Comments (2)
Heyo @redshiftzero. Are you using the latest version in the repo or pip?
Here's my output with 0.1.6 in master:
$ pshtt cbc.ca --json
Certificate did not match expected hostname: cbc.ca. Certificate: {'crlDistributionPoints': (u'http://ss.symcb.com/ss.crl',), 'subjectAltName': (('DNS', '*.akamaihd.net'), ('DNS', '*.akamaized.net'), ('DNS', '*.akamaized-staging.net'), ('DNS', '*.akamaihd-staging.net'), ('DNS', 'a248.e.akamai.net')), 'notBefore': u'Mar 7 00:00:00 2017 GMT', 'caIssuers': (u'http://ss.symcb.com/ss.crt',), 'OCSP': (u'http://ss.symcd.com',), 'serialNumber': u'21C0AE35B8240503E5A5894F40D5BFEB', 'notAfter': 'May 6 23:59:59 2018 GMT', 'version': 3L, 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'Massachusetts'),), (('localityName', u'Cambridge'),), (('organizationName', u'Akamai Technologies, Inc.'),), (('commonName', u'a248.e.akamai.net'),)), 'issuer': ((('countryName', u'US'),), (('organizationName', u'Symantec Corporation'),), (('organizationalUnitName', u'Symantec Trust Network'),), (('commonName', u'Symantec Class 3 Secure Server CA - G4'),))}
Error validating certificate.
Known error in sslyze 1.X with EC public keys. See https://github.com/nabla-c0d3/sslyze/issues/215
[
{
"Base Domain": "cbc.ca",
"Canonical URL": "http://www.cbc.ca",
"Defaults to HTTPS": false,
"Domain": "cbc.ca",
"Domain Enforces HTTPS": false,
"Domain Supports HTTPS": false,
"Domain Uses Strong HSTS": false,
"Downgrades HTTPS": true,
"HSTS": false,
"HSTS Base Domain Preloaded": false,
"HSTS Entire Domain": null,
"HSTS Header": null,
"HSTS Max Age": null,
"HSTS Preload Pending": false,
"HSTS Preload Ready": false,
"HSTS Preloaded": false,
"HTTPS Bad Chain": null,
"HTTPS Bad Hostname": null,
"HTTPS Expired Cert": null,
"Live": true,
"Redirect": false,
"Redirect To": null,
"Strictly Forces HTTPS": false,
"Valid HTTPS": true,
"endpoints": {
"http": {
"headers": {
"Connection": "keep-alive",
"Content-Length": "0",
"Date": "Wed, 24 May 2017 17:02:53 GMT",
"Location": "http://www.cbc.ca/",
"Server": "AkamaiGHost"
},
"live": true,
"redirect": true,
"redirect_eventually_to": "http://www.cbc.ca/",
"redirect_eventually_to_external": false,
"redirect_eventually_to_http": true,
"redirect_eventually_to_https": false,
"redirect_eventually_to_subdomain": true,
"redirect_immediately_to": "http://www.cbc.ca/",
"redirect_immediately_to_external": false,
"redirect_immediately_to_http": true,
"redirect_immediately_to_https": false,
"redirect_immediately_to_subdomain": true,
"redirect_immediately_to_www": null,
"status": 301,
"url": "http://cbc.ca"
},
"https": {
"headers": {
"Connection": "keep-alive",
"Content-Length": "0",
"Date": "Wed, 24 May 2017 17:02:54 GMT",
"Location": "https://www.cbc.ca/",
"Server": "AkamaiGHost"
},
"hsts": false,
"hsts_all_subdomains": null,
"hsts_header": null,
"hsts_max_age": null,
"hsts_preload": null,
"https_bad_chain": null,
"https_bad_hostname": null,
"https_expired_cert": null,
"https_valid": null,
"live": true,
"redirect": true,
"redirect_eventually_to": "http://www.cbc.ca/",
"redirect_eventually_to_external": false,
"redirect_eventually_to_http": true,
"redirect_eventually_to_https": false,
"redirect_eventually_to_subdomain": true,
"redirect_immediately_to": "https://www.cbc.ca/",
"redirect_immediately_to_external": false,
"redirect_immediately_to_http": false,
"redirect_immediately_to_https": true,
"redirect_immediately_to_subdomain": true,
"redirect_immediately_to_www": null,
"status": 301,
"url": "https://cbc.ca"
},
"httpswww": {
"headers": {
"Connection": "keep-alive",
"Content-Length": "0",
"Date": "Wed, 24 May 2017 17:02:54 GMT",
"Location": "http://www.cbc.ca/",
"Server": "AkamaiGHost",
"Set-Cookie": "akaas_feed=2147483647~rv=95~id=c866e93b760b049ee3053645f7ff3704; path=/"
},
"hsts": false,
"hsts_all_subdomains": null,
"hsts_header": null,
"hsts_max_age": null,
"hsts_preload": null,
"https_bad_chain": null,
"https_bad_hostname": null,
"https_expired_cert": null,
"https_valid": true,
"live": true,
"redirect": true,
"redirect_eventually_to": "http://www.cbc.ca/",
"redirect_eventually_to_external": false,
"redirect_eventually_to_http": true,
"redirect_eventually_to_https": false,
"redirect_eventually_to_subdomain": false,
"redirect_immediately_to": "http://www.cbc.ca/",
"redirect_immediately_to_external": false,
"redirect_immediately_to_http": true,
"redirect_immediately_to_https": false,
"redirect_immediately_to_subdomain": false,
"redirect_immediately_to_www": null,
"status": 302,
"url": "https://www.cbc.ca"
},
"httpwww": {
"headers": {
"Cache-Control": "max-age=35",
"Connection": "keep-alive",
"Content-Encoding": "gzip",
"Content-Length": "23037",
"Content-Type": "text/html",
"Date": "Wed, 24 May 2017 17:02:53 GMT",
"Server": "Apache/2.2.15 (Red Hat)",
"Set-Cookie": "akaas_feed=2147483647~rv=61~id=3aa5d798cd8c041a08f7708e6fc2fb18; path=/, akaas_feed=2147483647~rv=85~id=9b3371e0f7c93ae8d8556e946886deb2; path=/, akaas_feed=2147483647~rv=82~id=73acb87502ed7d7d1ba4f6fe99314ec5; path=/, akaas_feed=2147483647~rv=6~id=deff66c3c2eed6cc0e326c00d880be7a; path=/, akaas_feed=2147483647~rv=23~id=3cf8e6c257bff7dd814ba5dbbeaf99ee; path=/, akaas_feed=2147483647~rv=14~id=3d919a225416eb8b3b91aaa123db7078; path=/, akaas_feed=2147483647~rv=32~id=83045eb1e115694649efdec8788d55b3; path=/, akaas_feed=2147483647~rv=35~id=73f9cf4497574582fd9a4f6339615ca5; path=/",
"Vary": "Accept-Encoding",
"X-Origin-Server": "static01_cache01"
},
"live": true,
"redirect": null,
"redirect_eventually_to": null,
"redirect_eventually_to_external": null,
"redirect_eventually_to_http": null,
"redirect_eventually_to_https": null,
"redirect_eventually_to_subdomain": null,
"redirect_immediately_to": null,
"redirect_immediately_to_external": null,
"redirect_immediately_to_http": null,
"redirect_immediately_to_https": null,
"redirect_immediately_to_subdomain": null,
"redirect_immediately_to_www": null,
"status": 200,
"url": "http://www.cbc.ca"
}
}
}
]
from pshtt.
Closing, but feel free to re-open if you can answer @h-m-f-t's question and can reproduce the issue.
from pshtt.
Related Issues (20)
- Sometimes returns None for Valid HTTPS HOT 3
- Need more exhaustive check to determine if an HSTS header will be ignored HOT 2
- How should we handle HSTS headers and HTTP redirects in the redirect chain? HOT 2
- Incorrect calculation for "Enforces HTTPS" HOT 3
- Installation fails due to conflicting cryptography version HOT 6
- Sslyze version incompatibility HOT 2
- sslyze module error when attempting to run pshtt HOT 1
- Idea: Validate Certificate Transparency Logs
- Can't install latest version on python 3.8 HOT 1
- Skeletonize repository and standardize code formatting
- Redirecting to External Sites Causes Non-Compliance HOT 3
- Change the library used to access the public suffix list since the `publicsuffix` package is deprecated HOT 2
- Unable to install with PIP HOT 5
- Manual Pshtt Scanner Broken HOT 1
- Add support for Python 3.8 HOT 3
- Shift URL for transport_security_state_static.json for new location HOT 2
- Problems with hstspreload.org HOT 1
- Option to check a specific port, port pool, port range, or all ports
- setup-env is looking in limited places for pyenv-virtualenv HOT 1
- Ports other than 443 result in null values where there shouldn't be null values
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pshtt.