Crash when parsing an OCSP Response with no Next Update #481

wondex · 2021-01-28T14:30:16Z

Describe the bug
Traceback (most recent call last):
File "/opt/rh/rh-python38/root/usr/lib64/python3.8/runpy.py", line 194, in _run_module_as_main
return _run_code(code, main_globals, None,
File "/opt/rh/rh-python38/root/usr/lib64/python3.8/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/main.py", line 84, in
main()
File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/main.py", line 76, in main
output_hub.server_scan_completed(scan_result)
File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/cli/output_hub.py", line 53, in server_scan_completed
out_generator.server_scan_completed(server_scan_result)
File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/cli/console_output.py", line 75, in server_scan_completed
for line in cli_connector_cls.result_to_console_output(scan_command_result):
File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/plugins/certificate_info/_cli_connector.py", line 92, in result_to_console_output
result_as_txt.extend(cls._cert_deployment_to_console_output(index, cert_deployment))
File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/plugins/certificate_info/_cli_connector.py", line 271, in _cert_deployment_to_console_output
"Next Update:", cert_deployment.ocsp_response.next_update.date().isoformat()
AttributeError: 'NoneType' object has no attribute 'date'

To Reproduce
Steps to reproduce the behavior:

Install SSLyze using using: pip
Run the following command: /opt/rh/rh-python38/root/usr/bin/python3.8 -m sslyze --regular
See: Describe the bug

Expected behavior
A clear and concise description of what you expected to happen.

Versions:

OS: Red Hat Enterprise Linux Server release 7.9 (Maipo)
Python version: 3.8
SSLyzeL: 4.0.1

Additional context
Already had issues with version 3.1.0, issue #471. Hoped version 4.0.1 would solved this, but another issue occured (don't have this issue with version .
We don't encounter this with an old version (2.0.3).

validated it with openssl, certificated expired (maybe this is an issue in the cli_connector.py script? openssl output:
openssl s_client -connect :443 -showcerts | openssl x509 -text
...
Not Before: Nov 25 13:56:25 2016 GMT
Not After : Nov 26 13:56:25 2019 GMT
...

nabla-c0d3 · 2021-01-29T01:56:14Z

Thanks for the report; it's because of this https://serverfault.com/questions/985493/next-update-is-missing-from-the-ocsp-response
Should be an easy fix.

nabla-c0d3 · 2021-01-31T23:28:32Z

Fix released as part of v4.0.2.

nabla-c0d3 added the bug label Jan 29, 2021

nabla-c0d3 changed the title ~~Certificate_info - object has no attribute date (expired certificate)~~ Crash when parsing an OCSP Response with no Next Update Jan 29, 2021

nabla-c0d3 added this to To do in 4.0.2 Jan 30, 2021

nabla-c0d3 added a commit that referenced this issue Jan 30, 2021

[#481] Handle OCSP Response with no Next Update

6424ea7

nabla-c0d3 moved this from To do to Done in 4.0.2 Jan 30, 2021

nabla-c0d3 added the fix ready label Jan 30, 2021

nabla-c0d3 closed this as completed Jan 31, 2021

dependabot bot mentioned this issue Mar 16, 2021

Bump sslyze from 3.1.0 to 4.0.4 in /services/scanners/ssl canada-ca/tracker#1880

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Crash when parsing an OCSP Response with no Next Update #481

Crash when parsing an OCSP Response with no Next Update #481

wondex commented Jan 28, 2021

nabla-c0d3 commented Jan 29, 2021

nabla-c0d3 commented Jan 31, 2021

Crash when parsing an OCSP Response with no Next Update #481

Crash when parsing an OCSP Response with no Next Update #481

Comments

wondex commented Jan 28, 2021

nabla-c0d3 commented Jan 29, 2021

nabla-c0d3 commented Jan 31, 2021