本文整理汇总了Python中utils.SSLyzeSSLConnection.create_sslyze_connection函数的典型用法代码示例。如果您正苦于以下问题:Python create_sslyze_connection函数的具体用法?Python create_sslyze_connection怎么用?Python create_sslyze_connection使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了create_sslyze_connection函数的19个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: _get_cert
def _get_cert(self, target, storePath):
"""
Connects to the target server and uses the supplied trust store to
validate the server's certificate. Returns the server's certificate and
OCSP response.
"""
(_, _, _, sslVersion) = target
sslConn = create_sslyze_connection(target, self._shared_settings, sslVersion, sslVerifyLocations=storePath)
# Enable OCSP stapling
sslConn.set_tlsext_status_ocsp()
try: # Perform the SSL handshake
sslConn.connect()
ocspResp = sslConn.get_tlsext_status_ocsp_resp()
x509Cert = sslConn.get_peer_certificate()
(_, verifyStr) = sslConn.get_certificate_chain_verify_result()
except ClientCertificateRequested: # The server asked for a client cert
# We can get the server cert anyway
ocspResp = sslConn.get_tlsext_status_ocsp_resp()
x509Cert = sslConn.get_peer_certificate()
(_, verifyStr) = sslConn.get_certificate_chain_verify_result()
finally:
sslConn.close()
return (x509Cert, verifyStr, ocspResp)
开发者ID:RuneTM,项目名称:sslyze,代码行数:29,代码来源:PluginCertInfo.py
示例2: _get_hsts_header
def _get_hsts_header(self, target):
hstsHeader = None
MAX_REDIRECT = 5
nb_redirect = 0
httpGetFormat = "GET {0} HTTP/1.0\r\nHost: {1}\r\n{2}Connection: close\r\n\r\n".format
httpPath = "/"
httpAppend = ""
while nb_redirect < MAX_REDIRECT:
sslConn = create_sslyze_connection(target, self._shared_settings)
# Perform the SSL handshake
sslConn.connect()
sslConn.write(httpGetFormat(httpPath, target[0], httpAppend))
httpResp = parse_http_response(sslConn.read(2048))
sslConn.close()
if httpResp.version == 9:
# HTTP 0.9 => Probably not an HTTP response
raise Exception("Server did not return an HTTP response")
elif 300 <= httpResp.status < 400:
redirectHeader = httpResp.getheader("Location", None)
cookieHeader = httpResp.getheader("Set-Cookie", None)
if redirectHeader is None:
break
o = urlparse(redirectHeader)
httpPath = o.path
# Handle absolute redirection URL
if o.hostname:
if o.port:
port = o.port
else:
if o.scheme == "https":
port = 443
elif o.scheme == "http":
# We would have to use urllib for http: URLs
raise Exception("Error: server sent a redirection to HTTP.")
else:
port = target[2]
target = (o.hostname, o.hostname, port, target[3])
# Handle cookies
if cookieHeader:
cookie = Cookie.SimpleCookie(cookieHeader)
if cookie:
httpAppend = "Cookie:" + cookie.output(attrs=[], header="", sep=";") + "\r\n"
nb_redirect += 1
else:
hstsHeader = httpResp.getheader("strict-transport-security", None)
break
return hstsHeader
开发者ID:RuneTM,项目名称:sslyze,代码行数:60,代码来源:PluginHSTS.py
示例3: process_task
def process_task(self, target, command, args):
OUT_FORMAT = ' {0:<25} {1}'.format
sslConn = create_sslyze_connection(target, self._shared_settings)
try: # Perform the SSL handshake
sslConn.connect()
compName = sslConn.get_current_compression_name()
except ClientAuthenticationError: # The server asked for a client cert
compName = sslConn.get_current_compression_name()
finally:
sslConn.close()
# Text output
if compName:
compTxt = 'Enabled ' + compName
compXml = {'isSupported':'True','type':compName.strip('()')}
else:
compTxt = 'Disabled'
compXml = {'isSupported':'False'}
cmdTitle = 'Compression'
txtOutput = [self.PLUGIN_TITLE_FORMAT(cmdTitle)]
txtOutput.append(OUT_FORMAT("Compression Support:", compTxt))
# XML output
xmlNode = Element('compression', compXml)
xmlOutput = Element(command, title = cmdTitle)
xmlOutput.append(xmlNode)
return PluginBase.PluginResult(txtOutput, xmlOutput)
开发者ID:jonkelleyatrackspace,项目名称:sslparty,代码行数:32,代码来源:PluginCompression.py
示例4: _get_cert
def _get_cert(self, target):
"""
Connects to the target server and returns the server's certificate and
OCSP response.
"""
(host, ip, port, sslVersion) = target
sslConn = create_sslyze_connection(target, self._shared_settings, sslVersion,
sslVerifyLocations=MOZILLA_CA_STORE)
# Enable OCSP stapling
sslConn.set_tlsext_status_ocsp()
try: # Perform the SSL handshake
sslConn.connect()
ocspResp = sslConn.get_tlsext_status_ocsp_resp()
x509Cert = sslConn.get_peer_certificate()
(verifyCode, verifyStr) = sslConn.get_certificate_chain_verify_result()
except ClientAuthenticationError: # The server asked for a client cert
# We can get the server cert anyway
ocspResp = sslConn.get_tlsext_status_ocsp_resp()
x509Cert = sslConn.get_peer_certificate()
(verifyCode, verifyStr) = sslConn.get_certificate_chain_verify_result()
finally:
sslConn.close()
return (x509Cert, verifyStr, ocspResp)
开发者ID:jsha,项目名称:sslyze,代码行数:29,代码来源:PluginCertInfo.py
示例5: _test_ciphersuite
def _test_ciphersuite(self, target, ssl_version, ssl_cipher):
"""
Initiates a SSL handshake with the server, using the SSL version and
cipher suite specified.
"""
sslConn = create_sslyze_connection(target, self._shared_settings, ssl_version)
sslConn.set_cipher_list(ssl_cipher)
try: # Perform the SSL handshake
sslConn.connect()
except SSLHandshakeRejected as e:
return 'rejectedCipherSuites', ssl_cipher, None, str(e)
except:
raise
else:
ssl_cipher = sslConn.get_current_cipher_name()
if 'ADH' in ssl_cipher or 'AECDH' in ssl_cipher:
keysize = 'Anon' # Anonymous, let s not care about the key size
else:
keysize = str(sslConn.get_current_cipher_bits()) + ' bits'
status_msg = sslConn.post_handshake_check()
return 'acceptedCipherSuites', ssl_cipher, keysize, status_msg
finally:
sslConn.close()
开发者ID:postfix,项目名称:sslyze,代码行数:29,代码来源:PluginOpenSSLCipherSuites.py
示例6: _get_cert
def _get_cert(self, target, trustStoreList):
"""
Connects to the target server and returns the server's certificate
Also performs verification against multiple trust stores.
"""
verifyResults = {}
for trustStorePath in trustStoreList:
(host, ip, port, sslVersion) = target
sslConn = create_sslyze_connection(target, self._shared_settings,
sslVersion,
sslVerifyLocations=trustStorePath)
try:
# Perform the SSL handshake
sslConn.connect()
x509Cert = sslConn.get_peer_certificate()
(verifyCode, verifyStr) = sslConn.get_certificate_chain_verify_result()
except ClientCertificateError:
# The server asked for a client cert
# We can get the server cert anyway
x509Cert = sslConn.get_peer_certificate()
(verifyCode, verifyStr) = sslConn.get_certificate_chain_verify_result()
finally:
sslConn.close()
verifyResults[trustStorePath] = verifyStr
return (x509Cert, verifyResults)
开发者ID:jsha,项目名称:sslyze,代码行数:31,代码来源:PluginMultipleTrustStores.py
示例7: process_task
def process_task(self, target, command):
"""
Connects to the target server and tries to get acceptable CAs for client cert
"""
(_, _, _, ssl_version) = target
ssl_conn = create_sslyze_connection(target, self._shared_settings, ssl_version)
res = []
try: # Perform the SSL handshake
ssl_conn.connect()
except ClientCertificateRequested: # The server asked for a client cert
res = ssl_conn.get_client_CA_list()
finally:
ssl_conn.close()
text_output = [self.PLUGIN_TITLE_FORMAT(self.CMD_TITLE)]
if res:
xml_output = Element(command, title=self.CMD_TITLE, isProvided="True")
for ca in res:
text_output.append(self.FIELD_FORMAT('', str(ca)))
ca_xml = Element('ca')
ca_xml.text = ca
xml_output.append(ca_xml)
else:
xml_output = Element(command, title=self.CMD_TITLE, isProvided="False")
return PluginBase.PluginResult(text_output, xml_output)
开发者ID:carriercomm,项目名称:sslyze,代码行数:30,代码来源:PluginClientCertReqCA.py
示例8: process_task
def process_task(self, target, command, args):
OUT_FORMAT = ' {0:<35}{1}'.format
sslConn = create_sslyze_connection(target, self._shared_settings)
# Make sure OpenSSL was built with support for compression to avoid false negatives
if 'zlib compression' not in sslConn.get_available_compression_methods():
raise RuntimeError('OpenSSL was not built with support for zlib / compression. Did you build nassl yourself ?')
try: # Perform the SSL handshake
sslConn.connect()
compName = sslConn.get_current_compression_method()
except ClientAuthenticationError: # The server asked for a client cert
compName = sslConn.get_current_compression_method()
finally:
sslConn.close()
# Text output
if compName:
compTxt = 'Supported'
else:
compTxt = 'Disabled'
cmdTitle = 'Compression'
txtOutput = [self.PLUGIN_TITLE_FORMAT(cmdTitle)]
txtOutput.append(OUT_FORMAT("DEFLATE Compression:", compTxt))
# XML output
xmlOutput = Element(command, title=cmdTitle)
if compName:
xmlNode = Element('compressionMethod', type="DEFLATE")
xmlOutput.append(xmlNode)
return PluginBase.PluginResult(txtOutput, xmlOutput)
开发者ID:travisspencer,项目名称:sslyze,代码行数:35,代码来源:PluginCompression.py
示例9: _pref_ciphersuite
def _pref_ciphersuite(self, target, ssl_version):
"""
Initiates a SSL handshake with the server, using the SSL version and cipher
suite specified.
"""
sslConn = create_sslyze_connection(target, self._shared_settings, ssl_version)
try: # Perform the SSL handshake
sslConn.connect()
ssl_cipher = sslConn.get_current_cipher_name()
keysize = sslConn.get_current_cipher_bits()
if 'ECDH' in ssl_cipher :
dh_infos = sslConn.get_ecdh_param()
elif 'DH' in ssl_cipher :
dh_infos = sslConn.get_dh_param()
else :
dh_infos = None
status_msg = sslConn.post_handshake_check()
return 'preferredCipherSuite', ssl_cipher, keysize, dh_infos, status_msg
except:
return None
finally:
sslConn.close()
开发者ID:ashleyblackmore,项目名称:sslyze,代码行数:28,代码来源:PluginOpenSSLCipherSuites.py
示例10: _test_ciphersuite
def _test_ciphersuite(self, target, ssl_version, ssl_cipher):
"""
Initiates a SSL handshake with the server, using the SSL version and
cipher suite specified.
"""
sslConn = create_sslyze_connection(target, self._shared_settings, ssl_version)
sslConn.set_cipher_list(ssl_cipher)
try: # Perform the SSL handshake
sslConn.connect()
except SSLHandshakeRejected as e:
return 'rejectedCipherSuites', ssl_cipher, None, None, str(e)
except:
raise
else:
ssl_cipher = sslConn.get_current_cipher_name()
keysize = sslConn.get_current_cipher_bits()
if 'ECDH' in ssl_cipher :
dh_infos = sslConn.get_ecdh_param()
elif 'DH' in ssl_cipher :
dh_infos = sslConn.get_dh_param()
else :
dh_infos = None
status_msg = sslConn.post_handshake_check()
return 'acceptedCipherSuites', ssl_cipher, keysize, dh_infos, status_msg
finally:
sslConn.close()
开发者ID:ashleyblackmore,项目名称:sslyze,代码行数:32,代码来源:PluginOpenSSLCipherSuites.py
示例11: process_task
def process_task(self, target, command, args):
OUT_FORMAT = ' {0:<35}{1}'.format
(host, ip, port, sslVersion) = target
if sslVersion == SSLV23: # Could not determine the preferred SSL version - client cert was required ?
sslVersion = TLSV1 # Default to TLS 1.0
target = (host, ip, port, sslVersion)
sslConn = create_sslyze_connection(target, self._shared_settings)
sslConn.sslVersion = sslVersion # Needed by the heartbleed payload
# Awful hack #1: replace nassl.sslClient.do_handshake() with a heartbleed
# checking SSL handshake so that all the SSLyze options
# (startTLS, proxy, etc.) still work
sslConn.do_handshake = new.instancemethod(do_handshake_with_heartbleed, sslConn, None)
heartbleed = None
try: # Perform the SSL handshake
sslConn.connect()
except HeartbleedSent:
# Awful hack #2: directly read the underlying network socket
heartbleed = sslConn._sock.recv(16381)
finally:
sslConn.close()
# Text output
if heartbleed is None:
raise Exception("Error: connection failed.")
elif '\x01\x01\x01\x01\x01\x01\x01\x01\x01' in heartbleed:
# Server replied with our hearbeat payload
heartbleedTxt = 'VULNERABLE - Server is vulnerable to Heartbleed'
heartbleedXml = 'True'
else:
heartbleedTxt = 'OK - Not vulnerable to Heartbleed'
heartbleedXml = 'False'
cmdTitle = 'OpenSSL Heartbleed'
txtOutput = [self.PLUGIN_TITLE_FORMAT(cmdTitle)]
txtOutput.append(OUT_FORMAT(heartbleedTxt, ""))
# XML output
xmlOutput = Element(command, title=cmdTitle)
if heartbleed:
xmlNode = Element('heartbleed', isVulnerable=heartbleedXml)
xmlOutput.append(xmlNode)
return PluginBase.PluginResult(txtOutput, xmlOutput)
开发者ID:johncosta,项目名称:sslyze,代码行数:48,代码来源:PluginHeartbleed.py
示例12: _test_renegotiation
def _test_renegotiation(self, target):
"""
Checks whether the server honors session renegotiation requests and
whether it supports secure renegotiation.
"""
sslConn = create_sslyze_connection(target, self._shared_settings)
try: # Perform the SSL handshake
sslConn.connect()
secureReneg = sslConn.get_secure_renegotiation_support()
try: # Let's try to renegotiate
sslConn.do_renegotiate()
clientReneg = True
# Errors caused by a server rejecting the renegotiation
except socket.error as e:
if 'connection was forcibly closed' in str(e.args):
clientReneg = False
elif 'reset by peer' in str(e.args):
clientReneg = False
else:
raise
#except socket.timeout as e:
# result_reneg = 'Rejected (timeout)'
except OpenSSLError as e:
if 'handshake failure' in str(e.args):
clientReneg = False
elif 'no renegotiation' in str(e.args):
clientReneg = False
elif 'tlsv1 unrecognized name' in str(e.args):
# Yahoo's very own way of rejecting a renegotiation
clientReneg = False
else:
raise
# Should be last as socket errors are also IOError
except IOError as e:
if 'Nassl SSL handshake failed' in str(e.args):
clientReneg = False
else:
raise
finally:
sslConn.close()
return (clientReneg, secureReneg)
开发者ID:ashleyblackmore,项目名称:sslyze,代码行数:47,代码来源:PluginSessionRenegotiation.py
示例13: _get_hsts_header
def _get_hsts_header(self, target):
hstsHeader = None
HTTP_GET_REQ = 'GET / HTTP/1.0\r\nHost: {0}\r\nConnection: close\r\n\r\n'.format(target[0])
sslConn = create_sslyze_connection(target, self._shared_settings)
# Perform the SSL handshake
sslConn.connect()
sslConn.write(HTTP_GET_REQ)
httpResp = parse_http_response(sslConn.read(2048))
sslConn.close()
if httpResp.version == 9 :
# HTTP 0.9 => Probably not an HTTP response
raise Exception('Server did not return an HTTP response')
else:
hstsHeader = httpResp.getheader('strict-transport-security', None)
return hstsHeader
开发者ID:Adastra-thw,项目名称:sslyze,代码行数:18,代码来源:PluginHSTS.py
示例14: _test_ciphersuite
def _test_ciphersuite(self, target, ssl_version, ssl_cipher, cipher_dict):
"""
Initiates a SSL handshake with the server, using the SSL version and
cipher suite specified.
"""
sslConn = create_sslyze_connection(target, self._shared_settings, ssl_version)
sslConn.set_cipher_list(ssl_cipher)
try: # Perform the SSL handshake
sslConn.connect()
except SSLHandshakeRejected as e:
return "rejectedCipherSuites", ssl_cipher, None, None, str(e)
except:
raise
else:
ssl_cipher = sslConn.get_current_cipher_name()
keysize = sslConn.get_current_cipher_bits()
if "ECDH" in ssl_cipher:
dh_infos = sslConn.get_ecdh_param()
elif "DH" in ssl_cipher:
dh_infos = sslConn.get_dh_param()
else:
dh_infos = None
status_msg = sslConn.post_handshake_check()
# append *WEAK* if cipher is known to be vulnerable
if ssl_cipher not in cipher_dict.get("whitelist"):
for item in cipher_dict.get("blacklist"):
if item in ssl_cipher:
ssl_cipher += " *WEAK*"
break
if "*WEAK*" not in ssl_cipher:
ssl_cipher += " (~Possibly Vulnerable~)"
return "acceptedCipherSuites", ssl_cipher, keysize, dh_infos, status_msg
finally:
sslConn.close()
开发者ID:aur3lius-dev,项目名称:sslyze,代码行数:42,代码来源:PluginOpenSSLCipherSuites.py
示例15: _resume_ssl_session
def _resume_ssl_session(self, target, sslSession=None, tlsTicket=False):
"""
Connect to the server and returns the session object that was assigned
for that connection.
If ssl_session is given, tries to resume that session.
"""
sslConn = create_sslyze_connection(target, self._shared_settings)
if not tlsTicket:
# Need to disable TLS tickets to test session IDs, according to rfc5077:
# If a ticket is presented by the client, the server MUST NOT attempt
# to use the Session ID in the ClientHello for stateful session resumption
sslConn.set_options(SSL_OP_NO_TICKET) # Turning off TLS tickets.
if sslSession:
sslConn.set_session(sslSession)
try: # Perform the SSL handshake
sslConn.connect()
newSession = sslConn.get_session() # Get session data
finally:
sslConn.close()
return newSession
开发者ID:CRYPTOlab,项目名称:sslyze,代码行数:23,代码来源:PluginSessionResumption.py
示例16: _pref_ciphersuite
def _pref_ciphersuite(self, target, ssl_version):
"""
Initiates a SSL handshake with the server, using the SSL version and cipher
suite specified.
"""
sslConn = create_sslyze_connection(target, self._shared_settings, ssl_version)
try: # Perform the SSL handshake
sslConn.connect()
ssl_cipher = sslConn.get_cipher_name()
if 'ADH' in ssl_cipher or 'AECDH' in ssl_cipher:
keysize = 'Anon' # Anonymous, let s not care about the key size
else:
keysize = str(sslConn.get_cipher_bits())+' bits'
status_msg = sslConn.post_handshake_check()
return ('preferredCipherSuite', ssl_cipher, keysize, status_msg)
except:
return None
finally:
sslConn.close()
开发者ID:jsha,项目名称:sslyze,代码行数:24,代码来源:PluginOpenSSLCipherSuites.py
示例17: process_task
def process_task(self, target, command, args):
sslConn = create_sslyze_connection(target, self._shared_settings)
# Make sure OpenSSL was built with support for compression to avoid false negatives
if 'zlib compression' not in sslConn.get_available_compression_methods():
raise RuntimeError('OpenSSL was not built with support for zlib / compression. Did you build nassl yourself ?')
try: # Perform the SSL handshake
sslConn.connect()
compName = sslConn.get_current_compression_method()
except ClientCertificateRequested: # The server asked for a client cert
compName = sslConn.get_current_compression_method()
finally:
sslConn.close()
# Text output
if compName:
compTxt = 'VULNERABLE - Server supports Deflate compression'
else:
compTxt = 'OK - Compression disabled'
cmdTitle = 'Deflate Compression'
txtOutput = [self.PLUGIN_TITLE_FORMAT(cmdTitle)]
txtOutput.append(self.FIELD_FORMAT(compTxt, ""))
# XML output
xmlOutput = Element(command, title=cmdTitle)
if compName:
xmlNode = Element('compressionMethod', type="DEFLATE", isSupported="True")
xmlOutput.append(xmlNode)
else:
xmlNode = Element('compressionMethod', type="DEFLATE", isSupported="False")
xmlOutput.append(xmlNode)
return PluginBase.PluginResult(txtOutput, xmlOutput)
开发者ID:0x0mar,项目名称:sslyze,代码行数:36,代码来源:PluginCompression.py
示例18: _get_hsts_header
def _get_hsts_header(self, target):
hstsHeader = None
MAX_REDIRECT = 5
nb_redirect = 0
httpGetFormat = 'GET {0} HTTP/1.0\r\nHost: {1}\r\n{2}Connection: close\r\n\r\n'.format
httpPath = '/'
httpAppend = ''
while nb_redirect < MAX_REDIRECT:
sslConn = create_sslyze_connection(target, self._shared_settings)
# Perform the SSL handshake
sslConn.connect()
sslConn.write(httpGetFormat(httpPath, target[0], httpAppend))
httpResp = parse_http_response(sslConn.read(2048))
sslConn.close()
if httpResp.version == 9 :
# HTTP 0.9 => Probably not an HTTP response
raise Exception('Server did not return an HTTP response')
else:
hstsHeader = httpResp.getheader('strict-transport-security', None)
# If there was no HSTS header, check if the server returned a redirection
if hstsHeader is None and 300 <= httpResp.status < 400:
redirectHeader = httpResp.getheader('Location', None)
cookieHeader = httpResp.getheader('Set-Cookie', None)
if redirectHeader is None:
break
o = urlparse(redirectHeader)
httpPath = o.path
# Handle absolute redirection URL
if o.hostname:
if o.port:
port = o.port
else:
if o.scheme == 'https':
port = 443
elif o.scheme == 'http':
# We would have to use urllib for http: URLs
raise Exception("Error: server sent a redirection to HTTP.")
else:
port = target[2]
target = (o.hostname, o.hostname, port, target[3])
# Handle cookies
if cookieHeader:
cookie = Cookie.SimpleCookie(cookieHeader)
if cookie:
httpAppend = 'Cookie:' + cookie.output(attrs=[], header='', sep=';') + '\r\n'
nb_redirect+=1
else:
# If the server did not return a redirection just give up
break
return hstsHeader
开发者ID:0x0mar,项目名称:sslyze,代码行数:66,代码来源:PluginHSTS.py
示例19: process_task
def process_task(self, target, command, arg):
(_, _, _, sslVersion) = target
# Get the server's cert chain
sslConn = create_sslyze_connection(target, self._shared_settings, sslVersion)
try: # Perform the SSL handshake
sslConn.connect()
certChain = sslConn.get_peer_cert_chain()
except ClientCertificateRequested: # The server asked for a client cert
# We can get the server cert chain anyway
certChain = sslConn.get_peer_cert_chain()
finally:
sslConn.close()
outputXml = Element(command, title = self.CMD_TITLE)
outputTxt = [self.PLUGIN_TITLE_FORMAT(self.CMD_TITLE)]
# Is this cert chain affected ?
leafNotAfter = datetime.datetime.strptime(certChain[0].as_dict()['validity']['notAfter'], "%b %d %H:%M:%S %Y %Z")
if leafNotAfter.year < 2016:
# Not affected - the certificate expires before 2016
outputTxt.append(self.FIELD_FORMAT('OK - Leaf certificate expires before 2016.', ''))
outputXml.append(Element('chromeSha1Deprecation', isServerAffected = str(False)))
else:
certsWithSha1 = []
for cert in certChain:
if self._is_root_cert(cert):
# Ignore root certs as they are unaffected
continue
if "sha1" in cert.as_dict()['signatureAlgorithm']:
certsWithSha1.append(cert)
if certsWithSha1 == []:
# Not affected - no certificates used SHA-1 in the chain
outputTxt.append(self.FIELD_FORMAT('OK - Certificate chain does not contain any SHA-1 certificate.', ''))
outputXml.append(Element('chromeSha1Deprecation', isServerAffected = str(False)))
else:
# Server is affected
leafCertNotAfter = certChain[0].as_dict()['validity']['notAfter']
outputXml2 = Element('chromeSha1Deprecation', isServerAffected = str(True),
leafCertificateNotAfter = leafCertNotAfter)
chrome39Txt = 'OK'
chrome40Txt = 'OK'
if leafNotAfter.year == 2016 and leafNotAfter.month < 6:
chrome41Txt = self.CHROME_MINOR_ERROR_TXT
elif leafNotAfter.year == 2016 and leafNotAfter.month >= 6:
chrome40Txt = self.CHROME_MINOR_ERROR_TXT
chrome41Txt = self.CHROME_MINOR_ERROR_TXT
else:
# Certificate expires in 2017
chrome39Txt = self.CHROME_MINOR_ERROR_TXT
chrome40Txt = self.CHROME_NEUTRAL_TXT
chrome41Txt = self.CHROME_INSECURE_TXT
# Text output
certsWithSha1Txt = ['"{0}"'.format(PluginCertInfo._extract_subject_CN_or_OUN(cert)) for cert in certsWithSha1]
outputTxt.append(self.FIELD_FORMAT("Chrome 39 behavior:", chrome39Txt))
outputTxt.append(self.FIELD_FORMAT("Chrome 40 behavior:", chrome40Txt))
outputTxt.append(self.FIELD_FORMAT("Chrome 41 behavior:", chrome41Txt))
outputTxt.append(self.FIELD_FORMAT("Leaf certificate notAfter field:", leafCertNotAfter))
outputTxt.append(self.FIELD_FORMAT("SHA1-signed certificates:", certsWithSha1Txt))
# XML output
affectedCertsXml = Element('sha1SignedCertificates')
for cert in certsWithSha1:
affectedCertsXml.append(PluginCertInfo._format_cert_to_xml(cert, '', self._shared_settings['sni']))
outputXml2.append(affectedCertsXml)
outputXml2.append(Element(
'chrome39',
behavior = chrome39Txt,
isAffected = str(False) if chrome39Txt is 'OK' else str(True)))
outputXml2.append(Element(
'chrome40',
behavior = chrome40Txt,
isAffected = str(False) if chrome40Txt is 'OK' else str(True)))
outputXml2.append(Element(
'chrome41',
behavior = chrome41Txt,
isAffected = str(True)))
outputXml.append(outputXml2)
return PluginBase.PluginResult(outputTxt, outputXml)
开发者ID:arirubinstein,项目名称:sslyze,代码行数:91,代码来源:PluginChromeSha1Deprecation.py
注:本文中的utils.SSLyzeSSLConnection.create_sslyze_connection函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论