diff --git a/api_sample.py b/api_sample.py index b2e241b1..7a96bfe1 100755 --- a/api_sample.py +++ b/api_sample.py @@ -36,25 +36,21 @@ def main() -> None: print(f"\nResults for {server_scan_result.server_info.server_location.hostname}:") # Scan commands that were run with no errors - try: - ssl2_result = server_scan_result.scan_commands_results[ScanCommand.SSL_2_0_CIPHER_SUITES] + ssl2_result = server_scan_result.scan_commands_results.ssl_2_0_cipher_suites + if ssl2_result: print("\nAccepted cipher suites for SSL 2.0:") for accepted_cipher_suite in ssl2_result.accepted_cipher_suites: print(f"* {accepted_cipher_suite.cipher_suite.name}") - except KeyError: - pass - try: - certinfo_result = server_scan_result.scan_commands_results[ScanCommand.CERTIFICATE_INFO] + certinfo_result = server_scan_result.scan_commands_results.certificate_info + if certinfo_result: print("\nCertificate info:") for cert_deployment in certinfo_result.certificate_deployments: print(f"Leaf certificate: \n{cert_deployment.received_certificate_chain_as_pem[0]}") - except KeyError: - pass # Scan commands that were run with errors - for scan_command, error in server_scan_result.scan_commands_errors.items(): - print(f"\nError when running {scan_command}:\n{error.exception_trace}") + for scan_command_error in server_scan_result.scan_commands_errors: + print(f"\nError when running {scan_command_error.scan_command}:\n{scan_command_error.exception_trace}") if __name__ == "__main__": @@ -99,13 +95,15 @@ def basic_example() -> None: print(f"\nResults for {server_scan_result.server_info.server_location.hostname}:") # SSL 2.0 results - ssl2_result = server_scan_result.scan_commands_results[ScanCommand.SSL_2_0_CIPHER_SUITES] - print("\nAccepted cipher suites for SSL 2.0:") - for accepted_cipher_suite in ssl2_result.accepted_cipher_suites: - print(f"* {accepted_cipher_suite.cipher_suite.name}") + ssl2_result = server_scan_result.scan_commands_results.ssl_2_0_cipher_suites + if ssl2_result: + print("\nAccepted cipher suites for SSL 2.0:") + for accepted_cipher_suite in ssl2_result.accepted_cipher_suites: + print(f"* {accepted_cipher_suite.cipher_suite.name}") # Certificate info results - certinfo_result = server_scan_result.scan_commands_results[ScanCommand.CERTIFICATE_INFO] - print("\nCertificate info:") - for cert_deployment in certinfo_result.certificate_deployments: - print(f"Leaf certificate: \n{cert_deployment.received_certificate_chain_as_pem[0]}") + certinfo_result = server_scan_result.scan_commands_results.certificate_info + if certinfo_result: + print("\nCertificate info:") + for cert_deployment in certinfo_result.certificate_deployments: + print(f"Leaf certificate: \n{cert_deployment.received_certificate_chain_as_pem[0]}") diff --git a/docs/conf.py b/docs/conf.py index 1787bb9e..3f73d9a2 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -102,7 +102,7 @@ # Add any paths that contain custom static files (such as style sheets) here, # relative to this directory. They are copied after the builtin static files, # so a file named "default.css" will overwrite the builtin "default.css". -html_static_path = [] +html_static_path = [] # type: ignore # -- Options for HTMLHelp output ------------------------------------------ diff --git a/json_output_schema.json b/json_output_schema.json new file mode 100644 index 00000000..b1aa37ff --- /dev/null +++ b/json_output_schema.json @@ -0,0 +1,1279 @@ +{ + "title": "SslyzeOutputAsJson", + "description": "The \"root\" dictionary of the JSON output when using the --json command line option.\n ", + "type": "object", + "properties": { + "server_scan_results": { + "title": "Server Scan Results", + "type": "array", + "items": { + "$ref": "#/definitions/_ServerScanResultAsJson" + } + }, + "server_connectivity_errors": { + "title": "Server Connectivity Errors", + "type": "array", + "items": { + "$ref": "#/definitions/_ServerConnectivityErrorAsJson" + } + }, + "total_scan_time": { + "title": "Total Scan Time", + "type": "number" + }, + "sslyze_version": { + "title": "Sslyze Version", + "default": "4.1.0", + "type": "string" + }, + "sslyze_url": { + "title": "Sslyze Url", + "default": "https://github.com/nabla-c0d3/sslyze", + "type": "string" + } + }, + "required": [ + "server_scan_results", + "server_connectivity_errors", + "total_scan_time" + ], + "definitions": { + "HttpProxySettings": { + "title": "HttpProxySettings", + "type": "object", + "properties": { + "hostname": { + "title": "Hostname", + "type": "string" + }, + "port": { + "title": "Port", + "type": "integer" + }, + "basic_auth_user": { + "title": "Basic Auth User", + "type": "string" + }, + "basic_auth_password": { + "title": "Basic Auth Password", + "type": "string" + } + }, + "required": [ + "hostname", + "port" + ] + }, + "_ServerNetworkLocationAsJson": { + "title": "_ServerNetworkLocationAsJson", + "description": "All the information needed to connect to a server.\n\nAttributes:\n hostname: The server's hostname.\n port: The server's TLS port number.\n ip_address: The server's IP address. This field is null if scans are tunneled through a proxy.\n http_proxy_settings: The HTTP proxy configuration to use in order to tunnel the scans through a proxy. The\n proxy will be responsible for looking up the server's IP address and connecting to it. This field is null\n if no proxy was used for the scan.", + "type": "object", + "properties": { + "hostname": { + "title": "Hostname", + "type": "string" + }, + "port": { + "title": "Port", + "type": "integer" + }, + "ip_address": { + "title": "Ip Address", + "type": "string" + }, + "http_proxy_settings": { + "$ref": "#/definitions/HttpProxySettings" + } + }, + "required": [ + "hostname", + "port" + ], + "additionalProperties": false + }, + "ProtocolWithOpportunisticTlsEnum": { + "title": "ProtocolWithOpportunisticTlsEnum", + "description": "The list of plaintext protocols supported by SSLyze for opportunistic TLS upgrade (such as STARTTLS).\n\nThis allows SSLyze to figure out how to complete an SSL/TLS handshake with the server.", + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9 + ] + }, + "OpenSslFileTypeEnum": { + "title": "OpenSslFileTypeEnum", + "description": "Certificate and private key format constants which map to the SSL_FILETYPE_XXX OpenSSL constants.", + "enum": [ + 1, + 2 + ], + "type": "integer" + }, + "_ClientAuthenticationCredentialsAsJson": { + "title": "_ClientAuthenticationCredentialsAsJson", + "type": "object", + "properties": { + "certificate_chain_path": { + "title": "Certificate Chain Path", + "type": "string", + "format": "path" + }, + "key_path": { + "title": "Key Path", + "type": "string", + "format": "path" + }, + "key_type": { + "default": 1, + "allOf": [ + { + "$ref": "#/definitions/OpenSslFileTypeEnum" + } + ] + } + }, + "required": [ + "certificate_chain_path", + "key_path" + ] + }, + "_ServerNetworkConfigurationAsJson": { + "title": "_ServerNetworkConfigurationAsJson", + "description": "Additional network settings to provide fine-grained control on how to connect to a specific server.\n\nAttributes:\n tls_server_name_indication: The hostname to set within the Server Name Indication TLS extension.\n tls_wrapped_protocol: The protocol wrapped in TLS that the server expects. It allows SSLyze to figure out\n how to establish a (Start)TLS connection to the server and what kind of \"hello\" message\n (SMTP, XMPP, etc.) to send to the server after the handshake was completed. If not supplied, standard\n TLS will be used.\n tls_client_auth_credentials: The client certificate and private key needed to perform mutual authentication\n with the server. If not supplied, SSLyze will attempt to connect to the server without performing\n client authentication.\n xmpp_to_hostname: The hostname to set within the `to` attribute of the XMPP stream. If not supplied, the\n server's hostname will be used. Should only be set if the supplied `tls_wrapped_protocol` is an\n XMPP protocol.\n network_timeout: The timeout (in seconds) to be used when attempting to establish a connection to the\n server.\n network_max_retries: The number of retries SSLyze will perform when attempting to establish a connection\n to the server.", + "type": "object", + "properties": { + "tls_server_name_indication": { + "title": "Tls Server Name Indication", + "type": "string" + }, + "tls_opportunistic_encryption": { + "$ref": "#/definitions/ProtocolWithOpportunisticTlsEnum" + }, + "tls_client_auth_credentials": { + "$ref": "#/definitions/_ClientAuthenticationCredentialsAsJson" + }, + "xmpp_to_hostname": { + "title": "Xmpp To Hostname", + "type": "string" + }, + "network_timeout": { + "title": "Network Timeout", + "default": 5, + "type": "integer" + }, + "network_max_retries": { + "title": "Network Max Retries", + "default": 3, + "type": "integer" + } + }, + "required": [ + "tls_server_name_indication" + ], + "additionalProperties": false + }, + "TlsVersionEnum": { + "title": "TlsVersionEnum", + "description": "An enumeration.", + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6 + ] + }, + "ClientAuthRequirementEnum": { + "title": "ClientAuthRequirementEnum", + "description": "Whether the server asked for client authentication.\n ", + "enum": [ + 1, + 2, + 3 + ] + }, + "ServerTlsProbingResult": { + "title": "ServerTlsProbingResult", + "type": "object", + "properties": { + "highest_tls_version_supported": { + "$ref": "#/definitions/TlsVersionEnum" + }, + "cipher_suite_supported": { + "title": "Cipher Suite Supported", + "type": "string" + }, + "client_auth_requirement": { + "$ref": "#/definitions/ClientAuthRequirementEnum" + }, + "supports_ecdh_key_exchange": { + "title": "Supports Ecdh Key Exchange", + "type": "boolean" + } + }, + "required": [ + "highest_tls_version_supported", + "cipher_suite_supported", + "client_auth_requirement", + "supports_ecdh_key_exchange" + ] + }, + "_ServerConnectivityInfoAsJson": { + "title": "_ServerConnectivityInfoAsJson", + "description": "All the settings (hostname, port, SSL version, etc.) needed to successfully connect to a given SSL/TLS server.\n\nSuch objects should never be instantiated directly and are instead returned by `ServerConnectivityTester.perform()`\nwhen connectivity testing was successful.\n\nAttributes:\n server_location: The minimum information needed to establish a connection to the server.\n network_configuration: Some additional configuration regarding how to connect to the server.\n tls_probing_result: Some additional details about the server's TLS configuration.", + "type": "object", + "properties": { + "server_location": { + "$ref": "#/definitions/_ServerNetworkLocationAsJson" + }, + "network_configuration": { + "$ref": "#/definitions/_ServerNetworkConfigurationAsJson" + }, + "tls_probing_result": { + "$ref": "#/definitions/ServerTlsProbingResult" + } + }, + "required": [ + "server_location", + "network_configuration", + "tls_probing_result" + ], + "additionalProperties": false + }, + "ScanCommand": { + "title": "ScanCommand", + "description": "An enumeration.", + "enum": [ + "certificate_info", + "session_resumption", + "ssl_2_0_cipher_suites", + "ssl_3_0_cipher_suites", + "tls_1_0_cipher_suites", + "tls_1_1_cipher_suites", + "tls_1_2_cipher_suites", + "tls_1_3_cipher_suites", + "tls_compression", + "tls_1_3_early_data", + "openssl_ccs_injection", + "tls_fallback_scsv", + "heartbleed", + "robot", + "session_renegotiation", + "http_headers", + "elliptic_curves" + ], + "type": "string" + }, + "CertificateInfoExtraArgumentAsJson": { + "title": "CertificateInfoExtraArgumentAsJson", + "description": "Additional configuration for running the certificate_info scan command.\n\nAttributes:\n custom_ca_file: The path to a custom trust store file to use for certificate validation. The file should contain\n PEM-formatted root certificates.", + "type": "object", + "properties": { + "custom_ca_file": { + "title": "Custom Ca File", + "type": "string", + "format": "path" + } + }, + "required": [ + "custom_ca_file" + ] + }, + "SessionResumptionSupportExtraArgumentAsJson": { + "title": "SessionResumptionSupportExtraArgumentAsJson", + "description": "Additional configuration for running the SESSION_RESUMPTION scan command.\n\nAttributes:\n number_of_resumptions_to_attempt: The number of session resumptions (both with Session IDs and TLS\n Tickets) that SSLyze should attempt. The default value is 5, but a higher value such as 100 can be used to\n get a more accurate measure of how often session resumption succeeds or fails with the server.", + "type": "object", + "properties": { + "number_of_resumptions_to_attempt": { + "title": "Number Of Resumptions To Attempt", + "type": "integer" + } + }, + "required": [ + "number_of_resumptions_to_attempt" + ], + "additionalProperties": false + }, + "ScanCommandsExtraArgumentsAsJson": { + "title": "ScanCommandsExtraArgumentsAsJson", + "type": "object", + "properties": { + "certificate_info": { + "$ref": "#/definitions/CertificateInfoExtraArgumentAsJson" + }, + "session_resumption": { + "$ref": "#/definitions/SessionResumptionSupportExtraArgumentAsJson" + } + }, + "additionalProperties": false + }, + "_SubjAltNameAsJson": { + "title": "_SubjAltNameAsJson", + "type": "object", + "properties": { + "dns": { + "title": "Dns", + "type": "array", + "items": { + "type": "string" + } + } + }, + "required": [ + "dns" + ] + }, + "_HashAlgorithmAsJson": { + "title": "_HashAlgorithmAsJson", + "type": "object", + "properties": { + "name": { + "title": "Name", + "type": "string" + }, + "digest_size": { + "title": "Digest Size", + "type": "integer" + } + }, + "required": [ + "name", + "digest_size" + ] + }, + "_ObjectIdentifierAsJson": { + "title": "_ObjectIdentifierAsJson", + "type": "object", + "properties": { + "name": { + "title": "Name", + "type": "string" + }, + "dotted_string": { + "title": "Dotted String", + "type": "string" + } + }, + "required": [ + "name", + "dotted_string" + ] + }, + "_NameAttributeAsJson": { + "title": "_NameAttributeAsJson", + "type": "object", + "properties": { + "oid": { + "$ref": "#/definitions/_ObjectIdentifierAsJson" + }, + "value": { + "title": "Value", + "type": "string" + }, + "rfc4514_string": { + "title": "Rfc4514 String", + "type": "string" + } + }, + "required": [ + "oid", + "value", + "rfc4514_string" + ] + }, + "_X509NameAsJson": { + "title": "_X509NameAsJson", + "type": "object", + "properties": { + "rfc4514_string": { + "title": "Rfc4514 String", + "type": "string" + }, + "attributes": { + "title": "Attributes", + "type": "array", + "items": { + "$ref": "#/definitions/_NameAttributeAsJson" + } + } + }, + "required": [ + "rfc4514_string", + "attributes" + ] + }, + "_PublicKeyAsJson": { + "title": "_PublicKeyAsJson", + "type": "object", + "properties": { + "algorithm": { + "title": "Algorithm", + "type": "string" + }, + "key_size": { + "title": "Key Size", + "type": "integer" + }, + "rsa_e": { + "title": "Rsa E", + "type": "integer" + }, + "rsa_n": { + "title": "Rsa N", + "type": "integer" + }, + "ec_curve_name": { + "title": "Ec Curve Name", + "type": "string" + }, + "ec_x": { + "title": "Ec X", + "type": "integer" + }, + "ec_y": { + "title": "Ec Y", + "type": "integer" + } + }, + "required": [ + "algorithm" + ] + }, + "_CertificateAsJson": { + "title": "_CertificateAsJson", + "type": "object", + "properties": { + "as_pem": { + "title": "As Pem", + "type": "string" + }, + "hpkp_pin": { + "title": "Hpkp Pin", + "type": "string" + }, + "fingerprint_sha1": { + "title": "Fingerprint Sha1", + "type": "string" + }, + "fingerprint_sha256": { + "title": "Fingerprint Sha256", + "type": "string" + }, + "serial_number": { + "title": "Serial Number", + "type": "integer" + }, + "not_valid_before": { + "title": "Not Valid Before", + "type": "string", + "format": "date-time" + }, + "not_valid_after": { + "title": "Not Valid After", + "type": "string", + "format": "date-time" + }, + "subject_alternative_name": { + "$ref": "#/definitions/_SubjAltNameAsJson" + }, + "signature_hash_algorithm": { + "$ref": "#/definitions/_HashAlgorithmAsJson" + }, + "signature_algorithm_oid": { + "$ref": "#/definitions/_ObjectIdentifierAsJson" + }, + "subject": { + "$ref": "#/definitions/_X509NameAsJson" + }, + "issuer": { + "$ref": "#/definitions/_X509NameAsJson" + }, + "public_key": { + "$ref": "#/definitions/_PublicKeyAsJson" + } + }, + "required": [ + "as_pem", + "hpkp_pin", + "fingerprint_sha1", + "fingerprint_sha256", + "serial_number", + "not_valid_before", + "not_valid_after", + "subject_alternative_name", + "signature_algorithm_oid", + "public_key" + ] + }, + "_TrustStoreAsJson": { + "title": "_TrustStoreAsJson", + "description": "A set of root certificates to be used for certificate validation.\n\nAttributes:\n path: The path on the local system to the PEM-formatted file containing the root certificates.\n name: The human-readable name of the trust store (such as \"Mozilla\").\n version: The human-readable version or date of the trust store (such as \"09/2016\").", + "type": "object", + "properties": { + "path": { + "title": "Path", + "type": "string", + "format": "path" + }, + "name": { + "title": "Name", + "type": "string" + }, + "version": { + "title": "Version", + "type": "string" + }, + "ev_oids": { + "title": "Ev Oids", + "type": "array", + "items": { + "$ref": "#/definitions/_ObjectIdentifierAsJson" + } + } + }, + "required": [ + "path", + "name", + "version" + ] + }, + "_PathValidationResultAsJson": { + "title": "_PathValidationResultAsJson", + "description": "The result of trying to validate a server's certificate chain using a specific trust store.\n\nAttributes:\n trust_stores: The trust store used for validation.\n verified_certificate_chain: The verified certificate chain returned by OpenSSL.\n Index 0 is the leaf certificate and the last element is the anchor/CA certificate from the trust store.\n Will be None if the validation failed or the verified chain could not be built.\n Each certificate is parsed using the cryptography module; documentation is available at\n https://cryptography.io/en/latest/x509/reference/#x-509-certificate-object.\n openssl_error_string: The result string returned by OpenSSL's validation function; None if validation was\n successful.\n was_validation_successful: Whether the certificate chain is trusted when using supplied the trust_stores.", + "type": "object", + "properties": { + "trust_store": { + "$ref": "#/definitions/_TrustStoreAsJson" + }, + "verified_certificate_chain": { + "title": "Verified Certificate Chain", + "type": "array", + "items": { + "$ref": "#/definitions/_CertificateAsJson" + } + }, + "openssl_error_string": { + "title": "Openssl Error String", + "type": "string" + }, + "was_validation_successful": { + "title": "Was Validation Successful", + "type": "boolean" + } + }, + "required": [ + "trust_store", + "was_validation_successful" + ] + }, + "_OcspResponseAsJson": { + "title": "_OcspResponseAsJson", + "type": "object", + "properties": { + "response_status": { + "title": "Response Status", + "type": "string" + }, + "certificate_status": { + "title": "Certificate Status", + "type": "string" + }, + "revocation_time": { + "title": "Revocation Time", + "type": "string", + "format": "date-time" + }, + "produced_at": { + "title": "Produced At", + "type": "string", + "format": "date-time" + }, + "this_update": { + "title": "This Update", + "type": "string", + "format": "date-time" + }, + "next_update": { + "title": "Next Update", + "type": "string", + "format": "date-time" + }, + "serial_number": { + "title": "Serial Number", + "type": "integer" + } + }, + "required": [ + "response_status" + ] + }, + "_CertificateDeploymentAnalysisResultAsJson": { + "title": "_CertificateDeploymentAnalysisResultAsJson", + "description": "The result of analyzing a server's certificate to verify its validity.\n\nAny certificate available within the fields that follow is parsed as a ``Certificate`` object using the cryptography\nmodule; documentation is available at\nhttps://cryptography.io/en/latest/x509/reference.html?highlight=Certificate#cryptography.x509.Certificate\n\nAttributes:\n received_certificate_chain: The certificate chain sent by the server; index 0 is the leaf certificate.\n verified_certificate_chain: The verified certificate chain returned by OpenSSL for one of the trust stores\n packaged within SSLyze. Will be ``None`` if the validation failed with all of the available trust stores\n (Apple, Mozilla, etc.). This is essentially a shortcut to\n ``path_validation_result_list[0].verified_certificate_chain``.\n path_validation_results: The result of validating the server's\n certificate chain using each trust store that is packaged with SSLyze (Mozilla, Apple, etc.).\n If for a given trust store, the validation was successful, the verified certificate chain built by OpenSSL\n can be retrieved from the ``PathValidationResult``.\n leaf_certificate_subject_matches_hostname: ``True`` if the leaf certificate's Common Name or Subject Alternative\n Names match the server's hostname.\n leaf_certificate_is_ev: ``True`` if the leaf certificate is Extended Validation, according to Mozilla.\n leaf_certificate_has_must_staple_extension: ``True`` if the OCSP must-staple extension is present in the leaf\n certificate.\n leaf_certificate_signed_certificate_timestamps_count: The number of Signed Certificate\n Timestamps (SCTs) for Certificate Transparency embedded in the leaf certificate. ``None`` if the version of\n OpenSSL installed on the system is too old to be able to parse the SCT extension.\n received_chain_has_valid_order: ``True`` if the certificate chain returned by the server was sent in the right\n order. `None`` if any of the certificates in the chain could not be parsed.\n received_chain_contains_anchor_certificate: ``True`` if the server included the anchor/root\n certificate in the chain it sends back to clients. ``None`` if the verified chain could not be built.\n verified_chain_has_sha1_signature: ``True`` if any of the leaf or intermediate certificates are\n signed using the SHA-1 algorithm. ``None`` if the verified chain could not be built.\n verified_chain_has_legacy_symantec_anchor: ``True`` if the certificate chain contains a distrusted Symantec\n anchor\n (https://blog.qualys.com/ssllabs/2017/09/26/google-and-mozilla-deprecating-existing-symantec-certificates).\n ``None`` if the verified chain could not be built.\n ocsp_response: The OCSP response returned by the server. ``None`` if no response was sent by the server or if\n the scan was run through an HTTP proxy (the proxy will not forward the server's OCSP response). If present,\n the OCSP response is an ``OCSPResponse`` object parsed using the cryptography module; documentation is\n available at\n https://cryptography.io/en/latest/x509/ocsp.html?highlight=OCSPResponse#cryptography.x509.ocsp.OCSPResponse\n ocsp_response_is_trusted: ``True`` if the OCSP response is trusted using the Mozilla trust store.\n ``None`` if no OCSP response was sent by the server.", + "type": "object", + "properties": { + "received_certificate_chain": { + "title": "Received Certificate Chain", + "type": "array", + "items": { + "$ref": "#/definitions/_CertificateAsJson" + } + }, + "leaf_certificate_subject_matches_hostname": { + "title": "Leaf Certificate Subject Matches Hostname", + "type": "boolean" + }, + "leaf_certificate_has_must_staple_extension": { + "title": "Leaf Certificate Has Must Staple Extension", + "type": "boolean" + }, + "leaf_certificate_is_ev": { + "title": "Leaf Certificate Is Ev", + "type": "boolean" + }, + "leaf_certificate_signed_certificate_timestamps_count": { + "title": "Leaf Certificate Signed Certificate Timestamps Count", + "type": "integer" + }, + "received_chain_contains_anchor_certificate": { + "title": "Received Chain Contains Anchor Certificate", + "type": "boolean" + }, + "received_chain_has_valid_order": { + "title": "Received Chain Has Valid Order", + "type": "boolean" + }, + "path_validation_results": { + "title": "Path Validation Results", + "type": "array", + "items": { + "$ref": "#/definitions/_PathValidationResultAsJson" + } + }, + "verified_chain_has_sha1_signature": { + "title": "Verified Chain Has Sha1 Signature", + "type": "boolean" + }, + "verified_chain_has_legacy_symantec_anchor": { + "title": "Verified Chain Has Legacy Symantec Anchor", + "type": "boolean" + }, + "ocsp_response": { + "$ref": "#/definitions/_OcspResponseAsJson" + }, + "ocsp_response_is_trusted": { + "title": "Ocsp Response Is Trusted", + "type": "boolean" + }, + "verified_certificate_chain": { + "title": "Verified Certificate Chain", + "type": "array", + "items": { + "$ref": "#/definitions/_CertificateAsJson" + } + } + }, + "required": [ + "received_certificate_chain", + "leaf_certificate_subject_matches_hostname", + "leaf_certificate_has_must_staple_extension", + "leaf_certificate_is_ev", + "path_validation_results" + ] + }, + "CertificateInfoScanResultAsJson": { + "title": "CertificateInfoScanResultAsJson", + "description": "The result of retrieving and analyzing a server's certificates to verify their validity.\n\nAttributes:\n hostname_used_for_server_name_indication: The hostname sent by SSLyze as the Server Name Indication extension.\n certificate_deployments: A list of leaf certificates detected by SSLyze and the corresponding analysis. Most\n servers only deploy one leaf certificate, but some websites (such as Facebook) return different leaf\n certificates depending on the client, as a way to maximize compatibility with older clients/devices.", + "type": "object", + "properties": { + "hostname_used_for_server_name_indication": { + "title": "Hostname Used For Server Name Indication", + "type": "string" + }, + "certificate_deployments": { + "title": "Certificate Deployments", + "type": "array", + "items": { + "$ref": "#/definitions/_CertificateDeploymentAnalysisResultAsJson" + } + } + }, + "required": [ + "hostname_used_for_server_name_indication", + "certificate_deployments" + ] + }, + "_CipherSuiteAsJson": { + "title": "_CipherSuiteAsJson", + "type": "object", + "properties": { + "name": { + "title": "Name", + "type": "string" + }, + "is_anonymous": { + "title": "Is Anonymous", + "type": "boolean" + }, + "key_size": { + "title": "Key Size", + "type": "integer" + }, + "openssl_name": { + "title": "Openssl Name", + "type": "string" + } + }, + "required": [ + "name", + "is_anonymous", + "key_size", + "openssl_name" + ], + "additionalProperties": false + }, + "_EphemeralKeyInfoAsJson": { + "title": "_EphemeralKeyInfoAsJson", + "type": "object", + "properties": { + "type_name": { + "title": "Type Name", + "type": "string" + }, + "size": { + "title": "Size", + "type": "integer" + }, + "public_bytes": { + "title": "Public Bytes", + "type": "string" + }, + "curve_name": { + "title": "Curve Name", + "type": "string" + }, + "x": { + "title": "X", + "type": "string" + }, + "y": { + "title": "Y", + "type": "string" + }, + "prime": { + "title": "Prime", + "type": "string" + }, + "generator": { + "title": "Generator", + "type": "string" + } + }, + "required": [ + "type_name", + "size", + "public_bytes" + ], + "additionalProperties": false + }, + "_CipherSuiteAcceptedByServerAsJson": { + "title": "_CipherSuiteAcceptedByServerAsJson", + "description": "ephemeral_key: The ephemeral key negotiated with the server when using (EC) DH cipher suites. None if the cipher\n suite does not use ephemeral keys or if the ephemeral key could not be retrieved.", + "type": "object", + "properties": { + "cipher_suite": { + "$ref": "#/definitions/_CipherSuiteAsJson" + }, + "ephemeral_key": { + "$ref": "#/definitions/_EphemeralKeyInfoAsJson" + } + }, + "required": [ + "cipher_suite" + ], + "additionalProperties": false + }, + "_CipherSuiteRejectedByServerAsJson": { + "title": "_CipherSuiteRejectedByServerAsJson", + "type": "object", + "properties": { + "cipher_suite": { + "$ref": "#/definitions/_CipherSuiteAsJson" + }, + "error_message": { + "title": "Error Message", + "type": "string" + } + }, + "required": [ + "cipher_suite", + "error_message" + ], + "additionalProperties": false + }, + "CipherSuitesScanResultAsJson": { + "title": "CipherSuitesScanResultAsJson", + "description": "The result of testing a server for cipher suites with a specific version of SSL/TLS.\n\nAttributes:\n tls_version_used: The SSL/TLS version used to connect to the server.\n accepted_ciphers: The list of cipher suites supported supported by both SSLyze and the server.\n rejected_ciphers: The list of cipher suites supported by SSLyze that were rejected by the server.", + "type": "object", + "properties": { + "tls_version_used": { + "$ref": "#/definitions/TlsVersionEnum" + }, + "is_tls_protocol_version_supported": { + "title": "Is Tls Protocol Version Supported", + "type": "boolean" + }, + "accepted_cipher_suites": { + "title": "Accepted Cipher Suites", + "type": "array", + "items": { + "$ref": "#/definitions/_CipherSuiteAcceptedByServerAsJson" + } + }, + "rejected_cipher_suites": { + "title": "Rejected Cipher Suites", + "type": "array", + "items": { + "$ref": "#/definitions/_CipherSuiteRejectedByServerAsJson" + } + } + }, + "required": [ + "tls_version_used", + "is_tls_protocol_version_supported", + "accepted_cipher_suites", + "rejected_cipher_suites" + ], + "additionalProperties": false + }, + "CompressionScanResult": { + "title": "CompressionScanResult", + "type": "object", + "properties": { + "supports_compression": { + "title": "Supports Compression", + "type": "boolean" + } + }, + "required": [ + "supports_compression" + ] + }, + "EarlyDataScanResult": { + "title": "EarlyDataScanResult", + "type": "object", + "properties": { + "supports_early_data": { + "title": "Supports Early Data", + "type": "boolean" + } + }, + "required": [ + "supports_early_data" + ] + }, + "OpenSslCcsInjectionScanResult": { + "title": "OpenSslCcsInjectionScanResult", + "type": "object", + "properties": { + "is_vulnerable_to_ccs_injection": { + "title": "Is Vulnerable To Ccs Injection", + "type": "boolean" + } + }, + "required": [ + "is_vulnerable_to_ccs_injection" + ] + }, + "FallbackScsvScanResult": { + "title": "FallbackScsvScanResult", + "type": "object", + "properties": { + "supports_fallback_scsv": { + "title": "Supports Fallback Scsv", + "type": "boolean" + } + }, + "required": [ + "supports_fallback_scsv" + ] + }, + "HeartbleedScanResult": { + "title": "HeartbleedScanResult", + "type": "object", + "properties": { + "is_vulnerable_to_heartbleed": { + "title": "Is Vulnerable To Heartbleed", + "type": "boolean" + } + }, + "required": [ + "is_vulnerable_to_heartbleed" + ] + }, + "RobotScanResultEnum": { + "title": "RobotScanResultEnum", + "description": "The result of attempting exploit the ROBOT issue on the server.\n\nAttributes:\n VULNERABLE_WEAK_ORACLE: The server is vulnerable but the attack would take too long.\n VULNERABLE_STRONG_ORACLE: The server is vulnerable and real attacks are feasible.\n NOT_VULNERABLE_NO_ORACLE: The server supports RSA cipher suites but does not act as an oracle.\n NOT_VULNERABLE_RSA_NOT_SUPPORTED: The server does not supports RSA cipher suites.\n UNKNOWN_INCONSISTENT_RESULTS: Could not determine whether the server is vulnerable or not.", + "enum": [ + "VULNERABLE_WEAK_ORACLE", + "VULNERABLE_STRONG_ORACLE", + "NOT_VULNERABLE_NO_ORACLE", + "NOT_VULNERABLE_RSA_NOT_SUPPORTED", + "UNKNOWN_INCONSISTENT_RESULTS" + ], + "type": "string" + }, + "RobotScanResult": { + "title": "RobotScanResult", + "type": "object", + "properties": { + "robot_result": { + "$ref": "#/definitions/RobotScanResultEnum" + } + }, + "required": [ + "robot_result" + ] + }, + "SessionRenegotiationScanResult": { + "title": "SessionRenegotiationScanResult", + "type": "object", + "properties": { + "supports_secure_renegotiation": { + "title": "Supports Secure Renegotiation", + "type": "boolean" + }, + "is_vulnerable_to_client_renegotiation_dos": { + "title": "Is Vulnerable To Client Renegotiation Dos", + "type": "boolean" + } + }, + "required": [ + "supports_secure_renegotiation", + "is_vulnerable_to_client_renegotiation_dos" + ] + }, + "TlsResumptionSupportEnum": { + "title": "TlsResumptionSupportEnum", + "description": "The result of attempting to resume TLS sessions with the server.\n\nAttributes:\n FULLY_SUPPORTED: All the session resumption attempts were successful.\n PARTIALLY_SUPPORTED: Only some of the session resumption attempts were successful.\n NOT_SUPPORTED: None of the session resumption attempts were successful.\n SERVER_IS_TLS_1_3_ONLY: The server only supports TLS 1.3, which does not support Session ID nor TLS Tickets\n resumption.", + "enum": [ + "FULLY_SUPPORTED", + "PARTIALLY_SUPPORTED", + "NOT_SUPPORTED", + "SERVER_IS_TLS_1_3_ONLY" + ], + "type": "string" + }, + "SessionResumptionSupportScanResultAsJson": { + "title": "SessionResumptionSupportScanResultAsJson", + "description": "The result of testing a server for TLS 1.2 session resumption support, using Session IDs and TLS tickets.\n\nAttributes:\n session_id_resumption_result: The overall result of session ID resumption testing.\n session_id_attempted_resumptions_count: The total number of session ID resumptions that were attempted.\n session_id_successful_resumptions_count: The number of session ID resumptions that were successful.\n tls_ticket_resumption_result: The overall result of TLS ticket resumption testing.\n tls_ticket_attempted_resumptions_count: The total number of TLS ticket resumptions that were attempted.\n tls_ticket_successful_resumptions_count: The number of TLS ticket resumptions that were successful.", + "type": "object", + "properties": { + "session_id_resumption_result": { + "$ref": "#/definitions/TlsResumptionSupportEnum" + }, + "session_id_attempted_resumptions_count": { + "title": "Session Id Attempted Resumptions Count", + "type": "integer" + }, + "session_id_successful_resumptions_count": { + "title": "Session Id Successful Resumptions Count", + "type": "integer" + }, + "tls_ticket_resumption_result": { + "$ref": "#/definitions/TlsResumptionSupportEnum" + }, + "tls_ticket_attempted_resumptions_count": { + "title": "Tls Ticket Attempted Resumptions Count", + "type": "integer" + }, + "tls_ticket_successful_resumptions_count": { + "title": "Tls Ticket Successful Resumptions Count", + "type": "integer" + } + }, + "required": [ + "session_id_resumption_result", + "session_id_attempted_resumptions_count", + "session_id_successful_resumptions_count", + "tls_ticket_resumption_result", + "tls_ticket_attempted_resumptions_count", + "tls_ticket_successful_resumptions_count" + ], + "additionalProperties": false + }, + "_StrictTransportSecurityHeaderAsJson": { + "title": "_StrictTransportSecurityHeaderAsJson", + "description": "A Strict-Transport-Security header parsed from a server's HTTP response.\n\nAttributes:\n preload: ``True`` if the preload directive is set.\n include_subdomains: ``True`` if the includesubdomains directive is set.\n max_age: The content of the max-age field.", + "type": "object", + "properties": { + "max_age": { + "title": "Max Age", + "type": "integer" + }, + "preload": { + "title": "Preload", + "type": "boolean" + }, + "include_subdomains": { + "title": "Include Subdomains", + "type": "boolean" + } + }, + "required": [ + "preload", + "include_subdomains" + ] + }, + "_ExpectCtHeaderAsJson": { + "title": "_ExpectCtHeaderAsJson", + "description": "An Expect-CT header parsed from a server's HTTP response.\n\nAttributes:\n max-age: The content of the max-age field.\n report-uri: The content of report-uri field.\n enforce: True if enforce directive is set.", + "type": "object", + "properties": { + "max_age": { + "title": "Max Age", + "type": "integer" + }, + "report_uri": { + "title": "Report Uri", + "type": "string" + }, + "enforce": { + "title": "Enforce", + "type": "boolean" + } + }, + "required": [ + "enforce" + ] + }, + "HttpHeadersScanResultAsJson": { + "title": "HttpHeadersScanResultAsJson", + "description": "The result of testing a server for the presence of security-related HTTP headers.\n\nEach HTTP header described below will be ``None`` if the server did not return a valid HTTP response, or if the\nserver returned an HTTP response without the HTTP header.\n\nAttributes:\n http_request_sent: The initial HTTP request sent to the server by SSLyze.\n http_error_trace: An error the server returned after receiving the initial HTTP request. If this field is set,\n all the subsequent fields will be ``None`` as SSLyze did not receive a valid HTTP response from the server.\n http_path_redirected_to: The path SSLyze was eventually redirected to after sending the initial HTTP request.\n strict_transport_security_header: The Strict-Transport-Security header returned by the server.\n expect_ct_header: The Expect-CT header returned by the server.", + "type": "object", + "properties": { + "http_request_sent": { + "title": "Http Request Sent", + "type": "string" + }, + "http_error_trace": { + "title": "Http Error Trace", + "type": "string" + }, + "http_path_redirected_to": { + "title": "Http Path Redirected To", + "type": "string" + }, + "strict_transport_security_header": { + "$ref": "#/definitions/_StrictTransportSecurityHeaderAsJson" + }, + "expect_ct_header": { + "$ref": "#/definitions/_ExpectCtHeaderAsJson" + } + }, + "required": [ + "http_request_sent" + ] + }, + "_EllipticCurveAsJson": { + "title": "_EllipticCurveAsJson", + "description": "A specific elliptic curve.\n\nAttributes:\n name: The ANSI X9.62 name if available, otherwise the SECG name.\n openssl_nid: The OpenSSL NID_XXX value valid for OpenSslEvpPkeyEnum.EC (obj_mac.h).", + "type": "object", + "properties": { + "name": { + "title": "Name", + "type": "string" + }, + "openssl_nid": { + "title": "Openssl Nid", + "type": "integer" + } + }, + "required": [ + "name", + "openssl_nid" + ] + }, + "SupportedEllipticCurvesScanResultAsJson": { + "title": "SupportedEllipticCurvesScanResultAsJson", + "description": "The result of testing a server for supported elliptic curves.\n\nAttributes:\n supports_ecdh_key_exchange: True if the server supports at least one cipher suite with an ECDH key exchange.\n supported_curves: A list of `EllipticCurve` that were accepted by the server or `None` if the server does not\n support ECDH cipher suites.\n rejected_curves: A list of `EllipticCurve` that were rejected by the server or `None` if the server does not\n support ECDH cipher suites.", + "type": "object", + "properties": { + "supports_ecdh_key_exchange": { + "title": "Supports Ecdh Key Exchange", + "type": "boolean" + }, + "supported_curves": { + "title": "Supported Curves", + "type": "array", + "items": { + "$ref": "#/definitions/_EllipticCurveAsJson" + } + }, + "rejected_curves": { + "title": "Rejected Curves", + "type": "array", + "items": { + "$ref": "#/definitions/_EllipticCurveAsJson" + } + } + }, + "required": [ + "supports_ecdh_key_exchange" + ] + }, + "ScanCommandsResultsAsJson": { + "title": "ScanCommandsResultsAsJson", + "type": "object", + "properties": { + "certificate_info": { + "$ref": "#/definitions/CertificateInfoScanResultAsJson" + }, + "ssl_2_0_cipher_suites": { + "$ref": "#/definitions/CipherSuitesScanResultAsJson" + }, + "ssl_3_0_cipher_suites": { + "$ref": "#/definitions/CipherSuitesScanResultAsJson" + }, + "tls_1_0_cipher_suites": { + "$ref": "#/definitions/CipherSuitesScanResultAsJson" + }, + "tls_1_1_cipher_suites": { + "$ref": "#/definitions/CipherSuitesScanResultAsJson" + }, + "tls_1_2_cipher_suites": { + "$ref": "#/definitions/CipherSuitesScanResultAsJson" + }, + "tls_1_3_cipher_suites": { + "$ref": "#/definitions/CipherSuitesScanResultAsJson" + }, + "tls_compression": { + "$ref": "#/definitions/CompressionScanResult" + }, + "tls_1_3_early_data": { + "$ref": "#/definitions/EarlyDataScanResult" + }, + "openssl_ccs_injection": { + "$ref": "#/definitions/OpenSslCcsInjectionScanResult" + }, + "tls_fallback_scsv": { + "$ref": "#/definitions/FallbackScsvScanResult" + }, + "heartbleed": { + "$ref": "#/definitions/HeartbleedScanResult" + }, + "robot": { + "$ref": "#/definitions/RobotScanResult" + }, + "session_renegotiation": { + "$ref": "#/definitions/SessionRenegotiationScanResult" + }, + "session_resumption": { + "$ref": "#/definitions/SessionResumptionSupportScanResultAsJson" + }, + "http_headers": { + "$ref": "#/definitions/HttpHeadersScanResultAsJson" + }, + "elliptic_curves": { + "$ref": "#/definitions/SupportedEllipticCurvesScanResultAsJson" + } + }, + "additionalProperties": false + }, + "ScanCommandErrorReasonEnum": { + "title": "ScanCommandErrorReasonEnum", + "description": "An enumeration.", + "enum": [ + "BUG_IN_SSLYZE", + "CLIENT_CERTIFICATE_NEEDED", + "CONNECTIVITY_ISSUE", + "WRONG_USAGE" + ], + "type": "string" + }, + "ScanCommandErrorAsJson": { + "title": "ScanCommandErrorAsJson", + "type": "object", + "properties": { + "scan_command": { + "$ref": "#/definitions/ScanCommand" + }, + "reason": { + "$ref": "#/definitions/ScanCommandErrorReasonEnum" + }, + "exception_trace": { + "title": "Exception Trace", + "type": "string" + } + }, + "required": [ + "scan_command", + "reason", + "exception_trace" + ], + "additionalProperties": false + }, + "_ServerScanResultAsJson": { + "title": "_ServerScanResultAsJson", + "type": "object", + "properties": { + "server_info": { + "$ref": "#/definitions/_ServerConnectivityInfoAsJson" + }, + "scan_commands": { + "type": "array", + "items": { + "$ref": "#/definitions/ScanCommand" + }, + "uniqueItems": true + }, + "scan_commands_extra_arguments": { + "$ref": "#/definitions/ScanCommandsExtraArgumentsAsJson" + }, + "scan_commands_results": { + "$ref": "#/definitions/ScanCommandsResultsAsJson" + }, + "scan_commands_errors": { + "title": "Scan Commands Errors", + "type": "array", + "items": { + "$ref": "#/definitions/ScanCommandErrorAsJson" + } + } + }, + "required": [ + "server_info", + "scan_commands", + "scan_commands_extra_arguments", + "scan_commands_results", + "scan_commands_errors" + ], + "additionalProperties": false + }, + "_ServerConnectivityErrorAsJson": { + "title": "_ServerConnectivityErrorAsJson", + "type": "object", + "properties": { + "server_string": { + "title": "Server String", + "type": "string" + }, + "error_message": { + "title": "Error Message", + "type": "string" + } + }, + "required": [ + "server_string", + "error_message" + ] + } + } +} \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index b1d54147..37a438e8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,8 +2,7 @@ nassl>=4.0.0,<5.0.0 cryptography>=2.6,<3.5 tls-parser>=1.2.2,<1.3.0 -# To remove when we drop support for Python 3.7 -typing_extensions ; python_version<'3.8' +pydantic>=1.7,<1.9 # Dev dependencies mypy diff --git a/setup.cfg b/setup.cfg index d7b50752..04f696d6 100644 --- a/setup.cfg +++ b/setup.cfg @@ -2,10 +2,12 @@ description-file = README.md [flake8] +exclude = .venv, .venvln max-line-length = 120 [mypy] python_version = 3.7 +plugins = pydantic.mypy ignore_missing_imports = True strict_optional = True disallow_untyped_defs = True diff --git a/setup.py b/setup.py index 5d6154d7..faaa385a 100644 --- a/setup.py +++ b/setup.py @@ -93,7 +93,7 @@ def get_include_files() -> List[Tuple[str, str]]: "nassl>=4.0.0,<5.0.0", "cryptography>=2.6,<3.5", "tls-parser>=1.2.2,<1.3.0", - "typing_extensions ; python_version<'3.8'", # To remove when we drop support for Python 3.7 + "pydantic>=1.7,<1.9", ], # cx_freeze info for Windows builds with Python embedded options={"build_exe": {"packages": ["cffi", "cryptography"], "include_files": get_include_files()}}, diff --git a/sslyze/__init__.py b/sslyze/__init__.py index 69954490..00d30f04 100644 --- a/sslyze/__init__.py +++ b/sslyze/__init__.py @@ -1,6 +1,7 @@ # flake8: noqa # Classes for configuring the servers to scan +from sslyze.cli.json_output import SslyzeOutputAsJson, ServerScanResultAsJson from sslyze.server_setting import ( ServerNetworkLocationViaDirectConnection, HttpProxySettings, @@ -22,22 +23,19 @@ ) # Classes for setting up scan commands and extra arguments -from sslyze.plugins.scan_commands import ScanCommand, ScanCommandType -from sslyze.plugins.certificate_info.implementation import CertificateInfoExtraArguments - -from sslyze.json import JsonEncoder +from sslyze.plugins.scan_commands import ScanCommand +from sslyze.plugins.certificate_info.implementation import CertificateInfoExtraArgument # Classes for scanning the servers -from sslyze.scanner import ( - ScanCommandError, - ScanCommandErrorReasonEnum, - ScanCommandExtraArgumentsDict, - ScanCommandResultsDict, - ScanCommandErrorsDict, +from sslyze.scanner.server_scan_request import ( + ScanCommandsExtraArguments, ServerScanRequest, + ScanCommandsResults, + ScanCommandErrorReasonEnum, + ScanCommandError, ServerScanResult, - Scanner, ) +from sslyze.scanner.scanner import Scanner # Classes with the scan results @@ -63,7 +61,7 @@ from sslyze.plugins.session_resumption.implementation import ( SessionResumptionSupportScanResult, TlsResumptionSupportEnum, - SessionResumptionSupportExtraArguments, + SessionResumptionSupportExtraArgument, ) from sslyze.plugins.compression_plugin import CompressionScanResult from sslyze.plugins.early_data_plugin import EarlyDataScanResult diff --git a/sslyze/__main__.py b/sslyze/__main__.py index df438c3b..605a3be6 100644 --- a/sslyze/__main__.py +++ b/sslyze/__main__.py @@ -7,7 +7,7 @@ from time import time from sslyze.errors import ConnectionToServerFailed -from sslyze.scanner import Scanner, ServerScanRequest +from sslyze import Scanner, ServerScanRequest from sslyze.server_connectivity import ServerConnectivityTester diff --git a/sslyze/cli/command_line_parser.py b/sslyze/cli/command_line_parser.py index 5c2ef4ba..70af9052 100644 --- a/sslyze/cli/command_line_parser.py +++ b/sslyze/cli/command_line_parser.py @@ -4,15 +4,16 @@ from pathlib import Path from nassl.ssl_client import OpenSslFileTypeEnum -from typing import Set, List, Optional +from typing import Set, List, Optional, Dict from typing import Tuple from sslyze.cli.command_line.server_string_parser import InvalidServerStringError, CommandLineServerStringParser from sslyze.connection_helpers.opportunistic_tls_helpers import ProtocolWithOpportunisticTlsEnum +from sslyze.plugins import plugin_base from sslyze.plugins.certificate_info.trust_stores.trust_store_repository import TrustStoresRepository from sslyze.plugins.plugin_base import OptParseCliOption -from sslyze.plugins.scan_commands import ScanCommandType, ScanCommandsRepository -from sslyze.scanner import ScanCommandExtraArgumentsDict +from sslyze.plugins.scan_commands import ScanCommand, ScanCommandsRepository +from sslyze.scanner.server_scan_request import ScanCommandsExtraArguments from sslyze.server_setting import ( HttpProxySettings, @@ -49,8 +50,8 @@ class ParsedCommandLine: # Servers to scan servers_to_scans: List[Tuple[ServerNetworkLocation, ServerNetworkConfiguration]] - scan_commands: Set[ScanCommandType] - scan_commands_extra_arguments: ScanCommandExtraArgumentsDict + scan_commands: Set[ScanCommand] + scan_commands_extra_arguments: ScanCommandsExtraArguments # Output settings json_path_out: Optional[Path] @@ -295,8 +296,8 @@ def parse_command_line(self) -> ParsedCommandLine: per_server_concurrent_connections_limit = 2 # Figure out the scan commands that are enabled - scan_commands: Set[ScanCommandType] = set() - scan_commands_extra_arguments: ScanCommandExtraArgumentsDict = {} + scan_commands: Set[ScanCommand] = set() + scan_commands_extra_arguments_dict: Dict[ScanCommand, plugin_base.ScanCommandExtraArgument] = {} for scan_command in ScanCommandsRepository.get_all_scan_commands(): cli_connector_cls = ScanCommandsRepository.get_implementation_cls(scan_command).cli_connector_cls is_scan_cmd_enabled, extra_args = cli_connector_cls.find_cli_options_in_command_line( @@ -305,7 +306,8 @@ def parse_command_line(self) -> ParsedCommandLine: if is_scan_cmd_enabled: scan_commands.add(scan_command) if extra_args: - scan_commands_extra_arguments[scan_command] = extra_args # type: ignore + scan_commands_extra_arguments_dict[scan_command] = extra_args + scan_commands_extra_arguments = ScanCommandsExtraArguments(**scan_commands_extra_arguments_dict) # type: ignore return ParsedCommandLine( invalid_servers=invalid_server_strings, diff --git a/sslyze/cli/console_output.py b/sslyze/cli/console_output.py index 508774a3..e285aa1f 100644 --- a/sslyze/cli/console_output.py +++ b/sslyze/cli/console_output.py @@ -1,5 +1,6 @@ +from dataclasses import fields from pathlib import Path -from typing import cast, TextIO, Optional +from typing import TextIO, Optional from sslyze import __version__ from sslyze.cli.command_line_parser import ParsedCommandLine @@ -7,8 +8,8 @@ from sslyze.errors import ConnectionToServerFailed from sslyze.plugins.plugin_base import ScanCommandWrongUsageError -from sslyze.plugins.scan_commands import ScanCommandsRepository, ScanCommandType -from sslyze.scanner import ServerScanResult, ScanCommandErrorReasonEnum +from sslyze.plugins.scan_commands import ScanCommandsRepository, ScanCommand +from sslyze import ServerScanResult, ScanCommandErrorReasonEnum from sslyze.server_connectivity import ServerConnectivityInfo, ClientAuthRequirementEnum from sslyze.server_setting import ( ServerNetworkLocationViaDirectConnection, @@ -70,17 +71,21 @@ def server_scan_completed(self, server_scan_result: ServerScanResult) -> None: network_route = _server_location_to_network_route(server_location) # Display result for scan commands that were run successfully - for scan_command, scan_command_result in server_scan_result.scan_commands_results.items(): - typed_scan_command = cast(ScanCommandType, scan_command) - target_result_str += "\n" - cli_connector_cls = ScanCommandsRepository.get_implementation_cls(typed_scan_command).cli_connector_cls - for line in cli_connector_cls.result_to_console_output(scan_command_result): - target_result_str += line + "\n" + for result_field in fields(server_scan_result.scan_commands_results): + scan_command = ScanCommand(result_field.name) + scan_command_result = getattr(server_scan_result.scan_commands_results, scan_command, None) + if scan_command_result: + target_result_str += "\n" + cli_connector_cls = ScanCommandsRepository.get_implementation_cls(scan_command).cli_connector_cls + for line in cli_connector_cls.result_to_console_output(scan_command_result): + target_result_str += line + "\n" # Display scan commands that failed - for scan_command, scan_command_error in server_scan_result.scan_commands_errors.items(): + for scan_command_error in server_scan_result.scan_commands_errors: target_result_str += "\n" - cli_connector_cls = ScanCommandsRepository.get_implementation_cls(scan_command).cli_connector_cls + cli_connector_cls = ScanCommandsRepository.get_implementation_cls( + scan_command_error.scan_command + ).cli_connector_cls if scan_command_error.reason == ScanCommandErrorReasonEnum.CLIENT_CERTIFICATE_NEEDED: target_result_str += cli_connector_cls._format_title( @@ -125,7 +130,7 @@ def server_scan_completed(self, server_scan_result: ServerScanResult) -> None: target_result_str += ( f" * Server: {server_location.hostname}:{server_location.port} - {network_route}\n" ) - target_result_str += f" * Scan command: {scan_command}\n\n" + target_result_str += f" * Scan command: {scan_command_error.scan_command}\n\n" for line in scan_command_error.exception_trace.format(chain=False): target_result_str += f" {line}" else: diff --git a/sslyze/cli/json_output.py b/sslyze/cli/json_output.py index 7e048d15..5df6b09e 100644 --- a/sslyze/cli/json_output.py +++ b/sslyze/cli/json_output.py @@ -1,28 +1,172 @@ -import json -from dataclasses import asdict, dataclass -from typing import TextIO, List +from pathlib import Path +from typing import TextIO, List, Optional, Set +import pydantic +from nassl.ssl_client import OpenSslFileTypeEnum + +from sslyze import ServerNetworkConfiguration, HttpProxySettings, ProtocolWithOpportunisticTlsEnum from sslyze.__version__ import __url__, __version__ from sslyze.cli.command_line_parser import ParsedCommandLine from sslyze.cli.output_generator import OutputGenerator from sslyze.errors import ConnectionToServerFailed -from sslyze.json import JsonEncoder -from sslyze.scanner import ServerScanResult -from sslyze.server_connectivity import ServerConnectivityInfo +from sslyze.plugins.certificate_info.json_output import ( + CertificateInfoExtraArgumentAsJson, + CertificateInfoScanResultAsJson, +) +from sslyze.plugins.compression_plugin import CompressionScanResultAsJson +from sslyze.plugins.early_data_plugin import EarlyDataScanResultAsJson +from sslyze.plugins.elliptic_curves_plugin import SupportedEllipticCurvesScanResultAsJson +from sslyze.plugins.fallback_scsv_plugin import FallbackScsvScanResultAsJson +from sslyze.plugins.heartbleed_plugin import HeartbleedScanResultAsJson +from sslyze.plugins.http_headers_plugin import HttpHeadersScanResultAsJson +from sslyze.plugins.openssl_ccs_injection_plugin import OpenSslCcsInjectionScanResultAsJson +from sslyze.plugins.openssl_cipher_suites.json_output import CipherSuitesScanResultAsJson +from sslyze.plugins.robot.implementation import RobotScanResultAsJson +from sslyze.plugins.session_renegotiation_plugin import SessionRenegotiationScanResultAsJson + +from sslyze.plugins.session_resumption.json_output import ( + SessionResumptionSupportExtraArgumentAsJson, + SessionResumptionSupportScanResultAsJson, +) +from sslyze import ( + ServerScanResult, + ScanCommand, + ScanCommandErrorReasonEnum, + ScanCommandError, + ServerTlsProbingResult, + ServerConnectivityInfo, +) + + +class _BaseModelWithOrmModeAndForbid(pydantic.BaseModel): + class Config: + orm_mode = True + extra = "forbid" # Fields must match between the JSON representation and the actual objects + + +class ScanCommandsExtraArgumentsAsJson(_BaseModelWithOrmModeAndForbid): + # Field is present if extra arguments were provided for the corresponding scan command + certificate_info: Optional[CertificateInfoExtraArgumentAsJson] = None + session_resumption: Optional[SessionResumptionSupportExtraArgumentAsJson] = None + + +class ScanCommandErrorAsJson(_BaseModelWithOrmModeAndForbid): + scan_command: ScanCommand + reason: ScanCommandErrorReasonEnum + exception_trace: str + + @classmethod + def from_orm(cls, scan_cmd_error: ScanCommandError) -> "ScanCommandErrorAsJson": + exception_trace_as_str = "" + for line in scan_cmd_error.exception_trace.format(chain=False): + exception_trace_as_str += line + return cls( + scan_command=scan_cmd_error.scan_command, + reason=scan_cmd_error.reason, + exception_trace=exception_trace_as_str, + ) + + +class ScanCommandsResultsAsJson(_BaseModelWithOrmModeAndForbid): + # Field is present if the corresponding scan command was scheduled and was run successfully + certificate_info: Optional[CertificateInfoScanResultAsJson] = None + ssl_2_0_cipher_suites: Optional[CipherSuitesScanResultAsJson] = None + ssl_3_0_cipher_suites: Optional[CipherSuitesScanResultAsJson] = None + tls_1_0_cipher_suites: Optional[CipherSuitesScanResultAsJson] = None + tls_1_1_cipher_suites: Optional[CipherSuitesScanResultAsJson] = None + tls_1_2_cipher_suites: Optional[CipherSuitesScanResultAsJson] = None + tls_1_3_cipher_suites: Optional[CipherSuitesScanResultAsJson] = None + tls_compression: Optional[CompressionScanResultAsJson] = None # type: ignore + tls_1_3_early_data: Optional[EarlyDataScanResultAsJson] = None # type: ignore + openssl_ccs_injection: Optional[OpenSslCcsInjectionScanResultAsJson] = None # type: ignore + tls_fallback_scsv: Optional[FallbackScsvScanResultAsJson] = None # type: ignore + heartbleed: Optional[HeartbleedScanResultAsJson] = None # type: ignore + robot: Optional[RobotScanResultAsJson] = None # type: ignore + session_renegotiation: Optional[SessionRenegotiationScanResultAsJson] = None # type: ignore + session_resumption: Optional[SessionResumptionSupportScanResultAsJson] = None + http_headers: Optional[HttpHeadersScanResultAsJson] = None + elliptic_curves: Optional[SupportedEllipticCurvesScanResultAsJson] = None + + +# Identical fields in the JSON output +_ServerTlsProbingResultAsJson = pydantic.dataclasses.dataclass(ServerTlsProbingResult, frozen=True) +_HttpProxySettingsAsJson = pydantic.dataclasses.dataclass(HttpProxySettings, frozen=True) + + +class _ClientAuthenticationCredentialsAsJson(pydantic.BaseModel): + # Compared to the ClientAuthenticationCredentials class, this model does not have the key_password field + certificate_chain_path: Path + key_path: Path + key_type: OpenSslFileTypeEnum = OpenSslFileTypeEnum.PEM + + class Config: + orm_mode = True + + +class _ServerNetworkConfigurationAsJson(_BaseModelWithOrmModeAndForbid): + tls_server_name_indication: str + tls_opportunistic_encryption: Optional[ProtocolWithOpportunisticTlsEnum] = None + tls_client_auth_credentials: Optional[_ClientAuthenticationCredentialsAsJson] = None + + xmpp_to_hostname: Optional[str] = None + + network_timeout: int = 5 + network_max_retries: int = 3 + + +_ServerNetworkConfigurationAsJson.__doc__ = ServerNetworkConfiguration.__doc__ # type: ignore + + +class _ServerNetworkLocationAsJson(_BaseModelWithOrmModeAndForbid): + """All the information needed to connect to a server. + + Attributes: + hostname: The server's hostname. + port: The server's TLS port number. + ip_address: The server's IP address. This field is null if scans are tunneled through a proxy. + http_proxy_settings: The HTTP proxy configuration to use in order to tunnel the scans through a proxy. The + proxy will be responsible for looking up the server's IP address and connecting to it. This field is null + if no proxy was used for the scan. + """ + + hostname: str + port: int + + # Set if SSLyze is directly connecting to the server (ie. no proxy is being used) + ip_address: Optional[str] = None + + # Set if SSLyze is connecting via a proxy + http_proxy_settings: Optional[_HttpProxySettingsAsJson] = None # type: ignore + + +class _ServerConnectivityInfoAsJson(_BaseModelWithOrmModeAndForbid): + server_location: _ServerNetworkLocationAsJson + network_configuration: _ServerNetworkConfigurationAsJson + tls_probing_result: _ServerTlsProbingResultAsJson # type: ignore + + +_ServerConnectivityInfoAsJson.__doc__ = ServerConnectivityInfo.__doc__ # type: ignore + + +class ServerScanResultAsJson(_BaseModelWithOrmModeAndForbid): + server_info: _ServerConnectivityInfoAsJson + scan_commands: Set[ScanCommand] + scan_commands_extra_arguments: ScanCommandsExtraArgumentsAsJson + + scan_commands_results: ScanCommandsResultsAsJson + scan_commands_errors: List[ScanCommandErrorAsJson] # Empty if no errors occurred -@dataclass(frozen=True) -class _ServerConnectivityErrorAsJson: +class _ServerConnectivityErrorAsJson(pydantic.BaseModel): server_string: str error_message: str -@dataclass(frozen=True) -class _SslyzeOutputAsJson: +class SslyzeOutputAsJson(pydantic.BaseModel): """The "root" dictionary of the JSON output when using the --json command line option. """ - server_scan_results: List[ServerScanResult] + server_scan_results: List[ServerScanResultAsJson] server_connectivity_errors: List[_ServerConnectivityErrorAsJson] total_scan_time: float sslyze_version: str = __version__ @@ -62,11 +206,10 @@ def server_scan_completed(self, server_scan_result: ServerScanResult) -> None: self._server_scan_results.append(server_scan_result) def scans_completed(self, total_scan_time: float) -> None: - final_json_output = _SslyzeOutputAsJson( - server_scan_results=self._server_scan_results, + final_json_output = SslyzeOutputAsJson( + server_scan_results=[ServerScanResultAsJson.from_orm(result) for result in self._server_scan_results], server_connectivity_errors=self._server_connectivity_errors, total_scan_time=total_scan_time, ) - final_json_output_as_dict = asdict(final_json_output) - json_out = json.dumps(final_json_output_as_dict, cls=JsonEncoder, sort_keys=True, indent=4, ensure_ascii=True) + json_out = final_json_output.json(sort_keys=True, indent=4, ensure_ascii=True) self._file_to.write(json_out) diff --git a/sslyze/cli/output_generator.py b/sslyze/cli/output_generator.py index d94e3f8d..1113a961 100644 --- a/sslyze/cli/output_generator.py +++ b/sslyze/cli/output_generator.py @@ -3,7 +3,7 @@ from sslyze.cli.command_line_parser import ParsedCommandLine from sslyze.errors import ConnectionToServerFailed -from sslyze.scanner import ServerScanResult +from sslyze import ServerScanResult from sslyze.server_connectivity import ServerConnectivityInfo diff --git a/sslyze/cli/output_hub.py b/sslyze/cli/output_hub.py index dc0f9807..60ad34ee 100644 --- a/sslyze/cli/output_hub.py +++ b/sslyze/cli/output_hub.py @@ -6,7 +6,7 @@ from sslyze.cli.json_output import JsonOutputGenerator from sslyze.cli.output_generator import OutputGenerator from sslyze.errors import ConnectionToServerFailed -from sslyze.scanner import ServerScanResult +from sslyze import ServerScanResult from sslyze.server_connectivity import ServerConnectivityInfo diff --git a/sslyze/json.py b/sslyze/json.py deleted file mode 100644 index 06244a26..00000000 --- a/sslyze/json.py +++ /dev/null @@ -1,122 +0,0 @@ -import copyreg -from base64 import b64encode -from datetime import datetime -from functools import singledispatch -from pathlib import Path -from traceback import TracebackException - -import json -from enum import Enum -from sslyze.plugins.scan_commands import ScanCommandsRepository -from typing import Dict, Any, Union, List, Callable - - -# Make TracebackException pickable for dataclasses.asdict() to work on ScanCommandError -# It's hacky and not the right way to use copyreg, but works for our use case -def _traceback_to_str(traceback: TracebackException) -> str: - exception_trace_as_str = "" - for line in traceback.format(chain=False): - exception_trace_as_str += line - return exception_trace_as_str - - -copyreg.pickle(TracebackException, _traceback_to_str) # type: ignore - - -# Setup our custom JSON serializer -JsonType = Union[bool, int, float, str, List[Any], Dict[str, Any]] - - -def _enum_to_json(obj: Enum) -> JsonType: - return obj.name - - -def _set_to_json(obj: set) -> JsonType: - return sorted(list(obj)) - - -def _path_to_json(obj: Path) -> JsonType: - return str(obj) - - -def _traceback_to_json(obj: TracebackException) -> JsonType: - return _traceback_to_str(obj) - - -def _datetime_to_json(obj: datetime) -> JsonType: - return obj.isoformat() - - -def _bytearray_to_json(obj: bytearray) -> JsonType: - return b64encode(obj).decode("utf-8") - - -JsonSerializerFunction = Callable[[Any], "JsonType"] - - -class JsonEncoder(json.JSONEncoder): - """Special JSON encoder that can serialize any ServerScanResult returned by SSLyze. - - A ServerScanResult can be serialized to JSON using the following code: - - >>> from dataclasses import asdict - >>> import json - >>> import sslyze - >>> - >>> scanner = sslyze.Scanner() - >>> # Queue some ServerScanRequest... and then retrieve the results... - >>> for server_scan_result in scanner.get_results(): - >>> server_scan_result_as_json = json.dumps(asdict(server_scan_result), cls=sslyze.JsonEncoder) - """ - - def __init__( # type: ignore - self, - *, - skipkeys=False, - ensure_ascii=True, - check_circular=True, - allow_nan=True, - sort_keys=False, - indent=None, - separators=None, - default=None, - ): - super().__init__( - skipkeys=skipkeys, - ensure_ascii=ensure_ascii, - check_circular=check_circular, - allow_nan=allow_nan, - sort_keys=sort_keys, - indent=indent, - separators=separators, - default=default, - ) - - self._default_json_encoder = json.JSONEncoder() - - # Using singledispatch allows plugins that return custom objects to extend the JSON serializing logic - @singledispatch - def object_to_json(obj: Any) -> JsonType: - # Assume a default Python type if this function gets called instead of all the registered functions - return self._default_json_encoder.encode(obj) - - self._json_dispatch_function = object_to_json - - # Register all JSON serializer functions for basic types - self._json_dispatch_function.register(_enum_to_json) - self._json_dispatch_function.register(_set_to_json) - self._json_dispatch_function.register(_path_to_json) - self._json_dispatch_function.register(_traceback_to_json) - self._json_dispatch_function.register(_datetime_to_json) - self._json_dispatch_function.register(_bytearray_to_json) - - # Register all JSON serializer functions defined in plugins - for scan_command in ScanCommandsRepository.get_all_scan_commands(): - cli_connector_cls = ScanCommandsRepository.get_implementation_cls(scan_command).cli_connector_cls - for json_serializer_function in cli_connector_cls.get_json_serializer_functions(): - self._json_dispatch_function.register(json_serializer_function) - - def default(self, obj: Any) -> JsonType: - """Called by json.dumps() to serialize an object to JSON. - """ - return self._json_dispatch_function(obj) diff --git a/sslyze/plugins/certificate_info/_cli_connector.py b/sslyze/plugins/certificate_info/_cli_connector.py index 3bdc0905..63feae13 100644 --- a/sslyze/plugins/certificate_info/_cli_connector.py +++ b/sslyze/plugins/certificate_info/_cli_connector.py @@ -11,22 +11,16 @@ from sslyze.plugins.certificate_info._cert_chain_analyzer import CertificateDeploymentAnalysisResult from sslyze.plugins.certificate_info._certificate_utils import get_common_names, extract_dns_subject_alternative_names -from sslyze.plugins.certificate_info._json_output import ( - oid_to_json, - x509_name_to_json, - x509_certificate_to_json, - ocsp_response_to_json, -) + from sslyze.plugins.plugin_base import ScanCommandCliConnector, OptParseCliOption if TYPE_CHECKING: from sslyze.plugins.certificate_info.implementation import CertificateInfoScanResult - from sslyze.plugins.certificate_info.implementation import CertificateInfoExtraArguments # noqa: F401 - from sslyze.json import JsonSerializerFunction # noqa: F401 + from sslyze.plugins.certificate_info.implementation import CertificateInfoExtraArgument # noqa: F401 class _CertificateInfoCliConnector( - ScanCommandCliConnector["CertificateInfoScanResult", "CertificateInfoExtraArguments"] + ScanCommandCliConnector["CertificateInfoScanResult", "CertificateInfoExtraArgument"] ): _cli_option = "certinfo" @@ -48,9 +42,9 @@ def get_cli_options(cls) -> List[OptParseCliOption]: @classmethod def find_cli_options_in_command_line( cls, parsed_command_line: Dict[str, Union[None, bool, str]] - ) -> Tuple[bool, Optional["CertificateInfoExtraArguments"]]: + ) -> Tuple[bool, Optional["CertificateInfoExtraArgument"]]: # Avoid circular imports - from sslyze.plugins.certificate_info.implementation import CertificateInfoExtraArguments # noqa: F811 + from sslyze.plugins.certificate_info.implementation import CertificateInfoExtraArgument # noqa: F811 # Check if --certinfo was used is_scan_cmd_enabled, _ = super().find_cli_options_in_command_line(parsed_command_line) @@ -62,16 +56,12 @@ def find_cli_options_in_command_line( if certinfo_ca_file: if not isinstance(certinfo_ca_file, str): raise TypeError(f"Expected a str for certinfo_ca_file but received {certinfo_ca_file}") - extra_arguments = CertificateInfoExtraArguments(custom_ca_file=Path(certinfo_ca_file)) + extra_arguments = CertificateInfoExtraArgument(custom_ca_file=Path(certinfo_ca_file)) except KeyError: pass return is_scan_cmd_enabled, extra_arguments - @classmethod - def get_json_serializer_functions(cls) -> List["JsonSerializerFunction"]: - return [oid_to_json, x509_name_to_json, x509_certificate_to_json, ocsp_response_to_json] - TRUST_FORMAT = "{store_name} CA Store ({store_version}):" NO_VERIFIED_CHAIN_ERROR_TXT = "ERROR - Could not build verified chain (certificate untrusted?)" diff --git a/sslyze/plugins/certificate_info/_json_output.py b/sslyze/plugins/certificate_info/_json_output.py deleted file mode 100644 index 6fba99f6..00000000 --- a/sslyze/plugins/certificate_info/_json_output.py +++ /dev/null @@ -1,233 +0,0 @@ -"""JSON serialization logic for objects only returned by the certificate info plugin. -""" -from base64 import b64encode -from dataclasses import dataclass, asdict -from datetime import datetime -from typing import Dict, Any, List, Optional - -from cryptography import x509 -from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.backends.openssl.ocsp import _OCSPResponse -from cryptography.hazmat.backends.openssl.x509 import _Certificate -from cryptography.hazmat.primitives import hashes -from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicKey -from cryptography.hazmat.primitives.serialization import Encoding -from cryptography.x509.ocsp import OCSPResponseStatus, load_der_ocsp_response -from cryptography.x509.oid import ObjectIdentifier # type: ignore -from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePublicKey - -from sslyze.plugins.certificate_info._certificate_utils import ( - get_public_key_sha256, - extract_dns_subject_alternative_names, -) - - -def _monkeypatch_to_fix_certificate_asdict() -> None: - # H4ck: monkeypatch the _Certificate class to add __deepcopy__() so that when we call asdict() on a dataclass - # that contains a _Certificate, asdict() succeeds. Without this, generating JSON for the certinfo scan command - # will crash because the asdict() function uses deepcopy(), but certificates returned by cryptography.x509 - # don't support it so SSLyze would crash. This class is a workaround to fix JSON output. - # I opened an issue about it in the cryptography repo at https://github.com/pyca/cryptography/issues/5129 - def _deepcopy_method_for_x509_certificate(inner_self: _Certificate, memo: str) -> x509.Certificate: - return x509.load_pem_x509_certificate(inner_self.public_bytes(Encoding.PEM), backend=default_backend()) - - _Certificate.__deepcopy__ = _deepcopy_method_for_x509_certificate # type: ignore - - # Same problem with OCSPResponse objects - def _deepcopy_method_for_ocsp_response(inner_self: _OCSPResponse, memo: str) -> _OCSPResponse: - return load_der_ocsp_response(inner_self.public_bytes(Encoding.DER)) # type: ignore - - _OCSPResponse.__deepcopy__ = _deepcopy_method_for_ocsp_response # type: ignore - - -# Call it on import... hacky but we don't have a choice -_monkeypatch_to_fix_certificate_asdict() - - -@dataclass(frozen=True) -class _ObjectIdentifierAsJson: - name: str - dotted_string: str - - -def oid_to_json(obj: ObjectIdentifier) -> Dict[str, str]: - return asdict(_ObjectIdentifierAsJson(name=obj._name, dotted_string=obj.dotted_string)) - - -# We use dataclasses here to ensure consistency in how we serialize X509 names -@dataclass(frozen=True) -class _X509NameAttributeAsJson: - oid: ObjectIdentifier # To be serialized by _oid_to_json() - value: str - rfc4514_string: str - - -@dataclass(frozen=True) -class _X509NameAsJson: - rfc4514_string: str - attributes: List[_X509NameAttributeAsJson] - - -def x509_name_to_json(name: x509.Name) -> Dict[str, Any]: - attributes = [] - for attr in name: - attributes.append( - _X509NameAttributeAsJson(oid=attr.oid, value=attr.value, rfc4514_string=attr.rfc4514_string()) - ) - - x509name_as_json = _X509NameAsJson(rfc4514_string=name.rfc4514_string(), attributes=attributes) - return asdict(x509name_as_json) - - -@dataclass(frozen=True) -class _PublicKeyAsJson: - algorithm: str - key_size: Optional[int] # None for Ed25519PublicKey and Ed448PublicKey - - # Only set if the algorithm is RSA - rsa_e: Optional[int] - rsa_n: Optional[int] - - # Only set if the algorithm is Elliptic Curve - ec_curve_name: Optional[str] - ec_x: Optional[int] - ec_y: Optional[int] - - -@dataclass(frozen=True) -class _SubjAltNameAsJson: - dns: List[str] - - -@dataclass(frozen=True) -class _HashAlgorithmAsJson: - name: str - digest_size: int - - -@dataclass(frozen=True) -class _X509CertificateAsJson: - as_pem: str - hpkp_pin: str # RFC 7469 - fingerprint_sha1: str - fingerprint_sha256: str - - serial_number: int - not_valid_before: datetime - not_valid_after: datetime - subject_alternative_name: _SubjAltNameAsJson - - # The signature_hash_algorithm can be None if signature did not use separate hash (ED25519, ED448) - # https://cryptography.io/en/latest/x509/reference/#cryptography.x509.Certificate.signature_hash_algorithm - signature_hash_algorithm: Optional[_HashAlgorithmAsJson] - signature_algorithm_oid: ObjectIdentifier - - # We may get garbage/invalid certificates that do not have a subject or an issuer, hence they can be None - # https://github.com/nabla-c0d3/sslyze/issues/403 - subject: Optional[x509.name.Name] - issuer: Optional[x509.name.Name] - - public_key: _PublicKeyAsJson - - -def x509_certificate_to_json(certificate: x509.Certificate) -> Dict[str, Any]: - public_key = certificate.public_key() - - try: - public_key_size = public_key.key_size # type: ignore - except AttributeError: - public_key_size = None - - public_key_json = _PublicKeyAsJson( - algorithm=public_key.__class__.__name__, - key_size=public_key_size, - # EC-only fields - ec_curve_name=public_key.curve.name if isinstance(public_key, EllipticCurvePublicKey) else None, - ec_x=public_key.public_numbers().x if isinstance(public_key, EllipticCurvePublicKey) else None, - ec_y=public_key.public_numbers().y if isinstance(public_key, EllipticCurvePublicKey) else None, - # RSA-only fields - rsa_e=public_key.public_numbers().e if isinstance(public_key, RSAPublicKey) else None, - rsa_n=public_key.public_numbers().n if isinstance(public_key, RSAPublicKey) else None, - ) - - signature_hash_algorithm: Optional[_HashAlgorithmAsJson] - if certificate.signature_hash_algorithm: - signature_hash_algorithm = _HashAlgorithmAsJson( - name=certificate.signature_hash_algorithm.name, - digest_size=certificate.signature_hash_algorithm.digest_size, - ) - else: - signature_hash_algorithm = None - - # We may get garbage/invalid certificates so we need to handle ValueErrors. - # See https://github.com/nabla-c0d3/sslyze/issues/403 for more information - subject_field: Optional[x509.name.Name] - try: - subject_field = certificate.subject - except ValueError: - subject_field = None - - issuer_field: Optional[x509.name.Name] - try: - issuer_field = certificate.issuer - except ValueError: - issuer_field = None - - cert_as_json = _X509CertificateAsJson( - as_pem=certificate.public_bytes(Encoding.PEM).decode("ascii"), - hpkp_pin=b64encode(get_public_key_sha256(certificate)).decode("ascii"), - fingerprint_sha1=b64encode(certificate.fingerprint(hashes.SHA1())).decode("ascii"), - fingerprint_sha256=b64encode(certificate.fingerprint(hashes.SHA256())).decode("ascii"), - serial_number=certificate.serial_number, - not_valid_before=certificate.not_valid_before, - not_valid_after=certificate.not_valid_after, - subject_alternative_name=_SubjAltNameAsJson(dns=extract_dns_subject_alternative_names(certificate)), - signature_hash_algorithm=signature_hash_algorithm, - signature_algorithm_oid=certificate.signature_algorithm_oid, - subject=subject_field, - issuer=issuer_field, - public_key=public_key_json, - ) - return asdict(cert_as_json) - - -@dataclass(frozen=True) -class _OcspResponseAsJson: - response_status: str - - certificate_status: Optional[str] - revocation_time: Optional[datetime] - - produced_at: Optional[datetime] - this_update: Optional[datetime] - next_update: Optional[datetime] - - serial_number: Optional[int] - - -def ocsp_response_to_json(ocsp_response: x509.ocsp.OCSPResponse) -> Dict[str, Any]: - response_status = ocsp_response.response_status.name - if ocsp_response.response_status != OCSPResponseStatus.SUCCESSFUL: - return asdict( - _OcspResponseAsJson( - response_status=response_status, - certificate_status=None, - revocation_time=None, - produced_at=None, - this_update=None, - next_update=None, - serial_number=None, - ) - ) - else: - return asdict( - _OcspResponseAsJson( - response_status=response_status, - certificate_status=ocsp_response.certificate_status.name, - revocation_time=ocsp_response.revocation_time, - produced_at=ocsp_response.produced_at, - this_update=ocsp_response.this_update, - next_update=ocsp_response.next_update, - serial_number=ocsp_response.serial_number, - ) - ) diff --git a/sslyze/plugins/certificate_info/implementation.py b/sslyze/plugins/certificate_info/implementation.py index 92dc9218..b89fb710 100644 --- a/sslyze/plugins/certificate_info/implementation.py +++ b/sslyze/plugins/certificate_info/implementation.py @@ -17,15 +17,15 @@ ScanCommandImplementation, ScanJob, ScanCommandResult, - ScanCommandExtraArguments, + ScanCommandExtraArgument, ScanJobResult, ) from sslyze.server_connectivity import ServerConnectivityInfo, TlsVersionEnum @dataclass(frozen=True) -class CertificateInfoExtraArguments(ScanCommandExtraArguments): - """Additional configuration for running the CERTIFICATE_INFO scan command. +class CertificateInfoExtraArgument(ScanCommandExtraArgument): + """Additional configuration for running the certificate_info scan command. Attributes: custom_ca_file: The path to a custom trust store file to use for certificate validation. The file should contain @@ -62,7 +62,7 @@ class CertificateInfoImplementation(ScanCommandImplementation[CertificateInfoSca @classmethod def scan_jobs_for_scan_command( - cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[CertificateInfoExtraArguments] = None + cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[CertificateInfoExtraArgument] = None ) -> List[ScanJob]: custom_ca_file = extra_arguments.custom_ca_file if extra_arguments else None diff --git a/sslyze/plugins/certificate_info/json_output.py b/sslyze/plugins/certificate_info/json_output.py new file mode 100644 index 00000000..c462bd70 --- /dev/null +++ b/sslyze/plugins/certificate_info/json_output.py @@ -0,0 +1,267 @@ +from base64 import b64encode +from datetime import datetime +from pathlib import Path +from typing import Any, List, Optional + +import pydantic +from cryptography import x509 +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicKey +from cryptography.hazmat.primitives.serialization import Encoding +from cryptography.x509 import NameAttribute +from cryptography.x509.ocsp import OCSPResponseStatus +from cryptography.x509.oid import ObjectIdentifier # type: ignore +from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePublicKey + +from sslyze import ( + CertificateInfoExtraArgument, + CertificateInfoScanResult, + CertificateDeploymentAnalysisResult, + PathValidationResult, + TrustStore, +) +from sslyze.plugins.certificate_info._certificate_utils import ( + get_public_key_sha256, + extract_dns_subject_alternative_names, +) + + +class _BaseModelWithOrmMode(pydantic.BaseModel): + class Config: + orm_mode = True + + +class CertificateInfoExtraArgumentAsJson(_BaseModelWithOrmMode): + custom_ca_file: Path + + +CertificateInfoExtraArgumentAsJson.__doc__ = CertificateInfoExtraArgument.__doc__ # type: ignore + + +class _PublicKeyAsJson(_BaseModelWithOrmMode): + algorithm: str + key_size: Optional[int] # None for Ed25519PublicKey and Ed448PublicKey + + # Only set if the algorithm is RSA + rsa_e: Optional[int] + rsa_n: Optional[int] + + # Only set if the algorithm is Elliptic Curve + ec_curve_name: Optional[str] + ec_x: Optional[int] + ec_y: Optional[int] + + @classmethod + def from_orm(cls, public_key: Any) -> "_PublicKeyAsJson": + try: + public_key_size = public_key.key_size # type: ignore + except AttributeError: + public_key_size = None + + return cls( + algorithm=public_key.__class__.__name__, + key_size=public_key_size, + # EC-only fields + ec_curve_name=public_key.curve.name if isinstance(public_key, EllipticCurvePublicKey) else None, + ec_x=public_key.public_numbers().x if isinstance(public_key, EllipticCurvePublicKey) else None, + ec_y=public_key.public_numbers().y if isinstance(public_key, EllipticCurvePublicKey) else None, + # RSA-only fields + rsa_e=public_key.public_numbers().e if isinstance(public_key, RSAPublicKey) else None, + rsa_n=public_key.public_numbers().n if isinstance(public_key, RSAPublicKey) else None, + ) + + +class _ObjectIdentifierAsJson(_BaseModelWithOrmMode): + name: str + dotted_string: str + + @classmethod + def from_orm(cls, oid: ObjectIdentifier) -> "_ObjectIdentifierAsJson": + return cls(name=oid._name, dotted_string=oid.dotted_string) + + +class _NameAttributeAsJson(_BaseModelWithOrmMode): + oid: _ObjectIdentifierAsJson + value: str + rfc4514_string: str + + @classmethod + def from_orm(cls, name_attribute: NameAttribute) -> "_NameAttributeAsJson": + return cls( + oid=_ObjectIdentifierAsJson.from_orm(name_attribute.oid), + value=name_attribute.value, + rfc4514_string=name_attribute.rfc4514_string(), + ) + + +class _X509NameAsJson(_BaseModelWithOrmMode): + rfc4514_string: str + attributes: List[_NameAttributeAsJson] + + @classmethod + def from_orm(cls, name: x509.name.Name) -> "_X509NameAsJson": + return cls( + rfc4514_string=name.rfc4514_string(), attributes=[_NameAttributeAsJson.from_orm(attr) for attr in name] + ) + + +class _SubjAltNameAsJson(pydantic.BaseModel): + dns: List[str] + + +class _HashAlgorithmAsJson(_BaseModelWithOrmMode): + name: str + digest_size: int + + @classmethod + def from_orm(cls, hash_algorithm: hashes.HashAlgorithm) -> "_HashAlgorithmAsJson": + return cls(name=hash_algorithm.name, digest_size=hash_algorithm.digest_size) + + +class _CertificateAsJson(_BaseModelWithOrmMode): + as_pem: str + hpkp_pin: str # RFC 7469 + fingerprint_sha1: str + fingerprint_sha256: str + + serial_number: int + not_valid_before: datetime + not_valid_after: datetime + subject_alternative_name: _SubjAltNameAsJson + + # The signature_hash_algorithm can be None if signature did not use separate hash (ED25519, ED448) + # https://cryptography.io/en/latest/x509/reference/#cryptography.x509.Certificate.signature_hash_algorithm + signature_hash_algorithm: Optional[_HashAlgorithmAsJson] + signature_algorithm_oid: _ObjectIdentifierAsJson + + # We may get garbage/invalid certificates that do not have a subject or an issuer, hence they can be None + # https://github.com/nabla-c0d3/sslyze/issues/403 + subject: Optional[_X509NameAsJson] + issuer: Optional[_X509NameAsJson] + + public_key: _PublicKeyAsJson + + @classmethod + def from_orm(cls, certificate: x509.Certificate) -> "_CertificateAsJson": + signature_hash_algorithm: Optional[_HashAlgorithmAsJson] + if certificate.signature_hash_algorithm: + signature_hash_algorithm = _HashAlgorithmAsJson.from_orm(certificate.signature_hash_algorithm) + else: + signature_hash_algorithm = None + + # We may get garbage/invalid certificates so we need to handle ValueErrors. + # See https://github.com/nabla-c0d3/sslyze/issues/403 for more information + subject_field: Optional[_X509NameAsJson] + try: + subject_field = _X509NameAsJson.from_orm(certificate.subject) + except ValueError: + subject_field = None + + issuer_field: Optional[_X509NameAsJson] + try: + issuer_field = _X509NameAsJson.from_orm(certificate.issuer) + except ValueError: + issuer_field = None + + return cls( + as_pem=certificate.public_bytes(Encoding.PEM).decode("ascii"), + hpkp_pin=b64encode(get_public_key_sha256(certificate)).decode("ascii"), + fingerprint_sha1=b64encode(certificate.fingerprint(hashes.SHA1())).decode("ascii"), + fingerprint_sha256=b64encode(certificate.fingerprint(hashes.SHA256())).decode("ascii"), + serial_number=certificate.serial_number, + not_valid_before=certificate.not_valid_before, + not_valid_after=certificate.not_valid_after, + subject_alternative_name=_SubjAltNameAsJson(dns=extract_dns_subject_alternative_names(certificate)), + signature_hash_algorithm=signature_hash_algorithm, + signature_algorithm_oid=certificate.signature_algorithm_oid, + subject=subject_field, + issuer=issuer_field, + public_key=_PublicKeyAsJson.from_orm(certificate.public_key()), + ) + + +class _OcspResponseAsJson(_BaseModelWithOrmMode): + response_status: str + + certificate_status: Optional[str] + revocation_time: Optional[datetime] + + produced_at: Optional[datetime] + this_update: Optional[datetime] + next_update: Optional[datetime] + + serial_number: Optional[int] + + @classmethod + def from_orm(cls, ocsp_response: x509.ocsp.OCSPResponse) -> "_OcspResponseAsJson": + response_status = ocsp_response.response_status.name + if ocsp_response.response_status != OCSPResponseStatus.SUCCESSFUL: + return cls( + response_status=response_status, + certificate_status=None, + revocation_time=None, + produced_at=None, + this_update=None, + next_update=None, + serial_number=None, + ) + else: + return cls( + response_status=response_status, + certificate_status=ocsp_response.certificate_status.name, + revocation_time=ocsp_response.revocation_time, + produced_at=ocsp_response.produced_at, + this_update=ocsp_response.this_update, + next_update=ocsp_response.next_update, + serial_number=ocsp_response.serial_number, + ) + + +class _TrustStoreAsJson(_BaseModelWithOrmMode): + path: Path + name: str + version: str + ev_oids: Optional[List[_ObjectIdentifierAsJson]] + + +_TrustStoreAsJson.__doc__ = TrustStore.__doc__ # type: ignore + + +class _PathValidationResultAsJson(_BaseModelWithOrmMode): + trust_store: _TrustStoreAsJson + verified_certificate_chain: Optional[List[_CertificateAsJson]] + openssl_error_string: Optional[str] + was_validation_successful: bool + + +_PathValidationResultAsJson.__doc__ = PathValidationResult.__doc__ # type: ignore + + +class _CertificateDeploymentAnalysisResultAsJson(_BaseModelWithOrmMode): + received_certificate_chain: List[_CertificateAsJson] + leaf_certificate_subject_matches_hostname: bool + leaf_certificate_has_must_staple_extension: bool + leaf_certificate_is_ev: bool + leaf_certificate_signed_certificate_timestamps_count: Optional[int] + received_chain_contains_anchor_certificate: Optional[bool] + received_chain_has_valid_order: Optional[bool] + + path_validation_results: List[_PathValidationResultAsJson] + verified_chain_has_sha1_signature: Optional[bool] + verified_chain_has_legacy_symantec_anchor: Optional[bool] + + ocsp_response: Optional[_OcspResponseAsJson] + ocsp_response_is_trusted: Optional[bool] + + verified_certificate_chain: Optional[List[_CertificateAsJson]] + + +_CertificateDeploymentAnalysisResultAsJson.__doc__ = CertificateDeploymentAnalysisResult.__doc__ # type: ignore + + +class CertificateInfoScanResultAsJson(_BaseModelWithOrmMode): + hostname_used_for_server_name_indication: str + certificate_deployments: List[_CertificateDeploymentAnalysisResultAsJson] + + +CertificateInfoScanResultAsJson.__doc__ = CertificateInfoScanResult.__doc__ # type: ignore diff --git a/sslyze/plugins/compression_plugin.py b/sslyze/plugins/compression_plugin.py index 1a2a9bb6..9999e2f6 100755 --- a/sslyze/plugins/compression_plugin.py +++ b/sslyze/plugins/compression_plugin.py @@ -1,12 +1,13 @@ from dataclasses import dataclass +import pydantic from nassl.legacy_ssl_client import LegacySslClient from nassl.ssl_client import ClientCertificateRequested from sslyze.plugins.plugin_base import ( ScanCommandResult, ScanCommandImplementation, ScanJob, - ScanCommandExtraArguments, + ScanCommandExtraArgument, ScanCommandWrongUsageError, ScanCommandCliConnector, ScanJobResult, @@ -28,6 +29,10 @@ class CompressionScanResult(ScanCommandResult): supports_compression: bool +# Identical fields in the JSON output +CompressionScanResultAsJson = pydantic.dataclasses.dataclass(CompressionScanResult, frozen=True) + + class _CompressionCliConnector(ScanCommandCliConnector[CompressionScanResult, None]): _cli_option = "compression" @@ -51,7 +56,7 @@ class CompressionImplementation(ScanCommandImplementation[CompressionScanResult, @classmethod def scan_jobs_for_scan_command( - cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArguments] = None + cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArgument] = None ) -> List[ScanJob]: if extra_arguments: raise ScanCommandWrongUsageError("This plugin does not take extra arguments") diff --git a/sslyze/plugins/early_data_plugin.py b/sslyze/plugins/early_data_plugin.py index c40383e3..62d70c6e 100644 --- a/sslyze/plugins/early_data_plugin.py +++ b/sslyze/plugins/early_data_plugin.py @@ -1,13 +1,14 @@ from dataclasses import dataclass from typing import List, Optional +import pydantic from nassl._nassl import OpenSSLError from nassl.ssl_client import OpenSslEarlyDataStatusEnum, SslClient from sslyze.plugins.plugin_base import ( ScanCommandResult, ScanCommandImplementation, - ScanCommandExtraArguments, + ScanCommandExtraArgument, ScanJob, ScanCommandWrongUsageError, ScanCommandCliConnector, @@ -29,6 +30,10 @@ class EarlyDataScanResult(ScanCommandResult): supports_early_data: bool +# Identical fields in the JSON output +EarlyDataScanResultAsJson = pydantic.dataclasses.dataclass(EarlyDataScanResult, frozen=True) + + class _EarlyDataCliConnector(ScanCommandCliConnector[EarlyDataScanResult, None]): _cli_option = "early_data" @@ -54,7 +59,7 @@ class EarlyDataImplementation(ScanCommandImplementation[EarlyDataScanResult, Non @classmethod def scan_jobs_for_scan_command( - cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArguments] = None + cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArgument] = None ) -> List[ScanJob]: if extra_arguments: raise ScanCommandWrongUsageError("This plugin does not take extra arguments") diff --git a/sslyze/plugins/elliptic_curves_plugin.py b/sslyze/plugins/elliptic_curves_plugin.py index fa09ce86..e9886f6f 100644 --- a/sslyze/plugins/elliptic_curves_plugin.py +++ b/sslyze/plugins/elliptic_curves_plugin.py @@ -1,7 +1,8 @@ -from dataclasses import dataclass +from dataclasses import dataclass, asdict from operator import attrgetter from typing import List, Optional +import pydantic from nassl._nassl import OpenSSLError from nassl.ephemeral_key_info import OpenSslEcNidEnum, EcDhEphemeralKeyInfo, _OPENSSL_NID_TO_SECG_ANSI_X9_62 from nassl.ssl_client import ClientCertificateRequested, SslClient @@ -12,7 +13,7 @@ ScanCommandResult, ScanCommandCliConnector, ScanCommandImplementation, - ScanCommandExtraArguments, + ScanCommandExtraArgument, ScanJob, ScanCommandWrongUsageError, ScanJobResult, @@ -57,6 +58,42 @@ def __post_init__(self) -> None: self.rejected_curves.sort(key=attrgetter("name")) +class _EllipticCurveAsJson(pydantic.BaseModel): + name: str + openssl_nid: int + + +_EllipticCurveAsJson.__doc__ = EllipticCurve.__doc__ # type: ignore + + +class SupportedEllipticCurvesScanResultAsJson(pydantic.BaseModel): + supports_ecdh_key_exchange: bool + supported_curves: Optional[List[_EllipticCurveAsJson]] + rejected_curves: Optional[List[_EllipticCurveAsJson]] + + class Config: + orm_mode = True + + @classmethod + def from_orm(cls, result: SupportedEllipticCurvesScanResult) -> "SupportedEllipticCurvesScanResultAsJson": + supported_curves: Optional[List[_EllipticCurveAsJson]] = None + if result.supported_curves: + supported_curves = [_EllipticCurveAsJson(**asdict(curve)) for curve in result.supported_curves] + + rejected_curves: Optional[List[_EllipticCurveAsJson]] = None + if result.rejected_curves: + rejected_curves = [_EllipticCurveAsJson(**asdict(curve)) for curve in result.rejected_curves] + + return cls( + supports_ecdh_key_exchange=result.supports_ecdh_key_exchange, + supported_curves=supported_curves, + rejected_curves=rejected_curves, + ) + + +SupportedEllipticCurvesScanResultAsJson.__doc__ = SupportedEllipticCurvesScanResult.__doc__ # type: ignore + + class _SupportedEllipticCurvesCliConnector(ScanCommandCliConnector[SupportedEllipticCurvesScanResult, None]): _cli_option = "elliptic_curves" @@ -91,7 +128,7 @@ class SupportedEllipticCurvesImplementation(ScanCommandImplementation[SupportedE @classmethod def scan_jobs_for_scan_command( - cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArguments] = None + cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArgument] = None ) -> List[ScanJob]: if extra_arguments: raise ScanCommandWrongUsageError("This plugin does not take extra arguments") diff --git a/sslyze/plugins/fallback_scsv_plugin.py b/sslyze/plugins/fallback_scsv_plugin.py index 2e0d6070..63a283db 100755 --- a/sslyze/plugins/fallback_scsv_plugin.py +++ b/sslyze/plugins/fallback_scsv_plugin.py @@ -1,11 +1,13 @@ from dataclasses import dataclass from typing import List, Optional + +import pydantic from nassl import _nassl from nassl.legacy_ssl_client import LegacySslClient from sslyze.plugins.plugin_base import ( ScanCommandResult, ScanCommandImplementation, - ScanCommandExtraArguments, + ScanCommandExtraArgument, ScanJob, ScanCommandWrongUsageError, ScanCommandCliConnector, @@ -26,6 +28,10 @@ class FallbackScsvScanResult(ScanCommandResult): supports_fallback_scsv: bool +# Identical fields in the JSON output +FallbackScsvScanResultAsJson = pydantic.dataclasses.dataclass(FallbackScsvScanResult, frozen=True) + + class _FallbackScsvCliConnector(ScanCommandCliConnector[FallbackScsvScanResult, None]): _cli_option = "fallback" @@ -49,7 +55,7 @@ class FallbackScsvImplementation(ScanCommandImplementation[FallbackScsvScanResul @classmethod def scan_jobs_for_scan_command( - cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArguments] = None + cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArgument] = None ) -> List[ScanJob]: if extra_arguments: raise ScanCommandWrongUsageError("This plugin does not take extra arguments") diff --git a/sslyze/plugins/heartbleed_plugin.py b/sslyze/plugins/heartbleed_plugin.py index 35f5b873..a2546f9e 100644 --- a/sslyze/plugins/heartbleed_plugin.py +++ b/sslyze/plugins/heartbleed_plugin.py @@ -3,13 +3,14 @@ from dataclasses import dataclass from typing import List, Optional +import pydantic from nassl._nassl import WantReadError from sslyze.plugins.plugin_base import ( ScanCommandResult, ScanCommandImplementation, ScanJob, - ScanCommandExtraArguments, + ScanCommandExtraArgument, ScanCommandWrongUsageError, ScanCommandCliConnector, ScanJobResult, @@ -35,6 +36,10 @@ class HeartbleedScanResult(ScanCommandResult): is_vulnerable_to_heartbleed: bool +# Identical fields in the JSON output +HeartbleedScanResultAsJson = pydantic.dataclasses.dataclass(HeartbleedScanResult, frozen=True) + + class _HeartbleedCliConnector(ScanCommandCliConnector[HeartbleedScanResult, None]): _cli_option = "heartbleed" @@ -60,7 +65,7 @@ class HeartbleedImplementation(ScanCommandImplementation[HeartbleedScanResult, N @classmethod def scan_jobs_for_scan_command( - cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArguments] = None + cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArgument] = None ) -> List[ScanJob]: if extra_arguments: raise ScanCommandWrongUsageError("This plugin does not take extra arguments") diff --git a/sslyze/plugins/http_headers_plugin.py b/sslyze/plugins/http_headers_plugin.py index 6edd38d0..4fabd8de 100755 --- a/sslyze/plugins/http_headers_plugin.py +++ b/sslyze/plugins/http_headers_plugin.py @@ -1,15 +1,16 @@ import logging from http.client import HTTPResponse -from dataclasses import dataclass +from dataclasses import dataclass, asdict from traceback import TracebackException from urllib.parse import urlsplit +import pydantic from nassl._nassl import SslError from sslyze.plugins.plugin_base import ( ScanCommandImplementation, - ScanCommandExtraArguments, + ScanCommandExtraArgument, ScanJob, ScanCommandResult, ScanCommandWrongUsageError, @@ -79,6 +80,63 @@ class HttpHeadersScanResult(ScanCommandResult): expect_ct_header: Optional[ExpectCtHeader] +class _ExpectCtHeaderAsJson(pydantic.BaseModel): + max_age: Optional[int] + report_uri: Optional[str] + enforce: bool + + +_ExpectCtHeaderAsJson.__doc__ = ExpectCtHeader.__doc__ # type: ignore + + +class _StrictTransportSecurityHeaderAsJson(pydantic.BaseModel): + max_age: Optional[int] + preload: bool + include_subdomains: bool + + +_StrictTransportSecurityHeaderAsJson.__doc__ = StrictTransportSecurityHeader.__doc__ # type: ignore + + +class HttpHeadersScanResultAsJson(pydantic.BaseModel): + http_request_sent: str + http_error_trace: Optional[str] + + http_path_redirected_to: Optional[str] + strict_transport_security_header: Optional[_StrictTransportSecurityHeaderAsJson] + expect_ct_header: Optional[_ExpectCtHeaderAsJson] + + class Config: + orm_mode = True + + @classmethod + def from_orm(cls, result: HttpHeadersScanResult) -> "HttpHeadersScanResultAsJson": + http_error_trace_as_str = None + if result.http_error_trace: + http_error_trace_as_str = "" + for line in result.http_error_trace.format(chain=False): + http_error_trace_as_str += line + + sts_header_json = None + if result.strict_transport_security_header: + sts_header_json = _StrictTransportSecurityHeaderAsJson(**asdict(result.strict_transport_security_header)) + + ct_header_json = None + if result.strict_transport_security_header: + ct_header_json = _ExpectCtHeaderAsJson(**asdict(result.expect_ct_header)) + + return cls( + http_request_sent=result.http_request_sent, + http_error_trace=http_error_trace_as_str, + http_path_redirected_to=result.http_path_redirected_to, + strict_transport_security_header=sts_header_json, + expect_ct_header=ct_header_json, + ) + + +HttpHeadersScanResultAsJson.__doc__ = HttpHeadersScanResult.__doc__ # type: ignore + + class _HttpHeadersCliConnector(ScanCommandCliConnector[HttpHeadersScanResult, None]): _cli_option = "http_headers" @@ -135,7 +193,7 @@ class HttpHeadersImplementation(ScanCommandImplementation[HttpHeadersScanResult, @classmethod def scan_jobs_for_scan_command( - cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArguments] = None + cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArgument] = None ) -> List[ScanJob]: if extra_arguments: raise ScanCommandWrongUsageError("This plugin does not take extra arguments") diff --git a/sslyze/plugins/openssl_ccs_injection_plugin.py b/sslyze/plugins/openssl_ccs_injection_plugin.py index befe3bbe..d6b908fa 100644 --- a/sslyze/plugins/openssl_ccs_injection_plugin.py +++ b/sslyze/plugins/openssl_ccs_injection_plugin.py @@ -3,12 +3,13 @@ from dataclasses import dataclass from typing import List, Optional +import pydantic from nassl._nassl import WantReadError from sslyze.plugins.plugin_base import ( ScanCommandResult, ScanCommandImplementation, - ScanCommandExtraArguments, + ScanCommandExtraArgument, ScanJob, ScanCommandWrongUsageError, ScanCommandCliConnector, @@ -36,6 +37,10 @@ class OpenSslCcsInjectionScanResult(ScanCommandResult): is_vulnerable_to_ccs_injection: bool +# Identical fields in the JSON output +OpenSslCcsInjectionScanResultAsJson = pydantic.dataclasses.dataclass(OpenSslCcsInjectionScanResult, frozen=True) + + class _OpenSslCcsInjectionCliConnector(ScanCommandCliConnector[OpenSslCcsInjectionScanResult, None]): _cli_option = "openssl_ccs" @@ -61,7 +66,7 @@ class OpenSslCcsInjectionImplementation(ScanCommandImplementation[OpenSslCcsInje @classmethod def scan_jobs_for_scan_command( - cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArguments] = None + cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArgument] = None ) -> List[ScanJob]: if extra_arguments: raise ScanCommandWrongUsageError("This plugin does not take extra arguments") diff --git a/sslyze/plugins/openssl_cipher_suites/implementation.py b/sslyze/plugins/openssl_cipher_suites/implementation.py index 4e39168b..72884a71 100644 --- a/sslyze/plugins/openssl_cipher_suites/implementation.py +++ b/sslyze/plugins/openssl_cipher_suites/implementation.py @@ -14,7 +14,7 @@ ScanCommandImplementation, ScanCommandResult, ScanJob, - ScanCommandExtraArguments, + ScanCommandExtraArgument, ScanCommandWrongUsageError, ScanJobResult, ) @@ -95,7 +95,7 @@ class _CipherSuitesScanImplementation(ScanCommandImplementation[CipherSuitesScan @classmethod def scan_jobs_for_scan_command( - cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArguments] = None + cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArgument] = None ) -> List[ScanJob]: if extra_arguments: raise ScanCommandWrongUsageError("This plugin does not take extra arguments") diff --git a/sslyze/plugins/openssl_cipher_suites/json_output.py b/sslyze/plugins/openssl_cipher_suites/json_output.py new file mode 100644 index 00000000..ac5e78cc --- /dev/null +++ b/sslyze/plugins/openssl_cipher_suites/json_output.py @@ -0,0 +1,98 @@ +from base64 import b64encode +from typing import List, Optional + +import pydantic +from nassl.ephemeral_key_info import EphemeralKeyInfo, EcDhEphemeralKeyInfo, NistEcDhKeyExchangeInfo, DhEphemeralKeyInfo + +from sslyze.plugins.openssl_cipher_suites.implementation import ( + TlsVersionEnum, + CipherSuitesScanResult, + CipherSuiteAcceptedByServer, +) + + +class _BaseModelWithOrmMode(pydantic.BaseModel): + class Config: + orm_mode = True + extra = "forbid" # Fields must match between the JSON representation and the result objects + + +class _CipherSuiteAsJson(_BaseModelWithOrmMode): + name: str + is_anonymous: bool + key_size: int + openssl_name: str + + +_Base64EncodedBytes = str + + +class _EphemeralKeyInfoAsJson(_BaseModelWithOrmMode): + type_name: str + size: int + public_bytes: _Base64EncodedBytes + + # ECDH + curve_name: Optional[str] = None + + # Nist ECDH + x: Optional[_Base64EncodedBytes] = None + y: Optional[_Base64EncodedBytes] = None + + # DH + prime: Optional[_Base64EncodedBytes] = None + generator: Optional[_Base64EncodedBytes] = None + + @classmethod + def from_orm(cls, key_info: EphemeralKeyInfo) -> "_EphemeralKeyInfoAsJson": + curve_name: Optional[str] = None + x: Optional[_Base64EncodedBytes] = None + y: Optional[_Base64EncodedBytes] = None + prime: Optional[_Base64EncodedBytes] = None + generator: Optional[_Base64EncodedBytes] = None + + if isinstance(key_info, EcDhEphemeralKeyInfo): + curve_name = key_info.curve_name + + if isinstance(key_info, NistEcDhKeyExchangeInfo): + x = b64encode(key_info.x).decode("utf-8") + y = b64encode(key_info.y).decode("utf-8") + + if isinstance(key_info, DhEphemeralKeyInfo): + prime = b64encode(key_info.prime).decode("utf-8") + generator = b64encode(key_info.generator).decode("utf-8") + + return cls( + type_name=key_info.type_name, + size=key_info.size, + public_bytes=b64encode(key_info.public_bytes).decode("utf-8"), + curve_name=curve_name, + x=x, + y=y, + prime=prime, + generator=generator, + ) + + +class _CipherSuiteAcceptedByServerAsJson(_BaseModelWithOrmMode): + cipher_suite: _CipherSuiteAsJson + ephemeral_key: Optional[_EphemeralKeyInfoAsJson] + + +_CipherSuiteAcceptedByServerAsJson.__doc__ = CipherSuiteAcceptedByServer.__doc__ # type: ignore + + +class _CipherSuiteRejectedByServerAsJson(_BaseModelWithOrmMode): + cipher_suite: _CipherSuiteAsJson + error_message: str + + +class CipherSuitesScanResultAsJson(_BaseModelWithOrmMode): + tls_version_used: TlsVersionEnum + is_tls_protocol_version_supported: bool + + accepted_cipher_suites: List[_CipherSuiteAcceptedByServerAsJson] + rejected_cipher_suites: List[_CipherSuiteRejectedByServerAsJson] + + +CipherSuitesScanResultAsJson.__doc__ = CipherSuitesScanResult.__doc__ # type: ignore diff --git a/sslyze/plugins/plugin_base.py b/sslyze/plugins/plugin_base.py index e8c5611d..1df54e72 100644 --- a/sslyze/plugins/plugin_base.py +++ b/sslyze/plugins/plugin_base.py @@ -11,14 +11,13 @@ if TYPE_CHECKING: from sslyze.server_connectivity import ServerConnectivityInfo - from sslyze.json import JsonSerializerFunction # noqa: F401 class ScanCommandResult(ABC): pass -class ScanCommandExtraArguments(ABC): +class ScanCommandExtraArgument(ABC): pass @@ -53,12 +52,10 @@ def get_result(self) -> Any: _ScanCommandResultTypeVar = TypeVar("_ScanCommandResultTypeVar", bound=ScanCommandResult) -_ScanCommandExtraArgumentsTypeVar = TypeVar( - "_ScanCommandExtraArgumentsTypeVar", bound=Optional[ScanCommandExtraArguments] -) +_ScanCommandExtraArgumentTypeVar = TypeVar("_ScanCommandExtraArgumentTypeVar", bound=Optional[ScanCommandExtraArgument]) -class ScanCommandImplementation(Generic[_ScanCommandResultTypeVar, _ScanCommandExtraArgumentsTypeVar]): +class ScanCommandImplementation(Generic[_ScanCommandResultTypeVar, _ScanCommandExtraArgumentTypeVar]): """Describes everything needed to run a specific scan command. """ @@ -68,7 +65,7 @@ class ScanCommandImplementation(Generic[_ScanCommandResultTypeVar, _ScanCommandE @classmethod @abstractmethod def scan_jobs_for_scan_command( - cls, server_info: "ServerConnectivityInfo", extra_arguments: Optional[_ScanCommandExtraArgumentsTypeVar] = None + cls, server_info: "ServerConnectivityInfo", extra_arguments: Optional[_ScanCommandExtraArgumentTypeVar] = None ) -> List[ScanJob]: """Transform a scan command to run into smaller scan jobs to be run concurrently. @@ -88,7 +85,7 @@ def result_for_completed_scan_jobs( @classmethod def scan_server( - cls, server_info: "ServerConnectivityInfo", extra_arguments: Optional[_ScanCommandExtraArgumentsTypeVar] = None + cls, server_info: "ServerConnectivityInfo", extra_arguments: Optional[_ScanCommandExtraArgumentTypeVar] = None ) -> _ScanCommandResultTypeVar: """Utility method to run a scan command directly. @@ -118,7 +115,7 @@ class OptParseCliOption: action: str = "store_true" -class ScanCommandCliConnector(Generic[_ScanCommandResultTypeVar, _ScanCommandExtraArgumentsTypeVar]): +class ScanCommandCliConnector(Generic[_ScanCommandResultTypeVar, _ScanCommandExtraArgumentTypeVar]): """Contains all the logic for making a scan command available via the CLI. """ @@ -136,7 +133,7 @@ def get_cli_options(cls) -> List[OptParseCliOption]: @classmethod def find_cli_options_in_command_line( cls, parsed_command_line: Dict[str, Union[None, bool, str]] - ) -> Tuple[bool, Optional[_ScanCommandExtraArgumentsTypeVar]]: + ) -> Tuple[bool, Optional[_ScanCommandExtraArgumentTypeVar]]: """Check a parsed command line to see if the CLI option for the scan command was enabled. """ try: @@ -148,14 +145,6 @@ def find_cli_options_in_command_line( extra_arguments = None return is_scan_cmd_enabled, extra_arguments - @classmethod - def get_json_serializer_functions(cls) -> List["JsonSerializerFunction"]: - """To be overridden if the scan command returns objects that require custom logic to be serialized to JSON. - - See certificate_info for an example. - """ - return [] - @classmethod @abstractmethod def result_to_console_output(cls, result: _ScanCommandResultTypeVar) -> List[str]: diff --git a/sslyze/plugins/robot/_robot_tester.py b/sslyze/plugins/robot/_robot_tester.py index 784ef20d..1c3a9d8c 100644 --- a/sslyze/plugins/robot/_robot_tester.py +++ b/sslyze/plugins/robot/_robot_tester.py @@ -24,15 +24,22 @@ from sslyze.server_connectivity import ServerConnectivityInfo, TlsVersionEnum, ClientAuthRequirementEnum -class RobotScanResultEnum(Enum): - """An enum to provide the result of running a RobotScanCommand. +class RobotScanResultEnum(str, Enum): + """The result of attempting exploit the ROBOT issue on the server. + + Attributes: + VULNERABLE_WEAK_ORACLE: The server is vulnerable but the attack would take too long. + VULNERABLE_STRONG_ORACLE: The server is vulnerable and real attacks are feasible. + NOT_VULNERABLE_NO_ORACLE: The server supports RSA cipher suites but does not act as an oracle. + NOT_VULNERABLE_RSA_NOT_SUPPORTED: The server does not supports RSA cipher suites. + UNKNOWN_INCONSISTENT_RESULTS: Could not determine whether the server is vulnerable or not. """ - VULNERABLE_WEAK_ORACLE = 1 #: The server is vulnerable but the attack would take too long - VULNERABLE_STRONG_ORACLE = 2 #: The server is vulnerable and real attacks are feasible - NOT_VULNERABLE_NO_ORACLE = 3 #: The server supports RSA cipher suites but does not act as an oracle - NOT_VULNERABLE_RSA_NOT_SUPPORTED = 4 #: The server does not supports RSA cipher suites - UNKNOWN_INCONSISTENT_RESULTS = 5 #: Could not determine whether the server is vulnerable or not + VULNERABLE_WEAK_ORACLE = "VULNERABLE_WEAK_ORACLE" + VULNERABLE_STRONG_ORACLE = "VULNERABLE_STRONG_ORACLE" + NOT_VULNERABLE_NO_ORACLE = "NOT_VULNERABLE_NO_ORACLE" + NOT_VULNERABLE_RSA_NOT_SUPPORTED = "NOT_VULNERABLE_RSA_NOT_SUPPORTED" + UNKNOWN_INCONSISTENT_RESULTS = "UNKNOWN_INCONSISTENT_RESULTS" class RobotPmsPaddingPayloadEnum(Enum): diff --git a/sslyze/plugins/robot/implementation.py b/sslyze/plugins/robot/implementation.py index 2dd2d08f..a33cc670 100644 --- a/sslyze/plugins/robot/implementation.py +++ b/sslyze/plugins/robot/implementation.py @@ -1,10 +1,12 @@ from dataclasses import dataclass from typing import Optional, List, Dict +import pydantic + from sslyze.plugins.plugin_base import ( ScanCommandResult, ScanCommandImplementation, - ScanCommandExtraArguments, + ScanCommandExtraArgument, ScanJob, ScanCommandWrongUsageError, ScanCommandCliConnector, @@ -32,6 +34,10 @@ class RobotScanResult(ScanCommandResult): robot_result: RobotScanResultEnum +# Identical fields in the JSON output +RobotScanResultAsJson = pydantic.dataclasses.dataclass(RobotScanResult, frozen=True) + + class _RobotCliConnector(ScanCommandCliConnector[RobotScanResult, None]): _cli_option = "robot" @@ -67,7 +73,7 @@ class RobotImplementation(ScanCommandImplementation[RobotScanResult, None]): @classmethod def scan_jobs_for_scan_command( - cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArguments] = None + cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArgument] = None ) -> List[ScanJob]: if extra_arguments: raise ScanCommandWrongUsageError("This plugin does not take extra arguments") diff --git a/sslyze/plugins/scan_commands.py b/sslyze/plugins/scan_commands.py index 636151c7..867baf01 100644 --- a/sslyze/plugins/scan_commands.py +++ b/sslyze/plugins/scan_commands.py @@ -1,13 +1,8 @@ +from enum import Enum from typing import Dict, Type, TYPE_CHECKING, Set from sslyze.plugins.elliptic_curves_plugin import SupportedEllipticCurvesImplementation -try: - # Python 3.7 - from typing_extensions import Literal -except ModuleNotFoundError: - # Python 3.8+ - from typing import Literal # type: ignore from sslyze.plugins.certificate_info.implementation import CertificateInfoImplementation from sslyze.plugins.compression_plugin import CompressionImplementation @@ -32,74 +27,39 @@ from sslyze.plugins.plugin_base import ScanCommandImplementation # noqa: F401 -ScanCommandType = Literal[ - "certificate_info", - "ssl_2_0_cipher_suites", - "ssl_3_0_cipher_suites", - "tls_1_0_cipher_suites", - "tls_1_1_cipher_suites", - "tls_1_1_cipher_suites", - "tls_1_2_cipher_suites", - "tls_1_3_cipher_suites", - "tls_compression", - "tls_1_3_early_data", - "openssl_ccs_injection", - "tls_fallback_scsv", - "heartbleed", - "robot", - "session_renegotiation", - "session_resumption", - "http_headers", - "elliptic_curves", -] - - -# Almost like a re-implementation of an enum -class ScanCommand: - """The list of all scan commands supported by SSLyze. - """ - - CERTIFICATE_INFO: Literal["certificate_info"] = "certificate_info" - - SSL_2_0_CIPHER_SUITES: Literal["ssl_2_0_cipher_suites"] = "ssl_2_0_cipher_suites" - SSL_3_0_CIPHER_SUITES: Literal["ssl_3_0_cipher_suites"] = "ssl_3_0_cipher_suites" - TLS_1_0_CIPHER_SUITES: Literal["tls_1_0_cipher_suites"] = "tls_1_0_cipher_suites" - TLS_1_1_CIPHER_SUITES: Literal["tls_1_1_cipher_suites"] = "tls_1_1_cipher_suites" - TLS_1_2_CIPHER_SUITES: Literal["tls_1_2_cipher_suites"] = "tls_1_2_cipher_suites" - TLS_1_3_CIPHER_SUITES: Literal["tls_1_3_cipher_suites"] = "tls_1_3_cipher_suites" - - TLS_COMPRESSION: Literal["tls_compression"] = "tls_compression" - - TLS_1_3_EARLY_DATA: Literal["tls_1_3_early_data"] = "tls_1_3_early_data" - - OPENSSL_CCS_INJECTION: Literal["openssl_ccs_injection"] = "openssl_ccs_injection" - - TLS_FALLBACK_SCSV: Literal["tls_fallback_scsv"] = "tls_fallback_scsv" - - HEARTBLEED: Literal["heartbleed"] = "heartbleed" - - ROBOT: Literal["robot"] = "robot" - - SESSION_RENEGOTIATION: Literal["session_renegotiation"] = "session_renegotiation" - - SESSION_RESUMPTION: Literal["session_resumption"] = "session_resumption" - - HTTP_HEADERS: Literal["http_headers"] = "http_headers" - ELLIPTIC_CURVES: Literal["elliptic_curves"] = "elliptic_curves" +class ScanCommand(str, Enum): + CERTIFICATE_INFO = "certificate_info" + SESSION_RESUMPTION = "session_resumption" + SSL_2_0_CIPHER_SUITES = "ssl_2_0_cipher_suites" + SSL_3_0_CIPHER_SUITES = "ssl_3_0_cipher_suites" + TLS_1_0_CIPHER_SUITES = "tls_1_0_cipher_suites" + TLS_1_1_CIPHER_SUITES = "tls_1_1_cipher_suites" + TLS_1_2_CIPHER_SUITES = "tls_1_2_cipher_suites" + TLS_1_3_CIPHER_SUITES = "tls_1_3_cipher_suites" + TLS_COMPRESSION = "tls_compression" + TLS_1_3_EARLY_DATA = "tls_1_3_early_data" + OPENSSL_CCS_INJECTION = "openssl_ccs_injection" + TLS_FALLBACK_SCSV = "tls_fallback_scsv" + HEARTBLEED = "heartbleed" + ROBOT = "robot" + SESSION_RENEGOTIATION = "session_renegotiation" + HTTP_HEADERS = "http_headers" + ELLIPTIC_CURVES = "elliptic_curves" class ScanCommandsRepository: @staticmethod - def get_implementation_cls(scan_command: ScanCommandType) -> Type["ScanCommandImplementation"]: + def get_implementation_cls(scan_command: ScanCommand) -> Type["ScanCommandImplementation"]: return _IMPLEMENTATION_CLASSES[scan_command] @staticmethod - def get_all_scan_commands() -> Set[ScanCommandType]: + def get_all_scan_commands() -> Set[ScanCommand]: return set(_IMPLEMENTATION_CLASSES.keys()) -_IMPLEMENTATION_CLASSES: Dict[ScanCommandType, Type["ScanCommandImplementation"]] = { +_IMPLEMENTATION_CLASSES: Dict[ScanCommand, Type["ScanCommandImplementation"]] = { ScanCommand.CERTIFICATE_INFO: CertificateInfoImplementation, + ScanCommand.SESSION_RESUMPTION: SessionResumptionSupportImplementation, ScanCommand.SSL_2_0_CIPHER_SUITES: Sslv20ScanImplementation, ScanCommand.SSL_3_0_CIPHER_SUITES: Sslv30ScanImplementation, ScanCommand.TLS_1_0_CIPHER_SUITES: Tlsv10ScanImplementation, @@ -113,7 +73,6 @@ def get_all_scan_commands() -> Set[ScanCommandType]: ScanCommand.HEARTBLEED: HeartbleedImplementation, ScanCommand.ROBOT: RobotImplementation, ScanCommand.SESSION_RENEGOTIATION: SessionRenegotiationImplementation, - ScanCommand.SESSION_RESUMPTION: SessionResumptionSupportImplementation, ScanCommand.HTTP_HEADERS: HttpHeadersImplementation, ScanCommand.ELLIPTIC_CURVES: SupportedEllipticCurvesImplementation, } diff --git a/sslyze/plugins/session_renegotiation_plugin.py b/sslyze/plugins/session_renegotiation_plugin.py index fb65434e..042ce9a0 100755 --- a/sslyze/plugins/session_renegotiation_plugin.py +++ b/sslyze/plugins/session_renegotiation_plugin.py @@ -3,13 +3,14 @@ from enum import Enum from typing import List, Optional, Tuple +import pydantic from nassl._nassl import OpenSSLError from nassl.legacy_ssl_client import LegacySslClient from sslyze.errors import ServerRejectedTlsHandshake from sslyze.plugins.plugin_base import ( ScanCommandImplementation, - ScanCommandExtraArguments, + ScanCommandExtraArgument, ScanJob, ScanCommandResult, ScanCommandWrongUsageError, @@ -32,6 +33,10 @@ class SessionRenegotiationScanResult(ScanCommandResult): is_vulnerable_to_client_renegotiation_dos: bool +# Identical fields in the JSON output +SessionRenegotiationScanResultAsJson = pydantic.dataclasses.dataclass(SessionRenegotiationScanResult, frozen=True) + + class _ScanJobResultEnum(Enum): IS_VULNERABLE_TO_CLIENT_RENEG_DOS = 1 SUPPORTS_SECURE_RENEG = 2 @@ -73,7 +78,7 @@ class SessionRenegotiationImplementation(ScanCommandImplementation[SessionRenego @classmethod def scan_jobs_for_scan_command( - cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArguments] = None + cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArgument] = None ) -> List[ScanJob]: if extra_arguments: raise ScanCommandWrongUsageError("This plugin does not take extra arguments") diff --git a/sslyze/plugins/session_resumption/_resumption_with_id.py b/sslyze/plugins/session_resumption/_resumption_with_id.py index 175291a1..e51e3335 100644 --- a/sslyze/plugins/session_resumption/_resumption_with_id.py +++ b/sslyze/plugins/session_resumption/_resumption_with_id.py @@ -1,4 +1,4 @@ -from enum import Enum, unique +from enum import Enum from typing import Optional, Tuple import nassl @@ -7,8 +7,7 @@ from sslyze.server_connectivity import ServerConnectivityInfo, TlsVersionEnum -@unique -class TlsResumptionSupportEnum(Enum): +class TlsResumptionSupportEnum(str, Enum): """The result of attempting to resume TLS sessions with the server. Attributes: @@ -19,10 +18,10 @@ class TlsResumptionSupportEnum(Enum): resumption. """ - FULLY_SUPPORTED = 1 - PARTIALLY_SUPPORTED = 2 - NOT_SUPPORTED = 3 - SERVER_IS_TLS_1_3_ONLY = 4 + FULLY_SUPPORTED = "FULLY_SUPPORTED" + PARTIALLY_SUPPORTED = "PARTIALLY_SUPPORTED" + NOT_SUPPORTED = "NOT_SUPPORTED" + SERVER_IS_TLS_1_3_ONLY = "SERVER_IS_TLS_1_3_ONLY" class _ScanJobResultEnum(Enum): diff --git a/sslyze/plugins/session_resumption/implementation.py b/sslyze/plugins/session_resumption/implementation.py index 898265e8..ebd314c6 100644 --- a/sslyze/plugins/session_resumption/implementation.py +++ b/sslyze/plugins/session_resumption/implementation.py @@ -4,7 +4,7 @@ from sslyze.plugins.plugin_base import ( ScanCommandResult, ScanCommandImplementation, - ScanCommandExtraArguments, + ScanCommandExtraArgument, ScanJob, ScanCommandCliConnector, OptParseCliOption, @@ -21,7 +21,7 @@ @dataclass(frozen=True) -class SessionResumptionSupportExtraArguments(ScanCommandExtraArguments): +class SessionResumptionSupportExtraArgument(ScanCommandExtraArgument): """Additional configuration for running the SESSION_RESUMPTION scan command. Attributes: @@ -76,7 +76,7 @@ def _resumption_result_to_console_output( class _SessionResumptionSupportCliConnector( - ScanCommandCliConnector[SessionResumptionSupportScanResult, SessionResumptionSupportExtraArguments] + ScanCommandCliConnector[SessionResumptionSupportScanResult, SessionResumptionSupportExtraArgument] ): _cli_option = "resum" @@ -100,7 +100,7 @@ def get_cli_options(cls) -> List[OptParseCliOption]: @classmethod def find_cli_options_in_command_line( cls, parsed_command_line: Dict[str, Union[None, bool, str]] - ) -> Tuple[bool, Optional[SessionResumptionSupportExtraArguments]]: + ) -> Tuple[bool, Optional[SessionResumptionSupportExtraArgument]]: # Check if --resum was used is_scan_cmd_enabled, _ = super().find_cli_options_in_command_line(parsed_command_line) @@ -111,7 +111,7 @@ def find_cli_options_in_command_line( if resum_attempts: try: resum_attempts_as_int = int(resum_attempts) - extra_arguments = SessionResumptionSupportExtraArguments( + extra_arguments = SessionResumptionSupportExtraArgument( number_of_resumptions_to_attempt=resum_attempts_as_int ) except ValueError: @@ -181,7 +181,7 @@ class SessionResumptionSupportImplementation(ScanCommandImplementation[SessionRe def scan_jobs_for_scan_command( cls, server_info: ServerConnectivityInfo, - extra_arguments: Optional[SessionResumptionSupportExtraArguments] = None, + extra_arguments: Optional[SessionResumptionSupportExtraArgument] = None, ) -> List[ScanJob]: if extra_arguments: number_of_resumption_attempts = extra_arguments.number_of_resumptions_to_attempt diff --git a/sslyze/plugins/session_resumption/json_output.py b/sslyze/plugins/session_resumption/json_output.py new file mode 100644 index 00000000..f3a2ebe3 --- /dev/null +++ b/sslyze/plugins/session_resumption/json_output.py @@ -0,0 +1,29 @@ +import pydantic + +from sslyze import SessionResumptionSupportExtraArgument, SessionResumptionSupportScanResult, TlsResumptionSupportEnum + + +class _BaseModelWithForbidAndOrmMode(pydantic.BaseModel): + class Config: + orm_mode = True + extra = "forbid" # Fields must match between the JSON representation and the result objects + + +class SessionResumptionSupportExtraArgumentAsJson(_BaseModelWithForbidAndOrmMode): + number_of_resumptions_to_attempt: int + + +SessionResumptionSupportExtraArgumentAsJson.__doc__ = SessionResumptionSupportExtraArgument.__doc__ # type: ignore + + +class SessionResumptionSupportScanResultAsJson(_BaseModelWithForbidAndOrmMode): + session_id_resumption_result: TlsResumptionSupportEnum + session_id_attempted_resumptions_count: int + session_id_successful_resumptions_count: int + + tls_ticket_resumption_result: TlsResumptionSupportEnum + tls_ticket_attempted_resumptions_count: int + tls_ticket_successful_resumptions_count: int + + +SessionResumptionSupportScanResultAsJson.__doc__ = SessionResumptionSupportScanResult.__doc__ # type: ignore diff --git a/sslyze/scanner/__init__.py b/sslyze/scanner/__init__.py index 6fd806b7..e69de29b 100644 --- a/sslyze/scanner/__init__.py +++ b/sslyze/scanner/__init__.py @@ -1,12 +0,0 @@ -# flake8: noqa - -from sslyze.scanner.scanner import Scanner -from sslyze.scanner.server_scan_request import ( - ScanCommandErrorsDict, - ServerScanRequest, - ServerScanResult, - ScanCommandExtraArgumentsDict, - ScanCommandResultsDict, - ScanCommandError, - ScanCommandErrorReasonEnum, -) diff --git a/sslyze/scanner/_queued_server_scan.py b/sslyze/scanner/_queued_server_scan.py index 3e4fe4eb..df644ddb 100644 --- a/sslyze/scanner/_queued_server_scan.py +++ b/sslyze/scanner/_queued_server_scan.py @@ -9,16 +9,15 @@ from nassl.ssl_client import ClientCertificateRequested from sslyze.errors import ConnectionToServerTimedOut, TlsHandshakeTimedOut -from sslyze.plugins.plugin_base import ScanCommandWrongUsageError, ScanJob, ScanJobResult -from sslyze.plugins.scan_commands import ScanCommandType, ScanCommandsRepository +from sslyze.plugins.plugin_base import ScanCommandWrongUsageError, ScanJob, ScanJobResult, ScanCommandResult +from sslyze.plugins.scan_commands import ScanCommandsRepository, ScanCommand from sslyze.scanner._worker_thread import WorkerThreadNoMoreJobsSentinel, CompletedScanJob, QueuedScanJob, WorkerThread from sslyze.scanner.server_scan_request import ( ServerScanRequest, ServerScanResult, - ScanCommandErrorsDict, ScanCommandError, ScanCommandErrorReasonEnum, - ScanCommandResultsDict, + ScanCommandsResults, ) @@ -26,7 +25,7 @@ class _QueuedServerScan: uuid: UUID server_scan_request: ServerScanRequest - scan_command_errors_during_queuing: ScanCommandErrorsDict + scan_command_errors_during_queuing: List[ScanCommandError] assigned_queue: queue.Queue queued_scan_jobs_count: int completed_scan_jobs: List[CompletedScanJob] # Populated as the scan is getting completed @@ -178,12 +177,12 @@ def _queue_server_scan( def _generate_scan_jobs_for_server_scan( server_scan_request: ServerScanRequest, -) -> Tuple[Dict[ScanCommandType, List[ScanJob]], ScanCommandErrorsDict]: - all_scan_jobs_per_scan_cmd: Dict[ScanCommandType, List[ScanJob]] = {} - scan_command_errors_during_queuing = {} +) -> Tuple[Dict[ScanCommand, List[ScanJob]], List[ScanCommandError]]: + all_scan_jobs_per_scan_cmd: Dict[ScanCommand, List[ScanJob]] = {} + scan_command_errors_during_queuing: List[ScanCommandError] = [] for scan_cmd in server_scan_request.scan_commands: implementation_cls = ScanCommandsRepository.get_implementation_cls(scan_cmd) - scan_cmd_extra_args = server_scan_request.scan_commands_extra_arguments.get(scan_cmd) # type: ignore + scan_cmd_extra_args = getattr(server_scan_request.scan_commands_extra_arguments, scan_cmd, None) try: jobs_for_scan_cmd = implementation_cls.scan_jobs_for_scan_command( @@ -193,24 +192,28 @@ def _generate_scan_jobs_for_server_scan( # Process exceptions and instantly "complete" the scan command if the call to create the jobs failed except ScanCommandWrongUsageError as e: error = ScanCommandError( - reason=ScanCommandErrorReasonEnum.WRONG_USAGE, exception_trace=TracebackException.from_exception(e) + scan_command=scan_cmd, + reason=ScanCommandErrorReasonEnum.WRONG_USAGE, + exception_trace=TracebackException.from_exception(e), ) - scan_command_errors_during_queuing[scan_cmd] = error + scan_command_errors_during_queuing.append(error) except Exception as e: error = ScanCommandError( - reason=ScanCommandErrorReasonEnum.BUG_IN_SSLYZE, exception_trace=TracebackException.from_exception(e), + scan_command=scan_cmd, + reason=ScanCommandErrorReasonEnum.BUG_IN_SSLYZE, + exception_trace=TracebackException.from_exception(e), ) - scan_command_errors_during_queuing[scan_cmd] = error + scan_command_errors_during_queuing.append(error) return all_scan_jobs_per_scan_cmd, scan_command_errors_during_queuing def _generate_result_for_completed_server_scan(completed_scan: _QueuedServerScan) -> ServerScanResult: - server_scan_results: ScanCommandResultsDict = {} - server_scan_errors: ScanCommandErrorsDict = {} + server_scan_results: Dict[ScanCommand, ScanCommandResult] = {} + server_scan_errors: List[ScanCommandError] = [] # Group all the completed jobs per scan command - scan_cmd_to_completed_jobs: Dict[ScanCommandType, List[CompletedScanJob]] = { + scan_cmd_to_completed_jobs: Dict[ScanCommand, List[CompletedScanJob]] = { scan_cmd: [] for scan_cmd in completed_scan.server_scan_request.scan_commands } for completed_job in completed_scan.completed_scan_jobs: @@ -230,26 +233,30 @@ def _generate_result_for_completed_server_scan(completed_scan: _QueuedServerScan # Process exceptions that may have been raised while the jobs were being completed except ClientCertificateRequested as e: error = ScanCommandError( + scan_command=scan_cmd, reason=ScanCommandErrorReasonEnum.CLIENT_CERTIFICATE_NEEDED, exception_trace=TracebackException.from_exception(e), ) - server_scan_errors[scan_cmd] = error + server_scan_errors.append(error) except (ConnectionToServerTimedOut, TlsHandshakeTimedOut) as e: error = ScanCommandError( + scan_command=scan_cmd, reason=ScanCommandErrorReasonEnum.CONNECTIVITY_ISSUE, exception_trace=TracebackException.from_exception(e), ) - server_scan_errors[scan_cmd] = error + server_scan_errors.append(error) except Exception as e: error = ScanCommandError( - reason=ScanCommandErrorReasonEnum.BUG_IN_SSLYZE, exception_trace=TracebackException.from_exception(e), + scan_command=scan_cmd, + reason=ScanCommandErrorReasonEnum.BUG_IN_SSLYZE, + exception_trace=TracebackException.from_exception(e), ) - server_scan_errors[scan_cmd] = error + server_scan_errors.append(error) # Lastly, return the fully completed server scan - server_scan_errors.update(completed_scan.scan_command_errors_during_queuing) + server_scan_errors.extend(completed_scan.scan_command_errors_during_queuing) server_scan_result = ServerScanResult( - scan_commands_results=server_scan_results, + scan_commands_results=ScanCommandsResults(**server_scan_results), # type: ignore scan_commands_errors=server_scan_errors, server_info=completed_scan.server_scan_request.server_info, scan_commands=completed_scan.server_scan_request.scan_commands, diff --git a/sslyze/scanner/_worker_thread.py b/sslyze/scanner/_worker_thread.py index 415a2820..2f93d9df 100644 --- a/sslyze/scanner/_worker_thread.py +++ b/sslyze/scanner/_worker_thread.py @@ -4,13 +4,13 @@ from typing import Optional, Any, Callable from uuid import UUID -from sslyze.plugins.scan_commands import ScanCommandType +from sslyze.plugins.scan_commands import ScanCommand @dataclass(frozen=True) class CompletedScanJob: for_server_scan_uuid: UUID - for_scan_command: ScanCommandType + for_scan_command: ScanCommand return_value: Optional[Any] exception: Optional[Exception] @@ -19,7 +19,7 @@ class CompletedScanJob: @dataclass(frozen=True) class QueuedScanJob: for_server_scan_uuid: UUID - for_scan_command: ScanCommandType + for_scan_command: ScanCommand function_to_call: Callable function_arguments: Any diff --git a/sslyze/scanner/server_scan_request.py b/sslyze/scanner/server_scan_request.py index fe002278..6d9563c5 100644 --- a/sslyze/scanner/server_scan_request.py +++ b/sslyze/scanner/server_scan_request.py @@ -1,18 +1,12 @@ -from dataclasses import dataclass, field -from enum import unique, Enum, auto +from dataclasses import dataclass, fields, field +from enum import Enum from traceback import TracebackException -from typing import Dict, Set +from typing import Set, Optional, List from sslyze.plugins.elliptic_curves_plugin import SupportedEllipticCurvesScanResult -try: - # Python 3.7 - from typing_extensions import TypedDict -except ModuleNotFoundError: - # Python 3.8+ - from typing import TypedDict # type: ignore -from sslyze.plugins.certificate_info.implementation import CertificateInfoScanResult, CertificateInfoExtraArguments +from sslyze.plugins.certificate_info.implementation import CertificateInfoScanResult, CertificateInfoExtraArgument from sslyze.plugins.compression_plugin import CompressionScanResult from sslyze.plugins.early_data_plugin import EarlyDataScanResult from sslyze.plugins.fallback_scsv_plugin import FallbackScsvScanResult @@ -21,36 +15,20 @@ from sslyze.plugins.openssl_ccs_injection_plugin import OpenSslCcsInjectionScanResult from sslyze.plugins.openssl_cipher_suites.implementation import CipherSuitesScanResult from sslyze.plugins.robot.implementation import RobotScanResult -from sslyze.plugins.scan_commands import ScanCommandType +from sslyze.plugins.scan_commands import ScanCommand from sslyze.plugins.session_renegotiation_plugin import SessionRenegotiationScanResult from sslyze.plugins.session_resumption.implementation import ( SessionResumptionSupportScanResult, - SessionResumptionSupportExtraArguments, + SessionResumptionSupportExtraArgument, ) from sslyze.server_connectivity import ServerConnectivityInfo -@unique -class ScanCommandErrorReasonEnum(Enum): - BUG_IN_SSLYZE = auto() - CLIENT_CERTIFICATE_NEEDED = auto() - CONNECTIVITY_ISSUE = auto() - WRONG_USAGE = auto() - - @dataclass(frozen=True) -class ScanCommandError: - """An error that prevented a specific scan command ran against a specific server from completing. - .""" - - reason: ScanCommandErrorReasonEnum - exception_trace: TracebackException - - -class ScanCommandExtraArgumentsDict(TypedDict, total=False): +class ScanCommandsExtraArguments: # Field is present if extra arguments were provided for the corresponding scan command - certificate_info: CertificateInfoExtraArguments - session_resumption: SessionResumptionSupportExtraArguments + certificate_info: Optional[CertificateInfoExtraArgument] = None + session_resumption: Optional[SessionResumptionSupportExtraArgument] = None @dataclass(frozen=True) @@ -59,46 +37,65 @@ class ServerScanRequest: """ server_info: ServerConnectivityInfo - scan_commands: Set[ScanCommandType] - scan_commands_extra_arguments: ScanCommandExtraArgumentsDict = field(default_factory=dict) # type: ignore + scan_commands: Set[ScanCommand] + scan_commands_extra_arguments: ScanCommandsExtraArguments = field(default_factory=ScanCommandsExtraArguments) def __post_init__(self) -> None: - """"Validate that the extra arguments match the scan commands. - """ - if not self.scan_commands_extra_arguments: - return - - for scan_command in self.scan_commands_extra_arguments: - if scan_command not in self.scan_commands: + # Ensure that the extra arguments match the scan commands + for class_field in fields(self.scan_commands_extra_arguments): + scan_command = class_field.name + if ( + getattr(self.scan_commands_extra_arguments, scan_command, None) + and scan_command not in self.scan_commands + ): raise ValueError(f"Received an extra argument for a scan command that wasn't enabled: {scan_command}") -# TypedDict for simpler/matching JSON output and makes fetching a field easier -class ScanCommandResultsDict(TypedDict, total=False): - """A dictionary of results for every scan command that was scheduled against a specific server. - """ - +@dataclass(frozen=True) +class ScanCommandsResults: # Field is present if the corresponding scan command was scheduled and was run successfully - certificate_info: CertificateInfoScanResult - ssl_2_0_cipher_suites: CipherSuitesScanResult - ssl_3_0_cipher_suites: CipherSuitesScanResult - tls_1_0_cipher_suites: CipherSuitesScanResult - tls_1_1_cipher_suites: CipherSuitesScanResult - tls_1_2_cipher_suites: CipherSuitesScanResult - tls_1_3_cipher_suites: CipherSuitesScanResult - tls_compression: CompressionScanResult - tls_1_3_early_data: EarlyDataScanResult - openssl_ccs_injection: OpenSslCcsInjectionScanResult - tls_fallback_scsv: FallbackScsvScanResult - heartbleed: HeartbleedScanResult - robot: RobotScanResult - session_renegotiation: SessionRenegotiationScanResult - session_resumption: SessionResumptionSupportScanResult - http_headers: HttpHeadersScanResult - elliptic_curves: SupportedEllipticCurvesScanResult - - -ScanCommandErrorsDict = Dict[ScanCommandType, ScanCommandError] + certificate_info: Optional[CertificateInfoScanResult] = None + ssl_2_0_cipher_suites: Optional[CipherSuitesScanResult] = None + ssl_3_0_cipher_suites: Optional[CipherSuitesScanResult] = None + tls_1_0_cipher_suites: Optional[CipherSuitesScanResult] = None + tls_1_1_cipher_suites: Optional[CipherSuitesScanResult] = None + tls_1_2_cipher_suites: Optional[CipherSuitesScanResult] = None + tls_1_3_cipher_suites: Optional[CipherSuitesScanResult] = None + tls_compression: Optional[CompressionScanResult] = None + tls_1_3_early_data: Optional[EarlyDataScanResult] = None + openssl_ccs_injection: Optional[OpenSslCcsInjectionScanResult] = None + tls_fallback_scsv: Optional[FallbackScsvScanResult] = None + heartbleed: Optional[HeartbleedScanResult] = None + robot: Optional[RobotScanResult] = None + session_renegotiation: Optional[SessionRenegotiationScanResult] = None + session_resumption: Optional[SessionResumptionSupportScanResult] = None + http_headers: Optional[HttpHeadersScanResult] = None + elliptic_curves: Optional[SupportedEllipticCurvesScanResult] = None + + def scan_commands_with_result(self) -> Set[ScanCommand]: + scan_commands_with_result = set() + for class_field in fields(self): + scan_command = ScanCommand(class_field.name) + if getattr(self, scan_command, None): + scan_commands_with_result.add(scan_command) + return scan_commands_with_result + + +class ScanCommandErrorReasonEnum(str, Enum): + BUG_IN_SSLYZE = "BUG_IN_SSLYZE" + CLIENT_CERTIFICATE_NEEDED = "CLIENT_CERTIFICATE_NEEDED" + CONNECTIVITY_ISSUE = "CONNECTIVITY_ISSUE" + WRONG_USAGE = "WRONG_USAGE" + + +@dataclass(frozen=True) +class ScanCommandError: + """An error that prevented a specific scan command ran against a specific server from completing. + .""" + + scan_command: ScanCommand + reason: ScanCommandErrorReasonEnum + exception_trace: TracebackException @dataclass(frozen=True) @@ -106,10 +103,34 @@ class ServerScanResult: """The result of a ServerScanRequest that was completed by a Scanner. """ - scan_commands_results: ScanCommandResultsDict - scan_commands_errors: ScanCommandErrorsDict - # What was passed in the corresponding ServerScanRequest server_info: ServerConnectivityInfo - scan_commands: Set[ScanCommandType] - scan_commands_extra_arguments: ScanCommandExtraArgumentsDict + scan_commands: Set[ScanCommand] + scan_commands_extra_arguments: ScanCommandsExtraArguments + + scan_commands_results: ScanCommandsResults + scan_commands_errors: List[ScanCommandError] # Empty if no errors occurred + + def __post_init__(self) -> None: + # Ensure that the extra arguments match the scan commands + for class_field in fields(self.scan_commands_extra_arguments): + scan_command = class_field.name + if ( + getattr(self.scan_commands_extra_arguments, scan_command, None) + and scan_command not in self.scan_commands + ): + raise ValueError(f"Received an extra argument for a scan command that wasn't enabled: {scan_command}") + + # Ensure that all requested scan commands returned either a result or an error + scan_commands_with_results_or_errors = set() + for class_field in fields(self.scan_commands_results): + scan_command = class_field.name + if getattr(self.scan_commands_results, scan_command, None): + scan_commands_with_results_or_errors.add(scan_command) + + for scan_command in [error.scan_command for error in self.scan_commands_errors]: + scan_commands_with_results_or_errors.add(scan_command) + + missing_scan_commands = self.scan_commands.difference(scan_commands_with_results_or_errors) + if missing_scan_commands: + raise ValueError(f"Missing error or result for scan commands: {missing_scan_commands}") diff --git a/tasks.py b/tasks.py index 64d58b87..80173472 100644 --- a/tasks.py +++ b/tasks.py @@ -63,3 +63,13 @@ def build_exe(ctx): raise EnvironmentError("Can only be used on Windows") # WARNING(AD): This does not work well within a pipenv and the system's Python should be used ctx.run("python setup.py build_exe") + + +@task +def gen_json_schema(ctx): + # type: (Context) -> None + from sslyze.cli.json_output import SslyzeOutputAsJson + + json_schema = SslyzeOutputAsJson.schema_json(indent=2) + json_schema_file = Path(__file__).parent / "json_output_schema.json" + json_schema_file.write_text(json_schema) diff --git a/tests/cli_tests/sslyze_output.json b/tests/cli_tests/sslyze_output.json new file mode 100644 index 00000000..1ba0f538 --- /dev/null +++ b/tests/cli_tests/sslyze_output.json @@ -0,0 +1,17366 @@ +{ + "server_connectivity_errors": [], + "server_scan_results": [ + { + "scan_commands": [ + "openssl_ccs_injection", + "session_resumption", + "tls_1_0_cipher_suites", + "ssl_2_0_cipher_suites", + "tls_compression", + "tls_1_2_cipher_suites", + "tls_fallback_scsv", + "tls_1_1_cipher_suites", + "tls_1_3_cipher_suites", + "ssl_3_0_cipher_suites", + "robot", + "session_renegotiation", + "elliptic_curves", + "certificate_info", + "heartbleed" + ], + "scan_commands_errors": [], + "scan_commands_extra_arguments": { + "certificate_info": null, + "session_resumption": null + }, + "scan_commands_results": { + "certificate_info": { + "certificate_deployments": [ + { + "leaf_certificate_has_must_staple_extension": false, + "leaf_certificate_is_ev": false, + "leaf_certificate_signed_certificate_timestamps_count": 2, + "leaf_certificate_subject_matches_hostname": true, + "ocsp_response": null, + "ocsp_response_is_trusted": null, + "path_validation_results": [ + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Android", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/google_aosp.pem", + "version": "9.0.0_r9" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGGjCCBQKgAwIBAgIQA3ft3Pr4vjS6Izx8K5oxfzANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMTAyMTAwMDAwMDBaFw0yMTA1MTAyMzU5NTla\nMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpN\nZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5m\nYWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARDggRlmoZhb1O/\nSKGKin92vtHoiTKsoGhhPHFbGHOd105B5b87UURcbTbYJTkBaM3xZDRmAA3A7ate\nWbCNfFtzo4IDgDCCA3wwHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjsw\nHQYDVR0OBBYEFKHeWwF+JJU1imvY8aLY3mzyf9ByMIG1BgNVHREEga0wgaqCDiou\nZmFjZWJvb2suY29tgg4qLmZhY2Vib29rLm5ldIILKi5mYmNkbi5uZXSCCyouZmJz\nYnguY29tghAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDioueHgu\nZmJjZG4ubmV0gg4qLnh5LmZiY2RuLm5ldIIOKi54ei5mYmNkbi5uZXSCDGZhY2Vi\nb29rLmNvbYINbWVzc2VuZ2VyLmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYw\nFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9j\ncmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0\ndHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwPgYD\nVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdp\nY2VydC5jb20vQ1BTMIGDBggrBgEFBQcBAQR3MHUwJAYIKwYBBQUHMAGGGGh0dHA6\nLy9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMu\nZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5j\ncnQwDAYDVR0TAQH/BAIwADCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3APZclC/R\ndzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABd42GtnwAAAQDAEgwRgIhAJKn\nV9gHJOdqwyMFDehnumEYMy4RQBTJ/7YF37NVlojRAiEArXQOKNgn0klecjkgNWpr\n/21Zwsxl0NsQLcrnBqqb5LIAdwBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m\n9scOygAAAXeNhra4AAAEAwBIMEYCIQDPWKsEjGQPyzE34B+LNuykWQOkgarbAzzw\n146NaeIk7AIhANSmd8yY+umMimeXan1ZCC/k5j8SFYRmNE1iLqUr2ehjMA0GCSqG\nSIb3DQEBCwUAA4IBAQBq84+tRHauo3+AVlE+AzsNey5AY+A2T7rREG6U04ICrhH1\nz7HFeY2D5QgR4ea3bU63MHtKxgox/3Cdo/CUOHnRSIlu0xjjlo2E7Q2Kri1ScLtD\nzEOv+Lp2Q6ElNKwk2WtmVuTt/Hfqmo4/lbZ1S3qcF6a411wNcA6pnV93A/blWhkx\nPPwPkuV5P/MFXkl41ssrFCQXENMXu0Aqrt8ikepxg7jeiST4LABJWMNXY0/3iCIT\n3gOMKN8syYB+EnQF1idOGGM0QSrsrQzXeF7EcDGB8XcgLp9AOHjzo30vqbyMCp8k\nSBIpJIMHGJ5d9YkjCyfrqw3xWCBDUfVC4F5+cwzx\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "BichFaNYEXLSREQZO68AFUv14OI=", + "fingerprint_sha256": "D0vo8jwbdk8J6UAG3UsZn0mpDww+lEPNAJU0aLiO83I=", + "hpkp_pin": "bi7NLGpN1BQFlWDFBkeOTXyM9BvElTf63ML7I40Lbn8=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2021-05-10T23:59:59", + "not_valid_before": "2021-02-10T00:00:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 30534681319713412419758444730380809953114444152437723126087269973835568618967, + "ec_y": 35396832904215458267110645142635473451912036209320173129985331521302552140659, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 4610391752464174971427059223496372607, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Menlo Park", + "value": "Menlo Park" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Facebook\\, Inc.", + "value": "Facebook, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.facebook.com", + "value": "*.facebook.com" + } + ], + "rfc4514_string": "CN=*.facebook.com,O=Facebook\\, Inc.,L=Menlo Park,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.facebook.com", + "*.facebook.net", + "*.fbcdn.net", + "*.fbsbx.com", + "*.m.facebook.com", + "*.messenger.com", + "*.xx.fbcdn.net", + "*.xy.fbcdn.net", + "*.xz.fbcdn.net", + "facebook.com", + "messenger.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\nYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\nKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\nitrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\nsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\nbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\nMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\ndC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\nL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\nBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\nUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\naQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\naOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\nE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\nxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\ncPUeybQ=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "oDHEZ4Lm5sZiwsh8dtqapizKvY4=", + "fingerprint_sha256": "GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=", + "hpkp_pin": "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2028-10-22T12:00:00", + "not_valid_before": "2013-10-22T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 23085922014910748503624791917480115148492919026914207610707020942093828159221184419960399297678177590153378092714640886296044490661625022319263060388275515964365478738040978664516396912933675650257207760237777280773935047177225664304566903694731631728916260237117586511459590661362255543750987738241463266555577715629664656907640120826399947323444556799362651693283202076722872218490347588587929811327918605576169523712767591239193274840826201053308722900104999956283622772648025895714833602740679819670062830777938157004975732087864164660384513848296643542134747514357423990884765641067184766081973460304136714018531 + }, + "serial_number": 6489877074546166222510380951761917343, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\nRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm\n+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW\nPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM\nxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB\nIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3\nhzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg\nEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\nMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA\nFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec\nnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z\neM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF\nhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\nYzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe\nvEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n+OkuE6N36B9K\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "X7fuBjPiWdutDEya5tOPGmHH3CU=", + "fingerprint_sha256": "dDHl9MPBzkaQd08LYeBUQIg7qaAe0Aumq9eAbtOxGM8=", + "hpkp_pin": "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 25096222514443076901272460785174517607620538894364887395200690111394566020592736673662921945840817328364413674741800760450235583027021531642816683159576973866853280121844679977899567994751333258123861457007523791425003154230648819528564116339145266255263939030158519839380078368713888028673211448476392899923583233481355650312351351674302573096563616905459255557919180852201759360299861601875234807995701275332739967359933679872406573487332354516530701356470999683428220594248446682388824996574482294270079277019729636834333736001968484903342759579838975239653144282134955700899224002867238843313167887950361608604619 + }, + "serial_number": 3553400076410547919724730734378100087, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Apple", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/apple.pem", + "version": "iOS 14, iPadOS 14, macOS 11, watchOS 7, and tvOS 14" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGGjCCBQKgAwIBAgIQA3ft3Pr4vjS6Izx8K5oxfzANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMTAyMTAwMDAwMDBaFw0yMTA1MTAyMzU5NTla\nMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpN\nZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5m\nYWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARDggRlmoZhb1O/\nSKGKin92vtHoiTKsoGhhPHFbGHOd105B5b87UURcbTbYJTkBaM3xZDRmAA3A7ate\nWbCNfFtzo4IDgDCCA3wwHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjsw\nHQYDVR0OBBYEFKHeWwF+JJU1imvY8aLY3mzyf9ByMIG1BgNVHREEga0wgaqCDiou\nZmFjZWJvb2suY29tgg4qLmZhY2Vib29rLm5ldIILKi5mYmNkbi5uZXSCCyouZmJz\nYnguY29tghAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDioueHgu\nZmJjZG4ubmV0gg4qLnh5LmZiY2RuLm5ldIIOKi54ei5mYmNkbi5uZXSCDGZhY2Vi\nb29rLmNvbYINbWVzc2VuZ2VyLmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYw\nFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9j\ncmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0\ndHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwPgYD\nVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdp\nY2VydC5jb20vQ1BTMIGDBggrBgEFBQcBAQR3MHUwJAYIKwYBBQUHMAGGGGh0dHA6\nLy9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMu\nZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5j\ncnQwDAYDVR0TAQH/BAIwADCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3APZclC/R\ndzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABd42GtnwAAAQDAEgwRgIhAJKn\nV9gHJOdqwyMFDehnumEYMy4RQBTJ/7YF37NVlojRAiEArXQOKNgn0klecjkgNWpr\n/21Zwsxl0NsQLcrnBqqb5LIAdwBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m\n9scOygAAAXeNhra4AAAEAwBIMEYCIQDPWKsEjGQPyzE34B+LNuykWQOkgarbAzzw\n146NaeIk7AIhANSmd8yY+umMimeXan1ZCC/k5j8SFYRmNE1iLqUr2ehjMA0GCSqG\nSIb3DQEBCwUAA4IBAQBq84+tRHauo3+AVlE+AzsNey5AY+A2T7rREG6U04ICrhH1\nz7HFeY2D5QgR4ea3bU63MHtKxgox/3Cdo/CUOHnRSIlu0xjjlo2E7Q2Kri1ScLtD\nzEOv+Lp2Q6ElNKwk2WtmVuTt/Hfqmo4/lbZ1S3qcF6a411wNcA6pnV93A/blWhkx\nPPwPkuV5P/MFXkl41ssrFCQXENMXu0Aqrt8ikepxg7jeiST4LABJWMNXY0/3iCIT\n3gOMKN8syYB+EnQF1idOGGM0QSrsrQzXeF7EcDGB8XcgLp9AOHjzo30vqbyMCp8k\nSBIpJIMHGJ5d9YkjCyfrqw3xWCBDUfVC4F5+cwzx\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "BichFaNYEXLSREQZO68AFUv14OI=", + "fingerprint_sha256": "D0vo8jwbdk8J6UAG3UsZn0mpDww+lEPNAJU0aLiO83I=", + "hpkp_pin": "bi7NLGpN1BQFlWDFBkeOTXyM9BvElTf63ML7I40Lbn8=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2021-05-10T23:59:59", + "not_valid_before": "2021-02-10T00:00:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 30534681319713412419758444730380809953114444152437723126087269973835568618967, + "ec_y": 35396832904215458267110645142635473451912036209320173129985331521302552140659, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 4610391752464174971427059223496372607, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Menlo Park", + "value": "Menlo Park" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Facebook\\, Inc.", + "value": "Facebook, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.facebook.com", + "value": "*.facebook.com" + } + ], + "rfc4514_string": "CN=*.facebook.com,O=Facebook\\, Inc.,L=Menlo Park,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.facebook.com", + "*.facebook.net", + "*.fbcdn.net", + "*.fbsbx.com", + "*.m.facebook.com", + "*.messenger.com", + "*.xx.fbcdn.net", + "*.xy.fbcdn.net", + "*.xz.fbcdn.net", + "facebook.com", + "messenger.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\nYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\nKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\nitrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\nsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\nbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\nMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\ndC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\nL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\nBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\nUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\naQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\naOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\nE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\nxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\ncPUeybQ=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "oDHEZ4Lm5sZiwsh8dtqapizKvY4=", + "fingerprint_sha256": "GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=", + "hpkp_pin": "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2028-10-22T12:00:00", + "not_valid_before": "2013-10-22T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 23085922014910748503624791917480115148492919026914207610707020942093828159221184419960399297678177590153378092714640886296044490661625022319263060388275515964365478738040978664516396912933675650257207760237777280773935047177225664304566903694731631728916260237117586511459590661362255543750987738241463266555577715629664656907640120826399947323444556799362651693283202076722872218490347588587929811327918605576169523712767591239193274840826201053308722900104999956283622772648025895714833602740679819670062830777938157004975732087864164660384513848296643542134747514357423990884765641067184766081973460304136714018531 + }, + "serial_number": 6489877074546166222510380951761917343, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\nRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm\n+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW\nPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM\nxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB\nIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3\nhzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg\nEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\nMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA\nFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec\nnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z\neM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF\nhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\nYzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe\nvEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n+OkuE6N36B9K\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "X7fuBjPiWdutDEya5tOPGmHH3CU=", + "fingerprint_sha256": "dDHl9MPBzkaQd08LYeBUQIg7qaAe0Aumq9eAbtOxGM8=", + "hpkp_pin": "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 25096222514443076901272460785174517607620538894364887395200690111394566020592736673662921945840817328364413674741800760450235583027021531642816683159576973866853280121844679977899567994751333258123861457007523791425003154230648819528564116339145266255263939030158519839380078368713888028673211448476392899923583233481355650312351351674302573096563616905459255557919180852201759360299861601875234807995701275332739967359933679872406573487332354516530701356470999683428220594248446682388824996574482294270079277019729636834333736001968484903342759579838975239653144282134955700899224002867238843313167887950361608604619 + }, + "serial_number": 3553400076410547919724730734378100087, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Java", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/oracle_java.pem", + "version": "jdk-13.0.2" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGGjCCBQKgAwIBAgIQA3ft3Pr4vjS6Izx8K5oxfzANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMTAyMTAwMDAwMDBaFw0yMTA1MTAyMzU5NTla\nMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpN\nZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5m\nYWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARDggRlmoZhb1O/\nSKGKin92vtHoiTKsoGhhPHFbGHOd105B5b87UURcbTbYJTkBaM3xZDRmAA3A7ate\nWbCNfFtzo4IDgDCCA3wwHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjsw\nHQYDVR0OBBYEFKHeWwF+JJU1imvY8aLY3mzyf9ByMIG1BgNVHREEga0wgaqCDiou\nZmFjZWJvb2suY29tgg4qLmZhY2Vib29rLm5ldIILKi5mYmNkbi5uZXSCCyouZmJz\nYnguY29tghAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDioueHgu\nZmJjZG4ubmV0gg4qLnh5LmZiY2RuLm5ldIIOKi54ei5mYmNkbi5uZXSCDGZhY2Vi\nb29rLmNvbYINbWVzc2VuZ2VyLmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYw\nFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9j\ncmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0\ndHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwPgYD\nVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdp\nY2VydC5jb20vQ1BTMIGDBggrBgEFBQcBAQR3MHUwJAYIKwYBBQUHMAGGGGh0dHA6\nLy9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMu\nZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5j\ncnQwDAYDVR0TAQH/BAIwADCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3APZclC/R\ndzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABd42GtnwAAAQDAEgwRgIhAJKn\nV9gHJOdqwyMFDehnumEYMy4RQBTJ/7YF37NVlojRAiEArXQOKNgn0klecjkgNWpr\n/21Zwsxl0NsQLcrnBqqb5LIAdwBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m\n9scOygAAAXeNhra4AAAEAwBIMEYCIQDPWKsEjGQPyzE34B+LNuykWQOkgarbAzzw\n146NaeIk7AIhANSmd8yY+umMimeXan1ZCC/k5j8SFYRmNE1iLqUr2ehjMA0GCSqG\nSIb3DQEBCwUAA4IBAQBq84+tRHauo3+AVlE+AzsNey5AY+A2T7rREG6U04ICrhH1\nz7HFeY2D5QgR4ea3bU63MHtKxgox/3Cdo/CUOHnRSIlu0xjjlo2E7Q2Kri1ScLtD\nzEOv+Lp2Q6ElNKwk2WtmVuTt/Hfqmo4/lbZ1S3qcF6a411wNcA6pnV93A/blWhkx\nPPwPkuV5P/MFXkl41ssrFCQXENMXu0Aqrt8ikepxg7jeiST4LABJWMNXY0/3iCIT\n3gOMKN8syYB+EnQF1idOGGM0QSrsrQzXeF7EcDGB8XcgLp9AOHjzo30vqbyMCp8k\nSBIpJIMHGJ5d9YkjCyfrqw3xWCBDUfVC4F5+cwzx\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "BichFaNYEXLSREQZO68AFUv14OI=", + "fingerprint_sha256": "D0vo8jwbdk8J6UAG3UsZn0mpDww+lEPNAJU0aLiO83I=", + "hpkp_pin": "bi7NLGpN1BQFlWDFBkeOTXyM9BvElTf63ML7I40Lbn8=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2021-05-10T23:59:59", + "not_valid_before": "2021-02-10T00:00:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 30534681319713412419758444730380809953114444152437723126087269973835568618967, + "ec_y": 35396832904215458267110645142635473451912036209320173129985331521302552140659, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 4610391752464174971427059223496372607, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Menlo Park", + "value": "Menlo Park" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Facebook\\, Inc.", + "value": "Facebook, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.facebook.com", + "value": "*.facebook.com" + } + ], + "rfc4514_string": "CN=*.facebook.com,O=Facebook\\, Inc.,L=Menlo Park,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.facebook.com", + "*.facebook.net", + "*.fbcdn.net", + "*.fbsbx.com", + "*.m.facebook.com", + "*.messenger.com", + "*.xx.fbcdn.net", + "*.xy.fbcdn.net", + "*.xz.fbcdn.net", + "facebook.com", + "messenger.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\nYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\nKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\nitrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\nsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\nbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\nMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\ndC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\nL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\nBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\nUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\naQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\naOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\nE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\nxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\ncPUeybQ=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "oDHEZ4Lm5sZiwsh8dtqapizKvY4=", + "fingerprint_sha256": "GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=", + "hpkp_pin": "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2028-10-22T12:00:00", + "not_valid_before": "2013-10-22T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 23085922014910748503624791917480115148492919026914207610707020942093828159221184419960399297678177590153378092714640886296044490661625022319263060388275515964365478738040978664516396912933675650257207760237777280773935047177225664304566903694731631728916260237117586511459590661362255543750987738241463266555577715629664656907640120826399947323444556799362651693283202076722872218490347588587929811327918605576169523712767591239193274840826201053308722900104999956283622772648025895714833602740679819670062830777938157004975732087864164660384513848296643542134747514357423990884765641067184766081973460304136714018531 + }, + "serial_number": 6489877074546166222510380951761917343, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\nRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm\n+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW\nPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM\nxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB\nIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3\nhzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg\nEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\nMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA\nFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec\nnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z\neM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF\nhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\nYzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe\nvEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n+OkuE6N36B9K\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "X7fuBjPiWdutDEya5tOPGmHH3CU=", + "fingerprint_sha256": "dDHl9MPBzkaQd08LYeBUQIg7qaAe0Aumq9eAbtOxGM8=", + "hpkp_pin": "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 25096222514443076901272460785174517607620538894364887395200690111394566020592736673662921945840817328364413674741800760450235583027021531642816683159576973866853280121844679977899567994751333258123861457007523791425003154230648819528564116339145266255263939030158519839380078368713888028673211448476392899923583233481355650312351351674302573096563616905459255557919180852201759360299861601875234807995701275332739967359933679872406573487332354516530701356470999683428220594248446682388824996574482294270079277019729636834333736001968484903342759579838975239653144282134955700899224002867238843313167887950361608604619 + }, + "serial_number": 3553400076410547919724730734378100087, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": [ + { + "dotted_string": "1.2.276.0.44.1.1.1.4", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.392.200091.100.721.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.40.0.17.1.22", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.616.1.113527.2.5.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.159.1.17.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.13177.10.1.3.10", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14370.1.6", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14777.6.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14777.6.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.14.2.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.14.2.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.8.12.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.8.12.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.22234.2.5.2.3.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.23223.1.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.29836.1.10", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.3", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.4", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.36305.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.40869.1.1.22.3", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.4146.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.4788.2.202.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.6334.1.100.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.6449.1.2.1.5.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.782.1.2.1.8.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.7879.13.24.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.8024.0.2.100.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.156.112554.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.528.1.1003.1.2.7", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.578.1.26.1.3.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.756.1.83.21.0", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.756.1.89.1.2.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.792.3.0.3.1.1.5", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.792.3.0.4.1.1.4", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.113733.1.7.23.6", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.113733.1.7.48.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114028.10.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114171.500.9", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114404.1.1.2.4.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114412.2.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114413.1.7.23.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114414.1.7.23.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114414.1.7.24.3", + "name": "Unknown OID" + } + ], + "name": "Mozilla", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/mozilla_nss.pem", + "version": "2021-03-28" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGGjCCBQKgAwIBAgIQA3ft3Pr4vjS6Izx8K5oxfzANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMTAyMTAwMDAwMDBaFw0yMTA1MTAyMzU5NTla\nMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpN\nZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5m\nYWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARDggRlmoZhb1O/\nSKGKin92vtHoiTKsoGhhPHFbGHOd105B5b87UURcbTbYJTkBaM3xZDRmAA3A7ate\nWbCNfFtzo4IDgDCCA3wwHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjsw\nHQYDVR0OBBYEFKHeWwF+JJU1imvY8aLY3mzyf9ByMIG1BgNVHREEga0wgaqCDiou\nZmFjZWJvb2suY29tgg4qLmZhY2Vib29rLm5ldIILKi5mYmNkbi5uZXSCCyouZmJz\nYnguY29tghAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDioueHgu\nZmJjZG4ubmV0gg4qLnh5LmZiY2RuLm5ldIIOKi54ei5mYmNkbi5uZXSCDGZhY2Vi\nb29rLmNvbYINbWVzc2VuZ2VyLmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYw\nFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9j\ncmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0\ndHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwPgYD\nVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdp\nY2VydC5jb20vQ1BTMIGDBggrBgEFBQcBAQR3MHUwJAYIKwYBBQUHMAGGGGh0dHA6\nLy9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMu\nZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5j\ncnQwDAYDVR0TAQH/BAIwADCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3APZclC/R\ndzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABd42GtnwAAAQDAEgwRgIhAJKn\nV9gHJOdqwyMFDehnumEYMy4RQBTJ/7YF37NVlojRAiEArXQOKNgn0klecjkgNWpr\n/21Zwsxl0NsQLcrnBqqb5LIAdwBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m\n9scOygAAAXeNhra4AAAEAwBIMEYCIQDPWKsEjGQPyzE34B+LNuykWQOkgarbAzzw\n146NaeIk7AIhANSmd8yY+umMimeXan1ZCC/k5j8SFYRmNE1iLqUr2ehjMA0GCSqG\nSIb3DQEBCwUAA4IBAQBq84+tRHauo3+AVlE+AzsNey5AY+A2T7rREG6U04ICrhH1\nz7HFeY2D5QgR4ea3bU63MHtKxgox/3Cdo/CUOHnRSIlu0xjjlo2E7Q2Kri1ScLtD\nzEOv+Lp2Q6ElNKwk2WtmVuTt/Hfqmo4/lbZ1S3qcF6a411wNcA6pnV93A/blWhkx\nPPwPkuV5P/MFXkl41ssrFCQXENMXu0Aqrt8ikepxg7jeiST4LABJWMNXY0/3iCIT\n3gOMKN8syYB+EnQF1idOGGM0QSrsrQzXeF7EcDGB8XcgLp9AOHjzo30vqbyMCp8k\nSBIpJIMHGJ5d9YkjCyfrqw3xWCBDUfVC4F5+cwzx\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "BichFaNYEXLSREQZO68AFUv14OI=", + "fingerprint_sha256": "D0vo8jwbdk8J6UAG3UsZn0mpDww+lEPNAJU0aLiO83I=", + "hpkp_pin": "bi7NLGpN1BQFlWDFBkeOTXyM9BvElTf63ML7I40Lbn8=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2021-05-10T23:59:59", + "not_valid_before": "2021-02-10T00:00:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 30534681319713412419758444730380809953114444152437723126087269973835568618967, + "ec_y": 35396832904215458267110645142635473451912036209320173129985331521302552140659, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 4610391752464174971427059223496372607, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Menlo Park", + "value": "Menlo Park" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Facebook\\, Inc.", + "value": "Facebook, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.facebook.com", + "value": "*.facebook.com" + } + ], + "rfc4514_string": "CN=*.facebook.com,O=Facebook\\, Inc.,L=Menlo Park,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.facebook.com", + "*.facebook.net", + "*.fbcdn.net", + "*.fbsbx.com", + "*.m.facebook.com", + "*.messenger.com", + "*.xx.fbcdn.net", + "*.xy.fbcdn.net", + "*.xz.fbcdn.net", + "facebook.com", + "messenger.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\nYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\nKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\nitrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\nsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\nbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\nMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\ndC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\nL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\nBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\nUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\naQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\naOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\nE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\nxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\ncPUeybQ=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "oDHEZ4Lm5sZiwsh8dtqapizKvY4=", + "fingerprint_sha256": "GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=", + "hpkp_pin": "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2028-10-22T12:00:00", + "not_valid_before": "2013-10-22T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 23085922014910748503624791917480115148492919026914207610707020942093828159221184419960399297678177590153378092714640886296044490661625022319263060388275515964365478738040978664516396912933675650257207760237777280773935047177225664304566903694731631728916260237117586511459590661362255543750987738241463266555577715629664656907640120826399947323444556799362651693283202076722872218490347588587929811327918605576169523712767591239193274840826201053308722900104999956283622772648025895714833602740679819670062830777938157004975732087864164660384513848296643542134747514357423990884765641067184766081973460304136714018531 + }, + "serial_number": 6489877074546166222510380951761917343, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\nRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm\n+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW\nPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM\nxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB\nIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3\nhzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg\nEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\nMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA\nFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec\nnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z\neM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF\nhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\nYzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe\nvEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n+OkuE6N36B9K\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "X7fuBjPiWdutDEya5tOPGmHH3CU=", + "fingerprint_sha256": "dDHl9MPBzkaQd08LYeBUQIg7qaAe0Aumq9eAbtOxGM8=", + "hpkp_pin": "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 25096222514443076901272460785174517607620538894364887395200690111394566020592736673662921945840817328364413674741800760450235583027021531642816683159576973866853280121844679977899567994751333258123861457007523791425003154230648819528564116339145266255263939030158519839380078368713888028673211448476392899923583233481355650312351351674302573096563616905459255557919180852201759360299861601875234807995701275332739967359933679872406573487332354516530701356470999683428220594248446682388824996574482294270079277019729636834333736001968484903342759579838975239653144282134955700899224002867238843313167887950361608604619 + }, + "serial_number": 3553400076410547919724730734378100087, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Windows", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/microsoft_windows.pem", + "version": "2021-03-28" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGGjCCBQKgAwIBAgIQA3ft3Pr4vjS6Izx8K5oxfzANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMTAyMTAwMDAwMDBaFw0yMTA1MTAyMzU5NTla\nMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpN\nZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5m\nYWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARDggRlmoZhb1O/\nSKGKin92vtHoiTKsoGhhPHFbGHOd105B5b87UURcbTbYJTkBaM3xZDRmAA3A7ate\nWbCNfFtzo4IDgDCCA3wwHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjsw\nHQYDVR0OBBYEFKHeWwF+JJU1imvY8aLY3mzyf9ByMIG1BgNVHREEga0wgaqCDiou\nZmFjZWJvb2suY29tgg4qLmZhY2Vib29rLm5ldIILKi5mYmNkbi5uZXSCCyouZmJz\nYnguY29tghAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDioueHgu\nZmJjZG4ubmV0gg4qLnh5LmZiY2RuLm5ldIIOKi54ei5mYmNkbi5uZXSCDGZhY2Vi\nb29rLmNvbYINbWVzc2VuZ2VyLmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYw\nFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9j\ncmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0\ndHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwPgYD\nVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdp\nY2VydC5jb20vQ1BTMIGDBggrBgEFBQcBAQR3MHUwJAYIKwYBBQUHMAGGGGh0dHA6\nLy9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMu\nZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5j\ncnQwDAYDVR0TAQH/BAIwADCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3APZclC/R\ndzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABd42GtnwAAAQDAEgwRgIhAJKn\nV9gHJOdqwyMFDehnumEYMy4RQBTJ/7YF37NVlojRAiEArXQOKNgn0klecjkgNWpr\n/21Zwsxl0NsQLcrnBqqb5LIAdwBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m\n9scOygAAAXeNhra4AAAEAwBIMEYCIQDPWKsEjGQPyzE34B+LNuykWQOkgarbAzzw\n146NaeIk7AIhANSmd8yY+umMimeXan1ZCC/k5j8SFYRmNE1iLqUr2ehjMA0GCSqG\nSIb3DQEBCwUAA4IBAQBq84+tRHauo3+AVlE+AzsNey5AY+A2T7rREG6U04ICrhH1\nz7HFeY2D5QgR4ea3bU63MHtKxgox/3Cdo/CUOHnRSIlu0xjjlo2E7Q2Kri1ScLtD\nzEOv+Lp2Q6ElNKwk2WtmVuTt/Hfqmo4/lbZ1S3qcF6a411wNcA6pnV93A/blWhkx\nPPwPkuV5P/MFXkl41ssrFCQXENMXu0Aqrt8ikepxg7jeiST4LABJWMNXY0/3iCIT\n3gOMKN8syYB+EnQF1idOGGM0QSrsrQzXeF7EcDGB8XcgLp9AOHjzo30vqbyMCp8k\nSBIpJIMHGJ5d9YkjCyfrqw3xWCBDUfVC4F5+cwzx\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "BichFaNYEXLSREQZO68AFUv14OI=", + "fingerprint_sha256": "D0vo8jwbdk8J6UAG3UsZn0mpDww+lEPNAJU0aLiO83I=", + "hpkp_pin": "bi7NLGpN1BQFlWDFBkeOTXyM9BvElTf63ML7I40Lbn8=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2021-05-10T23:59:59", + "not_valid_before": "2021-02-10T00:00:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 30534681319713412419758444730380809953114444152437723126087269973835568618967, + "ec_y": 35396832904215458267110645142635473451912036209320173129985331521302552140659, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 4610391752464174971427059223496372607, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Menlo Park", + "value": "Menlo Park" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Facebook\\, Inc.", + "value": "Facebook, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.facebook.com", + "value": "*.facebook.com" + } + ], + "rfc4514_string": "CN=*.facebook.com,O=Facebook\\, Inc.,L=Menlo Park,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.facebook.com", + "*.facebook.net", + "*.fbcdn.net", + "*.fbsbx.com", + "*.m.facebook.com", + "*.messenger.com", + "*.xx.fbcdn.net", + "*.xy.fbcdn.net", + "*.xz.fbcdn.net", + "facebook.com", + "messenger.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\nYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\nKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\nitrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\nsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\nbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\nMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\ndC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\nL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\nBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\nUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\naQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\naOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\nE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\nxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\ncPUeybQ=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "oDHEZ4Lm5sZiwsh8dtqapizKvY4=", + "fingerprint_sha256": "GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=", + "hpkp_pin": "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2028-10-22T12:00:00", + "not_valid_before": "2013-10-22T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 23085922014910748503624791917480115148492919026914207610707020942093828159221184419960399297678177590153378092714640886296044490661625022319263060388275515964365478738040978664516396912933675650257207760237777280773935047177225664304566903694731631728916260237117586511459590661362255543750987738241463266555577715629664656907640120826399947323444556799362651693283202076722872218490347588587929811327918605576169523712767591239193274840826201053308722900104999956283622772648025895714833602740679819670062830777938157004975732087864164660384513848296643542134747514357423990884765641067184766081973460304136714018531 + }, + "serial_number": 6489877074546166222510380951761917343, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\nRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm\n+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW\nPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM\nxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB\nIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3\nhzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg\nEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\nMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA\nFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec\nnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z\neM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF\nhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\nYzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe\nvEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n+OkuE6N36B9K\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "X7fuBjPiWdutDEya5tOPGmHH3CU=", + "fingerprint_sha256": "dDHl9MPBzkaQd08LYeBUQIg7qaAe0Aumq9eAbtOxGM8=", + "hpkp_pin": "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 25096222514443076901272460785174517607620538894364887395200690111394566020592736673662921945840817328364413674741800760450235583027021531642816683159576973866853280121844679977899567994751333258123861457007523791425003154230648819528564116339145266255263939030158519839380078368713888028673211448476392899923583233481355650312351351674302573096563616905459255557919180852201759360299861601875234807995701275332739967359933679872406573487332354516530701356470999683428220594248446682388824996574482294270079277019729636834333736001968484903342759579838975239653144282134955700899224002867238843313167887950361608604619 + }, + "serial_number": 3553400076410547919724730734378100087, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + } + ], + "received_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGGjCCBQKgAwIBAgIQA3ft3Pr4vjS6Izx8K5oxfzANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMTAyMTAwMDAwMDBaFw0yMTA1MTAyMzU5NTla\nMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpN\nZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5m\nYWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARDggRlmoZhb1O/\nSKGKin92vtHoiTKsoGhhPHFbGHOd105B5b87UURcbTbYJTkBaM3xZDRmAA3A7ate\nWbCNfFtzo4IDgDCCA3wwHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjsw\nHQYDVR0OBBYEFKHeWwF+JJU1imvY8aLY3mzyf9ByMIG1BgNVHREEga0wgaqCDiou\nZmFjZWJvb2suY29tgg4qLmZhY2Vib29rLm5ldIILKi5mYmNkbi5uZXSCCyouZmJz\nYnguY29tghAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDioueHgu\nZmJjZG4ubmV0gg4qLnh5LmZiY2RuLm5ldIIOKi54ei5mYmNkbi5uZXSCDGZhY2Vi\nb29rLmNvbYINbWVzc2VuZ2VyLmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYw\nFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9j\ncmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0\ndHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwPgYD\nVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdp\nY2VydC5jb20vQ1BTMIGDBggrBgEFBQcBAQR3MHUwJAYIKwYBBQUHMAGGGGh0dHA6\nLy9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMu\nZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5j\ncnQwDAYDVR0TAQH/BAIwADCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3APZclC/R\ndzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABd42GtnwAAAQDAEgwRgIhAJKn\nV9gHJOdqwyMFDehnumEYMy4RQBTJ/7YF37NVlojRAiEArXQOKNgn0klecjkgNWpr\n/21Zwsxl0NsQLcrnBqqb5LIAdwBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m\n9scOygAAAXeNhra4AAAEAwBIMEYCIQDPWKsEjGQPyzE34B+LNuykWQOkgarbAzzw\n146NaeIk7AIhANSmd8yY+umMimeXan1ZCC/k5j8SFYRmNE1iLqUr2ehjMA0GCSqG\nSIb3DQEBCwUAA4IBAQBq84+tRHauo3+AVlE+AzsNey5AY+A2T7rREG6U04ICrhH1\nz7HFeY2D5QgR4ea3bU63MHtKxgox/3Cdo/CUOHnRSIlu0xjjlo2E7Q2Kri1ScLtD\nzEOv+Lp2Q6ElNKwk2WtmVuTt/Hfqmo4/lbZ1S3qcF6a411wNcA6pnV93A/blWhkx\nPPwPkuV5P/MFXkl41ssrFCQXENMXu0Aqrt8ikepxg7jeiST4LABJWMNXY0/3iCIT\n3gOMKN8syYB+EnQF1idOGGM0QSrsrQzXeF7EcDGB8XcgLp9AOHjzo30vqbyMCp8k\nSBIpJIMHGJ5d9YkjCyfrqw3xWCBDUfVC4F5+cwzx\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "BichFaNYEXLSREQZO68AFUv14OI=", + "fingerprint_sha256": "D0vo8jwbdk8J6UAG3UsZn0mpDww+lEPNAJU0aLiO83I=", + "hpkp_pin": "bi7NLGpN1BQFlWDFBkeOTXyM9BvElTf63ML7I40Lbn8=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2021-05-10T23:59:59", + "not_valid_before": "2021-02-10T00:00:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 30534681319713412419758444730380809953114444152437723126087269973835568618967, + "ec_y": 35396832904215458267110645142635473451912036209320173129985331521302552140659, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 4610391752464174971427059223496372607, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Menlo Park", + "value": "Menlo Park" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Facebook\\, Inc.", + "value": "Facebook, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.facebook.com", + "value": "*.facebook.com" + } + ], + "rfc4514_string": "CN=*.facebook.com,O=Facebook\\, Inc.,L=Menlo Park,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.facebook.com", + "*.facebook.net", + "*.fbcdn.net", + "*.fbsbx.com", + "*.m.facebook.com", + "*.messenger.com", + "*.xx.fbcdn.net", + "*.xy.fbcdn.net", + "*.xz.fbcdn.net", + "facebook.com", + "messenger.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\nYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\nKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\nitrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\nsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\nbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\nMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\ndC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\nL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\nBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\nUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\naQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\naOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\nE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\nxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\ncPUeybQ=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "oDHEZ4Lm5sZiwsh8dtqapizKvY4=", + "fingerprint_sha256": "GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=", + "hpkp_pin": "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2028-10-22T12:00:00", + "not_valid_before": "2013-10-22T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 23085922014910748503624791917480115148492919026914207610707020942093828159221184419960399297678177590153378092714640886296044490661625022319263060388275515964365478738040978664516396912933675650257207760237777280773935047177225664304566903694731631728916260237117586511459590661362255543750987738241463266555577715629664656907640120826399947323444556799362651693283202076722872218490347588587929811327918605576169523712767591239193274840826201053308722900104999956283622772648025895714833602740679819670062830777938157004975732087864164660384513848296643542134747514357423990884765641067184766081973460304136714018531 + }, + "serial_number": 6489877074546166222510380951761917343, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "received_chain_contains_anchor_certificate": false, + "received_chain_has_valid_order": true, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGGjCCBQKgAwIBAgIQA3ft3Pr4vjS6Izx8K5oxfzANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMTAyMTAwMDAwMDBaFw0yMTA1MTAyMzU5NTla\nMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpN\nZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5m\nYWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARDggRlmoZhb1O/\nSKGKin92vtHoiTKsoGhhPHFbGHOd105B5b87UURcbTbYJTkBaM3xZDRmAA3A7ate\nWbCNfFtzo4IDgDCCA3wwHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjsw\nHQYDVR0OBBYEFKHeWwF+JJU1imvY8aLY3mzyf9ByMIG1BgNVHREEga0wgaqCDiou\nZmFjZWJvb2suY29tgg4qLmZhY2Vib29rLm5ldIILKi5mYmNkbi5uZXSCCyouZmJz\nYnguY29tghAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDioueHgu\nZmJjZG4ubmV0gg4qLnh5LmZiY2RuLm5ldIIOKi54ei5mYmNkbi5uZXSCDGZhY2Vi\nb29rLmNvbYINbWVzc2VuZ2VyLmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYw\nFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9j\ncmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0\ndHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwPgYD\nVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdp\nY2VydC5jb20vQ1BTMIGDBggrBgEFBQcBAQR3MHUwJAYIKwYBBQUHMAGGGGh0dHA6\nLy9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMu\nZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5j\ncnQwDAYDVR0TAQH/BAIwADCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3APZclC/R\ndzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABd42GtnwAAAQDAEgwRgIhAJKn\nV9gHJOdqwyMFDehnumEYMy4RQBTJ/7YF37NVlojRAiEArXQOKNgn0klecjkgNWpr\n/21Zwsxl0NsQLcrnBqqb5LIAdwBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m\n9scOygAAAXeNhra4AAAEAwBIMEYCIQDPWKsEjGQPyzE34B+LNuykWQOkgarbAzzw\n146NaeIk7AIhANSmd8yY+umMimeXan1ZCC/k5j8SFYRmNE1iLqUr2ehjMA0GCSqG\nSIb3DQEBCwUAA4IBAQBq84+tRHauo3+AVlE+AzsNey5AY+A2T7rREG6U04ICrhH1\nz7HFeY2D5QgR4ea3bU63MHtKxgox/3Cdo/CUOHnRSIlu0xjjlo2E7Q2Kri1ScLtD\nzEOv+Lp2Q6ElNKwk2WtmVuTt/Hfqmo4/lbZ1S3qcF6a411wNcA6pnV93A/blWhkx\nPPwPkuV5P/MFXkl41ssrFCQXENMXu0Aqrt8ikepxg7jeiST4LABJWMNXY0/3iCIT\n3gOMKN8syYB+EnQF1idOGGM0QSrsrQzXeF7EcDGB8XcgLp9AOHjzo30vqbyMCp8k\nSBIpJIMHGJ5d9YkjCyfrqw3xWCBDUfVC4F5+cwzx\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "BichFaNYEXLSREQZO68AFUv14OI=", + "fingerprint_sha256": "D0vo8jwbdk8J6UAG3UsZn0mpDww+lEPNAJU0aLiO83I=", + "hpkp_pin": "bi7NLGpN1BQFlWDFBkeOTXyM9BvElTf63ML7I40Lbn8=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2021-05-10T23:59:59", + "not_valid_before": "2021-02-10T00:00:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 30534681319713412419758444730380809953114444152437723126087269973835568618967, + "ec_y": 35396832904215458267110645142635473451912036209320173129985331521302552140659, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 4610391752464174971427059223496372607, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Menlo Park", + "value": "Menlo Park" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Facebook\\, Inc.", + "value": "Facebook, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.facebook.com", + "value": "*.facebook.com" + } + ], + "rfc4514_string": "CN=*.facebook.com,O=Facebook\\, Inc.,L=Menlo Park,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.facebook.com", + "*.facebook.net", + "*.fbcdn.net", + "*.fbsbx.com", + "*.m.facebook.com", + "*.messenger.com", + "*.xx.fbcdn.net", + "*.xy.fbcdn.net", + "*.xz.fbcdn.net", + "facebook.com", + "messenger.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\nYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\nKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\nitrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\nsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\nbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\nMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\ndC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\nL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\nBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\nUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\naQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\naOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\nE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\nxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\ncPUeybQ=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "oDHEZ4Lm5sZiwsh8dtqapizKvY4=", + "fingerprint_sha256": "GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=", + "hpkp_pin": "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2028-10-22T12:00:00", + "not_valid_before": "2013-10-22T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 23085922014910748503624791917480115148492919026914207610707020942093828159221184419960399297678177590153378092714640886296044490661625022319263060388275515964365478738040978664516396912933675650257207760237777280773935047177225664304566903694731631728916260237117586511459590661362255543750987738241463266555577715629664656907640120826399947323444556799362651693283202076722872218490347588587929811327918605576169523712767591239193274840826201053308722900104999956283622772648025895714833602740679819670062830777938157004975732087864164660384513848296643542134747514357423990884765641067184766081973460304136714018531 + }, + "serial_number": 6489877074546166222510380951761917343, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\nRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm\n+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW\nPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM\nxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB\nIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3\nhzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg\nEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\nMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA\nFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec\nnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z\neM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF\nhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\nYzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe\nvEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n+OkuE6N36B9K\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "X7fuBjPiWdutDEya5tOPGmHH3CU=", + "fingerprint_sha256": "dDHl9MPBzkaQd08LYeBUQIg7qaAe0Aumq9eAbtOxGM8=", + "hpkp_pin": "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 25096222514443076901272460785174517607620538894364887395200690111394566020592736673662921945840817328364413674741800760450235583027021531642816683159576973866853280121844679977899567994751333258123861457007523791425003154230648819528564116339145266255263939030158519839380078368713888028673211448476392899923583233481355650312351351674302573096563616905459255557919180852201759360299861601875234807995701275332739967359933679872406573487332354516530701356470999683428220594248446682388824996574482294270079277019729636834333736001968484903342759579838975239653144282134955700899224002867238843313167887950361608604619 + }, + "serial_number": 3553400076410547919724730734378100087, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "verified_chain_has_legacy_symantec_anchor": false, + "verified_chain_has_sha1_signature": false + }, + { + "leaf_certificate_has_must_staple_extension": false, + "leaf_certificate_is_ev": false, + "leaf_certificate_signed_certificate_timestamps_count": 2, + "leaf_certificate_subject_matches_hostname": true, + "ocsp_response": null, + "ocsp_response_is_trusted": null, + "path_validation_results": [ + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Android", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/google_aosp.pem", + "version": "9.0.0_r9" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIG5DCCBcygAwIBAgIQCpzpv1RgHGRmC/wT+QnWjTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMTAyMjgwMDAwMDBaFw0yMTA1MjgyMzU5NTla\nMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpN\nZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5m\nYWNlYm9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhjnCl\nHkblODwgmhRKSY/lzhEgdMtKHYMU/5KCw+HBlVCpi6puAEkREed9ujX9QHagNoJx\nJFd5zVDD+sr6QFqzhtQsz+2WNaUekkm0rQ8e7GtHGbNX4EjOdwXsOLDH5n/qga7Y\n2oAeINgWY42cqbqmcDHe5+ZGVcLT1L3nAzwQa5VqLbK3kupdymFARHAhpehriy+h\nY+xomSDoZYZnSEy9kW1G6fBDdfzZ7h/qYYYgxMBtAgcLuFkoUEeivWXWcJCvF0ZJ\nBbH+ER9qLZYnrToP/MkYqgW7CiixpM7aqgQjEybhuTcnUwoMPmiKIHaUKvH68S7a\n/OK8HRWxDx1rcQF3AgMBAAGjggN/MIIDezAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM\n2WVkYqISuFlyOzAdBgNVHQ4EFgQUWZmCPWpb+pG9UpbdZqJi6rCCw+AwgbUGA1Ud\nEQSBrTCBqoIOKi5mYWNlYm9vay5jb22CDiouZmFjZWJvb2submV0ggsqLmZiY2Ru\nLm5ldIILKi5mYnNieC5jb22CECoubS5mYWNlYm9vay5jb22CDyoubWVzc2VuZ2Vy\nLmNvbYIOKi54eC5mYmNkbi5uZXSCDioueHkuZmJjZG4ubmV0gg4qLnh6LmZiY2Ru\nLm5ldIIMZmFjZWJvb2suY29tgg1tZXNzZW5nZXIuY29tMA4GA1UdDwEB/wQEAwIF\noDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKg\nMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNy\nbDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVy\nLWc2LmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRw\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEF\nBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRw\nOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5j\nZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBBQYKKwYBBAHWeQIEAgSB9gSB\n8wDxAHYAfT7y+I//iFVoJMLAyp5SiXkrxQ54CX8uapdomX4i8NcAAAF36FBaoQAA\nBAMARzBFAiEAjkRauMVd+dEjH4qezoNItw07HLxaPohL3a7G9uQmJ2YCIHbqtfE0\n/6jRdR5dmyRGPAwyWW+nqbmJsu0Hv3f28TDBAHcAXNxDkv7mq0VEsV6a1FbmEDf7\n1fpH3KFzlLJe5vbHDsoAAAF36FBahAAABAMASDBGAiEApB881hy/1NVfhBKwtgVX\nwTdheSWMDHIEmIsXwz8gYz8CIQCA9SqPzDUNPPSTsFs5rUZq++SzGAYwpnl56Gnc\nA/cP+zANBgkqhkiG9w0BAQsFAAOCAQEASsQswUG0l4h8Zy3OVYPF0XeI/lP4vl+Q\n0Vu8Jqx+PWcPDs9y/7zqPpPSl9PlXAKEl/OZDIPf3DCj2W23HiC1H2W5wKEBfqxk\nEA81OeeuBzNMxOw7985VqRSUnFPUGGv3qUvTweO7iLAxtTaZ/Awc916P9s0P6BGq\nV6POMQQCc1UYlnAs/vjvCsO3DDrIHTRqST0uT1VGtA+UoEX/HCqZZgopTl9vzyLd\nLcGnPwcFP1Nn8G6vm6u67PEdh/d+RdkTn8GMpmT3nuhzlq9NV/2izQGv6zdUkK13\nQlLgVzVDLWAitv7HQWt1Iz8mdDN0t9IQnlKbo2C70poqmul4ro9w1Q==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "4Hq3j3WByorGYC+qXi6YYkBUieI=", + "fingerprint_sha256": "VS4OSpE4J48ou5ObboipyehX8HDI2ZH2ZLvjAOJ7kus=", + "hpkp_pin": "UxuCIvQww3Rsz2OzOhPM3xYZAcoDLQv9RXUcMnVmia4=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2021-05-28T23:59:59", + "not_valid_before": "2021-02-28T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28473858408853906773402216360995925781617767330977939520466434009380130919390580590582290551434916813384029967352494894085311408081847460311220591914562764385316961136573195010137304013063156212688673716209427740264146494369765815825194759258496995753693375018206497630330513864712664867572428689281756201184695514925292509089427929119888086881420422091422236337345561195136408140706914218380522994034423045043721803658728490081861600451877040382974416037730388144551581662571626319226549237499073680740608469020479225044719080327404029064158347134928481598445436434672186287437877621263423576228218815161837284295031 + }, + "serial_number": 14107019227910214684751253980605699725, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Menlo Park", + "value": "Menlo Park" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Facebook\\, Inc.", + "value": "Facebook, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.facebook.com", + "value": "*.facebook.com" + } + ], + "rfc4514_string": "CN=*.facebook.com,O=Facebook\\, Inc.,L=Menlo Park,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.facebook.com", + "*.facebook.net", + "*.fbcdn.net", + "*.fbsbx.com", + "*.m.facebook.com", + "*.messenger.com", + "*.xx.fbcdn.net", + "*.xy.fbcdn.net", + "*.xz.fbcdn.net", + "facebook.com", + "messenger.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\nYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\nKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\nitrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\nsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\nbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\nMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\ndC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\nL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\nBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\nUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\naQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\naOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\nE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\nxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\ncPUeybQ=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "oDHEZ4Lm5sZiwsh8dtqapizKvY4=", + "fingerprint_sha256": "GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=", + "hpkp_pin": "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2028-10-22T12:00:00", + "not_valid_before": "2013-10-22T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 23085922014910748503624791917480115148492919026914207610707020942093828159221184419960399297678177590153378092714640886296044490661625022319263060388275515964365478738040978664516396912933675650257207760237777280773935047177225664304566903694731631728916260237117586511459590661362255543750987738241463266555577715629664656907640120826399947323444556799362651693283202076722872218490347588587929811327918605576169523712767591239193274840826201053308722900104999956283622772648025895714833602740679819670062830777938157004975732087864164660384513848296643542134747514357423990884765641067184766081973460304136714018531 + }, + "serial_number": 6489877074546166222510380951761917343, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\nRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm\n+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW\nPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM\nxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB\nIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3\nhzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg\nEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\nMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA\nFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec\nnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z\neM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF\nhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\nYzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe\nvEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n+OkuE6N36B9K\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "X7fuBjPiWdutDEya5tOPGmHH3CU=", + "fingerprint_sha256": "dDHl9MPBzkaQd08LYeBUQIg7qaAe0Aumq9eAbtOxGM8=", + "hpkp_pin": "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 25096222514443076901272460785174517607620538894364887395200690111394566020592736673662921945840817328364413674741800760450235583027021531642816683159576973866853280121844679977899567994751333258123861457007523791425003154230648819528564116339145266255263939030158519839380078368713888028673211448476392899923583233481355650312351351674302573096563616905459255557919180852201759360299861601875234807995701275332739967359933679872406573487332354516530701356470999683428220594248446682388824996574482294270079277019729636834333736001968484903342759579838975239653144282134955700899224002867238843313167887950361608604619 + }, + "serial_number": 3553400076410547919724730734378100087, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Apple", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/apple.pem", + "version": "iOS 14, iPadOS 14, macOS 11, watchOS 7, and tvOS 14" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIG5DCCBcygAwIBAgIQCpzpv1RgHGRmC/wT+QnWjTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMTAyMjgwMDAwMDBaFw0yMTA1MjgyMzU5NTla\nMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpN\nZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5m\nYWNlYm9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhjnCl\nHkblODwgmhRKSY/lzhEgdMtKHYMU/5KCw+HBlVCpi6puAEkREed9ujX9QHagNoJx\nJFd5zVDD+sr6QFqzhtQsz+2WNaUekkm0rQ8e7GtHGbNX4EjOdwXsOLDH5n/qga7Y\n2oAeINgWY42cqbqmcDHe5+ZGVcLT1L3nAzwQa5VqLbK3kupdymFARHAhpehriy+h\nY+xomSDoZYZnSEy9kW1G6fBDdfzZ7h/qYYYgxMBtAgcLuFkoUEeivWXWcJCvF0ZJ\nBbH+ER9qLZYnrToP/MkYqgW7CiixpM7aqgQjEybhuTcnUwoMPmiKIHaUKvH68S7a\n/OK8HRWxDx1rcQF3AgMBAAGjggN/MIIDezAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM\n2WVkYqISuFlyOzAdBgNVHQ4EFgQUWZmCPWpb+pG9UpbdZqJi6rCCw+AwgbUGA1Ud\nEQSBrTCBqoIOKi5mYWNlYm9vay5jb22CDiouZmFjZWJvb2submV0ggsqLmZiY2Ru\nLm5ldIILKi5mYnNieC5jb22CECoubS5mYWNlYm9vay5jb22CDyoubWVzc2VuZ2Vy\nLmNvbYIOKi54eC5mYmNkbi5uZXSCDioueHkuZmJjZG4ubmV0gg4qLnh6LmZiY2Ru\nLm5ldIIMZmFjZWJvb2suY29tgg1tZXNzZW5nZXIuY29tMA4GA1UdDwEB/wQEAwIF\noDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKg\nMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNy\nbDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVy\nLWc2LmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRw\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEF\nBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRw\nOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5j\nZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBBQYKKwYBBAHWeQIEAgSB9gSB\n8wDxAHYAfT7y+I//iFVoJMLAyp5SiXkrxQ54CX8uapdomX4i8NcAAAF36FBaoQAA\nBAMARzBFAiEAjkRauMVd+dEjH4qezoNItw07HLxaPohL3a7G9uQmJ2YCIHbqtfE0\n/6jRdR5dmyRGPAwyWW+nqbmJsu0Hv3f28TDBAHcAXNxDkv7mq0VEsV6a1FbmEDf7\n1fpH3KFzlLJe5vbHDsoAAAF36FBahAAABAMASDBGAiEApB881hy/1NVfhBKwtgVX\nwTdheSWMDHIEmIsXwz8gYz8CIQCA9SqPzDUNPPSTsFs5rUZq++SzGAYwpnl56Gnc\nA/cP+zANBgkqhkiG9w0BAQsFAAOCAQEASsQswUG0l4h8Zy3OVYPF0XeI/lP4vl+Q\n0Vu8Jqx+PWcPDs9y/7zqPpPSl9PlXAKEl/OZDIPf3DCj2W23HiC1H2W5wKEBfqxk\nEA81OeeuBzNMxOw7985VqRSUnFPUGGv3qUvTweO7iLAxtTaZ/Awc916P9s0P6BGq\nV6POMQQCc1UYlnAs/vjvCsO3DDrIHTRqST0uT1VGtA+UoEX/HCqZZgopTl9vzyLd\nLcGnPwcFP1Nn8G6vm6u67PEdh/d+RdkTn8GMpmT3nuhzlq9NV/2izQGv6zdUkK13\nQlLgVzVDLWAitv7HQWt1Iz8mdDN0t9IQnlKbo2C70poqmul4ro9w1Q==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "4Hq3j3WByorGYC+qXi6YYkBUieI=", + "fingerprint_sha256": "VS4OSpE4J48ou5ObboipyehX8HDI2ZH2ZLvjAOJ7kus=", + "hpkp_pin": "UxuCIvQww3Rsz2OzOhPM3xYZAcoDLQv9RXUcMnVmia4=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2021-05-28T23:59:59", + "not_valid_before": "2021-02-28T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28473858408853906773402216360995925781617767330977939520466434009380130919390580590582290551434916813384029967352494894085311408081847460311220591914562764385316961136573195010137304013063156212688673716209427740264146494369765815825194759258496995753693375018206497630330513864712664867572428689281756201184695514925292509089427929119888086881420422091422236337345561195136408140706914218380522994034423045043721803658728490081861600451877040382974416037730388144551581662571626319226549237499073680740608469020479225044719080327404029064158347134928481598445436434672186287437877621263423576228218815161837284295031 + }, + "serial_number": 14107019227910214684751253980605699725, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Menlo Park", + "value": "Menlo Park" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Facebook\\, Inc.", + "value": "Facebook, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.facebook.com", + "value": "*.facebook.com" + } + ], + "rfc4514_string": "CN=*.facebook.com,O=Facebook\\, Inc.,L=Menlo Park,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.facebook.com", + "*.facebook.net", + "*.fbcdn.net", + "*.fbsbx.com", + "*.m.facebook.com", + "*.messenger.com", + "*.xx.fbcdn.net", + "*.xy.fbcdn.net", + "*.xz.fbcdn.net", + "facebook.com", + "messenger.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\nYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\nKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\nitrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\nsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\nbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\nMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\ndC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\nL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\nBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\nUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\naQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\naOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\nE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\nxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\ncPUeybQ=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "oDHEZ4Lm5sZiwsh8dtqapizKvY4=", + "fingerprint_sha256": "GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=", + "hpkp_pin": "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2028-10-22T12:00:00", + "not_valid_before": "2013-10-22T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 23085922014910748503624791917480115148492919026914207610707020942093828159221184419960399297678177590153378092714640886296044490661625022319263060388275515964365478738040978664516396912933675650257207760237777280773935047177225664304566903694731631728916260237117586511459590661362255543750987738241463266555577715629664656907640120826399947323444556799362651693283202076722872218490347588587929811327918605576169523712767591239193274840826201053308722900104999956283622772648025895714833602740679819670062830777938157004975732087864164660384513848296643542134747514357423990884765641067184766081973460304136714018531 + }, + "serial_number": 6489877074546166222510380951761917343, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\nRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm\n+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW\nPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM\nxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB\nIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3\nhzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg\nEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\nMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA\nFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec\nnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z\neM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF\nhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\nYzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe\nvEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n+OkuE6N36B9K\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "X7fuBjPiWdutDEya5tOPGmHH3CU=", + "fingerprint_sha256": "dDHl9MPBzkaQd08LYeBUQIg7qaAe0Aumq9eAbtOxGM8=", + "hpkp_pin": "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 25096222514443076901272460785174517607620538894364887395200690111394566020592736673662921945840817328364413674741800760450235583027021531642816683159576973866853280121844679977899567994751333258123861457007523791425003154230648819528564116339145266255263939030158519839380078368713888028673211448476392899923583233481355650312351351674302573096563616905459255557919180852201759360299861601875234807995701275332739967359933679872406573487332354516530701356470999683428220594248446682388824996574482294270079277019729636834333736001968484903342759579838975239653144282134955700899224002867238843313167887950361608604619 + }, + "serial_number": 3553400076410547919724730734378100087, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Java", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/oracle_java.pem", + "version": "jdk-13.0.2" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIG5DCCBcygAwIBAgIQCpzpv1RgHGRmC/wT+QnWjTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMTAyMjgwMDAwMDBaFw0yMTA1MjgyMzU5NTla\nMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpN\nZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5m\nYWNlYm9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhjnCl\nHkblODwgmhRKSY/lzhEgdMtKHYMU/5KCw+HBlVCpi6puAEkREed9ujX9QHagNoJx\nJFd5zVDD+sr6QFqzhtQsz+2WNaUekkm0rQ8e7GtHGbNX4EjOdwXsOLDH5n/qga7Y\n2oAeINgWY42cqbqmcDHe5+ZGVcLT1L3nAzwQa5VqLbK3kupdymFARHAhpehriy+h\nY+xomSDoZYZnSEy9kW1G6fBDdfzZ7h/qYYYgxMBtAgcLuFkoUEeivWXWcJCvF0ZJ\nBbH+ER9qLZYnrToP/MkYqgW7CiixpM7aqgQjEybhuTcnUwoMPmiKIHaUKvH68S7a\n/OK8HRWxDx1rcQF3AgMBAAGjggN/MIIDezAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM\n2WVkYqISuFlyOzAdBgNVHQ4EFgQUWZmCPWpb+pG9UpbdZqJi6rCCw+AwgbUGA1Ud\nEQSBrTCBqoIOKi5mYWNlYm9vay5jb22CDiouZmFjZWJvb2submV0ggsqLmZiY2Ru\nLm5ldIILKi5mYnNieC5jb22CECoubS5mYWNlYm9vay5jb22CDyoubWVzc2VuZ2Vy\nLmNvbYIOKi54eC5mYmNkbi5uZXSCDioueHkuZmJjZG4ubmV0gg4qLnh6LmZiY2Ru\nLm5ldIIMZmFjZWJvb2suY29tgg1tZXNzZW5nZXIuY29tMA4GA1UdDwEB/wQEAwIF\noDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKg\nMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNy\nbDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVy\nLWc2LmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRw\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEF\nBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRw\nOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5j\nZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBBQYKKwYBBAHWeQIEAgSB9gSB\n8wDxAHYAfT7y+I//iFVoJMLAyp5SiXkrxQ54CX8uapdomX4i8NcAAAF36FBaoQAA\nBAMARzBFAiEAjkRauMVd+dEjH4qezoNItw07HLxaPohL3a7G9uQmJ2YCIHbqtfE0\n/6jRdR5dmyRGPAwyWW+nqbmJsu0Hv3f28TDBAHcAXNxDkv7mq0VEsV6a1FbmEDf7\n1fpH3KFzlLJe5vbHDsoAAAF36FBahAAABAMASDBGAiEApB881hy/1NVfhBKwtgVX\nwTdheSWMDHIEmIsXwz8gYz8CIQCA9SqPzDUNPPSTsFs5rUZq++SzGAYwpnl56Gnc\nA/cP+zANBgkqhkiG9w0BAQsFAAOCAQEASsQswUG0l4h8Zy3OVYPF0XeI/lP4vl+Q\n0Vu8Jqx+PWcPDs9y/7zqPpPSl9PlXAKEl/OZDIPf3DCj2W23HiC1H2W5wKEBfqxk\nEA81OeeuBzNMxOw7985VqRSUnFPUGGv3qUvTweO7iLAxtTaZ/Awc916P9s0P6BGq\nV6POMQQCc1UYlnAs/vjvCsO3DDrIHTRqST0uT1VGtA+UoEX/HCqZZgopTl9vzyLd\nLcGnPwcFP1Nn8G6vm6u67PEdh/d+RdkTn8GMpmT3nuhzlq9NV/2izQGv6zdUkK13\nQlLgVzVDLWAitv7HQWt1Iz8mdDN0t9IQnlKbo2C70poqmul4ro9w1Q==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "4Hq3j3WByorGYC+qXi6YYkBUieI=", + "fingerprint_sha256": "VS4OSpE4J48ou5ObboipyehX8HDI2ZH2ZLvjAOJ7kus=", + "hpkp_pin": "UxuCIvQww3Rsz2OzOhPM3xYZAcoDLQv9RXUcMnVmia4=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2021-05-28T23:59:59", + "not_valid_before": "2021-02-28T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28473858408853906773402216360995925781617767330977939520466434009380130919390580590582290551434916813384029967352494894085311408081847460311220591914562764385316961136573195010137304013063156212688673716209427740264146494369765815825194759258496995753693375018206497630330513864712664867572428689281756201184695514925292509089427929119888086881420422091422236337345561195136408140706914218380522994034423045043721803658728490081861600451877040382974416037730388144551581662571626319226549237499073680740608469020479225044719080327404029064158347134928481598445436434672186287437877621263423576228218815161837284295031 + }, + "serial_number": 14107019227910214684751253980605699725, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Menlo Park", + "value": "Menlo Park" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Facebook\\, Inc.", + "value": "Facebook, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.facebook.com", + "value": "*.facebook.com" + } + ], + "rfc4514_string": "CN=*.facebook.com,O=Facebook\\, Inc.,L=Menlo Park,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.facebook.com", + "*.facebook.net", + "*.fbcdn.net", + "*.fbsbx.com", + "*.m.facebook.com", + "*.messenger.com", + "*.xx.fbcdn.net", + "*.xy.fbcdn.net", + "*.xz.fbcdn.net", + "facebook.com", + "messenger.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\nYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\nKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\nitrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\nsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\nbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\nMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\ndC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\nL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\nBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\nUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\naQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\naOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\nE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\nxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\ncPUeybQ=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "oDHEZ4Lm5sZiwsh8dtqapizKvY4=", + "fingerprint_sha256": "GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=", + "hpkp_pin": "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2028-10-22T12:00:00", + "not_valid_before": "2013-10-22T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 23085922014910748503624791917480115148492919026914207610707020942093828159221184419960399297678177590153378092714640886296044490661625022319263060388275515964365478738040978664516396912933675650257207760237777280773935047177225664304566903694731631728916260237117586511459590661362255543750987738241463266555577715629664656907640120826399947323444556799362651693283202076722872218490347588587929811327918605576169523712767591239193274840826201053308722900104999956283622772648025895714833602740679819670062830777938157004975732087864164660384513848296643542134747514357423990884765641067184766081973460304136714018531 + }, + "serial_number": 6489877074546166222510380951761917343, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\nRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm\n+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW\nPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM\nxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB\nIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3\nhzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg\nEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\nMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA\nFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec\nnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z\neM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF\nhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\nYzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe\nvEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n+OkuE6N36B9K\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "X7fuBjPiWdutDEya5tOPGmHH3CU=", + "fingerprint_sha256": "dDHl9MPBzkaQd08LYeBUQIg7qaAe0Aumq9eAbtOxGM8=", + "hpkp_pin": "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 25096222514443076901272460785174517607620538894364887395200690111394566020592736673662921945840817328364413674741800760450235583027021531642816683159576973866853280121844679977899567994751333258123861457007523791425003154230648819528564116339145266255263939030158519839380078368713888028673211448476392899923583233481355650312351351674302573096563616905459255557919180852201759360299861601875234807995701275332739967359933679872406573487332354516530701356470999683428220594248446682388824996574482294270079277019729636834333736001968484903342759579838975239653144282134955700899224002867238843313167887950361608604619 + }, + "serial_number": 3553400076410547919724730734378100087, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": [ + { + "dotted_string": "1.2.276.0.44.1.1.1.4", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.392.200091.100.721.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.40.0.17.1.22", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.616.1.113527.2.5.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.159.1.17.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.13177.10.1.3.10", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14370.1.6", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14777.6.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14777.6.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.14.2.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.14.2.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.8.12.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.8.12.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.22234.2.5.2.3.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.23223.1.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.29836.1.10", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.3", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.4", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.36305.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.40869.1.1.22.3", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.4146.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.4788.2.202.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.6334.1.100.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.6449.1.2.1.5.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.782.1.2.1.8.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.7879.13.24.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.8024.0.2.100.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.156.112554.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.528.1.1003.1.2.7", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.578.1.26.1.3.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.756.1.83.21.0", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.756.1.89.1.2.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.792.3.0.3.1.1.5", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.792.3.0.4.1.1.4", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.113733.1.7.23.6", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.113733.1.7.48.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114028.10.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114171.500.9", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114404.1.1.2.4.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114412.2.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114413.1.7.23.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114414.1.7.23.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114414.1.7.24.3", + "name": "Unknown OID" + } + ], + "name": "Mozilla", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/mozilla_nss.pem", + "version": "2021-03-28" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIG5DCCBcygAwIBAgIQCpzpv1RgHGRmC/wT+QnWjTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMTAyMjgwMDAwMDBaFw0yMTA1MjgyMzU5NTla\nMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpN\nZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5m\nYWNlYm9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhjnCl\nHkblODwgmhRKSY/lzhEgdMtKHYMU/5KCw+HBlVCpi6puAEkREed9ujX9QHagNoJx\nJFd5zVDD+sr6QFqzhtQsz+2WNaUekkm0rQ8e7GtHGbNX4EjOdwXsOLDH5n/qga7Y\n2oAeINgWY42cqbqmcDHe5+ZGVcLT1L3nAzwQa5VqLbK3kupdymFARHAhpehriy+h\nY+xomSDoZYZnSEy9kW1G6fBDdfzZ7h/qYYYgxMBtAgcLuFkoUEeivWXWcJCvF0ZJ\nBbH+ER9qLZYnrToP/MkYqgW7CiixpM7aqgQjEybhuTcnUwoMPmiKIHaUKvH68S7a\n/OK8HRWxDx1rcQF3AgMBAAGjggN/MIIDezAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM\n2WVkYqISuFlyOzAdBgNVHQ4EFgQUWZmCPWpb+pG9UpbdZqJi6rCCw+AwgbUGA1Ud\nEQSBrTCBqoIOKi5mYWNlYm9vay5jb22CDiouZmFjZWJvb2submV0ggsqLmZiY2Ru\nLm5ldIILKi5mYnNieC5jb22CECoubS5mYWNlYm9vay5jb22CDyoubWVzc2VuZ2Vy\nLmNvbYIOKi54eC5mYmNkbi5uZXSCDioueHkuZmJjZG4ubmV0gg4qLnh6LmZiY2Ru\nLm5ldIIMZmFjZWJvb2suY29tgg1tZXNzZW5nZXIuY29tMA4GA1UdDwEB/wQEAwIF\noDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKg\nMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNy\nbDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVy\nLWc2LmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRw\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEF\nBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRw\nOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5j\nZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBBQYKKwYBBAHWeQIEAgSB9gSB\n8wDxAHYAfT7y+I//iFVoJMLAyp5SiXkrxQ54CX8uapdomX4i8NcAAAF36FBaoQAA\nBAMARzBFAiEAjkRauMVd+dEjH4qezoNItw07HLxaPohL3a7G9uQmJ2YCIHbqtfE0\n/6jRdR5dmyRGPAwyWW+nqbmJsu0Hv3f28TDBAHcAXNxDkv7mq0VEsV6a1FbmEDf7\n1fpH3KFzlLJe5vbHDsoAAAF36FBahAAABAMASDBGAiEApB881hy/1NVfhBKwtgVX\nwTdheSWMDHIEmIsXwz8gYz8CIQCA9SqPzDUNPPSTsFs5rUZq++SzGAYwpnl56Gnc\nA/cP+zANBgkqhkiG9w0BAQsFAAOCAQEASsQswUG0l4h8Zy3OVYPF0XeI/lP4vl+Q\n0Vu8Jqx+PWcPDs9y/7zqPpPSl9PlXAKEl/OZDIPf3DCj2W23HiC1H2W5wKEBfqxk\nEA81OeeuBzNMxOw7985VqRSUnFPUGGv3qUvTweO7iLAxtTaZ/Awc916P9s0P6BGq\nV6POMQQCc1UYlnAs/vjvCsO3DDrIHTRqST0uT1VGtA+UoEX/HCqZZgopTl9vzyLd\nLcGnPwcFP1Nn8G6vm6u67PEdh/d+RdkTn8GMpmT3nuhzlq9NV/2izQGv6zdUkK13\nQlLgVzVDLWAitv7HQWt1Iz8mdDN0t9IQnlKbo2C70poqmul4ro9w1Q==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "4Hq3j3WByorGYC+qXi6YYkBUieI=", + "fingerprint_sha256": "VS4OSpE4J48ou5ObboipyehX8HDI2ZH2ZLvjAOJ7kus=", + "hpkp_pin": "UxuCIvQww3Rsz2OzOhPM3xYZAcoDLQv9RXUcMnVmia4=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2021-05-28T23:59:59", + "not_valid_before": "2021-02-28T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28473858408853906773402216360995925781617767330977939520466434009380130919390580590582290551434916813384029967352494894085311408081847460311220591914562764385316961136573195010137304013063156212688673716209427740264146494369765815825194759258496995753693375018206497630330513864712664867572428689281756201184695514925292509089427929119888086881420422091422236337345561195136408140706914218380522994034423045043721803658728490081861600451877040382974416037730388144551581662571626319226549237499073680740608469020479225044719080327404029064158347134928481598445436434672186287437877621263423576228218815161837284295031 + }, + "serial_number": 14107019227910214684751253980605699725, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Menlo Park", + "value": "Menlo Park" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Facebook\\, Inc.", + "value": "Facebook, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.facebook.com", + "value": "*.facebook.com" + } + ], + "rfc4514_string": "CN=*.facebook.com,O=Facebook\\, Inc.,L=Menlo Park,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.facebook.com", + "*.facebook.net", + "*.fbcdn.net", + "*.fbsbx.com", + "*.m.facebook.com", + "*.messenger.com", + "*.xx.fbcdn.net", + "*.xy.fbcdn.net", + "*.xz.fbcdn.net", + "facebook.com", + "messenger.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\nYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\nKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\nitrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\nsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\nbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\nMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\ndC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\nL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\nBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\nUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\naQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\naOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\nE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\nxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\ncPUeybQ=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "oDHEZ4Lm5sZiwsh8dtqapizKvY4=", + "fingerprint_sha256": "GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=", + "hpkp_pin": "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2028-10-22T12:00:00", + "not_valid_before": "2013-10-22T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 23085922014910748503624791917480115148492919026914207610707020942093828159221184419960399297678177590153378092714640886296044490661625022319263060388275515964365478738040978664516396912933675650257207760237777280773935047177225664304566903694731631728916260237117586511459590661362255543750987738241463266555577715629664656907640120826399947323444556799362651693283202076722872218490347588587929811327918605576169523712767591239193274840826201053308722900104999956283622772648025895714833602740679819670062830777938157004975732087864164660384513848296643542134747514357423990884765641067184766081973460304136714018531 + }, + "serial_number": 6489877074546166222510380951761917343, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\nRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm\n+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW\nPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM\nxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB\nIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3\nhzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg\nEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\nMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA\nFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec\nnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z\neM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF\nhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\nYzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe\nvEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n+OkuE6N36B9K\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "X7fuBjPiWdutDEya5tOPGmHH3CU=", + "fingerprint_sha256": "dDHl9MPBzkaQd08LYeBUQIg7qaAe0Aumq9eAbtOxGM8=", + "hpkp_pin": "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 25096222514443076901272460785174517607620538894364887395200690111394566020592736673662921945840817328364413674741800760450235583027021531642816683159576973866853280121844679977899567994751333258123861457007523791425003154230648819528564116339145266255263939030158519839380078368713888028673211448476392899923583233481355650312351351674302573096563616905459255557919180852201759360299861601875234807995701275332739967359933679872406573487332354516530701356470999683428220594248446682388824996574482294270079277019729636834333736001968484903342759579838975239653144282134955700899224002867238843313167887950361608604619 + }, + "serial_number": 3553400076410547919724730734378100087, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Windows", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/microsoft_windows.pem", + "version": "2021-03-28" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIG5DCCBcygAwIBAgIQCpzpv1RgHGRmC/wT+QnWjTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMTAyMjgwMDAwMDBaFw0yMTA1MjgyMzU5NTla\nMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpN\nZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5m\nYWNlYm9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhjnCl\nHkblODwgmhRKSY/lzhEgdMtKHYMU/5KCw+HBlVCpi6puAEkREed9ujX9QHagNoJx\nJFd5zVDD+sr6QFqzhtQsz+2WNaUekkm0rQ8e7GtHGbNX4EjOdwXsOLDH5n/qga7Y\n2oAeINgWY42cqbqmcDHe5+ZGVcLT1L3nAzwQa5VqLbK3kupdymFARHAhpehriy+h\nY+xomSDoZYZnSEy9kW1G6fBDdfzZ7h/qYYYgxMBtAgcLuFkoUEeivWXWcJCvF0ZJ\nBbH+ER9qLZYnrToP/MkYqgW7CiixpM7aqgQjEybhuTcnUwoMPmiKIHaUKvH68S7a\n/OK8HRWxDx1rcQF3AgMBAAGjggN/MIIDezAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM\n2WVkYqISuFlyOzAdBgNVHQ4EFgQUWZmCPWpb+pG9UpbdZqJi6rCCw+AwgbUGA1Ud\nEQSBrTCBqoIOKi5mYWNlYm9vay5jb22CDiouZmFjZWJvb2submV0ggsqLmZiY2Ru\nLm5ldIILKi5mYnNieC5jb22CECoubS5mYWNlYm9vay5jb22CDyoubWVzc2VuZ2Vy\nLmNvbYIOKi54eC5mYmNkbi5uZXSCDioueHkuZmJjZG4ubmV0gg4qLnh6LmZiY2Ru\nLm5ldIIMZmFjZWJvb2suY29tgg1tZXNzZW5nZXIuY29tMA4GA1UdDwEB/wQEAwIF\noDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKg\nMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNy\nbDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVy\nLWc2LmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRw\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEF\nBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRw\nOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5j\nZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBBQYKKwYBBAHWeQIEAgSB9gSB\n8wDxAHYAfT7y+I//iFVoJMLAyp5SiXkrxQ54CX8uapdomX4i8NcAAAF36FBaoQAA\nBAMARzBFAiEAjkRauMVd+dEjH4qezoNItw07HLxaPohL3a7G9uQmJ2YCIHbqtfE0\n/6jRdR5dmyRGPAwyWW+nqbmJsu0Hv3f28TDBAHcAXNxDkv7mq0VEsV6a1FbmEDf7\n1fpH3KFzlLJe5vbHDsoAAAF36FBahAAABAMASDBGAiEApB881hy/1NVfhBKwtgVX\nwTdheSWMDHIEmIsXwz8gYz8CIQCA9SqPzDUNPPSTsFs5rUZq++SzGAYwpnl56Gnc\nA/cP+zANBgkqhkiG9w0BAQsFAAOCAQEASsQswUG0l4h8Zy3OVYPF0XeI/lP4vl+Q\n0Vu8Jqx+PWcPDs9y/7zqPpPSl9PlXAKEl/OZDIPf3DCj2W23HiC1H2W5wKEBfqxk\nEA81OeeuBzNMxOw7985VqRSUnFPUGGv3qUvTweO7iLAxtTaZ/Awc916P9s0P6BGq\nV6POMQQCc1UYlnAs/vjvCsO3DDrIHTRqST0uT1VGtA+UoEX/HCqZZgopTl9vzyLd\nLcGnPwcFP1Nn8G6vm6u67PEdh/d+RdkTn8GMpmT3nuhzlq9NV/2izQGv6zdUkK13\nQlLgVzVDLWAitv7HQWt1Iz8mdDN0t9IQnlKbo2C70poqmul4ro9w1Q==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "4Hq3j3WByorGYC+qXi6YYkBUieI=", + "fingerprint_sha256": "VS4OSpE4J48ou5ObboipyehX8HDI2ZH2ZLvjAOJ7kus=", + "hpkp_pin": "UxuCIvQww3Rsz2OzOhPM3xYZAcoDLQv9RXUcMnVmia4=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2021-05-28T23:59:59", + "not_valid_before": "2021-02-28T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28473858408853906773402216360995925781617767330977939520466434009380130919390580590582290551434916813384029967352494894085311408081847460311220591914562764385316961136573195010137304013063156212688673716209427740264146494369765815825194759258496995753693375018206497630330513864712664867572428689281756201184695514925292509089427929119888086881420422091422236337345561195136408140706914218380522994034423045043721803658728490081861600451877040382974416037730388144551581662571626319226549237499073680740608469020479225044719080327404029064158347134928481598445436434672186287437877621263423576228218815161837284295031 + }, + "serial_number": 14107019227910214684751253980605699725, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Menlo Park", + "value": "Menlo Park" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Facebook\\, Inc.", + "value": "Facebook, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.facebook.com", + "value": "*.facebook.com" + } + ], + "rfc4514_string": "CN=*.facebook.com,O=Facebook\\, Inc.,L=Menlo Park,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.facebook.com", + "*.facebook.net", + "*.fbcdn.net", + "*.fbsbx.com", + "*.m.facebook.com", + "*.messenger.com", + "*.xx.fbcdn.net", + "*.xy.fbcdn.net", + "*.xz.fbcdn.net", + "facebook.com", + "messenger.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\nYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\nKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\nitrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\nsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\nbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\nMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\ndC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\nL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\nBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\nUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\naQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\naOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\nE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\nxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\ncPUeybQ=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "oDHEZ4Lm5sZiwsh8dtqapizKvY4=", + "fingerprint_sha256": "GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=", + "hpkp_pin": "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2028-10-22T12:00:00", + "not_valid_before": "2013-10-22T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 23085922014910748503624791917480115148492919026914207610707020942093828159221184419960399297678177590153378092714640886296044490661625022319263060388275515964365478738040978664516396912933675650257207760237777280773935047177225664304566903694731631728916260237117586511459590661362255543750987738241463266555577715629664656907640120826399947323444556799362651693283202076722872218490347588587929811327918605576169523712767591239193274840826201053308722900104999956283622772648025895714833602740679819670062830777938157004975732087864164660384513848296643542134747514357423990884765641067184766081973460304136714018531 + }, + "serial_number": 6489877074546166222510380951761917343, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\nRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm\n+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW\nPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM\nxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB\nIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3\nhzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg\nEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\nMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA\nFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec\nnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z\neM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF\nhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\nYzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe\nvEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n+OkuE6N36B9K\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "X7fuBjPiWdutDEya5tOPGmHH3CU=", + "fingerprint_sha256": "dDHl9MPBzkaQd08LYeBUQIg7qaAe0Aumq9eAbtOxGM8=", + "hpkp_pin": "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 25096222514443076901272460785174517607620538894364887395200690111394566020592736673662921945840817328364413674741800760450235583027021531642816683159576973866853280121844679977899567994751333258123861457007523791425003154230648819528564116339145266255263939030158519839380078368713888028673211448476392899923583233481355650312351351674302573096563616905459255557919180852201759360299861601875234807995701275332739967359933679872406573487332354516530701356470999683428220594248446682388824996574482294270079277019729636834333736001968484903342759579838975239653144282134955700899224002867238843313167887950361608604619 + }, + "serial_number": 3553400076410547919724730734378100087, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + } + ], + "received_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIG5DCCBcygAwIBAgIQCpzpv1RgHGRmC/wT+QnWjTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMTAyMjgwMDAwMDBaFw0yMTA1MjgyMzU5NTla\nMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpN\nZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5m\nYWNlYm9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhjnCl\nHkblODwgmhRKSY/lzhEgdMtKHYMU/5KCw+HBlVCpi6puAEkREed9ujX9QHagNoJx\nJFd5zVDD+sr6QFqzhtQsz+2WNaUekkm0rQ8e7GtHGbNX4EjOdwXsOLDH5n/qga7Y\n2oAeINgWY42cqbqmcDHe5+ZGVcLT1L3nAzwQa5VqLbK3kupdymFARHAhpehriy+h\nY+xomSDoZYZnSEy9kW1G6fBDdfzZ7h/qYYYgxMBtAgcLuFkoUEeivWXWcJCvF0ZJ\nBbH+ER9qLZYnrToP/MkYqgW7CiixpM7aqgQjEybhuTcnUwoMPmiKIHaUKvH68S7a\n/OK8HRWxDx1rcQF3AgMBAAGjggN/MIIDezAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM\n2WVkYqISuFlyOzAdBgNVHQ4EFgQUWZmCPWpb+pG9UpbdZqJi6rCCw+AwgbUGA1Ud\nEQSBrTCBqoIOKi5mYWNlYm9vay5jb22CDiouZmFjZWJvb2submV0ggsqLmZiY2Ru\nLm5ldIILKi5mYnNieC5jb22CECoubS5mYWNlYm9vay5jb22CDyoubWVzc2VuZ2Vy\nLmNvbYIOKi54eC5mYmNkbi5uZXSCDioueHkuZmJjZG4ubmV0gg4qLnh6LmZiY2Ru\nLm5ldIIMZmFjZWJvb2suY29tgg1tZXNzZW5nZXIuY29tMA4GA1UdDwEB/wQEAwIF\noDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKg\nMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNy\nbDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVy\nLWc2LmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRw\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEF\nBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRw\nOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5j\nZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBBQYKKwYBBAHWeQIEAgSB9gSB\n8wDxAHYAfT7y+I//iFVoJMLAyp5SiXkrxQ54CX8uapdomX4i8NcAAAF36FBaoQAA\nBAMARzBFAiEAjkRauMVd+dEjH4qezoNItw07HLxaPohL3a7G9uQmJ2YCIHbqtfE0\n/6jRdR5dmyRGPAwyWW+nqbmJsu0Hv3f28TDBAHcAXNxDkv7mq0VEsV6a1FbmEDf7\n1fpH3KFzlLJe5vbHDsoAAAF36FBahAAABAMASDBGAiEApB881hy/1NVfhBKwtgVX\nwTdheSWMDHIEmIsXwz8gYz8CIQCA9SqPzDUNPPSTsFs5rUZq++SzGAYwpnl56Gnc\nA/cP+zANBgkqhkiG9w0BAQsFAAOCAQEASsQswUG0l4h8Zy3OVYPF0XeI/lP4vl+Q\n0Vu8Jqx+PWcPDs9y/7zqPpPSl9PlXAKEl/OZDIPf3DCj2W23HiC1H2W5wKEBfqxk\nEA81OeeuBzNMxOw7985VqRSUnFPUGGv3qUvTweO7iLAxtTaZ/Awc916P9s0P6BGq\nV6POMQQCc1UYlnAs/vjvCsO3DDrIHTRqST0uT1VGtA+UoEX/HCqZZgopTl9vzyLd\nLcGnPwcFP1Nn8G6vm6u67PEdh/d+RdkTn8GMpmT3nuhzlq9NV/2izQGv6zdUkK13\nQlLgVzVDLWAitv7HQWt1Iz8mdDN0t9IQnlKbo2C70poqmul4ro9w1Q==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "4Hq3j3WByorGYC+qXi6YYkBUieI=", + "fingerprint_sha256": "VS4OSpE4J48ou5ObboipyehX8HDI2ZH2ZLvjAOJ7kus=", + "hpkp_pin": "UxuCIvQww3Rsz2OzOhPM3xYZAcoDLQv9RXUcMnVmia4=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2021-05-28T23:59:59", + "not_valid_before": "2021-02-28T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28473858408853906773402216360995925781617767330977939520466434009380130919390580590582290551434916813384029967352494894085311408081847460311220591914562764385316961136573195010137304013063156212688673716209427740264146494369765815825194759258496995753693375018206497630330513864712664867572428689281756201184695514925292509089427929119888086881420422091422236337345561195136408140706914218380522994034423045043721803658728490081861600451877040382974416037730388144551581662571626319226549237499073680740608469020479225044719080327404029064158347134928481598445436434672186287437877621263423576228218815161837284295031 + }, + "serial_number": 14107019227910214684751253980605699725, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Menlo Park", + "value": "Menlo Park" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Facebook\\, Inc.", + "value": "Facebook, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.facebook.com", + "value": "*.facebook.com" + } + ], + "rfc4514_string": "CN=*.facebook.com,O=Facebook\\, Inc.,L=Menlo Park,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.facebook.com", + "*.facebook.net", + "*.fbcdn.net", + "*.fbsbx.com", + "*.m.facebook.com", + "*.messenger.com", + "*.xx.fbcdn.net", + "*.xy.fbcdn.net", + "*.xz.fbcdn.net", + "facebook.com", + "messenger.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\nYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\nKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\nitrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\nsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\nbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\nMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\ndC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\nL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\nBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\nUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\naQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\naOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\nE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\nxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\ncPUeybQ=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "oDHEZ4Lm5sZiwsh8dtqapizKvY4=", + "fingerprint_sha256": "GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=", + "hpkp_pin": "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2028-10-22T12:00:00", + "not_valid_before": "2013-10-22T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 23085922014910748503624791917480115148492919026914207610707020942093828159221184419960399297678177590153378092714640886296044490661625022319263060388275515964365478738040978664516396912933675650257207760237777280773935047177225664304566903694731631728916260237117586511459590661362255543750987738241463266555577715629664656907640120826399947323444556799362651693283202076722872218490347588587929811327918605576169523712767591239193274840826201053308722900104999956283622772648025895714833602740679819670062830777938157004975732087864164660384513848296643542134747514357423990884765641067184766081973460304136714018531 + }, + "serial_number": 6489877074546166222510380951761917343, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "received_chain_contains_anchor_certificate": false, + "received_chain_has_valid_order": true, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIG5DCCBcygAwIBAgIQCpzpv1RgHGRmC/wT+QnWjTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMTAyMjgwMDAwMDBaFw0yMTA1MjgyMzU5NTla\nMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpN\nZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5m\nYWNlYm9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhjnCl\nHkblODwgmhRKSY/lzhEgdMtKHYMU/5KCw+HBlVCpi6puAEkREed9ujX9QHagNoJx\nJFd5zVDD+sr6QFqzhtQsz+2WNaUekkm0rQ8e7GtHGbNX4EjOdwXsOLDH5n/qga7Y\n2oAeINgWY42cqbqmcDHe5+ZGVcLT1L3nAzwQa5VqLbK3kupdymFARHAhpehriy+h\nY+xomSDoZYZnSEy9kW1G6fBDdfzZ7h/qYYYgxMBtAgcLuFkoUEeivWXWcJCvF0ZJ\nBbH+ER9qLZYnrToP/MkYqgW7CiixpM7aqgQjEybhuTcnUwoMPmiKIHaUKvH68S7a\n/OK8HRWxDx1rcQF3AgMBAAGjggN/MIIDezAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM\n2WVkYqISuFlyOzAdBgNVHQ4EFgQUWZmCPWpb+pG9UpbdZqJi6rCCw+AwgbUGA1Ud\nEQSBrTCBqoIOKi5mYWNlYm9vay5jb22CDiouZmFjZWJvb2submV0ggsqLmZiY2Ru\nLm5ldIILKi5mYnNieC5jb22CECoubS5mYWNlYm9vay5jb22CDyoubWVzc2VuZ2Vy\nLmNvbYIOKi54eC5mYmNkbi5uZXSCDioueHkuZmJjZG4ubmV0gg4qLnh6LmZiY2Ru\nLm5ldIIMZmFjZWJvb2suY29tgg1tZXNzZW5nZXIuY29tMA4GA1UdDwEB/wQEAwIF\noDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKg\nMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNy\nbDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVy\nLWc2LmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRw\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEF\nBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRw\nOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5j\nZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBBQYKKwYBBAHWeQIEAgSB9gSB\n8wDxAHYAfT7y+I//iFVoJMLAyp5SiXkrxQ54CX8uapdomX4i8NcAAAF36FBaoQAA\nBAMARzBFAiEAjkRauMVd+dEjH4qezoNItw07HLxaPohL3a7G9uQmJ2YCIHbqtfE0\n/6jRdR5dmyRGPAwyWW+nqbmJsu0Hv3f28TDBAHcAXNxDkv7mq0VEsV6a1FbmEDf7\n1fpH3KFzlLJe5vbHDsoAAAF36FBahAAABAMASDBGAiEApB881hy/1NVfhBKwtgVX\nwTdheSWMDHIEmIsXwz8gYz8CIQCA9SqPzDUNPPSTsFs5rUZq++SzGAYwpnl56Gnc\nA/cP+zANBgkqhkiG9w0BAQsFAAOCAQEASsQswUG0l4h8Zy3OVYPF0XeI/lP4vl+Q\n0Vu8Jqx+PWcPDs9y/7zqPpPSl9PlXAKEl/OZDIPf3DCj2W23HiC1H2W5wKEBfqxk\nEA81OeeuBzNMxOw7985VqRSUnFPUGGv3qUvTweO7iLAxtTaZ/Awc916P9s0P6BGq\nV6POMQQCc1UYlnAs/vjvCsO3DDrIHTRqST0uT1VGtA+UoEX/HCqZZgopTl9vzyLd\nLcGnPwcFP1Nn8G6vm6u67PEdh/d+RdkTn8GMpmT3nuhzlq9NV/2izQGv6zdUkK13\nQlLgVzVDLWAitv7HQWt1Iz8mdDN0t9IQnlKbo2C70poqmul4ro9w1Q==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "4Hq3j3WByorGYC+qXi6YYkBUieI=", + "fingerprint_sha256": "VS4OSpE4J48ou5ObboipyehX8HDI2ZH2ZLvjAOJ7kus=", + "hpkp_pin": "UxuCIvQww3Rsz2OzOhPM3xYZAcoDLQv9RXUcMnVmia4=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2021-05-28T23:59:59", + "not_valid_before": "2021-02-28T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28473858408853906773402216360995925781617767330977939520466434009380130919390580590582290551434916813384029967352494894085311408081847460311220591914562764385316961136573195010137304013063156212688673716209427740264146494369765815825194759258496995753693375018206497630330513864712664867572428689281756201184695514925292509089427929119888086881420422091422236337345561195136408140706914218380522994034423045043721803658728490081861600451877040382974416037730388144551581662571626319226549237499073680740608469020479225044719080327404029064158347134928481598445436434672186287437877621263423576228218815161837284295031 + }, + "serial_number": 14107019227910214684751253980605699725, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Menlo Park", + "value": "Menlo Park" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Facebook\\, Inc.", + "value": "Facebook, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.facebook.com", + "value": "*.facebook.com" + } + ], + "rfc4514_string": "CN=*.facebook.com,O=Facebook\\, Inc.,L=Menlo Park,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.facebook.com", + "*.facebook.net", + "*.fbcdn.net", + "*.fbsbx.com", + "*.m.facebook.com", + "*.messenger.com", + "*.xx.fbcdn.net", + "*.xy.fbcdn.net", + "*.xz.fbcdn.net", + "facebook.com", + "messenger.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\nYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\nKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\nitrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\nsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\nbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\nMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\ndC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\nL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\nBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\nUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\naQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\naOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\nE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\nxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\ncPUeybQ=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "oDHEZ4Lm5sZiwsh8dtqapizKvY4=", + "fingerprint_sha256": "GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=", + "hpkp_pin": "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2028-10-22T12:00:00", + "not_valid_before": "2013-10-22T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 23085922014910748503624791917480115148492919026914207610707020942093828159221184419960399297678177590153378092714640886296044490661625022319263060388275515964365478738040978664516396912933675650257207760237777280773935047177225664304566903694731631728916260237117586511459590661362255543750987738241463266555577715629664656907640120826399947323444556799362651693283202076722872218490347588587929811327918605576169523712767591239193274840826201053308722900104999956283622772648025895714833602740679819670062830777938157004975732087864164660384513848296643542134747514357423990884765641067184766081973460304136714018531 + }, + "serial_number": 6489877074546166222510380951761917343, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA", + "value": "DigiCert SHA2 High Assurance Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\nRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm\n+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW\nPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM\nxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB\nIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3\nhzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg\nEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\nMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA\nFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec\nnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z\neM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF\nhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\nYzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe\nvEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n+OkuE6N36B9K\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "X7fuBjPiWdutDEya5tOPGmHH3CU=", + "fingerprint_sha256": "dDHl9MPBzkaQd08LYeBUQIg7qaAe0Aumq9eAbtOxGM8=", + "hpkp_pin": "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 25096222514443076901272460785174517607620538894364887395200690111394566020592736673662921945840817328364413674741800760450235583027021531642816683159576973866853280121844679977899567994751333258123861457007523791425003154230648819528564116339145266255263939030158519839380078368713888028673211448476392899923583233481355650312351351674302573096563616905459255557919180852201759360299861601875234807995701275332739967359933679872406573487332354516530701356470999683428220594248446682388824996574482294270079277019729636834333736001968484903342759579838975239653144282134955700899224002867238843313167887950361608604619 + }, + "serial_number": 3553400076410547919724730734378100087, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA", + "value": "DigiCert High Assurance EV Root CA" + } + ], + "rfc4514_string": "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "verified_chain_has_legacy_symantec_anchor": false, + "verified_chain_has_sha1_signature": false + } + ], + "hostname_used_for_server_name_indication": "www.facebook.com" + }, + "elliptic_curves": { + "rejected_curves": [ + { + "name": "X448", + "openssl_nid": 1035 + }, + { + "name": "prime192v1", + "openssl_nid": 409 + }, + { + "name": "secp160k1", + "openssl_nid": 708 + }, + { + "name": "secp160r1", + "openssl_nid": 709 + }, + { + "name": "secp160r2", + "openssl_nid": 710 + }, + { + "name": "secp192k1", + "openssl_nid": 711 + }, + { + "name": "secp224k1", + "openssl_nid": 712 + }, + { + "name": "secp224r1", + "openssl_nid": 713 + }, + { + "name": "secp256k1", + "openssl_nid": 714 + }, + { + "name": "secp384r1", + "openssl_nid": 715 + }, + { + "name": "secp521r1", + "openssl_nid": 716 + }, + { + "name": "sect163k1", + "openssl_nid": 721 + }, + { + "name": "sect163r1", + "openssl_nid": 722 + }, + { + "name": "sect163r2", + "openssl_nid": 723 + }, + { + "name": "sect193r1", + "openssl_nid": 724 + }, + { + "name": "sect193r2", + "openssl_nid": 725 + }, + { + "name": "sect233k1", + "openssl_nid": 726 + }, + { + "name": "sect233r1", + "openssl_nid": 727 + }, + { + "name": "sect239k1", + "openssl_nid": 728 + }, + { + "name": "sect283k1", + "openssl_nid": 729 + }, + { + "name": "sect283r1", + "openssl_nid": 730 + }, + { + "name": "sect409k1", + "openssl_nid": 731 + }, + { + "name": "sect409r1", + "openssl_nid": 732 + }, + { + "name": "sect571k1", + "openssl_nid": 733 + }, + { + "name": "sect571r1", + "openssl_nid": 734 + } + ], + "supported_curves": [ + { + "name": "X25519", + "openssl_nid": 1034 + }, + { + "name": "prime256v1", + "openssl_nid": 415 + } + ], + "supports_ecdh_key_exchange": true + }, + "heartbleed": { + "is_vulnerable_to_heartbleed": false + }, + "http_headers": null, + "openssl_ccs_injection": { + "is_vulnerable_to_ccs_injection": false + }, + "robot": { + "robot_result": "NOT_VULNERABLE_NO_ORACLE" + }, + "session_renegotiation": { + "is_vulnerable_to_client_renegotiation_dos": false, + "supports_secure_renegotiation": true + }, + "session_resumption": { + "session_id_attempted_resumptions_count": 5, + "session_id_resumption_result": "FULLY_SUPPORTED", + "session_id_successful_resumptions_count": 5, + "tls_ticket_attempted_resumptions_count": 5, + "tls_ticket_resumption_result": "FULLY_SUPPORTED", + "tls_ticket_successful_resumptions_count": 5 + }, + "ssl_2_0_cipher_suites": { + "accepted_cipher_suites": [], + "is_tls_protocol_version_supported": false, + "rejected_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_RC4_128_WITH_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "SSL_CK_RC4_128_EXPORT40_WITH_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_RC2_128_CBC_WITH_MD5", + "openssl_name": "RC2-CBC-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_IDEA_128_CBC_WITH_MD5", + "openssl_name": "IDEA-CBC-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "SSL_CK_DES_64_CBC_WITH_MD5", + "openssl_name": "DES-CBC-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "SSL_CK_DES_192_EDE3_CBC_WITH_MD5", + "openssl_name": "DES-CBC3-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + } + ], + "tls_version_used": 1 + }, + "ssl_3_0_cipher_suites": { + "accepted_cipher_suites": [], + "is_tls_protocol_version_supported": false, + "rejected_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": 2 + }, + "tls_1_0_cipher_suites": { + "accepted_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BOpna3x3hlykfuuEC9hAbPtMQlng99MROEJ5FNy56XTxrgsmEhSzkBSyQhl8ks8gQadx6h+ADN+3S49KzLEGTVo=", + "size": 256, + "type_name": "ECDH", + "x": "6mdrfHeGXKR+64QL2EBs+0xCWeD30xE4QnkU3LnpdPE=", + "y": "rgsmEhSzkBSyQhl8ks8gQadx6h+ADN+3S49KzLEGTVo=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BCHpUgV/bte10QnK4kR1F9y8ccLBiDmq8xlWiCiwiB0AFBfVrtAmiefByEzqI/T7fZXIsKjIlhgGTnXh0q1S1jw=", + "size": 256, + "type_name": "ECDH", + "x": "IelSBX9u17XRCcriRHUX3LxxwsGIOarzGVaIKLCIHQA=", + "y": "FBfVrtAmiefByEzqI/T7fZXIsKjIlhgGTnXh0q1S1jw=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BO6b/7mpW+S5KrbSbFcu1HghMSHTyi68avQTE5ehNNWcgUsujHlyQRywG+zHGxhbniRg6NDDjfGkgJSS9qkQYLc=", + "size": 256, + "type_name": "ECDH", + "x": "7pv/ualb5LkqttJsVy7UeCExIdPKLrxq9BMTl6E01Zw=", + "y": "gUsujHlyQRywG+zHGxhbniRg6NDDjfGkgJSS9qkQYLc=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BCtzzCdWX0AUmFLV31JYllYHSWB7kZb/6SvGULbY7Io9fHMm5xQUcD4a1xM9/oRx8SSY0gQ6se/tf8fHMKms2UA=", + "size": 256, + "type_name": "ECDH", + "x": "K3PMJ1ZfQBSYUtXfUliWVgdJYHuRlv/pK8ZQttjsij0=", + "y": "fHMm5xQUcD4a1xM9/oRx8SSY0gQ6se/tf8fHMKms2UA=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BKsAdpSZtrDzHwaKsjmoV1JLfWAq2IhQRCCCv5n5AAiMP9azp9AgiyefzkI3EG8T3NhDjbyQ/uP82zg2bgZOECc=", + "size": 256, + "type_name": "ECDH", + "x": "qwB2lJm2sPMfBoqyOahXUkt9YCrYiFBEIIK/mfkACIw=", + "y": "P9azp9AgiyefzkI3EG8T3NhDjbyQ/uP82zg2bgZOECc=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BBCxXmR4SuvDRKca2KJu00kMXzlnavZKsD6fI7LXcfgntPKgn4lF+z4CDqPsT423+7b/7zO+dsnE3do9rSnIP9I=", + "size": 256, + "type_name": "ECDH", + "x": "ELFeZHhK68NEpxrYom7TSQxfOWdq9kqwPp8jstdx+Cc=", + "y": "tPKgn4lF+z4CDqPsT423+7b/7zO+dsnE3do9rSnIP9I=" + } + } + ], + "is_tls_protocol_version_supported": true, + "rejected_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": 3 + }, + "tls_1_1_cipher_suites": { + "accepted_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BH3qKq5+9JKZRi63kRD41wzkZNDkWEkmRC6YWKPZ8NKOegllvIHEQCRdt7L23v6e7twkFo/HOrArzuwA70OpI3s=", + "size": 256, + "type_name": "ECDH", + "x": "feoqrn70kplGLreREPjXDORk0ORYSSZELphYo9nw0o4=", + "y": "egllvIHEQCRdt7L23v6e7twkFo/HOrArzuwA70OpI3s=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BOEPnozuoKNlK+QmYhPsKctxPPTUIFJNZxqKjvl2pIy3ryhBzWzkqmM+tIC3CSWV2OMIOwugkRWh7zqlXZiUnWI=", + "size": 256, + "type_name": "ECDH", + "x": "4Q+ejO6go2Ur5CZiE+wpy3E89NQgUk1nGoqO+XakjLc=", + "y": "ryhBzWzkqmM+tIC3CSWV2OMIOwugkRWh7zqlXZiUnWI=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BHCWEq6CsdEPYP8++aLlnofeX+Xqds+f8KOFXAYUrIzVozcyO3lIiNLXnMnN65+MjyNpGli7FPF8vb4+Si+JGjk=", + "size": 256, + "type_name": "ECDH", + "x": "cJYSroKx0Q9g/z75ouWeh95f5ep2z5/wo4VcBhSsjNU=", + "y": "ozcyO3lIiNLXnMnN65+MjyNpGli7FPF8vb4+Si+JGjk=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BLe1z7yvq8aCXzpVjuvBkR1wpunetxVcVBfonJpdw7LLJuJbdnYNL7KcG4agYEBn3LiV/DMl6rlZ/z4LTTvjbVM=", + "size": 256, + "type_name": "ECDH", + "x": "t7XPvK+rxoJfOlWO68GRHXCm6d63FVxUF+icml3Dsss=", + "y": "JuJbdnYNL7KcG4agYEBn3LiV/DMl6rlZ/z4LTTvjbVM=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BHhAvx5zxQ/dny8obIx1JWwBzuCJcVgmf2VfQ4OSh7j5lIfFe6/ZnC3kYZtwXNi0RZnN/ZnQPe4bq/vT2EPw2vs=", + "size": 256, + "type_name": "ECDH", + "x": "eEC/HnPFD92fLyhsjHUlbAHO4IlxWCZ/ZV9Dg5KHuPk=", + "y": "lIfFe6/ZnC3kYZtwXNi0RZnN/ZnQPe4bq/vT2EPw2vs=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BAdIbW+5/8tj/0VIz38etbhyMWkYX7QYgsdG9fm9qNe91k3BPiK3ogR6m2fItizf0JSc/kBlF7HvXjgNYUkwvrU=", + "size": 256, + "type_name": "ECDH", + "x": "B0htb7n/y2P/RUjPfx61uHIxaRhftBiCx0b1+b2o170=", + "y": "1k3BPiK3ogR6m2fItizf0JSc/kBlF7HvXjgNYUkwvrU=" + } + } + ], + "is_tls_protocol_version_supported": true, + "rejected_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": 4 + }, + "tls_1_2_cipher_suites": { + "accepted_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "AES256-GCM-SHA384" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "AES128-GCM-SHA256" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "ECDHE-RSA-CHACHA20-POLY1305" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BHvlw7BYcCmaJMEiKrX6Cbr/ipMSVU422u5aVkAFW1f8o97ToLf9L5C1aKnnliRTQszFTEbBM2eakUylry6TG+o=", + "size": 256, + "type_name": "ECDH", + "x": "e+XDsFhwKZokwSIqtfoJuv+KkxJVTjba7lpWQAVbV/w=", + "y": "o97ToLf9L5C1aKnnliRTQszFTEbBM2eakUylry6TG+o=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDHE-RSA-AES256-GCM-SHA384" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BO7AWFQISmVkltlMPGBSrgPks3WqvD0BQivAHD4q/anv535n1ZA32F/O8TMZyTiTDrv0+3VVDBCzkhQf3Uvm6A4=", + "size": 256, + "type_name": "ECDH", + "x": "7sBYVAhKZWSW2Uw8YFKuA+Szdaq8PQFCK8AcPir9qe8=", + "y": "535n1ZA32F/O8TMZyTiTDrv0+3VVDBCzkhQf3Uvm6A4=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BKdPpoMUlkoKI3yzm7RjlZCCRAcRgH8XUhnF+W911T9xGRnm5KBkBPPLltChND3lyPteo9ERQUaX3DRQnRHvBQE=", + "size": 256, + "type_name": "ECDH", + "x": "p0+mgxSWSgojfLObtGOVkIJEBxGAfxdSGcX5b3XVP3E=", + "y": "GRnm5KBkBPPLltChND3lyPteo9ERQUaX3DRQnRHvBQE=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDHE-RSA-AES128-GCM-SHA256" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BKHbMzrcbhAEha6MqkMzdjolVygaT/XNSHqCZObri1fqBGMfQosW2zOp9NPNFzCzGap2MyhvmxJDmSxBPGD4InA=", + "size": 256, + "type_name": "ECDH", + "x": "odszOtxuEASFroyqQzN2OiVXKBpP9c1IeoJk5uuLV+o=", + "y": "BGMfQosW2zOp9NPNFzCzGap2MyhvmxJDmSxBPGD4InA=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BJ7Cuhr3HWuD32DuPt6w1nlwSpUzc1DVgE3wpia9A3WRdLdVLZ52+EC9be7Zx3FwCSNkA9H1UaEMJZPO9Bbk78Q=", + "size": 256, + "type_name": "ECDH", + "x": "nsK6Gvcda4PfYO4+3rDWeXBKlTNzUNWATfCmJr0DdZE=", + "y": "dLdVLZ52+EC9be7Zx3FwCSNkA9H1UaEMJZPO9Bbk78Q=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BKk1jas28+nPBDJ00snUxyD4rGeoZ3E4omnqDo99Oh2EDzFn65371DNwo3DJy6NrcsuPPw3x2neL+rB3An7PAHc=", + "size": 256, + "type_name": "ECDH", + "x": "qTWNqzbz6c8EMnTSydTHIPisZ6hncTiiaeoOj306HYQ=", + "y": "DzFn65371DNwo3DJy6NrcsuPPw3x2neL+rB3An7PAHc=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "ECDHE-ECDSA-CHACHA20-POLY1305" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BDxLzixZjy9whQhS+mL6RPZFpx16rPR8zTfd6riikXywRM3EWJ7zOM/Y3bBKJdkAfqafJ9Qvh8OsI83cxsMMN/k=", + "size": 256, + "type_name": "ECDH", + "x": "PEvOLFmPL3CFCFL6YvpE9kWnHXqs9HzNN93quKKRfLA=", + "y": "RM3EWJ7zOM/Y3bBKJdkAfqafJ9Qvh8OsI83cxsMMN/k=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDHE-ECDSA-AES256-GCM-SHA384" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BB8U0pBFjeYFUVTgSop6Xxo5SfXKVqqLqp/4/vjRGg6u9gmiGbScNJnxHcmTg0tCzXMMWAa5uwCHDCJGPfsZ4d0=", + "size": 256, + "type_name": "ECDH", + "x": "HxTSkEWN5gVRVOBKinpfGjlJ9cpWqouqn/j++NEaDq4=", + "y": "9gmiGbScNJnxHcmTg0tCzXMMWAa5uwCHDCJGPfsZ4d0=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BPptXG/qy/bT+D5k8qv3XLxRyo065T+k+ZEQcq4vwv0y4mjU6ly8gACJkPRaAvuOd+jc6A12EanmVTu2FNRI5jE=", + "size": 256, + "type_name": "ECDH", + "x": "+m1cb+rL9tP4PmTyq/dcvFHKjTrlP6T5kRByri/C/TI=", + "y": "4mjU6ly8gACJkPRaAvuOd+jc6A12EanmVTu2FNRI5jE=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDHE-ECDSA-AES128-GCM-SHA256" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BCmb6K8YparMmm/0KFLO/hRvoC5k5n2381mol67UPS29Q3yPEjLW17cd2bX8gZr5KQncImq+r9O6lwvCANix/CA=", + "size": 256, + "type_name": "ECDH", + "x": "KZvorxilqsyab/QoUs7+FG+gLmTmfbfzWaiXrtQ9Lb0=", + "y": "Q3yPEjLW17cd2bX8gZr5KQncImq+r9O6lwvCANix/CA=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BN4twirQsL9cK9/OiPdks/Rn7rVWjiWq/5MREgeOw0TizKuhD2KjJ61GWrTn3/QGwUwdEcj7FClahV+OCJRVQM0=", + "size": 256, + "type_name": "ECDH", + "x": "3i3CKtCwv1wr386I92Sz9GfutVaOJar/kxESB47DROI=", + "y": "zKuhD2KjJ61GWrTn3/QGwUwdEcj7FClahV+OCJRVQM0=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BH9sSTAZzvwE7WCxdQHdHmbNlJemirveZdxDSMAPg1RtFJJFLn+AVanXyug9bfnmEaHRXmfIun7xXGLeggve5GM=", + "size": 256, + "type_name": "ECDH", + "x": "f2xJMBnO/ATtYLF1Ad0eZs2Ul6aKu95l3ENIwA+DVG0=", + "y": "FJJFLn+AVanXyug9bfnmEaHRXmfIun7xXGLeggve5GM=" + } + } + ], + "is_tls_protocol_version_supported": true, + "rejected_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA256", + "openssl_name": "NULL-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "CAMELLIA256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_256_CCM_8", + "openssl_name": "AES256-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CCM", + "openssl_name": "AES256-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CCM_8", + "openssl_name": "AES128-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CCM", + "openssl_name": "AES128-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDH-RSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDH-RSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDH-RSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDH-RSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDH-ECDSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDH-ECDSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDH-ECDSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDH-ECDSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", + "openssl_name": "ECDHE-RSA-CAMELLIA256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "ECDHE-RSA-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ECDHE-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ECDHE-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDHE-RSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDHE-RSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", + "openssl_name": "ECDHE-ECDSA-CAMELLIA256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "ECDHE-ECDSA-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ECDHE-ECDSA-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ECDHE-ECDSA-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", + "openssl_name": "ECDHE-ECDSA-AES256-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", + "openssl_name": "ECDHE-ECDSA-AES256-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDHE-ECDSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", + "openssl_name": "ECDHE-ECDSA-AES128-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM", + "openssl_name": "ECDHE-ECDSA-AES128-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDHE-ECDSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_GCM_SHA384", + "openssl_name": "ADH-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA256", + "openssl_name": "ADH-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_GCM_SHA256", + "openssl_name": "ADH-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA256", + "openssl_name": "ADH-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "DH-RSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "DH-RSA-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "DH-RSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "DH-RSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_GCM_SHA384", + "openssl_name": "DH-DSS-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA256", + "openssl_name": "DH-DSS-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_GCM_SHA256", + "openssl_name": "DH-DSS-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA256", + "openssl_name": "DH-DSS-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "DHE-RSA-CHACHA20-POLY1305" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "DHE-RSA-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "DHE-RSA-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "DHE-RSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CCM_8", + "openssl_name": "DHE-RSA-AES256-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CCM", + "openssl_name": "DHE-RSA-AES256-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "DHE-RSA-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "DHE-RSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CCM_8", + "openssl_name": "DHE-RSA-AES128-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CCM", + "openssl_name": "DHE-RSA-AES128-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "DHE-RSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "DHE-DSS-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "DHE-DSS-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", + "openssl_name": "DHE-DSS-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", + "openssl_name": "DHE-DSS-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", + "openssl_name": "DHE-DSS-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", + "openssl_name": "DHE-DSS-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DHE-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": 5 + }, + "tls_1_3_cipher_suites": { + "accepted_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_CHACHA20_POLY1305_SHA256", + "openssl_name": "TLS_CHACHA20_POLY1305_SHA256" + }, + "ephemeral_key": { + "curve_name": "X25519", + "generator": null, + "prime": null, + "public_bytes": "hjiZWrD12xYdA6rGl3zDhtcfD5A4IfbmDJL1fN/cuCs=", + "size": 253, + "type_name": "ECDH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_AES_256_GCM_SHA384", + "openssl_name": "TLS_AES_256_GCM_SHA384" + }, + "ephemeral_key": { + "curve_name": "X25519", + "generator": null, + "prime": null, + "public_bytes": "5DfKgu4a+A1yN8qZUKOqRV8PiSJy0lhi4gz6bdj/US4=", + "size": 253, + "type_name": "ECDH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_GCM_SHA256", + "openssl_name": "TLS_AES_128_GCM_SHA256" + }, + "ephemeral_key": { + "curve_name": "X25519", + "generator": null, + "prime": null, + "public_bytes": "uCBaAZq8S/K9GvgGc9q45TuVnn3fXWEEbdBL4P5sJUc=", + "size": 253, + "type_name": "ECDH", + "x": null, + "y": null + } + } + ], + "is_tls_protocol_version_supported": true, + "rejected_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_CCM_SHA256", + "openssl_name": "TLS_AES_128_CCM_SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_CCM_8_SHA256", + "openssl_name": "TLS_AES_128_CCM_8_SHA256" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": 6 + }, + "tls_1_3_early_data": null, + "tls_compression": { + "supports_compression": false + }, + "tls_fallback_scsv": { + "supports_fallback_scsv": true + } + }, + "server_info": { + "network_configuration": { + "network_max_retries": 3, + "network_timeout": 5, + "tls_client_auth_credentials": null, + "tls_opportunistic_encryption": null, + "tls_server_name_indication": "www.facebook.com", + "xmpp_to_hostname": null + }, + "server_location": { + "hostname": "www.facebook.com", + "http_proxy_settings": null, + "ip_address": "157.240.22.35", + "port": 443 + }, + "tls_probing_result": { + "cipher_suite_supported": "TLS_CHACHA20_POLY1305_SHA256", + "client_auth_requirement": 1, + "highest_tls_version_supported": 6, + "supports_ecdh_key_exchange": true + } + } + }, + { + "scan_commands": [ + "openssl_ccs_injection", + "session_resumption", + "tls_1_0_cipher_suites", + "ssl_2_0_cipher_suites", + "tls_compression", + "tls_1_2_cipher_suites", + "tls_fallback_scsv", + "tls_1_1_cipher_suites", + "tls_1_3_cipher_suites", + "ssl_3_0_cipher_suites", + "robot", + "session_renegotiation", + "elliptic_curves", + "certificate_info", + "heartbleed" + ], + "scan_commands_errors": [], + "scan_commands_extra_arguments": { + "certificate_info": null, + "session_resumption": null + }, + "scan_commands_results": { + "certificate_info": { + "certificate_deployments": [ + { + "leaf_certificate_has_must_staple_extension": false, + "leaf_certificate_is_ev": false, + "leaf_certificate_signed_certificate_timestamps_count": 2, + "leaf_certificate_subject_matches_hostname": true, + "ocsp_response": null, + "ocsp_response_is_trusted": null, + "path_validation_results": [ + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Android", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/google_aosp.pem", + "version": "9.0.0_r9" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEyDCCA7CgAwIBAgIRAMFeoDg8eeNEAwAAAADLz7owDQYJKoZIhvcNAQELBQAw\nQjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET\nMBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMTAzMTYxOTM1MDBaFw0yMTA2MDgxOTM0\nNTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw53\nd3cuZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFmtG1hqQopw\nvwO0CIf5xfHU5ci/665r+JmBPDybtzPK7JmT840m7q1/yPcES/a0BqqLTPTNJyZI\n796ZAFcqbbijggJcMIICWDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB\nBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUS/14JW+kX3ax4OPTiPrRbuIn\nSTwwHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J/SswaAYIKwYBBQUHAQEE\nXDBaMCsGCCsGAQUFBzABhh9odHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxbzFjb3Jl\nMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2cvZ3NyMi9HVFMxTzEuY3J0MBkG\nA1UdEQQSMBCCDnd3dy5nb29nbGUuY29tMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwG\nCisGAQQB1nkCBQMwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5wa2kuZ29v\nZy9HVFMxTzFjb3JlLmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AESUZS6w\n7s6vxEAH2Kj+KMDa5oK+2MsxtT/TM5a1toGoAAABeDy/udIAAAQDAEcwRQIgVY40\nWyUysNidcbnrylA4SESze0CQvUWMQKMI4gHzi34CIQDidQzVoDiSGdDqrDp5yKDR\n6z0zKd1mm0MQjpYoUD+TPgB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+\nIvDXAAABeDy/ucoAAAQDAEcwRQIhAOohO9kpFZYdIyC57GAtfHQTXK78ovv3VIVn\nSP1bhW1qAiANrObfVpLoprzfwqyPpzczU3u1xqIsNIZ+BDPJm+XvbjANBgkqhkiG\n9w0BAQsFAAOCAQEALRKpgqxd0etTPsoYcQrDReuVq+4x5NdgA31vliZuX7liwPT9\n3E/5kRtElaeW3G3SqPKBURKAr1AG20WWIeYqv9SXz6kI4hoU5ZEPMbW3L2fetXiq\nWZM3TAEyiOCYuO1nenmaHCzu3dEzwAts8xqOq6tq0fktZom+V8WRyD3IMnsydMWu\nGtOUxbIE8T/1JWBMMMJv8NxT3Ia2uv1OK0Zr2WKNpoiziq2YFs4hMhCg3nvSYb7/\nFXZ0bKq0nU88Ve409XsKe4LkPCRVO725R/NtsfsPtPE8vWYgyUXOSN1tBwLNjIva\nbTMkzuKeiopJoGQI75BoQejw+Y53N9YRaKCbiA==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "gu004CNfCpYy0VidHmZikDRCra8=", + "fingerprint_sha256": "4R9YDaV1u38+F7sNMe4t4Mcgtmr/7vac0jOIfNitVBA=", + "hpkp_pin": "9+zXEopIb8dzaUBbiURpheUXV+JOkNWyNTeRfbuWrBk=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "not_valid_after": "2021-06-08T19:34:59", + "not_valid_before": "2021-03-16T19:35:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 40561696796934515315954348261565741666609449634305852051840707606287071261642, + "ec_y": 107017180989407027747900497532334041696369065845699887960622045518712936230328, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 257032328732221176178827821545186643898, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Mountain View", + "value": "Mountain View" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google LLC", + "value": "Google LLC" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.google.com", + "value": "www.google.com" + } + ], + "rfc4514_string": "CN=www.google.com,O=Google LLC,L=Mountain View,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "www.google.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw\nHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs\nU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy\nMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg\nU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv\nUA0Qk28FgICfKqC9EksC4T2fWBYk/jCfC3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr\nmBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL+dEaltN11BmsK+eQmMF++Ac\nxGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmK\nFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7X\nrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV\nHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud\nEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G\nA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl\nBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp\nMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0g\nBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9y\nZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7H\nTgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN\nFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz\nmqepBCf5o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW\nIRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ\nUSpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3+IHDHnn/zapJf+jJ//j3uz4+cI=", + "fingerprint_sha256": "lcB041kCoUq9nRmvtuf4Dmaf+OI2MnBTnZY2E/BKqiE=", + "hpkp_pin": "YZPgTZ+woNCCCIW3LH2CxQeLzB/1m42QcCTBSdgayjs=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T00:00:42", + "not_valid_before": "2017-06-15T00:00:42", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 26269801531899897577901397628129768396310117154722111998302380600635413896531116363750045902786736302705131724095478519616606299023895145655746808892285752988930019974591973546931458114715554265078724718547960324541834616401014259212201521058332874204257425862103971348650680978888262959869761258115884544433253120380553333792186795670369626922403997399844281387984516714325891255733252935742350706385789521287375269196970094028922706633069471330695250381466716142933896182302890680432873976462431593315458003990118395901701394864226607634896601077267548878140687343418675545931561691994107018413405352266039281626119 + }, + "serial_number": 149699596615803609916394524856, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G\nA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp\nZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1\nMDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG\nA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL\nv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8\neoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq\ntTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd\nC9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa\nzq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB\nmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH\nV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n\nbG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG\n3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs\nJ0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO\n291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS\not+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\nAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7\nTBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "deCrthOFEiccBPhf3d445LckLv4=", + "fingerprint_sha256": "ykLdQXRf0LgeuQI2LPnYv3Gdob0bHvyUb1tMmfQsG54=", + "hpkp_pin": "iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T08:00:00", + "not_valid_before": "2006-12-15T08:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463 + }, + "serial_number": 4835703278459682885658125, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Apple", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/apple.pem", + "version": "iOS 14, iPadOS 14, macOS 11, watchOS 7, and tvOS 14" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEyDCCA7CgAwIBAgIRAMFeoDg8eeNEAwAAAADLz7owDQYJKoZIhvcNAQELBQAw\nQjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET\nMBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMTAzMTYxOTM1MDBaFw0yMTA2MDgxOTM0\nNTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw53\nd3cuZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFmtG1hqQopw\nvwO0CIf5xfHU5ci/665r+JmBPDybtzPK7JmT840m7q1/yPcES/a0BqqLTPTNJyZI\n796ZAFcqbbijggJcMIICWDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB\nBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUS/14JW+kX3ax4OPTiPrRbuIn\nSTwwHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J/SswaAYIKwYBBQUHAQEE\nXDBaMCsGCCsGAQUFBzABhh9odHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxbzFjb3Jl\nMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2cvZ3NyMi9HVFMxTzEuY3J0MBkG\nA1UdEQQSMBCCDnd3dy5nb29nbGUuY29tMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwG\nCisGAQQB1nkCBQMwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5wa2kuZ29v\nZy9HVFMxTzFjb3JlLmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AESUZS6w\n7s6vxEAH2Kj+KMDa5oK+2MsxtT/TM5a1toGoAAABeDy/udIAAAQDAEcwRQIgVY40\nWyUysNidcbnrylA4SESze0CQvUWMQKMI4gHzi34CIQDidQzVoDiSGdDqrDp5yKDR\n6z0zKd1mm0MQjpYoUD+TPgB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+\nIvDXAAABeDy/ucoAAAQDAEcwRQIhAOohO9kpFZYdIyC57GAtfHQTXK78ovv3VIVn\nSP1bhW1qAiANrObfVpLoprzfwqyPpzczU3u1xqIsNIZ+BDPJm+XvbjANBgkqhkiG\n9w0BAQsFAAOCAQEALRKpgqxd0etTPsoYcQrDReuVq+4x5NdgA31vliZuX7liwPT9\n3E/5kRtElaeW3G3SqPKBURKAr1AG20WWIeYqv9SXz6kI4hoU5ZEPMbW3L2fetXiq\nWZM3TAEyiOCYuO1nenmaHCzu3dEzwAts8xqOq6tq0fktZom+V8WRyD3IMnsydMWu\nGtOUxbIE8T/1JWBMMMJv8NxT3Ia2uv1OK0Zr2WKNpoiziq2YFs4hMhCg3nvSYb7/\nFXZ0bKq0nU88Ve409XsKe4LkPCRVO725R/NtsfsPtPE8vWYgyUXOSN1tBwLNjIva\nbTMkzuKeiopJoGQI75BoQejw+Y53N9YRaKCbiA==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "gu004CNfCpYy0VidHmZikDRCra8=", + "fingerprint_sha256": "4R9YDaV1u38+F7sNMe4t4Mcgtmr/7vac0jOIfNitVBA=", + "hpkp_pin": "9+zXEopIb8dzaUBbiURpheUXV+JOkNWyNTeRfbuWrBk=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "not_valid_after": "2021-06-08T19:34:59", + "not_valid_before": "2021-03-16T19:35:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 40561696796934515315954348261565741666609449634305852051840707606287071261642, + "ec_y": 107017180989407027747900497532334041696369065845699887960622045518712936230328, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 257032328732221176178827821545186643898, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Mountain View", + "value": "Mountain View" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google LLC", + "value": "Google LLC" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.google.com", + "value": "www.google.com" + } + ], + "rfc4514_string": "CN=www.google.com,O=Google LLC,L=Mountain View,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "www.google.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw\nHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs\nU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy\nMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg\nU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv\nUA0Qk28FgICfKqC9EksC4T2fWBYk/jCfC3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr\nmBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL+dEaltN11BmsK+eQmMF++Ac\nxGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmK\nFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7X\nrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV\nHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud\nEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G\nA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl\nBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp\nMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0g\nBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9y\nZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7H\nTgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN\nFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz\nmqepBCf5o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW\nIRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ\nUSpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3+IHDHnn/zapJf+jJ//j3uz4+cI=", + "fingerprint_sha256": "lcB041kCoUq9nRmvtuf4Dmaf+OI2MnBTnZY2E/BKqiE=", + "hpkp_pin": "YZPgTZ+woNCCCIW3LH2CxQeLzB/1m42QcCTBSdgayjs=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T00:00:42", + "not_valid_before": "2017-06-15T00:00:42", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 26269801531899897577901397628129768396310117154722111998302380600635413896531116363750045902786736302705131724095478519616606299023895145655746808892285752988930019974591973546931458114715554265078724718547960324541834616401014259212201521058332874204257425862103971348650680978888262959869761258115884544433253120380553333792186795670369626922403997399844281387984516714325891255733252935742350706385789521287375269196970094028922706633069471330695250381466716142933896182302890680432873976462431593315458003990118395901701394864226607634896601077267548878140687343418675545931561691994107018413405352266039281626119 + }, + "serial_number": 149699596615803609916394524856, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G\nA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp\nZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1\nMDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG\nA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL\nv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8\neoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq\ntTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd\nC9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa\nzq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB\nmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH\nV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n\nbG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG\n3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs\nJ0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO\n291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS\not+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\nAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7\nTBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "deCrthOFEiccBPhf3d445LckLv4=", + "fingerprint_sha256": "ykLdQXRf0LgeuQI2LPnYv3Gdob0bHvyUb1tMmfQsG54=", + "hpkp_pin": "iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T08:00:00", + "not_valid_before": "2006-12-15T08:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463 + }, + "serial_number": 4835703278459682885658125, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Java", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/oracle_java.pem", + "version": "jdk-13.0.2" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEyDCCA7CgAwIBAgIRAMFeoDg8eeNEAwAAAADLz7owDQYJKoZIhvcNAQELBQAw\nQjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET\nMBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMTAzMTYxOTM1MDBaFw0yMTA2MDgxOTM0\nNTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw53\nd3cuZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFmtG1hqQopw\nvwO0CIf5xfHU5ci/665r+JmBPDybtzPK7JmT840m7q1/yPcES/a0BqqLTPTNJyZI\n796ZAFcqbbijggJcMIICWDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB\nBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUS/14JW+kX3ax4OPTiPrRbuIn\nSTwwHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J/SswaAYIKwYBBQUHAQEE\nXDBaMCsGCCsGAQUFBzABhh9odHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxbzFjb3Jl\nMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2cvZ3NyMi9HVFMxTzEuY3J0MBkG\nA1UdEQQSMBCCDnd3dy5nb29nbGUuY29tMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwG\nCisGAQQB1nkCBQMwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5wa2kuZ29v\nZy9HVFMxTzFjb3JlLmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AESUZS6w\n7s6vxEAH2Kj+KMDa5oK+2MsxtT/TM5a1toGoAAABeDy/udIAAAQDAEcwRQIgVY40\nWyUysNidcbnrylA4SESze0CQvUWMQKMI4gHzi34CIQDidQzVoDiSGdDqrDp5yKDR\n6z0zKd1mm0MQjpYoUD+TPgB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+\nIvDXAAABeDy/ucoAAAQDAEcwRQIhAOohO9kpFZYdIyC57GAtfHQTXK78ovv3VIVn\nSP1bhW1qAiANrObfVpLoprzfwqyPpzczU3u1xqIsNIZ+BDPJm+XvbjANBgkqhkiG\n9w0BAQsFAAOCAQEALRKpgqxd0etTPsoYcQrDReuVq+4x5NdgA31vliZuX7liwPT9\n3E/5kRtElaeW3G3SqPKBURKAr1AG20WWIeYqv9SXz6kI4hoU5ZEPMbW3L2fetXiq\nWZM3TAEyiOCYuO1nenmaHCzu3dEzwAts8xqOq6tq0fktZom+V8WRyD3IMnsydMWu\nGtOUxbIE8T/1JWBMMMJv8NxT3Ia2uv1OK0Zr2WKNpoiziq2YFs4hMhCg3nvSYb7/\nFXZ0bKq0nU88Ve409XsKe4LkPCRVO725R/NtsfsPtPE8vWYgyUXOSN1tBwLNjIva\nbTMkzuKeiopJoGQI75BoQejw+Y53N9YRaKCbiA==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "gu004CNfCpYy0VidHmZikDRCra8=", + "fingerprint_sha256": "4R9YDaV1u38+F7sNMe4t4Mcgtmr/7vac0jOIfNitVBA=", + "hpkp_pin": "9+zXEopIb8dzaUBbiURpheUXV+JOkNWyNTeRfbuWrBk=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "not_valid_after": "2021-06-08T19:34:59", + "not_valid_before": "2021-03-16T19:35:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 40561696796934515315954348261565741666609449634305852051840707606287071261642, + "ec_y": 107017180989407027747900497532334041696369065845699887960622045518712936230328, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 257032328732221176178827821545186643898, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Mountain View", + "value": "Mountain View" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google LLC", + "value": "Google LLC" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.google.com", + "value": "www.google.com" + } + ], + "rfc4514_string": "CN=www.google.com,O=Google LLC,L=Mountain View,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "www.google.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw\nHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs\nU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy\nMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg\nU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv\nUA0Qk28FgICfKqC9EksC4T2fWBYk/jCfC3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr\nmBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL+dEaltN11BmsK+eQmMF++Ac\nxGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmK\nFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7X\nrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV\nHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud\nEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G\nA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl\nBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp\nMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0g\nBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9y\nZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7H\nTgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN\nFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz\nmqepBCf5o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW\nIRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ\nUSpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3+IHDHnn/zapJf+jJ//j3uz4+cI=", + "fingerprint_sha256": "lcB041kCoUq9nRmvtuf4Dmaf+OI2MnBTnZY2E/BKqiE=", + "hpkp_pin": "YZPgTZ+woNCCCIW3LH2CxQeLzB/1m42QcCTBSdgayjs=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T00:00:42", + "not_valid_before": "2017-06-15T00:00:42", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 26269801531899897577901397628129768396310117154722111998302380600635413896531116363750045902786736302705131724095478519616606299023895145655746808892285752988930019974591973546931458114715554265078724718547960324541834616401014259212201521058332874204257425862103971348650680978888262959869761258115884544433253120380553333792186795670369626922403997399844281387984516714325891255733252935742350706385789521287375269196970094028922706633069471330695250381466716142933896182302890680432873976462431593315458003990118395901701394864226607634896601077267548878140687343418675545931561691994107018413405352266039281626119 + }, + "serial_number": 149699596615803609916394524856, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G\nA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp\nZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1\nMDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG\nA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL\nv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8\neoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq\ntTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd\nC9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa\nzq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB\nmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH\nV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n\nbG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG\n3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs\nJ0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO\n291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS\not+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\nAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7\nTBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "deCrthOFEiccBPhf3d445LckLv4=", + "fingerprint_sha256": "ykLdQXRf0LgeuQI2LPnYv3Gdob0bHvyUb1tMmfQsG54=", + "hpkp_pin": "iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T08:00:00", + "not_valid_before": "2006-12-15T08:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463 + }, + "serial_number": 4835703278459682885658125, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": [ + { + "dotted_string": "1.2.276.0.44.1.1.1.4", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.392.200091.100.721.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.40.0.17.1.22", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.616.1.113527.2.5.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.159.1.17.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.13177.10.1.3.10", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14370.1.6", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14777.6.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14777.6.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.14.2.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.14.2.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.8.12.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.8.12.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.22234.2.5.2.3.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.23223.1.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.29836.1.10", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.3", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.4", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.36305.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.40869.1.1.22.3", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.4146.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.4788.2.202.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.6334.1.100.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.6449.1.2.1.5.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.782.1.2.1.8.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.7879.13.24.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.8024.0.2.100.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.156.112554.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.528.1.1003.1.2.7", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.578.1.26.1.3.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.756.1.83.21.0", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.756.1.89.1.2.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.792.3.0.3.1.1.5", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.792.3.0.4.1.1.4", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.113733.1.7.23.6", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.113733.1.7.48.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114028.10.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114171.500.9", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114404.1.1.2.4.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114412.2.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114413.1.7.23.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114414.1.7.23.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114414.1.7.24.3", + "name": "Unknown OID" + } + ], + "name": "Mozilla", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/mozilla_nss.pem", + "version": "2021-03-28" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEyDCCA7CgAwIBAgIRAMFeoDg8eeNEAwAAAADLz7owDQYJKoZIhvcNAQELBQAw\nQjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET\nMBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMTAzMTYxOTM1MDBaFw0yMTA2MDgxOTM0\nNTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw53\nd3cuZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFmtG1hqQopw\nvwO0CIf5xfHU5ci/665r+JmBPDybtzPK7JmT840m7q1/yPcES/a0BqqLTPTNJyZI\n796ZAFcqbbijggJcMIICWDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB\nBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUS/14JW+kX3ax4OPTiPrRbuIn\nSTwwHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J/SswaAYIKwYBBQUHAQEE\nXDBaMCsGCCsGAQUFBzABhh9odHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxbzFjb3Jl\nMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2cvZ3NyMi9HVFMxTzEuY3J0MBkG\nA1UdEQQSMBCCDnd3dy5nb29nbGUuY29tMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwG\nCisGAQQB1nkCBQMwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5wa2kuZ29v\nZy9HVFMxTzFjb3JlLmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AESUZS6w\n7s6vxEAH2Kj+KMDa5oK+2MsxtT/TM5a1toGoAAABeDy/udIAAAQDAEcwRQIgVY40\nWyUysNidcbnrylA4SESze0CQvUWMQKMI4gHzi34CIQDidQzVoDiSGdDqrDp5yKDR\n6z0zKd1mm0MQjpYoUD+TPgB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+\nIvDXAAABeDy/ucoAAAQDAEcwRQIhAOohO9kpFZYdIyC57GAtfHQTXK78ovv3VIVn\nSP1bhW1qAiANrObfVpLoprzfwqyPpzczU3u1xqIsNIZ+BDPJm+XvbjANBgkqhkiG\n9w0BAQsFAAOCAQEALRKpgqxd0etTPsoYcQrDReuVq+4x5NdgA31vliZuX7liwPT9\n3E/5kRtElaeW3G3SqPKBURKAr1AG20WWIeYqv9SXz6kI4hoU5ZEPMbW3L2fetXiq\nWZM3TAEyiOCYuO1nenmaHCzu3dEzwAts8xqOq6tq0fktZom+V8WRyD3IMnsydMWu\nGtOUxbIE8T/1JWBMMMJv8NxT3Ia2uv1OK0Zr2WKNpoiziq2YFs4hMhCg3nvSYb7/\nFXZ0bKq0nU88Ve409XsKe4LkPCRVO725R/NtsfsPtPE8vWYgyUXOSN1tBwLNjIva\nbTMkzuKeiopJoGQI75BoQejw+Y53N9YRaKCbiA==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "gu004CNfCpYy0VidHmZikDRCra8=", + "fingerprint_sha256": "4R9YDaV1u38+F7sNMe4t4Mcgtmr/7vac0jOIfNitVBA=", + "hpkp_pin": "9+zXEopIb8dzaUBbiURpheUXV+JOkNWyNTeRfbuWrBk=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "not_valid_after": "2021-06-08T19:34:59", + "not_valid_before": "2021-03-16T19:35:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 40561696796934515315954348261565741666609449634305852051840707606287071261642, + "ec_y": 107017180989407027747900497532334041696369065845699887960622045518712936230328, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 257032328732221176178827821545186643898, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Mountain View", + "value": "Mountain View" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google LLC", + "value": "Google LLC" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.google.com", + "value": "www.google.com" + } + ], + "rfc4514_string": "CN=www.google.com,O=Google LLC,L=Mountain View,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "www.google.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw\nHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs\nU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy\nMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg\nU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv\nUA0Qk28FgICfKqC9EksC4T2fWBYk/jCfC3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr\nmBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL+dEaltN11BmsK+eQmMF++Ac\nxGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmK\nFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7X\nrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV\nHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud\nEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G\nA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl\nBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp\nMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0g\nBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9y\nZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7H\nTgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN\nFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz\nmqepBCf5o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW\nIRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ\nUSpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3+IHDHnn/zapJf+jJ//j3uz4+cI=", + "fingerprint_sha256": "lcB041kCoUq9nRmvtuf4Dmaf+OI2MnBTnZY2E/BKqiE=", + "hpkp_pin": "YZPgTZ+woNCCCIW3LH2CxQeLzB/1m42QcCTBSdgayjs=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T00:00:42", + "not_valid_before": "2017-06-15T00:00:42", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 26269801531899897577901397628129768396310117154722111998302380600635413896531116363750045902786736302705131724095478519616606299023895145655746808892285752988930019974591973546931458114715554265078724718547960324541834616401014259212201521058332874204257425862103971348650680978888262959869761258115884544433253120380553333792186795670369626922403997399844281387984516714325891255733252935742350706385789521287375269196970094028922706633069471330695250381466716142933896182302890680432873976462431593315458003990118395901701394864226607634896601077267548878140687343418675545931561691994107018413405352266039281626119 + }, + "serial_number": 149699596615803609916394524856, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G\nA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp\nZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1\nMDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG\nA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL\nv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8\neoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq\ntTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd\nC9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa\nzq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB\nmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH\nV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n\nbG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG\n3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs\nJ0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO\n291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS\not+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\nAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7\nTBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "deCrthOFEiccBPhf3d445LckLv4=", + "fingerprint_sha256": "ykLdQXRf0LgeuQI2LPnYv3Gdob0bHvyUb1tMmfQsG54=", + "hpkp_pin": "iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T08:00:00", + "not_valid_before": "2006-12-15T08:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463 + }, + "serial_number": 4835703278459682885658125, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Windows", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/microsoft_windows.pem", + "version": "2021-03-28" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEyDCCA7CgAwIBAgIRAMFeoDg8eeNEAwAAAADLz7owDQYJKoZIhvcNAQELBQAw\nQjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET\nMBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMTAzMTYxOTM1MDBaFw0yMTA2MDgxOTM0\nNTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw53\nd3cuZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFmtG1hqQopw\nvwO0CIf5xfHU5ci/665r+JmBPDybtzPK7JmT840m7q1/yPcES/a0BqqLTPTNJyZI\n796ZAFcqbbijggJcMIICWDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB\nBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUS/14JW+kX3ax4OPTiPrRbuIn\nSTwwHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J/SswaAYIKwYBBQUHAQEE\nXDBaMCsGCCsGAQUFBzABhh9odHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxbzFjb3Jl\nMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2cvZ3NyMi9HVFMxTzEuY3J0MBkG\nA1UdEQQSMBCCDnd3dy5nb29nbGUuY29tMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwG\nCisGAQQB1nkCBQMwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5wa2kuZ29v\nZy9HVFMxTzFjb3JlLmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AESUZS6w\n7s6vxEAH2Kj+KMDa5oK+2MsxtT/TM5a1toGoAAABeDy/udIAAAQDAEcwRQIgVY40\nWyUysNidcbnrylA4SESze0CQvUWMQKMI4gHzi34CIQDidQzVoDiSGdDqrDp5yKDR\n6z0zKd1mm0MQjpYoUD+TPgB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+\nIvDXAAABeDy/ucoAAAQDAEcwRQIhAOohO9kpFZYdIyC57GAtfHQTXK78ovv3VIVn\nSP1bhW1qAiANrObfVpLoprzfwqyPpzczU3u1xqIsNIZ+BDPJm+XvbjANBgkqhkiG\n9w0BAQsFAAOCAQEALRKpgqxd0etTPsoYcQrDReuVq+4x5NdgA31vliZuX7liwPT9\n3E/5kRtElaeW3G3SqPKBURKAr1AG20WWIeYqv9SXz6kI4hoU5ZEPMbW3L2fetXiq\nWZM3TAEyiOCYuO1nenmaHCzu3dEzwAts8xqOq6tq0fktZom+V8WRyD3IMnsydMWu\nGtOUxbIE8T/1JWBMMMJv8NxT3Ia2uv1OK0Zr2WKNpoiziq2YFs4hMhCg3nvSYb7/\nFXZ0bKq0nU88Ve409XsKe4LkPCRVO725R/NtsfsPtPE8vWYgyUXOSN1tBwLNjIva\nbTMkzuKeiopJoGQI75BoQejw+Y53N9YRaKCbiA==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "gu004CNfCpYy0VidHmZikDRCra8=", + "fingerprint_sha256": "4R9YDaV1u38+F7sNMe4t4Mcgtmr/7vac0jOIfNitVBA=", + "hpkp_pin": "9+zXEopIb8dzaUBbiURpheUXV+JOkNWyNTeRfbuWrBk=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "not_valid_after": "2021-06-08T19:34:59", + "not_valid_before": "2021-03-16T19:35:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 40561696796934515315954348261565741666609449634305852051840707606287071261642, + "ec_y": 107017180989407027747900497532334041696369065845699887960622045518712936230328, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 257032328732221176178827821545186643898, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Mountain View", + "value": "Mountain View" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google LLC", + "value": "Google LLC" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.google.com", + "value": "www.google.com" + } + ], + "rfc4514_string": "CN=www.google.com,O=Google LLC,L=Mountain View,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "www.google.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw\nHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs\nU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy\nMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg\nU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv\nUA0Qk28FgICfKqC9EksC4T2fWBYk/jCfC3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr\nmBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL+dEaltN11BmsK+eQmMF++Ac\nxGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmK\nFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7X\nrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV\nHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud\nEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G\nA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl\nBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp\nMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0g\nBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9y\nZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7H\nTgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN\nFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz\nmqepBCf5o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW\nIRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ\nUSpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3+IHDHnn/zapJf+jJ//j3uz4+cI=", + "fingerprint_sha256": "lcB041kCoUq9nRmvtuf4Dmaf+OI2MnBTnZY2E/BKqiE=", + "hpkp_pin": "YZPgTZ+woNCCCIW3LH2CxQeLzB/1m42QcCTBSdgayjs=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T00:00:42", + "not_valid_before": "2017-06-15T00:00:42", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 26269801531899897577901397628129768396310117154722111998302380600635413896531116363750045902786736302705131724095478519616606299023895145655746808892285752988930019974591973546931458114715554265078724718547960324541834616401014259212201521058332874204257425862103971348650680978888262959869761258115884544433253120380553333792186795670369626922403997399844281387984516714325891255733252935742350706385789521287375269196970094028922706633069471330695250381466716142933896182302890680432873976462431593315458003990118395901701394864226607634896601077267548878140687343418675545931561691994107018413405352266039281626119 + }, + "serial_number": 149699596615803609916394524856, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G\nA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp\nZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1\nMDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG\nA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL\nv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8\neoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq\ntTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd\nC9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa\nzq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB\nmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH\nV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n\nbG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG\n3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs\nJ0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO\n291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS\not+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\nAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7\nTBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "deCrthOFEiccBPhf3d445LckLv4=", + "fingerprint_sha256": "ykLdQXRf0LgeuQI2LPnYv3Gdob0bHvyUb1tMmfQsG54=", + "hpkp_pin": "iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T08:00:00", + "not_valid_before": "2006-12-15T08:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463 + }, + "serial_number": 4835703278459682885658125, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + } + ], + "received_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEyDCCA7CgAwIBAgIRAMFeoDg8eeNEAwAAAADLz7owDQYJKoZIhvcNAQELBQAw\nQjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET\nMBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMTAzMTYxOTM1MDBaFw0yMTA2MDgxOTM0\nNTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw53\nd3cuZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFmtG1hqQopw\nvwO0CIf5xfHU5ci/665r+JmBPDybtzPK7JmT840m7q1/yPcES/a0BqqLTPTNJyZI\n796ZAFcqbbijggJcMIICWDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB\nBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUS/14JW+kX3ax4OPTiPrRbuIn\nSTwwHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J/SswaAYIKwYBBQUHAQEE\nXDBaMCsGCCsGAQUFBzABhh9odHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxbzFjb3Jl\nMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2cvZ3NyMi9HVFMxTzEuY3J0MBkG\nA1UdEQQSMBCCDnd3dy5nb29nbGUuY29tMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwG\nCisGAQQB1nkCBQMwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5wa2kuZ29v\nZy9HVFMxTzFjb3JlLmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AESUZS6w\n7s6vxEAH2Kj+KMDa5oK+2MsxtT/TM5a1toGoAAABeDy/udIAAAQDAEcwRQIgVY40\nWyUysNidcbnrylA4SESze0CQvUWMQKMI4gHzi34CIQDidQzVoDiSGdDqrDp5yKDR\n6z0zKd1mm0MQjpYoUD+TPgB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+\nIvDXAAABeDy/ucoAAAQDAEcwRQIhAOohO9kpFZYdIyC57GAtfHQTXK78ovv3VIVn\nSP1bhW1qAiANrObfVpLoprzfwqyPpzczU3u1xqIsNIZ+BDPJm+XvbjANBgkqhkiG\n9w0BAQsFAAOCAQEALRKpgqxd0etTPsoYcQrDReuVq+4x5NdgA31vliZuX7liwPT9\n3E/5kRtElaeW3G3SqPKBURKAr1AG20WWIeYqv9SXz6kI4hoU5ZEPMbW3L2fetXiq\nWZM3TAEyiOCYuO1nenmaHCzu3dEzwAts8xqOq6tq0fktZom+V8WRyD3IMnsydMWu\nGtOUxbIE8T/1JWBMMMJv8NxT3Ia2uv1OK0Zr2WKNpoiziq2YFs4hMhCg3nvSYb7/\nFXZ0bKq0nU88Ve409XsKe4LkPCRVO725R/NtsfsPtPE8vWYgyUXOSN1tBwLNjIva\nbTMkzuKeiopJoGQI75BoQejw+Y53N9YRaKCbiA==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "gu004CNfCpYy0VidHmZikDRCra8=", + "fingerprint_sha256": "4R9YDaV1u38+F7sNMe4t4Mcgtmr/7vac0jOIfNitVBA=", + "hpkp_pin": "9+zXEopIb8dzaUBbiURpheUXV+JOkNWyNTeRfbuWrBk=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "not_valid_after": "2021-06-08T19:34:59", + "not_valid_before": "2021-03-16T19:35:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 40561696796934515315954348261565741666609449634305852051840707606287071261642, + "ec_y": 107017180989407027747900497532334041696369065845699887960622045518712936230328, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 257032328732221176178827821545186643898, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Mountain View", + "value": "Mountain View" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google LLC", + "value": "Google LLC" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.google.com", + "value": "www.google.com" + } + ], + "rfc4514_string": "CN=www.google.com,O=Google LLC,L=Mountain View,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "www.google.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw\nHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs\nU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy\nMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg\nU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv\nUA0Qk28FgICfKqC9EksC4T2fWBYk/jCfC3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr\nmBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL+dEaltN11BmsK+eQmMF++Ac\nxGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmK\nFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7X\nrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV\nHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud\nEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G\nA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl\nBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp\nMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0g\nBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9y\nZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7H\nTgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN\nFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz\nmqepBCf5o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW\nIRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ\nUSpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3+IHDHnn/zapJf+jJ//j3uz4+cI=", + "fingerprint_sha256": "lcB041kCoUq9nRmvtuf4Dmaf+OI2MnBTnZY2E/BKqiE=", + "hpkp_pin": "YZPgTZ+woNCCCIW3LH2CxQeLzB/1m42QcCTBSdgayjs=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T00:00:42", + "not_valid_before": "2017-06-15T00:00:42", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 26269801531899897577901397628129768396310117154722111998302380600635413896531116363750045902786736302705131724095478519616606299023895145655746808892285752988930019974591973546931458114715554265078724718547960324541834616401014259212201521058332874204257425862103971348650680978888262959869761258115884544433253120380553333792186795670369626922403997399844281387984516714325891255733252935742350706385789521287375269196970094028922706633069471330695250381466716142933896182302890680432873976462431593315458003990118395901701394864226607634896601077267548878140687343418675545931561691994107018413405352266039281626119 + }, + "serial_number": 149699596615803609916394524856, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "received_chain_contains_anchor_certificate": false, + "received_chain_has_valid_order": true, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIEyDCCA7CgAwIBAgIRAMFeoDg8eeNEAwAAAADLz7owDQYJKoZIhvcNAQELBQAw\nQjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET\nMBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMTAzMTYxOTM1MDBaFw0yMTA2MDgxOTM0\nNTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw53\nd3cuZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFmtG1hqQopw\nvwO0CIf5xfHU5ci/665r+JmBPDybtzPK7JmT840m7q1/yPcES/a0BqqLTPTNJyZI\n796ZAFcqbbijggJcMIICWDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB\nBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUS/14JW+kX3ax4OPTiPrRbuIn\nSTwwHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J/SswaAYIKwYBBQUHAQEE\nXDBaMCsGCCsGAQUFBzABhh9odHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxbzFjb3Jl\nMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2cvZ3NyMi9HVFMxTzEuY3J0MBkG\nA1UdEQQSMBCCDnd3dy5nb29nbGUuY29tMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwG\nCisGAQQB1nkCBQMwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5wa2kuZ29v\nZy9HVFMxTzFjb3JlLmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AESUZS6w\n7s6vxEAH2Kj+KMDa5oK+2MsxtT/TM5a1toGoAAABeDy/udIAAAQDAEcwRQIgVY40\nWyUysNidcbnrylA4SESze0CQvUWMQKMI4gHzi34CIQDidQzVoDiSGdDqrDp5yKDR\n6z0zKd1mm0MQjpYoUD+TPgB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+\nIvDXAAABeDy/ucoAAAQDAEcwRQIhAOohO9kpFZYdIyC57GAtfHQTXK78ovv3VIVn\nSP1bhW1qAiANrObfVpLoprzfwqyPpzczU3u1xqIsNIZ+BDPJm+XvbjANBgkqhkiG\n9w0BAQsFAAOCAQEALRKpgqxd0etTPsoYcQrDReuVq+4x5NdgA31vliZuX7liwPT9\n3E/5kRtElaeW3G3SqPKBURKAr1AG20WWIeYqv9SXz6kI4hoU5ZEPMbW3L2fetXiq\nWZM3TAEyiOCYuO1nenmaHCzu3dEzwAts8xqOq6tq0fktZom+V8WRyD3IMnsydMWu\nGtOUxbIE8T/1JWBMMMJv8NxT3Ia2uv1OK0Zr2WKNpoiziq2YFs4hMhCg3nvSYb7/\nFXZ0bKq0nU88Ve409XsKe4LkPCRVO725R/NtsfsPtPE8vWYgyUXOSN1tBwLNjIva\nbTMkzuKeiopJoGQI75BoQejw+Y53N9YRaKCbiA==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "gu004CNfCpYy0VidHmZikDRCra8=", + "fingerprint_sha256": "4R9YDaV1u38+F7sNMe4t4Mcgtmr/7vac0jOIfNitVBA=", + "hpkp_pin": "9+zXEopIb8dzaUBbiURpheUXV+JOkNWyNTeRfbuWrBk=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "not_valid_after": "2021-06-08T19:34:59", + "not_valid_before": "2021-03-16T19:35:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 40561696796934515315954348261565741666609449634305852051840707606287071261642, + "ec_y": 107017180989407027747900497532334041696369065845699887960622045518712936230328, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 257032328732221176178827821545186643898, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Mountain View", + "value": "Mountain View" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google LLC", + "value": "Google LLC" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.google.com", + "value": "www.google.com" + } + ], + "rfc4514_string": "CN=www.google.com,O=Google LLC,L=Mountain View,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "www.google.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw\nHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs\nU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy\nMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg\nU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv\nUA0Qk28FgICfKqC9EksC4T2fWBYk/jCfC3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr\nmBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL+dEaltN11BmsK+eQmMF++Ac\nxGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmK\nFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7X\nrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV\nHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud\nEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G\nA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl\nBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp\nMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0g\nBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9y\nZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7H\nTgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN\nFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz\nmqepBCf5o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW\nIRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ\nUSpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3+IHDHnn/zapJf+jJ//j3uz4+cI=", + "fingerprint_sha256": "lcB041kCoUq9nRmvtuf4Dmaf+OI2MnBTnZY2E/BKqiE=", + "hpkp_pin": "YZPgTZ+woNCCCIW3LH2CxQeLzB/1m42QcCTBSdgayjs=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T00:00:42", + "not_valid_before": "2017-06-15T00:00:42", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 26269801531899897577901397628129768396310117154722111998302380600635413896531116363750045902786736302705131724095478519616606299023895145655746808892285752988930019974591973546931458114715554265078724718547960324541834616401014259212201521058332874204257425862103971348650680978888262959869761258115884544433253120380553333792186795670369626922403997399844281387984516714325891255733252935742350706385789521287375269196970094028922706633069471330695250381466716142933896182302890680432873976462431593315458003990118395901701394864226607634896601077267548878140687343418675545931561691994107018413405352266039281626119 + }, + "serial_number": 149699596615803609916394524856, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G\nA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp\nZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1\nMDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG\nA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL\nv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8\neoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq\ntTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd\nC9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa\nzq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB\nmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH\nV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n\nbG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG\n3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs\nJ0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO\n291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS\not+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\nAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7\nTBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "deCrthOFEiccBPhf3d445LckLv4=", + "fingerprint_sha256": "ykLdQXRf0LgeuQI2LPnYv3Gdob0bHvyUb1tMmfQsG54=", + "hpkp_pin": "iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T08:00:00", + "not_valid_before": "2006-12-15T08:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463 + }, + "serial_number": 4835703278459682885658125, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "verified_chain_has_legacy_symantec_anchor": false, + "verified_chain_has_sha1_signature": false + }, + { + "leaf_certificate_has_must_staple_extension": false, + "leaf_certificate_is_ev": false, + "leaf_certificate_signed_certificate_timestamps_count": 2, + "leaf_certificate_subject_matches_hostname": true, + "ocsp_response": null, + "ocsp_response_is_trusted": null, + "path_validation_results": [ + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Android", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/google_aosp.pem", + "version": "9.0.0_r9" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFkjCCBHqgAwIBAgIRALHXJ7uBk1/UAwAAAADLzqcwDQYJKoZIhvcNAQELBQAw\nQjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET\nMBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMTAzMTYxOTIwMjZaFw0yMTA2MDgxOTIw\nMjVaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw53\nd3cuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALQ4\nLSYFBvL/fAnDsiqfcdROHqUNLd77PPnOyhyHvT9krGQ3MBT2GseUVuI4v3MMLy7P\n0SyuRDSDrvtDbJ20ZF09FYuDHDpaHmFRnamuRhaUTX6zf54tl7DCUxekuAH7iYb0\n4pD3SmFYOXcsYMgguxr2DTO/nXW3Zmz2VQcW6pB3UKFdw1Y9IvqSSm/VqcBYtV6S\nbT4tJg2ermc1r1qisJjLgnBqQrpBJkm83TuIC+EMSKmMAP/b6HrHGPlxe0wl7TZ2\nQa/Bc+EDnbgAYHjvB+6KX/jVY4BPpfJ960p3xzod2xw4J2xc98IccO/XFl3qniDx\nDcYk9SmU6lPOHyPtc4kCAwEAAaOCAlswggJXMA4GA1UdDwEB/wQEAwIFoDATBgNV\nHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR0MpRUowWP\n7v+dSLdD1LEi6cPeLjAfBgNVHSMEGDAWgBSY0fhuEOvPm+xgnxiQG6DrfQn9KzBo\nBggrBgEFBQcBAQRcMFowKwYIKwYBBQUHMAGGH2h0dHA6Ly9vY3NwLnBraS5nb29n\nL2d0czFvMWNvcmUwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dU\nUzFPMS5jcnQwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20wIQYDVR0gBBowGDAI\nBgZngQwBAgIwDAYKKwYBBAHWeQIFAzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8v\nY3JsLnBraS5nb29nL0dUUzFPMWNvcmUuY3JsMIIBAwYKKwYBBAHWeQIEAgSB9ASB\n8QDvAHUA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF4PLJnVQAA\nBAMARjBEAiBV0AWuWc6gy2CSqtFmqvaKrADArI6TWOHLvjr1kwrK7gIgLxuB9c9+\nDkieiHrfPgCTVgF1AUDemgBAG6GTz9gDCmgAdgDuwJXujXJkD5Ljw7kbxxKjaWoJ\ne0tqGhQ45keyy+3F+QAAAXg8smeiAAAEAwBHMEUCIEDCHQbJPEO7mSj7pUxOBEx4\nYkd6GAKmut0JhabLSs3hAiEAvNNOUyPpf3Dwd6fcuaC2mZA7cqLH/2RU/QTzkmUr\nrK0wDQYJKoZIhvcNAQELBQADggEBADGZxkglzZ3Kduip8nv2W44IC8FMB03Q1lHE\neKVIOOWDhVwEQxPmU7e2qdBdiyGy/Gm+KQCcoC8eUgfov0kblsNEkxEy2RnOa3DT\n56leVh9+0q4TPkmMjVxmz3/CqAhPhmgcmSWouByMEDUkNXXM2XzOHZoQqOS5w51m\nhwDRZr80i6tPjx+zTVnVFbL7PaxbAcSzjsIUi33Eza57rsqqspARFG6YxhWomG0W\n4T03LgGl33S5YlGT2FK7oxeUIrxnhQZU63Wn0eWZHj6PfQqU/kLHyIp5yvJa2oiF\nnQ4X96ceFSTaHhIPlmtDc0BcaRCvEop6UzueyVPHh6C6wlHIIR4=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "DtwVipEFEMMcZAta15+Wqa/fBNg=", + "fingerprint_sha256": "F2nvIPSDSa93rfIP9odFkcAfiLXXTFTxBxwk50JW0mE=", + "hpkp_pin": "N8+Qx+IH92mUlfDrQ/0LKz4tk40nz/cvAQ+XYgqzWPk=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "not_valid_after": "2021-06-08T19:20:25", + "not_valid_before": "2021-03-16T19:20:26", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 22750596490141449062602640106105248331938792123342843041216466815411798799856244075371356225188055550684026721306927957303351205503896496853693806495661270595938938923628801225176344785239939163370598393155517839739764242783816640894735065264042007317775894786276867959308478400528225498362036140144362393996494169909246575725387074014078544230311810771732692009351185620848804698411506521302274353077559136629290256177045586170665071483555308330748500068406493122124890771681507256205563993797807778832360554859247852667496418706334472010119803193560289765791530126490062308914318059743501052607242745204569432486793 + }, + "serial_number": 236390504948257760924864223694948126375, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Mountain View", + "value": "Mountain View" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google LLC", + "value": "Google LLC" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.google.com", + "value": "www.google.com" + } + ], + "rfc4514_string": "CN=www.google.com,O=Google LLC,L=Mountain View,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "www.google.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw\nHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs\nU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy\nMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg\nU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv\nUA0Qk28FgICfKqC9EksC4T2fWBYk/jCfC3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr\nmBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL+dEaltN11BmsK+eQmMF++Ac\nxGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmK\nFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7X\nrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV\nHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud\nEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G\nA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl\nBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp\nMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0g\nBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9y\nZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7H\nTgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN\nFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz\nmqepBCf5o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW\nIRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ\nUSpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3+IHDHnn/zapJf+jJ//j3uz4+cI=", + "fingerprint_sha256": "lcB041kCoUq9nRmvtuf4Dmaf+OI2MnBTnZY2E/BKqiE=", + "hpkp_pin": "YZPgTZ+woNCCCIW3LH2CxQeLzB/1m42QcCTBSdgayjs=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T00:00:42", + "not_valid_before": "2017-06-15T00:00:42", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 26269801531899897577901397628129768396310117154722111998302380600635413896531116363750045902786736302705131724095478519616606299023895145655746808892285752988930019974591973546931458114715554265078724718547960324541834616401014259212201521058332874204257425862103971348650680978888262959869761258115884544433253120380553333792186795670369626922403997399844281387984516714325891255733252935742350706385789521287375269196970094028922706633069471330695250381466716142933896182302890680432873976462431593315458003990118395901701394864226607634896601077267548878140687343418675545931561691994107018413405352266039281626119 + }, + "serial_number": 149699596615803609916394524856, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G\nA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp\nZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1\nMDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG\nA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL\nv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8\neoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq\ntTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd\nC9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa\nzq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB\nmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH\nV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n\nbG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG\n3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs\nJ0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO\n291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS\not+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\nAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7\nTBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "deCrthOFEiccBPhf3d445LckLv4=", + "fingerprint_sha256": "ykLdQXRf0LgeuQI2LPnYv3Gdob0bHvyUb1tMmfQsG54=", + "hpkp_pin": "iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T08:00:00", + "not_valid_before": "2006-12-15T08:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463 + }, + "serial_number": 4835703278459682885658125, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Apple", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/apple.pem", + "version": "iOS 14, iPadOS 14, macOS 11, watchOS 7, and tvOS 14" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFkjCCBHqgAwIBAgIRALHXJ7uBk1/UAwAAAADLzqcwDQYJKoZIhvcNAQELBQAw\nQjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET\nMBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMTAzMTYxOTIwMjZaFw0yMTA2MDgxOTIw\nMjVaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw53\nd3cuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALQ4\nLSYFBvL/fAnDsiqfcdROHqUNLd77PPnOyhyHvT9krGQ3MBT2GseUVuI4v3MMLy7P\n0SyuRDSDrvtDbJ20ZF09FYuDHDpaHmFRnamuRhaUTX6zf54tl7DCUxekuAH7iYb0\n4pD3SmFYOXcsYMgguxr2DTO/nXW3Zmz2VQcW6pB3UKFdw1Y9IvqSSm/VqcBYtV6S\nbT4tJg2ermc1r1qisJjLgnBqQrpBJkm83TuIC+EMSKmMAP/b6HrHGPlxe0wl7TZ2\nQa/Bc+EDnbgAYHjvB+6KX/jVY4BPpfJ960p3xzod2xw4J2xc98IccO/XFl3qniDx\nDcYk9SmU6lPOHyPtc4kCAwEAAaOCAlswggJXMA4GA1UdDwEB/wQEAwIFoDATBgNV\nHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR0MpRUowWP\n7v+dSLdD1LEi6cPeLjAfBgNVHSMEGDAWgBSY0fhuEOvPm+xgnxiQG6DrfQn9KzBo\nBggrBgEFBQcBAQRcMFowKwYIKwYBBQUHMAGGH2h0dHA6Ly9vY3NwLnBraS5nb29n\nL2d0czFvMWNvcmUwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dU\nUzFPMS5jcnQwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20wIQYDVR0gBBowGDAI\nBgZngQwBAgIwDAYKKwYBBAHWeQIFAzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8v\nY3JsLnBraS5nb29nL0dUUzFPMWNvcmUuY3JsMIIBAwYKKwYBBAHWeQIEAgSB9ASB\n8QDvAHUA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF4PLJnVQAA\nBAMARjBEAiBV0AWuWc6gy2CSqtFmqvaKrADArI6TWOHLvjr1kwrK7gIgLxuB9c9+\nDkieiHrfPgCTVgF1AUDemgBAG6GTz9gDCmgAdgDuwJXujXJkD5Ljw7kbxxKjaWoJ\ne0tqGhQ45keyy+3F+QAAAXg8smeiAAAEAwBHMEUCIEDCHQbJPEO7mSj7pUxOBEx4\nYkd6GAKmut0JhabLSs3hAiEAvNNOUyPpf3Dwd6fcuaC2mZA7cqLH/2RU/QTzkmUr\nrK0wDQYJKoZIhvcNAQELBQADggEBADGZxkglzZ3Kduip8nv2W44IC8FMB03Q1lHE\neKVIOOWDhVwEQxPmU7e2qdBdiyGy/Gm+KQCcoC8eUgfov0kblsNEkxEy2RnOa3DT\n56leVh9+0q4TPkmMjVxmz3/CqAhPhmgcmSWouByMEDUkNXXM2XzOHZoQqOS5w51m\nhwDRZr80i6tPjx+zTVnVFbL7PaxbAcSzjsIUi33Eza57rsqqspARFG6YxhWomG0W\n4T03LgGl33S5YlGT2FK7oxeUIrxnhQZU63Wn0eWZHj6PfQqU/kLHyIp5yvJa2oiF\nnQ4X96ceFSTaHhIPlmtDc0BcaRCvEop6UzueyVPHh6C6wlHIIR4=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "DtwVipEFEMMcZAta15+Wqa/fBNg=", + "fingerprint_sha256": "F2nvIPSDSa93rfIP9odFkcAfiLXXTFTxBxwk50JW0mE=", + "hpkp_pin": "N8+Qx+IH92mUlfDrQ/0LKz4tk40nz/cvAQ+XYgqzWPk=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "not_valid_after": "2021-06-08T19:20:25", + "not_valid_before": "2021-03-16T19:20:26", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 22750596490141449062602640106105248331938792123342843041216466815411798799856244075371356225188055550684026721306927957303351205503896496853693806495661270595938938923628801225176344785239939163370598393155517839739764242783816640894735065264042007317775894786276867959308478400528225498362036140144362393996494169909246575725387074014078544230311810771732692009351185620848804698411506521302274353077559136629290256177045586170665071483555308330748500068406493122124890771681507256205563993797807778832360554859247852667496418706334472010119803193560289765791530126490062308914318059743501052607242745204569432486793 + }, + "serial_number": 236390504948257760924864223694948126375, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Mountain View", + "value": "Mountain View" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google LLC", + "value": "Google LLC" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.google.com", + "value": "www.google.com" + } + ], + "rfc4514_string": "CN=www.google.com,O=Google LLC,L=Mountain View,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "www.google.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw\nHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs\nU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy\nMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg\nU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv\nUA0Qk28FgICfKqC9EksC4T2fWBYk/jCfC3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr\nmBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL+dEaltN11BmsK+eQmMF++Ac\nxGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmK\nFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7X\nrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV\nHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud\nEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G\nA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl\nBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp\nMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0g\nBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9y\nZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7H\nTgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN\nFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz\nmqepBCf5o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW\nIRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ\nUSpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3+IHDHnn/zapJf+jJ//j3uz4+cI=", + "fingerprint_sha256": "lcB041kCoUq9nRmvtuf4Dmaf+OI2MnBTnZY2E/BKqiE=", + "hpkp_pin": "YZPgTZ+woNCCCIW3LH2CxQeLzB/1m42QcCTBSdgayjs=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T00:00:42", + "not_valid_before": "2017-06-15T00:00:42", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 26269801531899897577901397628129768396310117154722111998302380600635413896531116363750045902786736302705131724095478519616606299023895145655746808892285752988930019974591973546931458114715554265078724718547960324541834616401014259212201521058332874204257425862103971348650680978888262959869761258115884544433253120380553333792186795670369626922403997399844281387984516714325891255733252935742350706385789521287375269196970094028922706633069471330695250381466716142933896182302890680432873976462431593315458003990118395901701394864226607634896601077267548878140687343418675545931561691994107018413405352266039281626119 + }, + "serial_number": 149699596615803609916394524856, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G\nA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp\nZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1\nMDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG\nA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL\nv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8\neoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq\ntTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd\nC9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa\nzq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB\nmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH\nV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n\nbG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG\n3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs\nJ0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO\n291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS\not+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\nAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7\nTBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "deCrthOFEiccBPhf3d445LckLv4=", + "fingerprint_sha256": "ykLdQXRf0LgeuQI2LPnYv3Gdob0bHvyUb1tMmfQsG54=", + "hpkp_pin": "iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T08:00:00", + "not_valid_before": "2006-12-15T08:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463 + }, + "serial_number": 4835703278459682885658125, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Java", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/oracle_java.pem", + "version": "jdk-13.0.2" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFkjCCBHqgAwIBAgIRALHXJ7uBk1/UAwAAAADLzqcwDQYJKoZIhvcNAQELBQAw\nQjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET\nMBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMTAzMTYxOTIwMjZaFw0yMTA2MDgxOTIw\nMjVaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw53\nd3cuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALQ4\nLSYFBvL/fAnDsiqfcdROHqUNLd77PPnOyhyHvT9krGQ3MBT2GseUVuI4v3MMLy7P\n0SyuRDSDrvtDbJ20ZF09FYuDHDpaHmFRnamuRhaUTX6zf54tl7DCUxekuAH7iYb0\n4pD3SmFYOXcsYMgguxr2DTO/nXW3Zmz2VQcW6pB3UKFdw1Y9IvqSSm/VqcBYtV6S\nbT4tJg2ermc1r1qisJjLgnBqQrpBJkm83TuIC+EMSKmMAP/b6HrHGPlxe0wl7TZ2\nQa/Bc+EDnbgAYHjvB+6KX/jVY4BPpfJ960p3xzod2xw4J2xc98IccO/XFl3qniDx\nDcYk9SmU6lPOHyPtc4kCAwEAAaOCAlswggJXMA4GA1UdDwEB/wQEAwIFoDATBgNV\nHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR0MpRUowWP\n7v+dSLdD1LEi6cPeLjAfBgNVHSMEGDAWgBSY0fhuEOvPm+xgnxiQG6DrfQn9KzBo\nBggrBgEFBQcBAQRcMFowKwYIKwYBBQUHMAGGH2h0dHA6Ly9vY3NwLnBraS5nb29n\nL2d0czFvMWNvcmUwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dU\nUzFPMS5jcnQwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20wIQYDVR0gBBowGDAI\nBgZngQwBAgIwDAYKKwYBBAHWeQIFAzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8v\nY3JsLnBraS5nb29nL0dUUzFPMWNvcmUuY3JsMIIBAwYKKwYBBAHWeQIEAgSB9ASB\n8QDvAHUA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF4PLJnVQAA\nBAMARjBEAiBV0AWuWc6gy2CSqtFmqvaKrADArI6TWOHLvjr1kwrK7gIgLxuB9c9+\nDkieiHrfPgCTVgF1AUDemgBAG6GTz9gDCmgAdgDuwJXujXJkD5Ljw7kbxxKjaWoJ\ne0tqGhQ45keyy+3F+QAAAXg8smeiAAAEAwBHMEUCIEDCHQbJPEO7mSj7pUxOBEx4\nYkd6GAKmut0JhabLSs3hAiEAvNNOUyPpf3Dwd6fcuaC2mZA7cqLH/2RU/QTzkmUr\nrK0wDQYJKoZIhvcNAQELBQADggEBADGZxkglzZ3Kduip8nv2W44IC8FMB03Q1lHE\neKVIOOWDhVwEQxPmU7e2qdBdiyGy/Gm+KQCcoC8eUgfov0kblsNEkxEy2RnOa3DT\n56leVh9+0q4TPkmMjVxmz3/CqAhPhmgcmSWouByMEDUkNXXM2XzOHZoQqOS5w51m\nhwDRZr80i6tPjx+zTVnVFbL7PaxbAcSzjsIUi33Eza57rsqqspARFG6YxhWomG0W\n4T03LgGl33S5YlGT2FK7oxeUIrxnhQZU63Wn0eWZHj6PfQqU/kLHyIp5yvJa2oiF\nnQ4X96ceFSTaHhIPlmtDc0BcaRCvEop6UzueyVPHh6C6wlHIIR4=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "DtwVipEFEMMcZAta15+Wqa/fBNg=", + "fingerprint_sha256": "F2nvIPSDSa93rfIP9odFkcAfiLXXTFTxBxwk50JW0mE=", + "hpkp_pin": "N8+Qx+IH92mUlfDrQ/0LKz4tk40nz/cvAQ+XYgqzWPk=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "not_valid_after": "2021-06-08T19:20:25", + "not_valid_before": "2021-03-16T19:20:26", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 22750596490141449062602640106105248331938792123342843041216466815411798799856244075371356225188055550684026721306927957303351205503896496853693806495661270595938938923628801225176344785239939163370598393155517839739764242783816640894735065264042007317775894786276867959308478400528225498362036140144362393996494169909246575725387074014078544230311810771732692009351185620848804698411506521302274353077559136629290256177045586170665071483555308330748500068406493122124890771681507256205563993797807778832360554859247852667496418706334472010119803193560289765791530126490062308914318059743501052607242745204569432486793 + }, + "serial_number": 236390504948257760924864223694948126375, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Mountain View", + "value": "Mountain View" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google LLC", + "value": "Google LLC" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.google.com", + "value": "www.google.com" + } + ], + "rfc4514_string": "CN=www.google.com,O=Google LLC,L=Mountain View,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "www.google.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw\nHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs\nU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy\nMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg\nU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv\nUA0Qk28FgICfKqC9EksC4T2fWBYk/jCfC3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr\nmBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL+dEaltN11BmsK+eQmMF++Ac\nxGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmK\nFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7X\nrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV\nHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud\nEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G\nA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl\nBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp\nMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0g\nBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9y\nZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7H\nTgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN\nFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz\nmqepBCf5o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW\nIRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ\nUSpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3+IHDHnn/zapJf+jJ//j3uz4+cI=", + "fingerprint_sha256": "lcB041kCoUq9nRmvtuf4Dmaf+OI2MnBTnZY2E/BKqiE=", + "hpkp_pin": "YZPgTZ+woNCCCIW3LH2CxQeLzB/1m42QcCTBSdgayjs=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T00:00:42", + "not_valid_before": "2017-06-15T00:00:42", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 26269801531899897577901397628129768396310117154722111998302380600635413896531116363750045902786736302705131724095478519616606299023895145655746808892285752988930019974591973546931458114715554265078724718547960324541834616401014259212201521058332874204257425862103971348650680978888262959869761258115884544433253120380553333792186795670369626922403997399844281387984516714325891255733252935742350706385789521287375269196970094028922706633069471330695250381466716142933896182302890680432873976462431593315458003990118395901701394864226607634896601077267548878140687343418675545931561691994107018413405352266039281626119 + }, + "serial_number": 149699596615803609916394524856, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G\nA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp\nZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1\nMDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG\nA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL\nv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8\neoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq\ntTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd\nC9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa\nzq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB\nmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH\nV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n\nbG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG\n3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs\nJ0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO\n291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS\not+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\nAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7\nTBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "deCrthOFEiccBPhf3d445LckLv4=", + "fingerprint_sha256": "ykLdQXRf0LgeuQI2LPnYv3Gdob0bHvyUb1tMmfQsG54=", + "hpkp_pin": "iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T08:00:00", + "not_valid_before": "2006-12-15T08:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463 + }, + "serial_number": 4835703278459682885658125, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": [ + { + "dotted_string": "1.2.276.0.44.1.1.1.4", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.392.200091.100.721.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.40.0.17.1.22", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.616.1.113527.2.5.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.159.1.17.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.13177.10.1.3.10", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14370.1.6", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14777.6.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14777.6.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.14.2.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.14.2.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.8.12.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.8.12.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.22234.2.5.2.3.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.23223.1.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.29836.1.10", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.3", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.4", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.36305.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.40869.1.1.22.3", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.4146.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.4788.2.202.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.6334.1.100.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.6449.1.2.1.5.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.782.1.2.1.8.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.7879.13.24.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.8024.0.2.100.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.156.112554.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.528.1.1003.1.2.7", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.578.1.26.1.3.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.756.1.83.21.0", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.756.1.89.1.2.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.792.3.0.3.1.1.5", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.792.3.0.4.1.1.4", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.113733.1.7.23.6", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.113733.1.7.48.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114028.10.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114171.500.9", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114404.1.1.2.4.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114412.2.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114413.1.7.23.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114414.1.7.23.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114414.1.7.24.3", + "name": "Unknown OID" + } + ], + "name": "Mozilla", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/mozilla_nss.pem", + "version": "2021-03-28" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFkjCCBHqgAwIBAgIRALHXJ7uBk1/UAwAAAADLzqcwDQYJKoZIhvcNAQELBQAw\nQjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET\nMBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMTAzMTYxOTIwMjZaFw0yMTA2MDgxOTIw\nMjVaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw53\nd3cuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALQ4\nLSYFBvL/fAnDsiqfcdROHqUNLd77PPnOyhyHvT9krGQ3MBT2GseUVuI4v3MMLy7P\n0SyuRDSDrvtDbJ20ZF09FYuDHDpaHmFRnamuRhaUTX6zf54tl7DCUxekuAH7iYb0\n4pD3SmFYOXcsYMgguxr2DTO/nXW3Zmz2VQcW6pB3UKFdw1Y9IvqSSm/VqcBYtV6S\nbT4tJg2ermc1r1qisJjLgnBqQrpBJkm83TuIC+EMSKmMAP/b6HrHGPlxe0wl7TZ2\nQa/Bc+EDnbgAYHjvB+6KX/jVY4BPpfJ960p3xzod2xw4J2xc98IccO/XFl3qniDx\nDcYk9SmU6lPOHyPtc4kCAwEAAaOCAlswggJXMA4GA1UdDwEB/wQEAwIFoDATBgNV\nHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR0MpRUowWP\n7v+dSLdD1LEi6cPeLjAfBgNVHSMEGDAWgBSY0fhuEOvPm+xgnxiQG6DrfQn9KzBo\nBggrBgEFBQcBAQRcMFowKwYIKwYBBQUHMAGGH2h0dHA6Ly9vY3NwLnBraS5nb29n\nL2d0czFvMWNvcmUwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dU\nUzFPMS5jcnQwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20wIQYDVR0gBBowGDAI\nBgZngQwBAgIwDAYKKwYBBAHWeQIFAzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8v\nY3JsLnBraS5nb29nL0dUUzFPMWNvcmUuY3JsMIIBAwYKKwYBBAHWeQIEAgSB9ASB\n8QDvAHUA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF4PLJnVQAA\nBAMARjBEAiBV0AWuWc6gy2CSqtFmqvaKrADArI6TWOHLvjr1kwrK7gIgLxuB9c9+\nDkieiHrfPgCTVgF1AUDemgBAG6GTz9gDCmgAdgDuwJXujXJkD5Ljw7kbxxKjaWoJ\ne0tqGhQ45keyy+3F+QAAAXg8smeiAAAEAwBHMEUCIEDCHQbJPEO7mSj7pUxOBEx4\nYkd6GAKmut0JhabLSs3hAiEAvNNOUyPpf3Dwd6fcuaC2mZA7cqLH/2RU/QTzkmUr\nrK0wDQYJKoZIhvcNAQELBQADggEBADGZxkglzZ3Kduip8nv2W44IC8FMB03Q1lHE\neKVIOOWDhVwEQxPmU7e2qdBdiyGy/Gm+KQCcoC8eUgfov0kblsNEkxEy2RnOa3DT\n56leVh9+0q4TPkmMjVxmz3/CqAhPhmgcmSWouByMEDUkNXXM2XzOHZoQqOS5w51m\nhwDRZr80i6tPjx+zTVnVFbL7PaxbAcSzjsIUi33Eza57rsqqspARFG6YxhWomG0W\n4T03LgGl33S5YlGT2FK7oxeUIrxnhQZU63Wn0eWZHj6PfQqU/kLHyIp5yvJa2oiF\nnQ4X96ceFSTaHhIPlmtDc0BcaRCvEop6UzueyVPHh6C6wlHIIR4=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "DtwVipEFEMMcZAta15+Wqa/fBNg=", + "fingerprint_sha256": "F2nvIPSDSa93rfIP9odFkcAfiLXXTFTxBxwk50JW0mE=", + "hpkp_pin": "N8+Qx+IH92mUlfDrQ/0LKz4tk40nz/cvAQ+XYgqzWPk=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "not_valid_after": "2021-06-08T19:20:25", + "not_valid_before": "2021-03-16T19:20:26", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 22750596490141449062602640106105248331938792123342843041216466815411798799856244075371356225188055550684026721306927957303351205503896496853693806495661270595938938923628801225176344785239939163370598393155517839739764242783816640894735065264042007317775894786276867959308478400528225498362036140144362393996494169909246575725387074014078544230311810771732692009351185620848804698411506521302274353077559136629290256177045586170665071483555308330748500068406493122124890771681507256205563993797807778832360554859247852667496418706334472010119803193560289765791530126490062308914318059743501052607242745204569432486793 + }, + "serial_number": 236390504948257760924864223694948126375, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Mountain View", + "value": "Mountain View" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google LLC", + "value": "Google LLC" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.google.com", + "value": "www.google.com" + } + ], + "rfc4514_string": "CN=www.google.com,O=Google LLC,L=Mountain View,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "www.google.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw\nHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs\nU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy\nMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg\nU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv\nUA0Qk28FgICfKqC9EksC4T2fWBYk/jCfC3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr\nmBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL+dEaltN11BmsK+eQmMF++Ac\nxGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmK\nFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7X\nrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV\nHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud\nEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G\nA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl\nBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp\nMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0g\nBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9y\nZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7H\nTgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN\nFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz\nmqepBCf5o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW\nIRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ\nUSpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3+IHDHnn/zapJf+jJ//j3uz4+cI=", + "fingerprint_sha256": "lcB041kCoUq9nRmvtuf4Dmaf+OI2MnBTnZY2E/BKqiE=", + "hpkp_pin": "YZPgTZ+woNCCCIW3LH2CxQeLzB/1m42QcCTBSdgayjs=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T00:00:42", + "not_valid_before": "2017-06-15T00:00:42", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 26269801531899897577901397628129768396310117154722111998302380600635413896531116363750045902786736302705131724095478519616606299023895145655746808892285752988930019974591973546931458114715554265078724718547960324541834616401014259212201521058332874204257425862103971348650680978888262959869761258115884544433253120380553333792186795670369626922403997399844281387984516714325891255733252935742350706385789521287375269196970094028922706633069471330695250381466716142933896182302890680432873976462431593315458003990118395901701394864226607634896601077267548878140687343418675545931561691994107018413405352266039281626119 + }, + "serial_number": 149699596615803609916394524856, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G\nA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp\nZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1\nMDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG\nA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL\nv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8\neoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq\ntTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd\nC9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa\nzq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB\nmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH\nV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n\nbG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG\n3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs\nJ0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO\n291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS\not+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\nAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7\nTBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "deCrthOFEiccBPhf3d445LckLv4=", + "fingerprint_sha256": "ykLdQXRf0LgeuQI2LPnYv3Gdob0bHvyUb1tMmfQsG54=", + "hpkp_pin": "iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T08:00:00", + "not_valid_before": "2006-12-15T08:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463 + }, + "serial_number": 4835703278459682885658125, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Windows", + "path": "/mnt/c/Users/nabla/Documents/Github/sslyze/sslyze/plugins/certificate_info/trust_stores/pem_files/microsoft_windows.pem", + "version": "2021-03-28" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFkjCCBHqgAwIBAgIRALHXJ7uBk1/UAwAAAADLzqcwDQYJKoZIhvcNAQELBQAw\nQjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET\nMBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMTAzMTYxOTIwMjZaFw0yMTA2MDgxOTIw\nMjVaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw53\nd3cuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALQ4\nLSYFBvL/fAnDsiqfcdROHqUNLd77PPnOyhyHvT9krGQ3MBT2GseUVuI4v3MMLy7P\n0SyuRDSDrvtDbJ20ZF09FYuDHDpaHmFRnamuRhaUTX6zf54tl7DCUxekuAH7iYb0\n4pD3SmFYOXcsYMgguxr2DTO/nXW3Zmz2VQcW6pB3UKFdw1Y9IvqSSm/VqcBYtV6S\nbT4tJg2ermc1r1qisJjLgnBqQrpBJkm83TuIC+EMSKmMAP/b6HrHGPlxe0wl7TZ2\nQa/Bc+EDnbgAYHjvB+6KX/jVY4BPpfJ960p3xzod2xw4J2xc98IccO/XFl3qniDx\nDcYk9SmU6lPOHyPtc4kCAwEAAaOCAlswggJXMA4GA1UdDwEB/wQEAwIFoDATBgNV\nHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR0MpRUowWP\n7v+dSLdD1LEi6cPeLjAfBgNVHSMEGDAWgBSY0fhuEOvPm+xgnxiQG6DrfQn9KzBo\nBggrBgEFBQcBAQRcMFowKwYIKwYBBQUHMAGGH2h0dHA6Ly9vY3NwLnBraS5nb29n\nL2d0czFvMWNvcmUwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dU\nUzFPMS5jcnQwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20wIQYDVR0gBBowGDAI\nBgZngQwBAgIwDAYKKwYBBAHWeQIFAzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8v\nY3JsLnBraS5nb29nL0dUUzFPMWNvcmUuY3JsMIIBAwYKKwYBBAHWeQIEAgSB9ASB\n8QDvAHUA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF4PLJnVQAA\nBAMARjBEAiBV0AWuWc6gy2CSqtFmqvaKrADArI6TWOHLvjr1kwrK7gIgLxuB9c9+\nDkieiHrfPgCTVgF1AUDemgBAG6GTz9gDCmgAdgDuwJXujXJkD5Ljw7kbxxKjaWoJ\ne0tqGhQ45keyy+3F+QAAAXg8smeiAAAEAwBHMEUCIEDCHQbJPEO7mSj7pUxOBEx4\nYkd6GAKmut0JhabLSs3hAiEAvNNOUyPpf3Dwd6fcuaC2mZA7cqLH/2RU/QTzkmUr\nrK0wDQYJKoZIhvcNAQELBQADggEBADGZxkglzZ3Kduip8nv2W44IC8FMB03Q1lHE\neKVIOOWDhVwEQxPmU7e2qdBdiyGy/Gm+KQCcoC8eUgfov0kblsNEkxEy2RnOa3DT\n56leVh9+0q4TPkmMjVxmz3/CqAhPhmgcmSWouByMEDUkNXXM2XzOHZoQqOS5w51m\nhwDRZr80i6tPjx+zTVnVFbL7PaxbAcSzjsIUi33Eza57rsqqspARFG6YxhWomG0W\n4T03LgGl33S5YlGT2FK7oxeUIrxnhQZU63Wn0eWZHj6PfQqU/kLHyIp5yvJa2oiF\nnQ4X96ceFSTaHhIPlmtDc0BcaRCvEop6UzueyVPHh6C6wlHIIR4=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "DtwVipEFEMMcZAta15+Wqa/fBNg=", + "fingerprint_sha256": "F2nvIPSDSa93rfIP9odFkcAfiLXXTFTxBxwk50JW0mE=", + "hpkp_pin": "N8+Qx+IH92mUlfDrQ/0LKz4tk40nz/cvAQ+XYgqzWPk=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "not_valid_after": "2021-06-08T19:20:25", + "not_valid_before": "2021-03-16T19:20:26", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 22750596490141449062602640106105248331938792123342843041216466815411798799856244075371356225188055550684026721306927957303351205503896496853693806495661270595938938923628801225176344785239939163370598393155517839739764242783816640894735065264042007317775894786276867959308478400528225498362036140144362393996494169909246575725387074014078544230311810771732692009351185620848804698411506521302274353077559136629290256177045586170665071483555308330748500068406493122124890771681507256205563993797807778832360554859247852667496418706334472010119803193560289765791530126490062308914318059743501052607242745204569432486793 + }, + "serial_number": 236390504948257760924864223694948126375, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Mountain View", + "value": "Mountain View" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google LLC", + "value": "Google LLC" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.google.com", + "value": "www.google.com" + } + ], + "rfc4514_string": "CN=www.google.com,O=Google LLC,L=Mountain View,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "www.google.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw\nHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs\nU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy\nMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg\nU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv\nUA0Qk28FgICfKqC9EksC4T2fWBYk/jCfC3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr\nmBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL+dEaltN11BmsK+eQmMF++Ac\nxGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmK\nFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7X\nrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV\nHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud\nEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G\nA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl\nBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp\nMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0g\nBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9y\nZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7H\nTgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN\nFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz\nmqepBCf5o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW\nIRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ\nUSpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3+IHDHnn/zapJf+jJ//j3uz4+cI=", + "fingerprint_sha256": "lcB041kCoUq9nRmvtuf4Dmaf+OI2MnBTnZY2E/BKqiE=", + "hpkp_pin": "YZPgTZ+woNCCCIW3LH2CxQeLzB/1m42QcCTBSdgayjs=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T00:00:42", + "not_valid_before": "2017-06-15T00:00:42", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 26269801531899897577901397628129768396310117154722111998302380600635413896531116363750045902786736302705131724095478519616606299023895145655746808892285752988930019974591973546931458114715554265078724718547960324541834616401014259212201521058332874204257425862103971348650680978888262959869761258115884544433253120380553333792186795670369626922403997399844281387984516714325891255733252935742350706385789521287375269196970094028922706633069471330695250381466716142933896182302890680432873976462431593315458003990118395901701394864226607634896601077267548878140687343418675545931561691994107018413405352266039281626119 + }, + "serial_number": 149699596615803609916394524856, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G\nA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp\nZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1\nMDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG\nA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL\nv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8\neoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq\ntTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd\nC9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa\nzq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB\nmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH\nV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n\nbG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG\n3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs\nJ0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO\n291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS\not+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\nAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7\nTBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "deCrthOFEiccBPhf3d445LckLv4=", + "fingerprint_sha256": "ykLdQXRf0LgeuQI2LPnYv3Gdob0bHvyUb1tMmfQsG54=", + "hpkp_pin": "iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T08:00:00", + "not_valid_before": "2006-12-15T08:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463 + }, + "serial_number": 4835703278459682885658125, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + } + ], + "received_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFkjCCBHqgAwIBAgIRALHXJ7uBk1/UAwAAAADLzqcwDQYJKoZIhvcNAQELBQAw\nQjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET\nMBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMTAzMTYxOTIwMjZaFw0yMTA2MDgxOTIw\nMjVaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw53\nd3cuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALQ4\nLSYFBvL/fAnDsiqfcdROHqUNLd77PPnOyhyHvT9krGQ3MBT2GseUVuI4v3MMLy7P\n0SyuRDSDrvtDbJ20ZF09FYuDHDpaHmFRnamuRhaUTX6zf54tl7DCUxekuAH7iYb0\n4pD3SmFYOXcsYMgguxr2DTO/nXW3Zmz2VQcW6pB3UKFdw1Y9IvqSSm/VqcBYtV6S\nbT4tJg2ermc1r1qisJjLgnBqQrpBJkm83TuIC+EMSKmMAP/b6HrHGPlxe0wl7TZ2\nQa/Bc+EDnbgAYHjvB+6KX/jVY4BPpfJ960p3xzod2xw4J2xc98IccO/XFl3qniDx\nDcYk9SmU6lPOHyPtc4kCAwEAAaOCAlswggJXMA4GA1UdDwEB/wQEAwIFoDATBgNV\nHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR0MpRUowWP\n7v+dSLdD1LEi6cPeLjAfBgNVHSMEGDAWgBSY0fhuEOvPm+xgnxiQG6DrfQn9KzBo\nBggrBgEFBQcBAQRcMFowKwYIKwYBBQUHMAGGH2h0dHA6Ly9vY3NwLnBraS5nb29n\nL2d0czFvMWNvcmUwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dU\nUzFPMS5jcnQwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20wIQYDVR0gBBowGDAI\nBgZngQwBAgIwDAYKKwYBBAHWeQIFAzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8v\nY3JsLnBraS5nb29nL0dUUzFPMWNvcmUuY3JsMIIBAwYKKwYBBAHWeQIEAgSB9ASB\n8QDvAHUA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF4PLJnVQAA\nBAMARjBEAiBV0AWuWc6gy2CSqtFmqvaKrADArI6TWOHLvjr1kwrK7gIgLxuB9c9+\nDkieiHrfPgCTVgF1AUDemgBAG6GTz9gDCmgAdgDuwJXujXJkD5Ljw7kbxxKjaWoJ\ne0tqGhQ45keyy+3F+QAAAXg8smeiAAAEAwBHMEUCIEDCHQbJPEO7mSj7pUxOBEx4\nYkd6GAKmut0JhabLSs3hAiEAvNNOUyPpf3Dwd6fcuaC2mZA7cqLH/2RU/QTzkmUr\nrK0wDQYJKoZIhvcNAQELBQADggEBADGZxkglzZ3Kduip8nv2W44IC8FMB03Q1lHE\neKVIOOWDhVwEQxPmU7e2qdBdiyGy/Gm+KQCcoC8eUgfov0kblsNEkxEy2RnOa3DT\n56leVh9+0q4TPkmMjVxmz3/CqAhPhmgcmSWouByMEDUkNXXM2XzOHZoQqOS5w51m\nhwDRZr80i6tPjx+zTVnVFbL7PaxbAcSzjsIUi33Eza57rsqqspARFG6YxhWomG0W\n4T03LgGl33S5YlGT2FK7oxeUIrxnhQZU63Wn0eWZHj6PfQqU/kLHyIp5yvJa2oiF\nnQ4X96ceFSTaHhIPlmtDc0BcaRCvEop6UzueyVPHh6C6wlHIIR4=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "DtwVipEFEMMcZAta15+Wqa/fBNg=", + "fingerprint_sha256": "F2nvIPSDSa93rfIP9odFkcAfiLXXTFTxBxwk50JW0mE=", + "hpkp_pin": "N8+Qx+IH92mUlfDrQ/0LKz4tk40nz/cvAQ+XYgqzWPk=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "not_valid_after": "2021-06-08T19:20:25", + "not_valid_before": "2021-03-16T19:20:26", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 22750596490141449062602640106105248331938792123342843041216466815411798799856244075371356225188055550684026721306927957303351205503896496853693806495661270595938938923628801225176344785239939163370598393155517839739764242783816640894735065264042007317775894786276867959308478400528225498362036140144362393996494169909246575725387074014078544230311810771732692009351185620848804698411506521302274353077559136629290256177045586170665071483555308330748500068406493122124890771681507256205563993797807778832360554859247852667496418706334472010119803193560289765791530126490062308914318059743501052607242745204569432486793 + }, + "serial_number": 236390504948257760924864223694948126375, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Mountain View", + "value": "Mountain View" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google LLC", + "value": "Google LLC" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.google.com", + "value": "www.google.com" + } + ], + "rfc4514_string": "CN=www.google.com,O=Google LLC,L=Mountain View,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "www.google.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw\nHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs\nU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy\nMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg\nU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv\nUA0Qk28FgICfKqC9EksC4T2fWBYk/jCfC3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr\nmBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL+dEaltN11BmsK+eQmMF++Ac\nxGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmK\nFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7X\nrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV\nHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud\nEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G\nA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl\nBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp\nMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0g\nBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9y\nZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7H\nTgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN\nFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz\nmqepBCf5o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW\nIRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ\nUSpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3+IHDHnn/zapJf+jJ//j3uz4+cI=", + "fingerprint_sha256": "lcB041kCoUq9nRmvtuf4Dmaf+OI2MnBTnZY2E/BKqiE=", + "hpkp_pin": "YZPgTZ+woNCCCIW3LH2CxQeLzB/1m42QcCTBSdgayjs=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T00:00:42", + "not_valid_before": "2017-06-15T00:00:42", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 26269801531899897577901397628129768396310117154722111998302380600635413896531116363750045902786736302705131724095478519616606299023895145655746808892285752988930019974591973546931458114715554265078724718547960324541834616401014259212201521058332874204257425862103971348650680978888262959869761258115884544433253120380553333792186795670369626922403997399844281387984516714325891255733252935742350706385789521287375269196970094028922706633069471330695250381466716142933896182302890680432873976462431593315458003990118395901701394864226607634896601077267548878140687343418675545931561691994107018413405352266039281626119 + }, + "serial_number": 149699596615803609916394524856, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "received_chain_contains_anchor_certificate": false, + "received_chain_has_valid_order": true, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFkjCCBHqgAwIBAgIRALHXJ7uBk1/UAwAAAADLzqcwDQYJKoZIhvcNAQELBQAw\nQjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET\nMBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMTAzMTYxOTIwMjZaFw0yMTA2MDgxOTIw\nMjVaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw53\nd3cuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALQ4\nLSYFBvL/fAnDsiqfcdROHqUNLd77PPnOyhyHvT9krGQ3MBT2GseUVuI4v3MMLy7P\n0SyuRDSDrvtDbJ20ZF09FYuDHDpaHmFRnamuRhaUTX6zf54tl7DCUxekuAH7iYb0\n4pD3SmFYOXcsYMgguxr2DTO/nXW3Zmz2VQcW6pB3UKFdw1Y9IvqSSm/VqcBYtV6S\nbT4tJg2ermc1r1qisJjLgnBqQrpBJkm83TuIC+EMSKmMAP/b6HrHGPlxe0wl7TZ2\nQa/Bc+EDnbgAYHjvB+6KX/jVY4BPpfJ960p3xzod2xw4J2xc98IccO/XFl3qniDx\nDcYk9SmU6lPOHyPtc4kCAwEAAaOCAlswggJXMA4GA1UdDwEB/wQEAwIFoDATBgNV\nHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR0MpRUowWP\n7v+dSLdD1LEi6cPeLjAfBgNVHSMEGDAWgBSY0fhuEOvPm+xgnxiQG6DrfQn9KzBo\nBggrBgEFBQcBAQRcMFowKwYIKwYBBQUHMAGGH2h0dHA6Ly9vY3NwLnBraS5nb29n\nL2d0czFvMWNvcmUwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dU\nUzFPMS5jcnQwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20wIQYDVR0gBBowGDAI\nBgZngQwBAgIwDAYKKwYBBAHWeQIFAzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8v\nY3JsLnBraS5nb29nL0dUUzFPMWNvcmUuY3JsMIIBAwYKKwYBBAHWeQIEAgSB9ASB\n8QDvAHUA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF4PLJnVQAA\nBAMARjBEAiBV0AWuWc6gy2CSqtFmqvaKrADArI6TWOHLvjr1kwrK7gIgLxuB9c9+\nDkieiHrfPgCTVgF1AUDemgBAG6GTz9gDCmgAdgDuwJXujXJkD5Ljw7kbxxKjaWoJ\ne0tqGhQ45keyy+3F+QAAAXg8smeiAAAEAwBHMEUCIEDCHQbJPEO7mSj7pUxOBEx4\nYkd6GAKmut0JhabLSs3hAiEAvNNOUyPpf3Dwd6fcuaC2mZA7cqLH/2RU/QTzkmUr\nrK0wDQYJKoZIhvcNAQELBQADggEBADGZxkglzZ3Kduip8nv2W44IC8FMB03Q1lHE\neKVIOOWDhVwEQxPmU7e2qdBdiyGy/Gm+KQCcoC8eUgfov0kblsNEkxEy2RnOa3DT\n56leVh9+0q4TPkmMjVxmz3/CqAhPhmgcmSWouByMEDUkNXXM2XzOHZoQqOS5w51m\nhwDRZr80i6tPjx+zTVnVFbL7PaxbAcSzjsIUi33Eza57rsqqspARFG6YxhWomG0W\n4T03LgGl33S5YlGT2FK7oxeUIrxnhQZU63Wn0eWZHj6PfQqU/kLHyIp5yvJa2oiF\nnQ4X96ceFSTaHhIPlmtDc0BcaRCvEop6UzueyVPHh6C6wlHIIR4=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "DtwVipEFEMMcZAta15+Wqa/fBNg=", + "fingerprint_sha256": "F2nvIPSDSa93rfIP9odFkcAfiLXXTFTxBxwk50JW0mE=", + "hpkp_pin": "N8+Qx+IH92mUlfDrQ/0LKz4tk40nz/cvAQ+XYgqzWPk=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "not_valid_after": "2021-06-08T19:20:25", + "not_valid_before": "2021-03-16T19:20:26", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 22750596490141449062602640106105248331938792123342843041216466815411798799856244075371356225188055550684026721306927957303351205503896496853693806495661270595938938923628801225176344785239939163370598393155517839739764242783816640894735065264042007317775894786276867959308478400528225498362036140144362393996494169909246575725387074014078544230311810771732692009351185620848804698411506521302274353077559136629290256177045586170665071483555308330748500068406493122124890771681507256205563993797807778832360554859247852667496418706334472010119803193560289765791530126490062308914318059743501052607242745204569432486793 + }, + "serial_number": 236390504948257760924864223694948126375, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Mountain View", + "value": "Mountain View" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google LLC", + "value": "Google LLC" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.google.com", + "value": "www.google.com" + } + ], + "rfc4514_string": "CN=www.google.com,O=Google LLC,L=Mountain View,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "www.google.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw\nHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs\nU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy\nMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg\nU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv\nUA0Qk28FgICfKqC9EksC4T2fWBYk/jCfC3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr\nmBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL+dEaltN11BmsK+eQmMF++Ac\nxGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmK\nFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7X\nrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV\nHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud\nEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G\nA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl\nBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp\nMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0g\nBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9y\nZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7H\nTgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN\nFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz\nmqepBCf5o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW\nIRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ\nUSpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3+IHDHnn/zapJf+jJ//j3uz4+cI=", + "fingerprint_sha256": "lcB041kCoUq9nRmvtuf4Dmaf+OI2MnBTnZY2E/BKqiE=", + "hpkp_pin": "YZPgTZ+woNCCCIW3LH2CxQeLzB/1m42QcCTBSdgayjs=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T00:00:42", + "not_valid_before": "2017-06-15T00:00:42", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 26269801531899897577901397628129768396310117154722111998302380600635413896531116363750045902786736302705131724095478519616606299023895145655746808892285752988930019974591973546931458114715554265078724718547960324541834616401014259212201521058332874204257425862103971348650680978888262959869761258115884544433253120380553333792186795670369626922403997399844281387984516714325891255733252935742350706385789521287375269196970094028922706633069471330695250381466716142933896182302890680432873976462431593315458003990118395901701394864226607634896601077267548878140687343418675545931561691994107018413405352266039281626119 + }, + "serial_number": 149699596615803609916394524856, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Google Trust Services", + "value": "Google Trust Services" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GTS CA 1O1", + "value": "GTS CA 1O1" + } + ], + "rfc4514_string": "CN=GTS CA 1O1,O=Google Trust Services,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G\nA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp\nZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1\nMDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG\nA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL\nv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8\neoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq\ntTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd\nC9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa\nzq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB\nmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH\nV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n\nbG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG\n3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs\nJ0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO\n291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS\not+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\nAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7\nTBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "deCrthOFEiccBPhf3d445LckLv4=", + "fingerprint_sha256": "ykLdQXRf0LgeuQI2LPnYv3Gdob0bHvyUb1tMmfQsG54=", + "hpkp_pin": "iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "not_valid_after": "2021-12-15T08:00:00", + "not_valid_before": "2006-12-15T08:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463 + }, + "serial_number": 4835703278459682885658125, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=GlobalSign Root CA - R2", + "value": "GlobalSign Root CA - R2" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=GlobalSign", + "value": "GlobalSign" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=GlobalSign", + "value": "GlobalSign" + } + ], + "rfc4514_string": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "verified_chain_has_legacy_symantec_anchor": false, + "verified_chain_has_sha1_signature": false + } + ], + "hostname_used_for_server_name_indication": "www.google.com" + }, + "elliptic_curves": { + "rejected_curves": [ + { + "name": "X448", + "openssl_nid": 1035 + }, + { + "name": "prime192v1", + "openssl_nid": 409 + }, + { + "name": "secp160k1", + "openssl_nid": 708 + }, + { + "name": "secp160r1", + "openssl_nid": 709 + }, + { + "name": "secp160r2", + "openssl_nid": 710 + }, + { + "name": "secp192k1", + "openssl_nid": 711 + }, + { + "name": "secp224k1", + "openssl_nid": 712 + }, + { + "name": "secp224r1", + "openssl_nid": 713 + }, + { + "name": "secp256k1", + "openssl_nid": 714 + }, + { + "name": "secp384r1", + "openssl_nid": 715 + }, + { + "name": "secp521r1", + "openssl_nid": 716 + }, + { + "name": "sect163k1", + "openssl_nid": 721 + }, + { + "name": "sect163r1", + "openssl_nid": 722 + }, + { + "name": "sect163r2", + "openssl_nid": 723 + }, + { + "name": "sect193r1", + "openssl_nid": 724 + }, + { + "name": "sect193r2", + "openssl_nid": 725 + }, + { + "name": "sect233k1", + "openssl_nid": 726 + }, + { + "name": "sect233r1", + "openssl_nid": 727 + }, + { + "name": "sect239k1", + "openssl_nid": 728 + }, + { + "name": "sect283k1", + "openssl_nid": 729 + }, + { + "name": "sect283r1", + "openssl_nid": 730 + }, + { + "name": "sect409k1", + "openssl_nid": 731 + }, + { + "name": "sect409r1", + "openssl_nid": 732 + }, + { + "name": "sect571k1", + "openssl_nid": 733 + }, + { + "name": "sect571r1", + "openssl_nid": 734 + } + ], + "supported_curves": [ + { + "name": "X25519", + "openssl_nid": 1034 + }, + { + "name": "prime256v1", + "openssl_nid": 415 + } + ], + "supports_ecdh_key_exchange": true + }, + "heartbleed": { + "is_vulnerable_to_heartbleed": false + }, + "http_headers": null, + "openssl_ccs_injection": { + "is_vulnerable_to_ccs_injection": false + }, + "robot": { + "robot_result": "NOT_VULNERABLE_NO_ORACLE" + }, + "session_renegotiation": { + "is_vulnerable_to_client_renegotiation_dos": false, + "supports_secure_renegotiation": true + }, + "session_resumption": { + "session_id_attempted_resumptions_count": 5, + "session_id_resumption_result": "FULLY_SUPPORTED", + "session_id_successful_resumptions_count": 5, + "tls_ticket_attempted_resumptions_count": 5, + "tls_ticket_resumption_result": "FULLY_SUPPORTED", + "tls_ticket_successful_resumptions_count": 5 + }, + "ssl_2_0_cipher_suites": { + "accepted_cipher_suites": [], + "is_tls_protocol_version_supported": false, + "rejected_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_RC4_128_WITH_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "SSL_CK_RC4_128_EXPORT40_WITH_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_RC2_128_CBC_WITH_MD5", + "openssl_name": "RC2-CBC-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_IDEA_128_CBC_WITH_MD5", + "openssl_name": "IDEA-CBC-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "SSL_CK_DES_64_CBC_WITH_MD5", + "openssl_name": "DES-CBC-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "SSL_CK_DES_192_EDE3_CBC_WITH_MD5", + "openssl_name": "DES-CBC3-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + } + ], + "tls_version_used": 1 + }, + "ssl_3_0_cipher_suites": { + "accepted_cipher_suites": [], + "is_tls_protocol_version_supported": false, + "rejected_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + } + ], + "tls_version_used": 2 + }, + "tls_1_0_cipher_suites": { + "accepted_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BJeTrWmBRehke75QBv/KZa8DYNrWrgYJJtVUzQ2PzpcfV9WBDqIK9GbZnQ5rcIfS4UbrqkNj+TKh2lh9e83VNmY=", + "size": 256, + "type_name": "ECDH", + "x": "l5OtaYFF6GR7vlAG/8plrwNg2tauBgkm1VTNDY/Olx8=", + "y": "V9WBDqIK9GbZnQ5rcIfS4UbrqkNj+TKh2lh9e83VNmY=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BDMicLPkuc+qqihA9SqO6jfkbY/eFHlt1lq7d6NPtPVo6gl8DBEbj1ln4a5EItftUPIjZFeStPU/tDFEyxOKey4=", + "size": 256, + "type_name": "ECDH", + "x": "MyJws+S5z6qqKED1Ko7qN+Rtj94UeW3WWrt3o0+09Wg=", + "y": "6gl8DBEbj1ln4a5EItftUPIjZFeStPU/tDFEyxOKey4=" + } + } + ], + "is_tls_protocol_version_supported": true, + "rejected_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": 3 + }, + "tls_1_1_cipher_suites": { + "accepted_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BCxbaPSeEScRcIFTDAX3r2oA1YH2+s7ROm5DIgFkr8gHx9xEehQ2q4aweN3cHQnIYdOWVx1+goSV6GhvB2a2mRY=", + "size": 256, + "type_name": "ECDH", + "x": "LFto9J4RJxFwgVMMBfevagDVgfb6ztE6bkMiAWSvyAc=", + "y": "x9xEehQ2q4aweN3cHQnIYdOWVx1+goSV6GhvB2a2mRY=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BFbGiAhZY4v2faSZlqT1CFBlSuK9sE0xGm7xG1vCoTrKu+cbMTGSnwTWjj/ohJMk4K0WodeRE+Oc0aRZ1emTEMU=", + "size": 256, + "type_name": "ECDH", + "x": "VsaICFlji/Z9pJmWpPUIUGVK4r2wTTEabvEbW8KhOso=", + "y": "u+cbMTGSnwTWjj/ohJMk4K0WodeRE+Oc0aRZ1emTEMU=" + } + } + ], + "is_tls_protocol_version_supported": true, + "rejected_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": 4 + }, + "tls_1_2_cipher_suites": { + "accepted_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "AES256-GCM-SHA384" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "AES128-GCM-SHA256" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "ECDHE-RSA-CHACHA20-POLY1305" + }, + "ephemeral_key": { + "curve_name": "X25519", + "generator": null, + "prime": null, + "public_bytes": "BtlzMN6Qj1LPYPqwxZ5BuQ0oxu3Dz+Mh3KzTG8orO0E=", + "size": 253, + "type_name": "ECDH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDHE-RSA-AES256-GCM-SHA384" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BGyd766OzWzCQfMZte741jlMsKqieFqU2ZvBb5jmexV5uBid3KLx1So8sdNMmaoBIDsSQ9w3mGGXE/IvQcSCB2E=", + "size": 256, + "type_name": "ECDH", + "x": "bJ3vro7NbMJB8xm17vjWOUywqqJ4WpTZm8FvmOZ7FXk=", + "y": "uBid3KLx1So8sdNMmaoBIDsSQ9w3mGGXE/IvQcSCB2E=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BPTDrDEzf4q43nGYYbQcgDowJyPhGoggAgLp0yGJsyAp8xX26b/kZAqpUKydVlI9HOeSY/PbbAGqLDtr7zVCUiU=", + "size": 256, + "type_name": "ECDH", + "x": "9MOsMTN/irjecZhhtByAOjAnI+EaiCACAunTIYmzICk=", + "y": "8xX26b/kZAqpUKydVlI9HOeSY/PbbAGqLDtr7zVCUiU=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDHE-RSA-AES128-GCM-SHA256" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BEguIyhDP4ogqx2J5+HEGOhxiXxPj+W05DIjOFviNlxPNBlOihdAZr2GLsK1z5HVBDZP5/D/NJWp6V9G6eef5VQ=", + "size": 256, + "type_name": "ECDH", + "x": "SC4jKEM/iiCrHYnn4cQY6HGJfE+P5bTkMiM4W+I2XE8=", + "y": "NBlOihdAZr2GLsK1z5HVBDZP5/D/NJWp6V9G6eef5VQ=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BOqC+xoXBp4dYl0MbbrF7sy+C8S5VisWMnExWrkimAayR8+jS2TBGOMTvYFkeQz4cILh0mGbbIB2naIiKiAi5kg=", + "size": 256, + "type_name": "ECDH", + "x": "6oL7GhcGnh1iXQxtusXuzL4LxLlWKxYycTFauSKYBrI=", + "y": "R8+jS2TBGOMTvYFkeQz4cILh0mGbbIB2naIiKiAi5kg=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "ECDHE-ECDSA-CHACHA20-POLY1305" + }, + "ephemeral_key": { + "curve_name": "X25519", + "generator": null, + "prime": null, + "public_bytes": "daj9z4qRdMX/NpBs6N1bBilZQSzJHmyAG4ZxJ8YhEho=", + "size": 253, + "type_name": "ECDH", + "x": null, + "y": null + } + } + ], + "is_tls_protocol_version_supported": true, + "rejected_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA256", + "openssl_name": "NULL-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "CAMELLIA256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_256_CCM_8", + "openssl_name": "AES256-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CCM", + "openssl_name": "AES256-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CCM_8", + "openssl_name": "AES128-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CCM", + "openssl_name": "AES128-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDH-RSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDH-RSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDH-RSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDH-RSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDH-ECDSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDH-ECDSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDH-ECDSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDH-ECDSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", + "openssl_name": "ECDHE-RSA-CAMELLIA256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "ECDHE-RSA-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ECDHE-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ECDHE-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDHE-RSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDHE-RSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", + "openssl_name": "ECDHE-ECDSA-CAMELLIA256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "ECDHE-ECDSA-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ECDHE-ECDSA-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ECDHE-ECDSA-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDHE-ECDSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", + "openssl_name": "ECDHE-ECDSA-AES256-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", + "openssl_name": "ECDHE-ECDSA-AES256-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDHE-ECDSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDHE-ECDSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", + "openssl_name": "ECDHE-ECDSA-AES128-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM", + "openssl_name": "ECDHE-ECDSA-AES128-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDHE-ECDSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_GCM_SHA384", + "openssl_name": "ADH-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA256", + "openssl_name": "ADH-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_GCM_SHA256", + "openssl_name": "ADH-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA256", + "openssl_name": "ADH-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "DH-RSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "DH-RSA-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "DH-RSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "DH-RSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_GCM_SHA384", + "openssl_name": "DH-DSS-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA256", + "openssl_name": "DH-DSS-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_GCM_SHA256", + "openssl_name": "DH-DSS-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA256", + "openssl_name": "DH-DSS-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "DHE-RSA-CHACHA20-POLY1305" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "DHE-RSA-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "DHE-RSA-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "DHE-RSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CCM_8", + "openssl_name": "DHE-RSA-AES256-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CCM", + "openssl_name": "DHE-RSA-AES256-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "DHE-RSA-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "DHE-RSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CCM_8", + "openssl_name": "DHE-RSA-AES128-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CCM", + "openssl_name": "DHE-RSA-AES128-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "DHE-RSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "DHE-DSS-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "DHE-DSS-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", + "openssl_name": "DHE-DSS-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", + "openssl_name": "DHE-DSS-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", + "openssl_name": "DHE-DSS-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", + "openssl_name": "DHE-DSS-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DHE-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": 5 + }, + "tls_1_3_cipher_suites": { + "accepted_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_CHACHA20_POLY1305_SHA256", + "openssl_name": "TLS_CHACHA20_POLY1305_SHA256" + }, + "ephemeral_key": { + "curve_name": "X25519", + "generator": null, + "prime": null, + "public_bytes": "1xL5MBlvQIVY97h0B6EpxjrhPIgFFZkQjx+SZ6QCLn4=", + "size": 253, + "type_name": "ECDH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_AES_256_GCM_SHA384", + "openssl_name": "TLS_AES_256_GCM_SHA384" + }, + "ephemeral_key": { + "curve_name": "X25519", + "generator": null, + "prime": null, + "public_bytes": "zuvndm2FYN+XhZaNtNYcaHNh7aRt35CvIgH8YpLlgTM=", + "size": 253, + "type_name": "ECDH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_GCM_SHA256", + "openssl_name": "TLS_AES_128_GCM_SHA256" + }, + "ephemeral_key": { + "curve_name": "X25519", + "generator": null, + "prime": null, + "public_bytes": "lz6ffag/f5NMzNkuHMlvfPzeDrMlFg+k3ApXlJgDlWc=", + "size": 253, + "type_name": "ECDH", + "x": null, + "y": null + } + } + ], + "is_tls_protocol_version_supported": true, + "rejected_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_CCM_SHA256", + "openssl_name": "TLS_AES_128_CCM_SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_CCM_8_SHA256", + "openssl_name": "TLS_AES_128_CCM_8_SHA256" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": 6 + }, + "tls_1_3_early_data": null, + "tls_compression": { + "supports_compression": false + }, + "tls_fallback_scsv": { + "supports_fallback_scsv": true + } + }, + "server_info": { + "network_configuration": { + "network_max_retries": 3, + "network_timeout": 5, + "tls_client_auth_credentials": null, + "tls_opportunistic_encryption": null, + "tls_server_name_indication": "www.google.com", + "xmpp_to_hostname": null + }, + "server_location": { + "hostname": "www.google.com", + "http_proxy_settings": null, + "ip_address": "172.217.5.100", + "port": 443 + }, + "tls_probing_result": { + "cipher_suite_supported": "TLS_AES_256_GCM_SHA384", + "client_auth_requirement": 1, + "highest_tls_version_supported": 6, + "supports_ecdh_key_exchange": true + } + } + } + ], + "sslyze_url": "https://github.com/nabla-c0d3/sslyze", + "sslyze_version": "4.1.0", + "total_scan_time": 4.339223623275757 +} \ No newline at end of file diff --git a/tests/cli_tests/test_console_output.py b/tests/cli_tests/test_console_output.py index f561625f..91e40471 100644 --- a/tests/cli_tests/test_console_output.py +++ b/tests/cli_tests/test_console_output.py @@ -2,8 +2,8 @@ from sslyze.cli.console_output import ConsoleOutputGenerator from sslyze.plugins.compression_plugin import CompressionScanResult -from sslyze.plugins.scan_commands import ScanCommand -from sslyze.scanner import ScanCommandError, ScanCommandErrorReasonEnum +from sslyze import ScanCommandError, ScanCommandErrorReasonEnum, ScanCommand +from sslyze.scanner.server_scan_request import ScanCommandsResults from sslyze.server_connectivity import ServerTlsProbingResult, ClientAuthRequirementEnum, TlsVersionEnum from tests.factories import ( ServerScanResultFactory, @@ -112,8 +112,8 @@ def test_scans_started(self): def test_server_scan_completed(self): # Given a completed scan for a server - scan_results = {ScanCommand.TLS_COMPRESSION: CompressionScanResult(supports_compression=True)} - scan_result = ServerScanResultFactory.create(scan_commands_results=scan_results) + scan_commands_results = ScanCommandsResults(tls_compression=CompressionScanResult(supports_compression=True)) + scan_result = ServerScanResultFactory.create(scan_commands_results=scan_commands_results) # When generating the console output for this server scan with StringIO() as file_out: @@ -131,8 +131,10 @@ def test_server_scan_completed_with_proxy(self): # And sslyze connected to the server via an HTTP proxy server_location=ServerNetworkLocationViaHttpProxyFactory.create() ) - scan_results = {ScanCommand.TLS_COMPRESSION: CompressionScanResult(supports_compression=True)} - scan_result = ServerScanResultFactory.create(server_info=server_info, scan_commands_results=scan_results) + scan_commands_results = ScanCommandsResults(tls_compression=CompressionScanResult(supports_compression=True)) + scan_result = ServerScanResultFactory.create( + server_info=server_info, scan_commands_results=scan_commands_results + ) # When generating the console output for this server scan with StringIO() as file_out: @@ -147,12 +149,14 @@ def test_server_scan_completed_with_proxy(self): def test_server_scan_completed_with_error(self): # Given a completed scan for a server that triggered an error - error_trace = TracebackExceptionFactory.create() - scan_errors = { - ScanCommand.TLS_COMPRESSION: ScanCommandError( - reason=ScanCommandErrorReasonEnum.BUG_IN_SSLYZE, exception_trace=error_trace + exception_trace = TracebackExceptionFactory.create() + scan_errors = [ + ScanCommandError( + scan_command=ScanCommand.TLS_COMPRESSION, + reason=ScanCommandErrorReasonEnum.BUG_IN_SSLYZE, + exception_trace=exception_trace, ) - } + ] scan_result = ServerScanResultFactory.create(scan_commands_errors=scan_errors) # When generating the console output for this server scan @@ -163,7 +167,7 @@ def test_server_scan_completed_with_error(self): # It succeeds and displays the error assert final_output - assert error_trace.stack.format()[0] in final_output + assert exception_trace.stack.format()[0] in final_output def test_scans_completed(self): # Given the time sslyze took to complete all scans diff --git a/tests/cli_tests/test_json_output.py b/tests/cli_tests/test_json_output.py index 591fcdda..2258b88e 100644 --- a/tests/cli_tests/test_json_output.py +++ b/tests/cli_tests/test_json_output.py @@ -4,7 +4,7 @@ from sslyze.cli.json_output import JsonOutputGenerator from sslyze.plugins.compression_plugin import CompressionScanResult from sslyze.plugins.scan_commands import ScanCommand -from sslyze.scanner import ScanCommandError, ScanCommandErrorReasonEnum +from sslyze import ScanCommandError, ScanCommandErrorReasonEnum, ScanCommandsResults from tests.factories import ( ParsedCommandLineFactory, ConnectionToServerFailedFactory, @@ -56,8 +56,9 @@ def test_server_connectivity_test_failed(self): def test_server_scan_completed(self): # Given a completed scan for a server - scan_results = {ScanCommand.TLS_COMPRESSION: CompressionScanResult(supports_compression=True)} - scan_result = ServerScanResultFactory.create(scan_commands_results=scan_results) + scan_result = ServerScanResultFactory.create( + scan_commands_results=ScanCommandsResults(tls_compression=CompressionScanResult(supports_compression=True)) + ) # When generating the JSON output for this server scan with StringIO() as file_out: @@ -75,12 +76,12 @@ def test_server_scan_completed(self): def test_server_scan_completed_with_error(self): # Given a completed scan for a server that triggered an error error_trace = TracebackExceptionFactory.create() - scan_errors = { - ScanCommand.TLS_COMPRESSION: ScanCommandError( - reason=ScanCommandErrorReasonEnum.BUG_IN_SSLYZE, exception_trace=error_trace - ) - } - scan_result = ServerScanResultFactory.create(scan_commands_errors=scan_errors) + scan_error = ScanCommandError( + scan_command=ScanCommand.TLS_COMPRESSION, + reason=ScanCommandErrorReasonEnum.BUG_IN_SSLYZE, + exception_trace=error_trace, + ) + scan_result = ServerScanResultFactory.create(scan_commands_errors=[scan_error]) # When generating the JSON output for this server scan with StringIO() as file_out: diff --git a/tests/cli_tests/test_json_parsing.py b/tests/cli_tests/test_json_parsing.py new file mode 100644 index 00000000..2430c4c4 --- /dev/null +++ b/tests/cli_tests/test_json_parsing.py @@ -0,0 +1,18 @@ +from pathlib import Path + +from sslyze import SslyzeOutputAsJson + + +class TestJsonParsing: + def test(self): + # Given the result of a scan saved as JSON output + output_as_json_file = Path(__file__).parent / "sslyze_output.json" + output_as_json = output_as_json_file.read_text() + + # When parsing the output + # It succeeds + parsed_output = SslyzeOutputAsJson.parse_raw(output_as_json) + assert parsed_output + + assert 2 == len(parsed_output.server_scan_results) + assert 2 == len(parsed_output.server_scan_results) diff --git a/tests/factories.py b/tests/factories.py index 77fbef81..1444995c 100644 --- a/tests/factories.py +++ b/tests/factories.py @@ -1,5 +1,5 @@ from traceback import TracebackException -from typing import Optional, Set, cast +from typing import Optional, List from faker import Faker from faker.providers import internet @@ -8,8 +8,8 @@ from sslyze.cli.command_line_parser import ParsedCommandLine from sslyze.errors import ConnectionToServerFailed from sslyze.plugins.compression_plugin import CompressionScanResult -from sslyze.plugins.scan_commands import ScanCommand, ScanCommandType -from sslyze.scanner import ServerScanResult, ScanCommandErrorsDict, ScanCommandResultsDict +from sslyze.plugins.scan_commands import ScanCommand +from sslyze import ServerScanResult, ScanCommandsResults, ScanCommandsExtraArguments, ScanCommandError from sslyze.server_connectivity import ( ServerConnectivityInfo, ServerTlsProbingResult, @@ -114,28 +114,24 @@ class ServerScanResultFactory: @staticmethod def create( server_info: ServerConnectivityInfo = ServerConnectivityInfoFactory.create(), - scan_commands_results: Optional[ScanCommandResultsDict] = None, - scan_commands_errors: Optional[ScanCommandErrorsDict] = None, + scan_commands_results: Optional[ScanCommandsResults] = None, + scan_commands_errors: Optional[List[ScanCommandError]] = None, ) -> ServerScanResult: - final_results: ScanCommandResultsDict = ( + final_results: ScanCommandsResults = ( scan_commands_results if scan_commands_results - else {ScanCommand.TLS_COMPRESSION: CompressionScanResult(supports_compression=True)} + else ScanCommandsResults(tls_compression=CompressionScanResult(supports_compression=True)) ) - final_errors: ScanCommandErrorsDict = scan_commands_errors if scan_commands_errors else {} - scan_commands: Set[ScanCommandType] = set() - for scan_cmd in final_results.keys(): - typed_scan_cmd = cast(ScanCommandType, scan_cmd) - scan_commands.add(typed_scan_cmd) - for scan_cmd in final_errors.keys(): - scan_commands.add(scan_cmd) + final_errors = scan_commands_errors if scan_commands_errors else [] + scan_commands = final_results.scan_commands_with_result() + scan_commands.update({error.scan_command for error in final_errors}) return ServerScanResult( scan_commands_results=final_results, scan_commands_errors=final_errors, server_info=server_info, scan_commands=scan_commands, - scan_commands_extra_arguments={}, + scan_commands_extra_arguments=ScanCommandsExtraArguments(), ) diff --git a/tests/mock_plugins.py b/tests/mock_plugins.py deleted file mode 100644 index 037db090..00000000 --- a/tests/mock_plugins.py +++ /dev/null @@ -1,106 +0,0 @@ -"""A few plugins that really do nothing but used by the test suite to replicate a real plugin's behavior. -""" - -from dataclasses import dataclass -from typing import Optional, List, ClassVar, Type, Dict, Set - -from sslyze.plugins.plugin_base import ( - ScanCommandImplementation, - ScanJob, - ScanCommandResult, - ScanCommandExtraArguments, - ScanJobResult, -) -from sslyze.server_connectivity import ServerConnectivityInfo - -try: - # Python 3.7 - from typing_extensions import Literal -except ModuleNotFoundError: - # Python 3.8+ - from typing import Literal # type: ignore - - -ScanCommandForTestsType = Literal[ - "mock1", "mock2", "mock3", "mock4", -] - - -class ScanCommandForTests: - MOCK_COMMAND_1: Literal["mock1"] = "mock1" - MOCK_COMMAND_2: Literal["mock2"] = "mock2" - - def get_implementation_cls(self): - return _IMPLEMENTATION_CLASSES[self] - - -class ScanCommandForTestsRepository: - @staticmethod - def get_implementation_cls(scan_command: ScanCommandForTestsType) -> Type["ScanCommandImplementation"]: - return _IMPLEMENTATION_CLASSES[scan_command] - - @staticmethod - def get_all_scan_commands() -> Set[ScanCommandForTestsType]: - return set(_IMPLEMENTATION_CLASSES.keys()) - - -@dataclass(frozen=True) -class MockPlugin1ExtraArguments(ScanCommandExtraArguments): - extra_field: str - - -@dataclass(frozen=True) -class _MockPluginScanResult(ScanCommandResult): - results_field: List[str] - - -class MockPlugin1ScanResult(_MockPluginScanResult): - pass - - -class MockPlugin2ScanResult(_MockPluginScanResult): - pass - - -class _MockPluginImplementation(ScanCommandImplementation): - - result_cls: ClassVar[Type[ScanCommandResult]] - _scan_jobs_count = 5 - - @classmethod - def scan_jobs_for_scan_command( - cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[MockPlugin1ExtraArguments] = None - ) -> List[ScanJob]: - # Create a bunch of "do nothing" jobs to imitate a real plugin - scan_jobs = [ - ScanJob(function_to_call=cls._scan_job_work_function, function_arguments=["test", 12]) - for _ in range(cls._scan_jobs_count) - ] - return scan_jobs - - @classmethod - def result_for_completed_scan_jobs( - cls, server_info: ServerConnectivityInfo, scan_job_results: List[ScanJobResult] - ) -> ScanCommandResult: - if len(scan_job_results) != cls._scan_jobs_count: - raise AssertionError("Did not receive all the scan jobs that needed to be completed") - - return cls.result_cls(results_field=[result.get_result() for result in scan_job_results]) # type: ignore - - @staticmethod - def _scan_job_work_function(arg1: str, arg2: int) -> str: - return f"{arg1}-{arg2}-did nothing" - - -class MockPlugin1Implementation(_MockPluginImplementation): - result_cls = MockPlugin1ScanResult - - -class MockPlugin2Implementation(_MockPluginImplementation): - result_cls = MockPlugin2ScanResult - - -_IMPLEMENTATION_CLASSES: Dict[ScanCommandForTestsType, Type["ScanCommandImplementation"]] = { - ScanCommandForTests.MOCK_COMMAND_1: MockPlugin1Implementation, - ScanCommandForTests.MOCK_COMMAND_2: MockPlugin2Implementation, -} diff --git a/tests/plugins_tests/certificate_info/test_certificate_algorithms.py b/tests/plugins_tests/certificate_info/test_certificate_algorithms.py index f3494ab3..6eb06ef4 100644 --- a/tests/plugins_tests/certificate_info/test_certificate_algorithms.py +++ b/tests/plugins_tests/certificate_info/test_certificate_algorithms.py @@ -1,5 +1,3 @@ -import json -from dataclasses import asdict from pathlib import Path from unittest import mock from unittest.mock import PropertyMock @@ -7,10 +5,11 @@ import pytest from cryptography import hazmat +from sslyze.plugins.certificate_info.json_output import CertificateInfoScanResultAsJson from tests.markers import can_only_run_on_linux_64 from tests.openssl_server import ModernOpenSslServer -from sslyze import ServerNetworkLocationViaDirectConnection, ServerConnectivityTester, JsonEncoder +from sslyze import ServerNetworkLocationViaDirectConnection, ServerConnectivityTester from sslyze.plugins.certificate_info.implementation import CertificateInfoImplementation @@ -29,7 +28,7 @@ def test_rsa_certificate(self): assert scan_result.certificate_deployments[0].received_certificate_chain # And the result can be converted to JSON - result_as_json = json.dumps(asdict(scan_result), cls=JsonEncoder) + result_as_json = CertificateInfoScanResultAsJson.from_orm(scan_result).json() assert result_as_json # And the result can be converted to console output @@ -53,7 +52,7 @@ def test_ed25519_certificate(self): assert scan_result.certificate_deployments[0].received_certificate_chain # And the result can be converted to JSON - result_as_json = json.dumps(asdict(scan_result), cls=JsonEncoder) + result_as_json = CertificateInfoScanResultAsJson.from_orm(scan_result).json() assert result_as_json # And the result can be converted to console output @@ -69,7 +68,7 @@ def test_ecdsa_certificate(self): scan_result = CertificateInfoImplementation.scan_server(server_info) # And the result can be converted to JSON - result_as_json = json.dumps(asdict(scan_result), cls=JsonEncoder) + result_as_json = CertificateInfoScanResultAsJson.from_orm(scan_result).json() assert result_as_json # And the result can be converted to console output @@ -97,5 +96,5 @@ def test_invalid_certificate_bad_name(self, certificate_name_field): assert result_as_txt # And the result can be converted to JSON - result_as_json = json.dumps(asdict(scan_result), cls=JsonEncoder) + result_as_json = CertificateInfoScanResultAsJson.from_orm(scan_result).json() assert result_as_json diff --git a/tests/plugins_tests/certificate_info/test_certificate_info_plugin.py b/tests/plugins_tests/certificate_info/test_certificate_info_plugin.py index c89aea9e..904954eb 100644 --- a/tests/plugins_tests/certificate_info/test_certificate_info_plugin.py +++ b/tests/plugins_tests/certificate_info/test_certificate_info_plugin.py @@ -2,7 +2,7 @@ from cryptography.x509.ocsp import OCSPResponseStatus -from sslyze.plugins.certificate_info.implementation import CertificateInfoImplementation, CertificateInfoExtraArguments +from sslyze.plugins.certificate_info.implementation import CertificateInfoImplementation, CertificateInfoExtraArgument from sslyze.server_connectivity import ServerConnectivityTester from sslyze.server_setting import ServerNetworkLocationViaDirectConnection from tests.markers import can_only_run_on_linux_64 @@ -19,7 +19,7 @@ def test_ca_file_bad_file(self): # When trying to enable a custom CA file but the path is wrong, it fails with pytest.raises(ValueError): CertificateInfoImplementation.scan_server( - server_info, CertificateInfoExtraArguments(custom_ca_file=Path("doesntexist")) + server_info, CertificateInfoExtraArgument(custom_ca_file=Path("doesntexist")) ) def test_ca_file(self): @@ -32,7 +32,7 @@ def test_ca_file(self): # When running the scan with the custom CA file enabled plugin_result = CertificateInfoImplementation.scan_server( - server_info, CertificateInfoExtraArguments(custom_ca_file=ca_file_path) + server_info, CertificateInfoExtraArgument(custom_ca_file=ca_file_path) ) # It succeeds diff --git a/tests/plugins_tests/certificate_info/test_json.py b/tests/plugins_tests/certificate_info/test_json.py index 7e40b552..7699ef17 100644 --- a/tests/plugins_tests/certificate_info/test_json.py +++ b/tests/plugins_tests/certificate_info/test_json.py @@ -1,9 +1,6 @@ -import json -from dataclasses import asdict - -import sslyze +from sslyze.cli.json_output import ServerScanResultAsJson from sslyze.plugins.certificate_info.implementation import CertificateInfoImplementation -from sslyze.plugins.scan_commands import ScanCommand +from sslyze.scanner.server_scan_request import ScanCommandsResults from sslyze.server_connectivity import ServerConnectivityTester from sslyze.server_setting import ServerNetworkLocationViaDirectConnection from tests.factories import ServerScanResultFactory @@ -15,11 +12,12 @@ def test(self): server_location = ServerNetworkLocationViaDirectConnection.with_ip_address_lookup("www.facebook.com", 443) server_info = ServerConnectivityTester().perform(server_location) plugin_result = CertificateInfoImplementation.scan_server(server_info) - scan_results = {ScanCommand.CERTIFICATE_INFO: plugin_result} - scan_result = ServerScanResultFactory.create(scan_commands_results=scan_results) + scan_result = ServerScanResultFactory.create( + scan_commands_results=ScanCommandsResults(certificate_info=plugin_result) + ) # When converting it into to JSON - result_as_json = json.dumps(asdict(scan_result), cls=sslyze.JsonEncoder) + result_as_json = ServerScanResultAsJson.from_orm(scan_result).json() # It succeeds assert result_as_json diff --git a/tests/plugins_tests/test_http_headers_plugin.py b/tests/plugins_tests/test_http_headers_plugin.py index 17baeff1..12aac0b4 100644 --- a/tests/plugins_tests/test_http_headers_plugin.py +++ b/tests/plugins_tests/test_http_headers_plugin.py @@ -1,15 +1,14 @@ -import json -from dataclasses import dataclass, asdict +from dataclasses import dataclass from typing import Dict import pytest from nassl.ssl_client import ClientCertificateRequested -from sslyze import JsonEncoder from sslyze.plugins.http_headers_plugin import ( HttpHeadersImplementation, HttpHeadersScanResult, _detect_http_redirection, + HttpHeadersScanResultAsJson, ) from sslyze.server_connectivity import ServerConnectivityTester @@ -99,7 +98,7 @@ def test_http_error(self): assert HttpHeadersImplementation.cli_connector_cls.result_to_console_output(result) # And the result can be converted to JSON - result_as_json = json.dumps(asdict(result), cls=JsonEncoder) + result_as_json = HttpHeadersScanResultAsJson.from_orm(result).json() assert result_as_json @can_only_run_on_linux_64 diff --git a/tests/plugins_tests/test_session_resumption_plugin.py b/tests/plugins_tests/test_session_resumption_plugin.py index 62a3b69b..d0dd3efe 100644 --- a/tests/plugins_tests/test_session_resumption_plugin.py +++ b/tests/plugins_tests/test_session_resumption_plugin.py @@ -5,7 +5,7 @@ from sslyze.plugins.session_resumption.implementation import ( SessionResumptionSupportImplementation, SessionResumptionSupportScanResult, - SessionResumptionSupportExtraArguments, + SessionResumptionSupportExtraArgument, ) from sslyze.server_connectivity import ServerConnectivityTester @@ -45,7 +45,7 @@ def test_with_extra_argument(self): server_info = ServerConnectivityTester().perform(server_location) # And we customize how many session resumptions to perform - extra_arg = SessionResumptionSupportExtraArguments(number_of_resumptions_to_attempt=20) + extra_arg = SessionResumptionSupportExtraArgument(number_of_resumptions_to_attempt=20) # When testing for resumption, it succeeds result: SessionResumptionSupportScanResult = SessionResumptionSupportImplementation.scan_server( diff --git a/tests/server_connectivity_tests/test_client_authentication.py b/tests/server_connectivity_tests/test_client_authentication.py index eb2961ce..93d8bd3f 100644 --- a/tests/server_connectivity_tests/test_client_authentication.py +++ b/tests/server_connectivity_tests/test_client_authentication.py @@ -1,5 +1,6 @@ import pytest +from sslyze.cli.json_output import _ServerConnectivityInfoAsJson from sslyze.server_connectivity import ServerConnectivityTester, ClientAuthRequirementEnum from sslyze.server_setting import ServerNetworkLocationViaDirectConnection from tests.markers import can_only_run_on_linux_64 @@ -24,6 +25,10 @@ def test_optional_client_authentication(self): # And it detected the client authentication assert server_info.tls_probing_result.client_auth_requirement == ClientAuthRequirementEnum.OPTIONAL + # And the result can be converted to JSON + server_info_as_json = _ServerConnectivityInfoAsJson.from_orm(server_info) + assert server_info_as_json.json() + @can_only_run_on_linux_64 class TestClientAuthenticationWithLocalServer: diff --git a/tests/server_connectivity_tests/test_direct_connection.py b/tests/server_connectivity_tests/test_direct_connection.py index a9dadbc5..10ebd0a4 100644 --- a/tests/server_connectivity_tests/test_direct_connection.py +++ b/tests/server_connectivity_tests/test_direct_connection.py @@ -1,6 +1,8 @@ import socket import pytest + +from sslyze.cli.json_output import _ServerConnectivityInfoAsJson from tests.openssl_server import LegacyOpenSslServer from sslyze.server_connectivity import ServerConnectivityTester, TlsVersionEnum @@ -42,6 +44,10 @@ def test_via_direct_connection(self): assert server_info.tls_probing_result.supports_ecdh_key_exchange assert server_info.get_preconfigured_tls_connection() + # And the result can be converted to JSON + server_info_as_json = _ServerConnectivityInfoAsJson.from_orm(server_info) + assert server_info_as_json.json() + def test_via_direct_connection_but_server_timed_out(self): # Given a server location for a server that's offline server_location = ServerNetworkLocationViaDirectConnection( @@ -120,6 +126,10 @@ def test_international_hostname(self): assert server_info.tls_probing_result.highest_tls_version_supported assert server_info.tls_probing_result.cipher_suite_supported + # And the result can be converted to JSON + server_info_as_json = _ServerConnectivityInfoAsJson.from_orm(server_info) + assert server_info_as_json.json() + @can_only_run_on_linux_64 def test_server_triggers_unexpected_connection_error(self): # Test for https://github.com/nabla-c0d3/sslyze/issues/430 diff --git a/tests/server_connectivity_tests/test_opportunistic_tls.py b/tests/server_connectivity_tests/test_opportunistic_tls.py index 2428957a..90022999 100644 --- a/tests/server_connectivity_tests/test_opportunistic_tls.py +++ b/tests/server_connectivity_tests/test_opportunistic_tls.py @@ -1,5 +1,6 @@ import pytest +from sslyze.cli.json_output import _ServerConnectivityInfoAsJson from sslyze.server_connectivity import ServerConnectivityTester from sslyze.server_setting import ServerNetworkLocationViaDirectConnection, ServerNetworkConfiguration from sslyze.errors import ServerRejectedOpportunisticTlsNegotiation @@ -35,6 +36,10 @@ def test(self, hostname, port, protocol): assert server_info.tls_probing_result.highest_tls_version_supported assert server_info.tls_probing_result.cipher_suite_supported + # And the result can be converted to JSON + server_info_as_json = _ServerConnectivityInfoAsJson.from_orm(server_info) + assert server_info_as_json.json() + def test_xmpp_but_server_rejected_opportunistic_tls(self): # Given an XMPP server hostname = "jabber.org" diff --git a/tests/server_connectivity_tests/test_via_http_proxy.py b/tests/server_connectivity_tests/test_via_http_proxy.py index ee495217..1f9b0abe 100644 --- a/tests/server_connectivity_tests/test_via_http_proxy.py +++ b/tests/server_connectivity_tests/test_via_http_proxy.py @@ -2,6 +2,7 @@ import pytest +from sslyze.cli.json_output import _ServerConnectivityInfoAsJson from sslyze.server_connectivity import ServerConnectivityTester from sslyze.server_setting import ServerNetworkLocationViaHttpProxy, HttpProxySettings from sslyze.errors import ( @@ -40,6 +41,10 @@ def test_via_http_proxy(self): assert server_info.tls_probing_result.client_auth_requirement assert server_info.get_preconfigured_tls_connection() + # And the result can be converted to JSON + server_info_as_json = _ServerConnectivityInfoAsJson.from_orm(server_info) + assert server_info_as_json.json() + def test_via_http_proxy_but_proxy_dns_error(self): # Given a server location server_location = ServerNetworkLocationViaHttpProxy( diff --git a/tests/test_json.py b/tests/test_json.py deleted file mode 100644 index 438e7a1a..00000000 --- a/tests/test_json.py +++ /dev/null @@ -1,21 +0,0 @@ -import json -from dataclasses import asdict - -import sslyze -from sslyze.plugins.compression_plugin import CompressionScanResult -from sslyze.plugins.scan_commands import ScanCommand -from tests.factories import ServerScanResultFactory - - -class TestJsonEncoder: - def test(self): - # Given a completed scan for a server - scan_results = {ScanCommand.TLS_COMPRESSION: CompressionScanResult(supports_compression=True)} - scan_result = ServerScanResultFactory.create(scan_commands_results=scan_results) - - # When converting it into to JSON - result_as_json = json.dumps(asdict(scan_result), cls=sslyze.JsonEncoder) - - # It succeeds - assert result_as_json - assert "supports_compression" in result_as_json diff --git a/tests/test_scanner.py b/tests/test_scanner.py index e0d173b1..4c400c9f 100644 --- a/tests/test_scanner.py +++ b/tests/test_scanner.py @@ -1,45 +1,100 @@ import threading +from dataclasses import dataclass +from pathlib import Path from queue import Queue +from typing import List, Optional from unittest import mock import pytest +from sslyze import CertificateInfoExtraArgument from sslyze.errors import TlsHandshakeTimedOut -from sslyze.plugins.scan_commands import ScanCommand -from sslyze.scanner import Scanner, ScanCommandErrorReasonEnum, ServerScanRequest -from sslyze.server_connectivity import ServerConnectivityTester -from sslyze.server_setting import ServerNetworkLocationViaDirectConnection -from tests.factories import ServerConnectivityInfoFactory -from tests.markers import can_only_run_on_linux_64 -from tests.mock_plugins import ( - MockPlugin1ScanResult, - MockPlugin2ScanResult, - MockPlugin1ExtraArguments, - ScanCommandForTests, - ScanCommandForTestsRepository, - MockPlugin1Implementation, +from sslyze.plugins.plugin_base import ( + ScanCommandImplementation, + ScanCommandResult, + ScanCommandExtraArgument, + ScanJob, + ScanJobResult, +) +from sslyze.plugins.scan_commands import ScanCommandsRepository +from sslyze import ( + Scanner, + ScanCommand, + ScanCommandErrorReasonEnum, + ServerScanRequest, + ScanCommandsExtraArguments, + ServerConnectivityTester, + ServerConnectivityInfo, + ServerNetworkLocationViaDirectConnection, ) +from tests.factories import ServerConnectivityInfoFactory, ServerScanResultFactory +from tests.markers import can_only_run_on_linux_64 from tests.openssl_server import LegacyOpenSslServer, ClientAuthConfigEnum +@dataclass(frozen=True) +class _MockPluginScanResult(ScanCommandResult): + results_field: List[str] + + +class _MockPluginImplementation(ScanCommandImplementation): + + result_cls = _MockPluginScanResult + _scan_jobs_count = 5 + + @classmethod + def scan_jobs_for_scan_command( + cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArgument] = None + ) -> List[ScanJob]: + # Create a bunch of "do nothing" jobs to imitate a real plugin + scan_jobs = [ + ScanJob(function_to_call=cls._scan_job_work_function, function_arguments=["test", 12]) + for _ in range(cls._scan_jobs_count) + ] + return scan_jobs + + @classmethod + def result_for_completed_scan_jobs( + cls, server_info: ServerConnectivityInfo, scan_job_results: List[ScanJobResult] + ) -> ScanCommandResult: + if len(scan_job_results) != cls._scan_jobs_count: + raise AssertionError("Did not receive all the scan jobs that needed to be completed") + + return cls.result_cls(results_field=[result.get_result() for result in scan_job_results]) # type: ignore + + @staticmethod + def _scan_job_work_function(arg1: str, arg2: int) -> str: + return f"{arg1}-{arg2}-did nothing" + + @pytest.fixture def mock_scan_commands(): - with mock.patch("sslyze.scanner._queued_server_scan.ScanCommandsRepository", ScanCommandForTestsRepository): + """Make all scan commands point to a mock implementation so that no actual scans are performed. + """ + with mock.patch.object(ScanCommandsRepository, "get_implementation_cls", return_value=_MockPluginImplementation): yield class TestServerScanRequest: + def test_scan_command_results_match_scan_command_names(self): + # Given a the results of a server scan + scan_result = ServerScanResultFactory.create() + + # There's a result field for each scan command available in SSLyze + for scan_command in ScanCommand: + getattr(scan_result.scan_commands_results, scan_command) + def test_with_extra_arguments_but_no_corresponding_scan_command(self): # When trying to queue a scan for a server with pytest.raises(ValueError): ServerScanRequest( server_info=ServerConnectivityInfoFactory.create(), # With an extra argument for one command - scan_commands_extra_arguments={ - ScanCommandForTests.MOCK_COMMAND_1: MockPlugin1ExtraArguments(extra_field="test") - }, + scan_commands_extra_arguments=ScanCommandsExtraArguments( + certificate_info=CertificateInfoExtraArgument(custom_ca_file=Path(__file__)) + ), # But that specific scan command was not queued - scan_commands={ScanCommandForTests.MOCK_COMMAND_2}, + scan_commands={ScanCommand.ROBOT}, ) # It fails @@ -49,7 +104,7 @@ def test(self, mock_scan_commands): # Given a server to scan server_scan = ServerScanRequest( server_info=ServerConnectivityInfoFactory.create(), - scan_commands={ScanCommandForTests.MOCK_COMMAND_1, ScanCommandForTests.MOCK_COMMAND_2}, + scan_commands={ScanCommand.CERTIFICATE_INFO, ScanCommand.ROBOT}, ) # When running the scan @@ -58,19 +113,20 @@ def test(self, mock_scan_commands): # It succeeds all_results = [] - for result in scanner.get_results(): - all_results.append(result) + for server_result in scanner.get_results(): + all_results.append(server_result) assert len(all_results) == 1 # And the right result is returned - result = all_results[0] - assert result.server_info == server_scan.server_info - assert result.scan_commands == server_scan.scan_commands - assert result.scan_commands_extra_arguments == server_scan.scan_commands_extra_arguments - assert len(result.scan_commands_results) == 2 + server_result = all_results[0] + assert server_result.server_info == server_scan.server_info + assert server_result.scan_commands == server_scan.scan_commands + assert server_result.scan_commands_extra_arguments == server_scan.scan_commands_extra_arguments - assert type(result.scan_commands_results[ScanCommandForTests.MOCK_COMMAND_1]) == MockPlugin1ScanResult - assert type(result.scan_commands_results[ScanCommandForTests.MOCK_COMMAND_2]) == MockPlugin2ScanResult + # And the scheduled scan commands have results + assert len(server_result.scan_commands_results.scan_commands_with_result()) == 2 + assert server_result.scan_commands_results.certificate_info + assert server_result.scan_commands_results.robot # And the Scanner instance is all done and cleaned up assert not scanner._are_server_scans_ongoing @@ -79,11 +135,11 @@ def test_with_extra_arguments(self, mock_scan_commands): # Given a server to scan with a scan command server_scan = ServerScanRequest( server_info=ServerConnectivityInfoFactory.create(), - scan_commands={ScanCommandForTests.MOCK_COMMAND_1}, + scan_commands={ScanCommand.CERTIFICATE_INFO}, # And the command takes an extra argument - scan_commands_extra_arguments={ - ScanCommandForTests.MOCK_COMMAND_1: MockPlugin1ExtraArguments(extra_field="test") - }, + scan_commands_extra_arguments=ScanCommandsExtraArguments( + certificate_info=CertificateInfoExtraArgument(custom_ca_file=Path(__file__)) + ), ) # When running the scan @@ -95,19 +151,28 @@ def test_with_extra_arguments(self, mock_scan_commands): for result in scanner.get_results(): all_results.append(result) assert len(all_results) == 1 + assert all_results[0].scan_commands_results.certificate_info # And the extra argument was taken into account assert all_results[0].scan_commands_extra_arguments == server_scan.scan_commands_extra_arguments - def test_error_bug_in_sslyze_when_scheduling_jobs(self, mock_scan_commands): - # Given a server to scan with some scan commands + def test_error_bug_in_sslyze_when_scheduling_jobs(self): + # Given a server to scan with one scan command server_scan = ServerScanRequest( - server_info=ServerConnectivityInfoFactory.create(), - scan_commands={ScanCommandForTests.MOCK_COMMAND_1, ScanCommandForTests.MOCK_COMMAND_2}, + server_info=ServerConnectivityInfoFactory.create(), scan_commands={ScanCommand.CERTIFICATE_INFO}, ) - # And the first scan command will trigger an error when generating scan jobs - with mock.patch.object(MockPlugin1Implementation, "scan_jobs_for_scan_command", side_effect=RuntimeError): + # And the scan command will trigger an error when generating scan jobs + class PluginImplThatCrashesWhenCreatingJobs(ScanCommandImplementation): + @classmethod + def scan_jobs_for_scan_command( + cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArgument] = None + ) -> List[ScanJob]: + raise KeyError("Some unexpected error when generating scan jobs") + + with mock.patch.object( + ScanCommandsRepository, "get_implementation_cls", return_value=PluginImplThatCrashesWhenCreatingJobs + ): # When running the scan scanner = Scanner() scanner.start_scans([server_scan]) @@ -121,19 +186,41 @@ def test_error_bug_in_sslyze_when_scheduling_jobs(self, mock_scan_commands): # And the exception was properly caught and returned result = all_results[0] assert len(result.scan_commands_errors) == 1 - error = result.scan_commands_errors[ScanCommandForTests.MOCK_COMMAND_1] + error = result.scan_commands_errors[0] + assert ScanCommand.CERTIFICATE_INFO == error.scan_command assert ScanCommandErrorReasonEnum.BUG_IN_SSLYZE == error.reason assert error.exception_trace - def test_error_bug_in_sslyze_when_processing_job_results(self, mock_scan_commands): - # Given a server to scan with some scan commands + def test_error_bug_in_sslyze_when_processing_job_results(self): + # Given a server to scan with one scan command server_scan = ServerScanRequest( - server_info=ServerConnectivityInfoFactory.create(), - scan_commands={ScanCommandForTests.MOCK_COMMAND_1, ScanCommandForTests.MOCK_COMMAND_2}, + server_info=ServerConnectivityInfoFactory.create(), scan_commands={ScanCommand.CERTIFICATE_INFO}, ) - # And the first scan command will trigger an error when processing the completed scan jobs - with mock.patch.object(MockPlugin1Implementation, "_scan_job_work_function", side_effect=RuntimeError): + # And the scan command will trigger an error when processing completed scan jobs + class PluginImplThatCrashesWhenProcessingJobs(ScanCommandImplementation): + @staticmethod + def _scan_job_work_function(arg1: str) -> str: + return f"{arg1}-do nothing" + + @classmethod + def scan_jobs_for_scan_command( + cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArgument] = None + ) -> List[ScanJob]: + scan_jobs = [ + ScanJob(function_to_call=cls._scan_job_work_function, function_arguments=["test"]) for _ in range(5) + ] + return scan_jobs + + @classmethod + def result_for_completed_scan_jobs( + cls, server_info: ServerConnectivityInfo, scan_job_results: List[ScanJobResult] + ) -> ScanCommandResult: + raise KeyError("Some unexpected error when processing scan jobs") + + with mock.patch.object( + ScanCommandsRepository, "get_implementation_cls", return_value=PluginImplThatCrashesWhenProcessingJobs + ): # When running the scan scanner = Scanner() scanner.start_scans([server_scan]) @@ -147,58 +234,44 @@ def test_error_bug_in_sslyze_when_processing_job_results(self, mock_scan_command # And the exception was properly caught and returned result = all_results[0] assert len(result.scan_commands_errors) == 1 - error = result.scan_commands_errors[ScanCommandForTests.MOCK_COMMAND_1] + error = result.scan_commands_errors[0] + assert ScanCommand.CERTIFICATE_INFO == error.scan_command assert ScanCommandErrorReasonEnum.BUG_IN_SSLYZE == error.reason assert error.exception_trace - @can_only_run_on_linux_64 - def test_error_client_certificate_needed(self): - # Given a server that requires client authentication - with LegacyOpenSslServer(client_auth_config=ClientAuthConfigEnum.REQUIRED) as server: - # And sslyze does NOT provide a client certificate - server_location = ServerNetworkLocationViaDirectConnection( - hostname=server.hostname, ip_address=server.ip_address, port=server.port - ) - server_info = ServerConnectivityTester().perform(server_location) - - server_scan = ServerScanRequest( - server_info=server_info, - scan_commands={ - # And a scan command that cannot be completed without a client certificate - ScanCommand.HTTP_HEADERS, - }, - ) - - # When running the scan - scanner = Scanner() - scanner.start_scans([server_scan]) - - # It succeeds - all_results = [] - for result in scanner.get_results(): - all_results.append(result) - assert len(all_results) == 1 - - # And the error was properly returned - error = all_results[0].scan_commands_errors[ScanCommand.HTTP_HEADERS] - assert error.reason == ScanCommandErrorReasonEnum.CLIENT_CERTIFICATE_NEEDED - - def test_error_server_connectivity_issue_handshake_timeout(self, mock_scan_commands): - # Given a server to scan with some commands + def test_error_server_connectivity_issue_handshake_timeout(self): + # Given a server to scan with a scan command server_scan = ServerScanRequest( - server_info=ServerConnectivityInfoFactory.create(), - scan_commands={ScanCommandForTests.MOCK_COMMAND_1, ScanCommandForTests.MOCK_COMMAND_2}, + server_info=ServerConnectivityInfoFactory.create(), scan_commands={ScanCommand.CERTIFICATE_INFO}, ) - # And the first scan command will trigger a handshake timeout with the server + # And the scan command will trigger a connectivity error when doing work + class PluginImplThatTriggersConnectivityError(ScanCommandImplementation): + @staticmethod + def _scan_job_work_function(arg1: str) -> str: + raise TlsHandshakeTimedOut( + server_location=server_scan.server_info.server_location, + network_configuration=server_scan.server_info.network_configuration, + error_message="error", + ) + + @classmethod + def scan_jobs_for_scan_command( + cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArgument] = None + ) -> List[ScanJob]: + return [ScanJob(function_to_call=cls._scan_job_work_function, function_arguments=["test"])] + + @classmethod + def result_for_completed_scan_jobs( + cls, server_info: ServerConnectivityInfo, scan_job_results: List[ScanJobResult] + ) -> ScanCommandResult: + for completed_job in scan_job_results: + # This should trigger the exception from _scan_job_work_function() + completed_job.get_result() + return _MockPluginScanResult(results_field=["ok"]) + with mock.patch.object( - MockPlugin1Implementation, - "_scan_job_work_function", - side_effect=TlsHandshakeTimedOut( - server_location=server_scan.server_info.server_location, - network_configuration=server_scan.server_info.network_configuration, - error_message="error", - ), + ScanCommandsRepository, "get_implementation_cls", return_value=PluginImplThatTriggersConnectivityError ): # When running the scan scanner = Scanner() @@ -213,19 +286,21 @@ def test_error_server_connectivity_issue_handshake_timeout(self, mock_scan_comma # And the error was properly caught and returned result = all_results[0] assert len(result.scan_commands_errors) == 1 - error = result.scan_commands_errors[ScanCommandForTests.MOCK_COMMAND_1] + error = result.scan_commands_errors[0] + assert ScanCommand.CERTIFICATE_INFO == error.scan_command assert ScanCommandErrorReasonEnum.CONNECTIVITY_ISSUE == error.reason assert error.exception_trace - def test_enforces_per_server_concurrent_connections_limit(self, mock_scan_commands): - # Given a server to scan with a scan command that requires multiple connections/jobs to the server + def test_enforces_per_server_concurrent_connections_limit(self): + # Given a server to scan with a scan command server_scan = ServerScanRequest( - server_info=ServerConnectivityInfoFactory.create(), scan_commands={ScanCommandForTests.MOCK_COMMAND_1}, + server_info=ServerConnectivityInfoFactory.create(), scan_commands={ScanCommand.CERTIFICATE_INFO}, ) # And a scanner configured to only perform one concurrent connection per server scan scanner = Scanner(per_server_concurrent_connections_limit=1) + # And the scan scan command requires multiple connections/jobs to the server # And the scan command will notify us when more than one connection is being performed concurrently # Test internals: setup plumbing to detect when more than one thread are running at the same time # We use a Barrier that waits for 2 concurrent threads, and puts True in a queue if that ever happens @@ -237,10 +312,31 @@ def flag_concurrent_threads_running(): barrier = threading.Barrier(parties=2, action=flag_concurrent_threads_running, timeout=1) - def scan_job_work_function(arg1: str, arg2: int): - barrier.wait() + class PluginImplThatSpawnsMultipleJobs(ScanCommandImplementation): + @staticmethod + def _scan_job_work_function(arg1: str) -> str: + barrier.wait() + return "ok" + + @classmethod + def scan_jobs_for_scan_command( + cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArgument] = None + ) -> List[ScanJob]: + return [ + ScanJob(function_to_call=cls._scan_job_work_function, function_arguments=["test"]) for _ in range(5) + ] + + @classmethod + def result_for_completed_scan_jobs( + cls, server_info: ServerConnectivityInfo, scan_job_results: List[ScanJobResult] + ) -> ScanCommandResult: + for completed_job in scan_job_results: + completed_job.get_result() + return _MockPluginScanResult(results_field=["ok"]) - with mock.patch.object(MockPlugin1Implementation, "_scan_job_work_function", scan_job_work_function): + with mock.patch.object( + ScanCommandsRepository, "get_implementation_cls", return_value=PluginImplThatSpawnsMultipleJobs + ): # When running the scan scanner.start_scans([server_scan]) @@ -252,3 +348,36 @@ def scan_job_work_function(arg1: str, arg2: int): # And there never was more than one thread (=1 job/connection) running at the same time assert queue.empty() + + @can_only_run_on_linux_64 + def test_error_client_certificate_needed(self): + # Given a server that requires client authentication + with LegacyOpenSslServer(client_auth_config=ClientAuthConfigEnum.REQUIRED) as server: + # And sslyze does NOT provide a client certificate + server_location = ServerNetworkLocationViaDirectConnection( + hostname=server.hostname, ip_address=server.ip_address, port=server.port + ) + server_info = ServerConnectivityTester().perform(server_location) + + server_scan = ServerScanRequest( + server_info=server_info, + scan_commands={ + # And a scan command that cannot be completed without a client certificate + ScanCommand.HTTP_HEADERS, + }, + ) + + # When running the scan + scanner = Scanner() + scanner.start_scans([server_scan]) + + # It succeeds + all_results = [] + for result in scanner.get_results(): + all_results.append(result) + assert len(all_results) == 1 + + # And the error was properly returned + assert 1 == len(all_results[0].scan_commands_errors) + error = all_results[0].scan_commands_errors[0] + assert error.reason == ScanCommandErrorReasonEnum.CLIENT_CERTIFICATE_NEEDED diff --git a/tests/web_servers/scan_localhost.py b/tests/web_servers/scan_localhost.py index 4486cfaf..f66a9b91 100644 --- a/tests/web_servers/scan_localhost.py +++ b/tests/web_servers/scan_localhost.py @@ -7,9 +7,7 @@ $ PYTHONPATH=. python tests/web_servers/scan_localhost.py apache2 """ -import json import sys -from dataclasses import asdict from enum import Enum from sslyze import ( @@ -19,9 +17,8 @@ ServerScanRequest, ClientAuthRequirementEnum, ScanCommandErrorReasonEnum, - JsonEncoder, ) -from sslyze.cli.json_output import _SslyzeOutputAsJson +from sslyze.cli.json_output import SslyzeOutputAsJson, ServerScanResultAsJson from sslyze.plugins.scan_commands import ScanCommandsRepository, ScanCommand @@ -73,19 +70,19 @@ def main(server_software_running_on_localhost: WebServerSoftwareEnum) -> None: # Retrieve the result for server_scan_result in scanner.get_results(): - successful_cmds_count = len(server_scan_result.scan_commands_results) + successful_cmds_count = len(server_scan_result.scan_commands_results.scan_commands_with_result()) errored_cmds_count = len(server_scan_result.scan_commands_errors) print(f"Finished scan with {successful_cmds_count} results and {errored_cmds_count} errors.") # Crash if any scan commands triggered an error that's not due to client authentication being required triggered_unexpected_error = False - for scan_command, error in server_scan_result.scan_commands_errors.items(): - if error.reason != ScanCommandErrorReasonEnum.CLIENT_CERTIFICATE_NEEDED: + for scan_command_error in server_scan_result.scan_commands_errors: + if scan_command_error.reason != ScanCommandErrorReasonEnum.CLIENT_CERTIFICATE_NEEDED: triggered_unexpected_error = True - print(f"\nError when running {scan_command}: {error.reason.name}.") - if error.exception_trace: + print(f"\nError when running {scan_command_error.scan_command}: {scan_command_error.reason.name}.") + if scan_command_error.exception_trace: exc_trace = "" - for line in error.exception_trace.format(chain=False): + for line in scan_command_error.exception_trace.format(chain=False): exc_trace += f" {line}" print(exc_trace) @@ -142,7 +139,7 @@ def main(server_software_running_on_localhost: WebServerSoftwareEnum) -> None: else: raise ValueError(f"Unexpected value: {server_software_running_on_localhost}") - completed_scan_command_results = server_scan_result.scan_commands_results.keys() + completed_scan_command_results = server_scan_result.scan_commands_results.scan_commands_with_result() if completed_scan_command_results != expected_scan_command_results: raise RuntimeError( f"SSLyze did not complete all the expected scan commands: {completed_scan_command_results}" @@ -169,7 +166,7 @@ def main(server_software_running_on_localhost: WebServerSoftwareEnum) -> None: raise ValueError(f"Unexpected value: {server_software_running_on_localhost}") for ciphers_scan_cmd in expected_enabled_tls_scan_commands: - scan_cmd_result = server_scan_result.scan_commands_results[ciphers_scan_cmd] # type: ignore + scan_cmd_result = getattr(server_scan_result.scan_commands_results, ciphers_scan_cmd, None) if not scan_cmd_result.accepted_cipher_suites: raise RuntimeError( f"SSLyze did not detect {scan_cmd_result.tls_version_used.name} to be enabled on the server." @@ -178,11 +175,12 @@ def main(server_software_running_on_localhost: WebServerSoftwareEnum) -> None: print(f"OK: Scan command {ciphers_scan_cmd} detected cipher suites.") # Ensure a JSON output can be generated from the results - json_output = _SslyzeOutputAsJson( - server_scan_results=[server_scan_result], server_connectivity_errors=[], total_scan_time=3, + final_json_output = SslyzeOutputAsJson( + server_scan_results=[ServerScanResultAsJson.from_orm(server_scan_result)], + server_connectivity_errors=[], + total_scan_time=2, ) - json_output_as_dict = asdict(json_output) - json.dumps(json_output_as_dict, cls=JsonEncoder, sort_keys=True, indent=4, ensure_ascii=True) + final_json_output.json(sort_keys=True, indent=4, ensure_ascii=True) print("OK: Was able to generate JSON output.")