Changeset - 701a69a5f15f
Parent rev.
Child rev.
[Not reviewed]
0 2 0
x - 11 months ago 2024-05-09 20:59:05
xbr@c3l.lu
docs: revoked is not tested due to lack of CRL/OCSP support
2 files changed with 4 insertions and 0 deletions:
backend/generic_handler.py
3
backend/input.json
1
0 comments (0 inline, 0 general)
backend/generic_handler.py
Show inline comments
 
@@ -28,23 +28,26 @@ class Verificator:
 
    def __init__(self, context: ssl.SSLContext):
 
        self.context = context
 
    def connect(self, domain: str, port: int, protocol: str) -> TLSDetails:
 
        handler = GenericHandler.create_handler(protocol)(domain, port, self.context)
 
        try:
 
            expiry = handler.connect(True)
 
            return TLSDetails(domain_name=domain, expires_in_days=expiry)
 
        except ssl.SSLCertVerificationError as e:
 
            if e.verify_code == EXPIRED:
 
                expiry = handler.connect(False)
 
                return TLSDetails(domain_name=domain, expires_in_days=expiry)
 
            elif e.verify_code == REVOKED:
 
                # This never happens, as we do not have any CRLs or OCSP set up :(
 
                # It's a massive pain and I'm not sure it's worth the considerable extra code
 
                # Maybe look into MetLife/OCSPChecker but idk
 
                return TLSDetails(domain_name=domain, error_message="was revoked.")
 
            elif e.verify_code == SELF_SIGNED:
 
                return TLSDetails(domain_name=domain, error_message="is self-signed.")
 
            elif e.verify_code == ROOT_NOT_TRUSTED:
 
                return TLSDetails(domain_name=domain, error_message="invalid: root not trusted.")
 
            else:
 
                return TLSDetails(domain_name=domain, error_message="failed verification: " + e.verify_message + ".")
 
        except ssl.SSLError as e:
 
            return TLSDetails(domain_name=domain, error_message="could not establish a secure connection: " + e.reason + ".")
 
        except Exception as e:
 
            return TLSDetails(domain_name=domain, error_message="could not connect: " + str(e) + ".")
 
\ No newline at end of file
backend/input.json
Show inline comments
 
{
 
    "domains": {
 
        "web": [
 
            "expired.badssl.com",
 
            "wrong.host.badssl.com",
 
            "self-signed.badssl.com",
 
            "untrusted-root.badssl.com",
 
            "revoked.badssl.com",
 
            "rsa-revoked.ca-2.test.pkiworks.com",
 
            "pinning-test.badssl.com",
 
            "c3l.lu",
 
            "www.c3l.lu",
 
            "wiki.c3l.lu",
 
            "social.c3l.lu",
 
            "xmpp.c3l.lu",
 
            "statutes.c3l.lu",
 
            "spaceapi.c3l.lu",
 
            "membership.c3l.lu",
 
            "cloud.c3l.lu",
 
            "fichiercentral.c3l.lu",
 
            "tickets.c3l.lu",
0 comments (0 inline, 0 general)
Server instance: saturn-310673 This site is powered by Kallithea, which is © 2010–2021 by various authors & licensed under GPLv3. – Support