Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot trace back urllib3.connection function invocation #185

Open
refayathaque opened this issue Mar 4, 2019 · 0 comments
Open

Cannot trace back urllib3.connection function invocation #185

refayathaque opened this issue Mar 4, 2019 · 0 comments

Comments

@refayathaque
Copy link

Hi guys,

I am using pshtt to scan urc-31-6.od.nih.gov to expose its invalid certificate. If you try and access the domain in Chrome you'll see that it is using a certificate that is issued to extranet.sbir.nih.gov, and the certificate's subject alt names are also different (extranet.sbir.nih.gov and www.extranet.sbir.nih.gov).

When I run pshtt on this domain, I am getting this error message PRIOR to the scan completing.

ERROR:urllib3.connection:Certificate did not match expected hostname: urc-31-6.od.nih.gov. Certificate: {'subject': ((('commonName', 'extranet.sbir.nih.gov'),),), 'subjectAltName': [('DNS', 'extranet.sbir.nih.gov'), ('DNS', 'www.extranet.sbir.nih.gov')]}

I traced back this error message to the urllib3 package, and more specifically the connection.py file. Scrolling all the way down in that file, you'll see the _match_hostname function, and that is where the above-mentioned is getting logged from.

What I am trying to understand is, how pshtt is invoking this function. The function takes in two parameters, cert and asserted_hostname, and I understand how pshtt is passing in the asserted_hostname, but how is it passing in the cert data?

In my code, after running pshtt, I am running some SSLyze methods to get additional data about the domain's certificate. SSLyze is unable to establish a connection with the domain urc-31-6.od.nih.gov, and as a result of this, I cannot extract any certificate data.

And from my understanding of the pshtt codebase, it is also using SSLyze to acquire data used for its scans. If my codebase cannot establish an SSLyze connection with the domain server to get the cert data, how is pshtt being able to pass in the cert data as a parameter to the urllib3.connection _matches_hostname function?

I would like to know because I am trying to see how I can capture this certificate data in my own codebase even when SSLyze connections are unsuccessful.

Thank you so much,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant