def setUp(self): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) sock.connect(("login.live.com", 443)) ssl_client = SslClient(sock=sock, ssl_verify=SSL_VERIFY_NONE) ssl_client.set_tlsext_status_ocsp() ssl_client.do_handshake() self.ocsp_response = ssl_client.get_tlsext_status_ocsp_resp()._ocsp_response
def setUp(self): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) sock.connect(("login.live.com", 443)) ssl_client = SslClient(sock=sock, ssl_verify=SSL_VERIFY_NONE) ssl_client.set_tlsext_status_ocsp() ssl_client.do_handshake() self.ocsp_response = ssl_client.get_tlsext_status_ocsp_resp( )._ocsp_response
def test_sct_parsing(self): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) sock.connect(('sslanalyzer.comodoca.com', 443)) ssl_client = SslClient(underlying_socket=sock, ssl_verify=OpenSslVerifyEnum.NONE) ssl_client.set_tlsext_status_ocsp() ssl_client.do_handshake() ocsp_response = ssl_client.get_tlsext_status_ocsp_resp() ssl_client.shutdown() sock.close() self.assertIsNotNone(ocsp_response.as_dict()['responses'][0]['singleExtensions']['ctCertificateScts'])
def test(self): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) sock.connect(('www.cloudflare.com', 443)) ssl_client = SslClient(underlying_socket=sock, ssl_verify=OpenSslVerifyEnum.NONE) ssl_client.set_tlsext_status_ocsp() ssl_client.do_handshake() ocsp_response = ssl_client.get_tlsext_status_ocsp_resp() ssl_client.shutdown() self.assertEqual(ocsp_response.status, OcspResponseStatusEnum.SUCCESSFUL) # Test as_text() self.assertIsNotNone(ocsp_response.as_text()) # Test verify with a wrong certificate test_file = tempfile.NamedTemporaryFile(delete=False, mode='wt') test_file.write("""-----BEGIN CERTIFICATE----- MIIDCjCCAnOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBgDELMAkGA1UEBhMCRlIx DjAMBgNVBAgMBVBhcmlzMQ4wDAYDVQQHDAVQYXJpczEWMBQGA1UECgwNRGFzdGFy ZGx5IEluYzEMMAoGA1UECwwDMTIzMQ8wDQYDVQQDDAZBbCBCYW4xGjAYBgkqhkiG 9w0BCQEWC2xvbEBsb2wuY29tMB4XDTEzMDEyNzAwMDM1OFoXDTE0MDEyNzAwMDM1 OFowgZcxCzAJBgNVBAYTAkZSMQwwCgYDVQQIDAMxMjMxDTALBgNVBAcMBFRlc3Qx IjAgBgNVBAoMGUludHJvc3B5IFRlc3QgQ2xpZW50IENlcnQxCzAJBgNVBAsMAjEy MRUwEwYDVQQDDAxBbGJhbiBEaXF1ZXQxIzAhBgkqhkiG9w0BCQEWFG5hYmxhLWMw ZDNAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlnvP1ltVO 8JDNT3AA99QqtiqCi/7BeEcFDm2al46mv7looz6CmB84osrusNVFsS5ICLbrCmeo w5sxW7VVveGueBQyWynngl2PmmufA5Mhwq0ZY8CvwV+O7m0hEXxzwbyGa23ai16O zIiaNlBAb0mC2vwJbsc3MTMovE6dHUgmzQIDAQABo3sweTAJBgNVHRMEAjAAMCwG CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV HQ4EFgQUYR45okpFsqTYB1wlQQblLH9cRdgwHwYDVR0jBBgwFoAUP0X2HQlaca7D NBzVbsjsdhzOqUQwDQYJKoZIhvcNAQEFBQADgYEAWEOxpRjvKvTurDXK/sEUw2KY gmbbGP3tF+fQ/6JS1VdCdtLxxJAHHTW62ugVTlmJZtpsEGlg49BXAEMblLY/K7nm dWN8oZL+754GaBlJ+wK6/Nz4YcuByJAnN8OeTY4Acxjhks8PrAbZgcf0FdpJaAlk Pd2eQ9+DkopOz3UGU7c= -----END CERTIFICATE-----""") test_file.close() self.assertRaises(OcspResponseNotTrustedError, ocsp_response.verify, test_file.name) # No SCT extension self.assertFalse('singleExtensions' in ocsp_response.as_dict() ['responses'][0].keys())
from nassl.ssl_client import OpenSslVersionEnum, SslClient, OpenSslVerifyEnum import socket mozilla_store = Path("tests") / "mozilla.pem" sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) sock.connect(("www.yahoo.com", 443)) ssl_client = SslClient( ssl_version=OpenSslVersionEnum.TLSV1_2, underlying_socket=sock, ssl_verify=OpenSslVerifyEnum.PEER, ssl_verify_locations=mozilla_store, ) ssl_client.set_tlsext_status_ocsp() ssl_client.do_handshake() print("Received certificate chain") for pem_cert in ssl_client.get_received_chain(): print(pem_cert) print("Verified certificate chain") for pem_cert in ssl_client.get_verified_chain(): print(pem_cert) print("OCSP Stapling") ocsp_resp = ssl_client.get_tlsext_status_ocsp_resp() if ocsp_resp: ocsp_resp.verify(Path(mozilla_store)) print(ocsp_resp.status)
from nassl.ssl_client import OpenSslVersionEnum, SslClient, OpenSslVerifyEnum import socket mozilla_store = 'tests/mozilla.pem' sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) sock.connect(('www.yahoo.com', 443)) ssl_client = SslClient( ssl_version=OpenSslVersionEnum.TLSV1_2, underlying_socket=sock, ssl_verify=OpenSslVerifyEnum.PEER, ssl_verify_locations=mozilla_store, ) ssl_client.set_tlsext_status_ocsp() ssl_client.do_handshake() print('Received certificate chain') for pem_cert in ssl_client.get_received_chain(): print(pem_cert) print('Verified certificate chain') for pem_cert in ssl_client.get_verified_chain(): print(pem_cert) print('OCSP Stapling') ocsp_resp = ssl_client.get_tlsext_status_ocsp_resp() if ocsp_resp: ocsp_resp.verify(mozilla_store) print(ocsp_resp.as_dict())