How to check X509 certificate in python, including CRL check?

Question

How to check X509 certificate in python, including CRL check?

I am trying to verify an X509 certificate using python. In particular, I need to check the CRL when I do this.

Now you can use m2crypto for this, but I can not find the option corresponding to openssl -crl_check or -crl_check_all.

Alternatively, I could use the channel directly and call openssl:

p1 = Popen(["openssl", "verify", "-CApath", capath, "-crl_check_all"], 
           stdin = PIPE, stdout = PIPE, stderr = PIPE)

message, error = p1.communicate(certificate)
exit_code = p1.returncode

However, it seems like the openssl check always returns exit code 0, so I will need to somehow compare the strings to determine if the check is successful, which I would not want to do.

Did I miss something simple here?

Thank.

+5

python openssl m2crypto

wrgrs Oct 05 '11 at 10:33

source share

3 answers

M2Crypto, X509 CA, CRL.

https://bugzilla.osafoundation.org/show_bug.cgi?id=12954#c2

: m2crypto X509 , SSL

+1

John Matthews 27 . '12 13:36

openssl verify.c, 0 , . openssl : python .

0

phihag 05 . '11 11:10

wrgrs · Accepted Answer · 2011-10-12T10:35:11+0000

Alright, alright what I did:

p1 = Popen(["openssl", "verify", "-CApath", capath, "-crl_check_all"], 
           stdin = PIPE, stdout = PIPE, stderr = PIPE)

message, error = p1.communicate(certificate)

verified = ("OK" in message and not "error" in message)

, . , , . C , openssl .

- , , .

How to check X509 certificate in python, including CRL check?

More articles: