我有兴趣比较自签名 SSL 证书的指纹。为此,我想到了:
import ssl, socket
from m2crypto import X509
cert_pem = ssl.get_server_certificate(addr)
x509 = X509.load_cert_string(cert_pem, X509.FORMAT_PEM)
fp = x509.get_fingerprint('sha1')
if fp==allowed_fp:
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(addr)
但我看到的偏见是证书可能会在验证和连接之间发生变化。实际使用相同的连接用途会很好ssl.get_server_certificate。有没有更好的方法来比较指纹?