PKI : x509 certificate verification process script
Description
x509test is a software written in Python 3 that test the x509 certificate verification process of the target SSL/TLS client. The inspiration of this software comes from multiple reports on the insecurity of a SSL/TLS client due to incorrect verification of x509 certificate chain. This phenomenon is caused by many factors. One of which is the lack of negative feedback from over-acceptance of invalid certificates. This software is an attempt to increase the security of a client-side SSL/TLS software by providing negative feedbacks to the developers.
Dependencies
- Python 3.2
- pyOpenSSL 0.14
- pyasn1 0.1.7
- pyasn1_modules 0.0.5
- OpenSSL 1.0.1
Usage
# python x509test.py
Some examples found on the author site:
A server listens on port 443 with an IPv4 address of 10.1.2.3:
sudo python3 x509test.py www.tls.test -a 10.1.2.3 -p 443
A server listens on port 8080 with a loop back address, and rebuild all test cases:
sudo python3 x509test.py www.tls.test -r -p 8080
List all available test cases (fqdn can be any string):
python3 x509test.py fqdn -l
Run functionality test only:
sudo python3 x509test.py www.tls.test -c func
…More examples and information on the author site
Reference
My Powershell script categories
- Active Directory
- Cluster
- Database
- Exchange
- Files and folders
- Hardware
- Network
- Operating System
- PKI
- SCCM
- Service and process
- Tips
- VMWare
Pingback:PKI : x509 certificate verification process script | vienergie