I want to do something similar to this:
openssl s_client -verify_return_error -quiet -strict -verifyCAfile CA_file.crt server.name:4443
The Certificate installed on server.name is a partial chain containing (in order): Server's cert, and the Intermediate1 cert.
Running the above command will return (for instance) something like this:
### Successful chain traversal
depth=2 C = ..., CN = ROOT, emailAddress = ...
verify return:1
depth=1 C = ..., CN = Intermediate1, emailAddress = ...
verify return:1
depth=0 C = ..., CN = server.name
verify return:1
### UNsuccessful chain traversal (e.g., wrong CA_file)
depth=1 C = ..., CN = Intermediate1, emailAddress = ...
verify error:num=20:unable to get local issuer certificate
How do I do that with Python?
I've tried reading the documentation of pyOpenSSL but it's really ... sparse. No code examples, no guide on how to do things.
Notes:
- I just need a boolean return;
trueif certificate chain is valid,falseif certificate chain is invalid (any reason, be it wrong local CA_file or wrong chain installed server-side) - It's not necessary to use pyOpenSSL; any other methods that produce the boolean result I want, will do.