def generate_temporary_tls_certificate():
"""
generate an intentionally weak self-signed certificate
:param dst: destination file path for autogenerated server.pem
"""
from OpenSSL import crypto
import tempfile
key = crypto.PKey()
key.generate_key(crypto.TYPE_RSA, 1024)
cert = crypto.X509()
cert_subject = cert.get_subject()
cert_subject.C = "IO"
cert_subject.ST = "Striptls"
cert_subject.L = "Striptls"
cert_subject.O = "github.com/tintinweb"
cert_subject.OU = "github.com/tintinweb"
cert_subject.CN = "striptls.localhost.localdomain"
cert.set_serial_number(1)
cert.gmtime_adj_notBefore(-32 * 24 * 60 * 60)
cert.gmtime_adj_notAfter(32 * 24 * 60 * 60)
cert.set_issuer(cert_subject)
cert.set_pubkey(key)
cert.sign(key, 'sha1')
tmp_fname = tempfile.mktemp(prefix="striptls-", suffix=".pem")
with open(tmp_fname, 'w') as f:
f.write('\n'.join([crypto.dump_certificate(crypto.FILETYPE_PEM, cert),
crypto.dump_privatekey(crypto.FILETYPE_PEM, key)]))
return tmp_fname
评论列表
文章目录