You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am using pshtt to scan urc-31-6.od.nih.gov to expose its invalid certificate. If you try and access the domain in Chrome you'll see that it is using a certificate that is issued to extranet.sbir.nih.gov, and the certificate's subject alt names are also different (extranet.sbir.nih.gov and www.extranet.sbir.nih.gov).
When I run pshtt on this domain, I am getting this error message PRIOR to the scan completing.
ERROR:urllib3.connection:Certificate did not match expected hostname: urc-31-6.od.nih.gov. Certificate: {'subject': ((('commonName', 'extranet.sbir.nih.gov'),),), 'subjectAltName': [('DNS', 'extranet.sbir.nih.gov'), ('DNS', 'www.extranet.sbir.nih.gov')]}
I traced back this error message to the urllib3 package, and more specifically the connection.pyfile. Scrolling all the way down in that file, you'll see the _match_hostname function, and that is where the above-mentioned is getting logged from.
What I am trying to understand is, how pshtt is invoking this function. The function takes in two parameters, cert and asserted_hostname, and I understand how pshtt is passing in the asserted_hostname, but how is it passing in the cert data?
In my code, after running pshtt, I am running some SSLyze methods to get additional data about the domain's certificate. SSLyze is unable to establish a connection with the domain urc-31-6.od.nih.gov, and as a result of this, I cannot extract any certificate data.
And from my understanding of the pshtt codebase, it is also using SSLyze to acquire data used for its scans. If my codebase cannot establish an SSLyze connection with the domain server to get the cert data, how is pshtt being able to pass in the cert data as a parameter to the urllib3.connection _matches_hostname function?
I would like to know because I am trying to see how I can capture this certificate data in my own codebase even when SSLyze connections are unsuccessful.
Thank you so much,
The text was updated successfully, but these errors were encountered:
Hi guys,
I am using pshtt to scan
urc-31-6.od.nih.gov
to expose its invalid certificate. If you try and access the domain in Chrome you'll see that it is using a certificate that is issued toextranet.sbir.nih.gov
, and the certificate's subject alt names are also different (extranet.sbir.nih.gov
andwww.extranet.sbir.nih.gov
).When I run pshtt on this domain, I am getting this error message PRIOR to the scan completing.
ERROR:urllib3.connection:Certificate did not match expected hostname: urc-31-6.od.nih.gov. Certificate: {'subject': ((('commonName', 'extranet.sbir.nih.gov'),),), 'subjectAltName': [('DNS', 'extranet.sbir.nih.gov'), ('DNS', 'www.extranet.sbir.nih.gov')]}
I traced back this error message to the
urllib3
package, and more specifically theconnection.py
file. Scrolling all the way down in that file, you'll see the_match_hostname
function, and that is where the above-mentioned is getting logged from.What I am trying to understand is, how pshtt is invoking this function. The function takes in two parameters,
cert
andasserted_hostname
, and I understand how pshtt is passing in theasserted_hostname
, but how is it passing in thecert
data?In my code, after running pshtt, I am running some SSLyze methods to get additional data about the domain's certificate. SSLyze is unable to establish a connection with the domain
urc-31-6.od.nih.gov
, and as a result of this, I cannot extract any certificate data.And from my understanding of the pshtt codebase, it is also using SSLyze to acquire data used for its scans. If my codebase cannot establish an SSLyze connection with the domain server to get the
cert
data, how is pshtt being able to pass in thecert
data as a parameter to the urllib3.connection _matches_hostname function?I would like to know because I am trying to see how I can capture this certificate data in my own codebase even when SSLyze connections are unsuccessful.
Thank you so much,
The text was updated successfully, but these errors were encountered: