How to use the nassl.SslClient.ClientCertificateRequested function in nassl

To help you get started, we’ve selected a few nassl examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github iSECPartners / sslyze / plugins / PluginChromeSha1Deprecation.py View on Github external
def process_task(self, target, command, arg):

        (_, _, _, sslVersion) = target

        # Get the server's cert chain
        sslConn = create_sslyze_connection(target, self._shared_settings, sslVersion)
        try: # Perform the SSL handshake
            sslConn.connect()
            certChain = sslConn.get_peer_cert_chain()
        except ClientCertificateRequested: # The server asked for a client cert
            # We can get the server cert chain anyway
            certChain = sslConn.get_peer_cert_chain()
        finally:
            sslConn.close()

        outputXml = Element(command, title = self.CMD_TITLE)
        outputTxt = [self.PLUGIN_TITLE_FORMAT(self.CMD_TITLE)]

        # Is this cert chain affected ?
        leafNotAfter = datetime.datetime.strptime(certChain[0].as_dict()['validity']['notAfter'], "%b %d %H:%M:%S %Y %Z")
        if leafNotAfter.year < 2016:
            # Not affected - the certificate expires before 2016
            outputTxt.append(self.FIELD_FORMAT('OK - Leaf certificate expires before 2016.', ''))
            outputXml.append(Element('chromeSha1Deprecation', isServerAffected = str(False)))

        else:
github iSECPartners / sslyze / plugins / PluginCompression.py View on Github external
def process_task(self, target, command, args):

        sslConn = create_sslyze_connection(target, self._shared_settings)

        # Make sure OpenSSL was built with support for compression to avoid false negatives
        if 'zlib compression' not in sslConn.get_available_compression_methods():
            raise RuntimeError('OpenSSL was not built with support for zlib / compression. Did you build nassl yourself ?')

        try: # Perform the SSL handshake
            sslConn.connect()
            compName = sslConn.get_current_compression_method()
        except ClientCertificateRequested: # The server asked for a client cert
            compName = sslConn.get_current_compression_method()
        finally:
            sslConn.close()

        # Text output
        if compName:
            compTxt = 'VULNERABLE - Server supports Deflate compression'
        else:
            compTxt = 'OK - Compression disabled'

        cmdTitle = 'Deflate Compression'
        txtOutput = [self.PLUGIN_TITLE_FORMAT(cmdTitle)]
        txtOutput.append(self.FIELD_FORMAT(compTxt, ""))

        # XML output
        xmlOutput = Element(command, title=cmdTitle)
github iSECPartners / sslyze / plugins / PluginCertInfo.py View on Github external
(_, _, _, sslVersion) = target
        sslConn = create_sslyze_connection(target, self._shared_settings,
                                           sslVersion,
                                           sslVerifyLocations=storePath)

        # Enable OCSP stapling
        sslConn.set_tlsext_status_ocsp()

        try: # Perform the SSL handshake
            sslConn.connect()

            ocspResp = sslConn.get_tlsext_status_ocsp_resp()
            x509Chain = sslConn.get_peer_cert_chain()
            (_, verifyStr) = sslConn.get_certificate_chain_verify_result()

        except ClientCertificateRequested: # The server asked for a client cert
            # We can get the server cert anyway
            ocspResp = sslConn.get_tlsext_status_ocsp_resp()
            x509Chain = sslConn.get_peer_cert_chain()
            (_, verifyStr) = sslConn.get_certificate_chain_verify_result()

        finally:
            sslConn.close()

        return (x509Chain, verifyStr, ocspResp)