x509证书验证
python
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# pyOpenSSL 22.1.0 # pycryptodome 3.15.0 from OpenSSL import crypto def cert_verify(cert_file, ca_file): cert = crypto.load_certificate(crypto.FILETYPE_PEM, open(cert_file).read()) ca = crypto.load_certificate(crypto.FILETYPE_PEM, open(ca_file).read()) store = crypto.X509Store() store.add_cert(ca) ctx = crypto.X509StoreContext(store, cert) try: ctx.verify_certificate() return True except: return False |
nodejs
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
# node-forge let pki = require('node-forge').pki; let fs = require('fs'); let caCert; let caStore; try { caCert = fs.readFileSync('path/to/ca-cert.pem').toString(); caStore = pki.createCaStore([ caCert ]); } catch (e) { log.error('Failed to load CA certificate (' + e + ')'); return....; } try { pki.verifyCertificateChain(caStore, [ cert ]); } catch (e) { return handleResponse(new Error('Failed to verify certificate (' + e.message || e + ')')); } |