Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

http_headers - Server requested a client certificate issued by one of the following CAs #517

Closed
wondex opened this issue Mar 26, 2021 · 1 comment
Closed

http_headers - Server requested a client certificate issued by one of the following CAs #517

wondex opened this issue Mar 26, 2021 · 1 comment

Comments

@wondex
Copy link

wondex commented Mar 26, 2021
edited by nabla-c0d3
Loading

Describe the bug

Traceback (most recent call last):
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/scanner.py", line 264, in get_results
    result = implementation_cls.result_for_completed_scan_jobs(
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/plugins/http_headers_plugin.py", line 188, in result_for_completed_scan_jobs
    return completed_scan_jobs[0].result()
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 432, in result
    return self.__get_result()
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 388, in __get_result
    raise self._exception
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/thread.py", line 57, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/plugins/http_headers_plugin.py", line 204, in _retrieve_and_analyze_http_response
    ssl_connection.connect()
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/connection_helpers/tls_connection.py", line 293, in connect
    self.ssl_client.do_handshake()
  File "/opt/rh/rh-python38/root/usr/local/lib64/python3.8/site-packages/nassl/ssl_client.py", line 201, in do_handshake
    raise ClientCertificateRequested(self.get_client_CA_list())
nassl.ssl_client.ClientCertificateRequested: Server requested a client certificate issued by one of the following CAs: /CN=<CN1>, /CN=<CN2>, /CN=<CN3>.

To Reproduce
Install SSLyze using: pip
Run the following command: /opt/rh/rh-python38/root/usr/bin/python3.8 -m sslyze --regular

Expected behavior
Successful scan

Python environment (please complete the following information):
OS: Red Hat Enterprise Linux Server release 7.9 (Maipo)
Python version: 3.8
SSLyzeL: 4.0.4

Additional context
command:
openssl s_client -connect host:port

output:
CONNECTED(00000003)
depth=0 CN =
verify error:num=18:self signed certificate
verify return:1
depth=0 CN =
verify return:1
140045356537744:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:s3_pkt.c:1493:SSL alert number 42
140045356537744:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
@nabla-c0d3
Copy link
Owner

This is expected behavior - SSLyze correctly returns the ClientCertificateRequested error. A client certificate is needed to complete the scan.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nabla-c0d3 @wondex