您的代码中有几个错误,例如,没有新行发送到子进程。在
主要问题是openssl直接从终端获得密码短语(就像Python中的getpass.getpass())。请参见Why not just use a pipe (popen())?中的第一个原因:First an application may bypass stdout and print directly to its
controlling TTY. Something like SSH will do this when it asks you for
a password. This is why you cannot redirect the password prompt
because it does not go through stdout or stderr.
提供伪tty的pexpect在这种情况下可以正常工作:#!/usr/bin/env python
import sys
from pexpect import spawn, EOF
pass_phrase = "dummy pass Phr6se"
common_name = "example.com"
email = "username@example.com"
keyname, certname = 'server.key', 'server.crt'
cmd = 'openssl req -x509 -newkey rsa:2048 -rand /dev/urandom '.split()
cmd += ['-keyout', keyname, '-out', certname,