Merge pull request #547 from nabla-c0d3/dev-5.0.2

Dev 5.0.2
nabla-c0d3 · Jan 1, 2022 · d46120a · d46120a
2 parents 9b9f514 + 4d26e74
commit d46120a
Show file tree

Hide file tree

Showing 7 changed files with 12 additions and 8 deletions.
diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: [3.7, 3.8, 3.9]
+        python-version: [3.7, 3.8, 3.9, "3.10"]
 
     steps:
     - uses: actions/checkout@v2

diff --git a/dev-requirements.txt b/dev-requirements.txt
@@ -1,7 +1,7 @@
 mypy==0.910
 flake8
 invoke
-pytest<6.0.0
+pytest<7.0.0
 sphinx
 sphinx-rtd-theme
 twine

diff --git a/setup.py b/setup.py
@@ -76,6 +76,7 @@ def get_include_files() -> List[Tuple[str, str]]:
         "Programming Language :: Python :: 3.7",
         "Programming Language :: Python :: 3.8",
         "Programming Language :: Python :: 3.9",
+        "Programming Language :: Python :: 3.10",
         "Topic :: System :: Networking",
         "Topic :: System :: Monitoring",
         "Topic :: System :: Networking :: Monitoring",
@@ -99,7 +100,7 @@ def get_include_files() -> List[Tuple[str, str]]:
     install_requires=[
         "nassl>=4.0.1,<5.0.0",
         "cryptography>=2.6,<37.0.0",
-        "tls-parser>=1.2.2,<1.3.0",
+        "tls-parser>=2.0.0,<3.0.0",
         "pydantic>=1.7,<1.9",
     ],
     # cx_freeze info for Windows builds with Python embedded

diff --git a/sslyze/__version__.py b/sslyze/__version__.py
@@ -1,5 +1,5 @@
 __title__ = "SSLyze"
-__version__ = "5.0.1"
+__version__ = "5.0.2"
 __description__ = "Fast and powerful SSL/TLS scanning library."
 __author__ = "Alban Diquet"
 __author_email__ = "nabla.c0d3@gmail.com"

diff --git a/sslyze/plugins/elliptic_curves_plugin.py b/sslyze/plugins/elliptic_curves_plugin.py
@@ -237,8 +237,12 @@ def _test_curve(server_info: ServerConnectivityInfo, curve_nid: OpenSslEcNidEnum
     finally:
         ssl_connection.close()
 
-    # If no error occurred check if the curve was really used
-    curve_name = _OPENSSL_NID_TO_SECG_ANSI_X9_62[curve_nid]  # TODO(AD): Make this public in nassl
+        # If no error occurred check if the curve was really used
+        try:
+            curve_name = _OPENSSL_NID_TO_SECG_ANSI_X9_62[curve_nid]  # TODO(AD): Make this public in nassl
+        except KeyError:
+            curve_name = f"unknown-curve-with-openssl-id-{curve_nid.value}"
+
     if negotiated_ephemeral_key:
         if isinstance(negotiated_ephemeral_key, EcDhEphemeralKeyInfo):
             if negotiated_ephemeral_key.curve != curve_nid:

diff --git a/tests/plugins_tests/certificate_info/test_certificate_info_plugin.py b/tests/plugins_tests/certificate_info/test_certificate_info_plugin.py
@@ -149,7 +149,6 @@ def test_chain_with_anchor(self):
         # And the anchor certificate was detected
         assert plugin_result.certificate_deployments[0].received_chain_contains_anchor_certificate
 
-    @pytest.mark.skip("Server is currently offline; check https://github.com/chromium/badssl.com/issues/481")
     def test_certificate_with_no_cn(self):
         # Given a server to scan that has a certificate with no CN
         server_location = ServerNetworkLocation("no-common-name.badssl.com", 443)

diff --git a/tests/server_connectivity_tests/test_client_authentication.py b/tests/server_connectivity_tests/test_client_authentication.py
@@ -62,7 +62,7 @@ def test_required_client_auth_tls_1_2(self):
         # SSLyze correctly detects that client auth is required
         assert tls_probing_result.client_auth_requirement == ClientAuthRequirementEnum.REQUIRED
 
-    @pytest.mark.skip(msg="Client auth config detection with TLS 1.3 is broken; fix me")
+    @pytest.mark.skip(reason="Client auth config detection with TLS 1.3 is broken; fix me")
     def test_required_client_auth_tls_1_3(self):
         # Given a TLS 1.3 server that requires client authentication
         with ModernOpenSslServer(client_auth_config=ClientAuthConfigEnum.REQUIRED) as server: