我正在尝试使用 python 2.7.15 从(IP,目标端口 443)获取 SNI,并且我正在使用最新版本的 OpenSSL 和 ssl 模块。
这是我的代码:
import OpenSSL as OSsl #This two modules are imported for the only purpose of getting the SNI using function defined by us down here getSNI
import ssl
ip = "52.85.25.17"
dport = "443"
#With this function we get the Server Name Identification for the trasmissions with Secure Socket Layer identified by the port 443. We only care about the destinationIP and the destinationPort
def getSNI(ip, dport):
if dport != "443":
commonName = "Not SSL"
print commonName
else:
server_certificate = ssl.get_server_certificate((ip, dport))
x509 = OSsl.crypto.load_certificate(OSsl.crypto.FILETYPE_PEM, server_certificate) #x509 is referred to the standard used for PKI (Public Key Infrastructure) used in this case for ciphering our informations about certificate
#FILETYPE_PEM serializes data to a Base64-Encoded
#getting the informations about Certificate
certInfo = x509.get_subject()
commonName = certInfo.commonName
print (commonName)
return commonName
getSNI(ip,dport)
这有效,但是对于指定的地址(在我发布的代码片段中),我收到此错误:
Traceback (most recent call last):
File "getSNI.py", line 31, in <module>
getSNI(ip,dport)
File "getSNI.py", line 17, in getSNI
server_certificate = ssl.get_server_certificate((ip, dport))
File "/usr/lib/python2.7/ssl.py", line 1023, in get_server_certificate
with closing(context.wrap_socket(sock)) as sslsock:
File "/usr/lib/python2.7/ssl.py", line 369, in wrap_socket
_context=self)
File "/usr/lib/python2.7/ssl.py", line 617, in __init__
self.do_handshake()
File "/usr/lib/python2.7/ssl.py", line 846, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:726)
我已经升级了所有模块和包,我阅读了很多关于这个主题的问题,但我不知道如何解决这个问题
Edit1: 执行whois 发现这个IpAddress是连接Amazon的,请问Amazon和SNI有什么特别的问题吗?
最佳答案
SNI 的要点是可以存在多个解析为具体 IP 地址的域。因此,您提供的 IP (52.85.25.17
) 是此类地址之一。服务器无法确定您请求的是哪个域的证书,因此它终止了错误连接。
附录 1. 捕获 SSLError 异常
您可以通过这种方式捕获 ssl.SSLError
:
try:
server_certificate = ssl.get_server_certificate((ip, dport))
...
except ssl.SSLError as e:
common_name = "Handshake Failed"
关于Python 错误 SSL : ssl. SSLError : [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl. c:726),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53683537/