You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I try to get the list of client CAs, that a server allows.
with openssl I can call: openssl s_client -connect hostname:443 -servername hostname and I can see the CAs after the lines
---
Acceptable client certificate CA names
for most servers I succeed with following code, that I borrowed from stackoverflow
import socket
from OpenSSL import SSL
def get_client_cert_cas(hostname, port):
ctx = SSL.Context(SSL.SSLv23_METHOD)
# uncommenting next line will make things work
# ctx.set_options(SSL.OP_NO_TLSv1_3)
sock = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
# next line for SNI
sock.set_tlsext_host_name(hostname.encode("utf-8"))
sock.connect((hostname, port))
sock.do_handshake() # without this command next line always returns empty list
return sock.get_client_ca_list())
For some servers I always get an empty answer. Though the openssl command returns the correct information.
As soon as I disable TLSv1_3 I am able to receive the client_ca_list.
Is this to be expected or is this a bug?
The text was updated successfully, but these errors were encountered:
I try to get the list of client CAs, that a server allows.
with openssl I can call:
openssl s_client -connect hostname:443 -servername hostname
and I can see the CAs after the linesfor most servers I succeed with following code, that I borrowed from stackoverflow
For some servers I always get an empty answer. Though the openssl command returns the correct information.
As soon as I disable TLSv1_3 I am able to receive the client_ca_list.
Is this to be expected or is this a bug?
The text was updated successfully, but these errors were encountered: