with openssl I can call:
openssl s_client -connect hostname:443 -servername hostname
and I can see the CAs after the linesfor most servers I succeed with following code, that I borrowed from stackoverflow
For some servers (F5) however I always get an empty answer. Though the openssl command returns the correct information.
The sending of "G" is a little strange as is already mentioned in the stackoverflow article.
Is it a bug if I don't receive the correct CAs for given F5 servers or is above code wrong?
The text was updated successfully, but these errors were encountered: