PKI : x509 certificate verification process script
PKI : x509 certificate verification process script

PKI : x509 certificate verification process script

Description

x509test is a software written in Python 3 that test the x509 certificate verification process of the target SSL/TLS client. The inspiration of this software comes from multiple reports on the insecurity of a SSL/TLS client due to incorrect verification of x509 certificate chain. This phenomenon is caused by many factors. One of which is the lack of negative feedback from over-acceptance of invalid certificates. This software is an attempt to increase the security of a client-side SSL/TLS software by providing negative feedbacks to the developers.

Dependencies
  • Python 3.2
  • pyOpenSSL 0.14
  • pyasn1 0.1.7
  • pyasn1_modules 0.0.5
  • OpenSSL 1.0.1
Usage
# python x509test.py

Some examples found on the author site:

A server listens on port 443 with an IPv4 address of 10.1.2.3:
sudo python3 x509test.py www.tls.test -a 10.1.2.3 -p 443

A server listens on port 8080 with a loop back address, and rebuild all test cases:
sudo python3 x509test.py www.tls.test -r -p 8080

List all available test cases (fqdn can be any string):
python3 x509test.py fqdn -l

Run functionality test only:
sudo python3 x509test.py www.tls.test -c func

…More examples and information on the author site


Reference

Github

Download

<>

My Powershell script categories

PKI : x509 certificate verification process script

One thought on “PKI : x509 certificate verification process script

Leave a Reply

Your email address will not be published. Required fields are marked *