Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Distinguish incomplete chains from untrusted roots #25

Open
h-m-f-t opened this issue Aug 22, 2016 · 1 comment
Open

Distinguish incomplete chains from untrusted roots #25

h-m-f-t opened this issue Aug 22, 2016 · 1 comment

Comments

@h-m-f-t
Copy link
Member

h-m-f-t commented Aug 22, 2016

At least in a naïve fashion, flagging likely incomplete chains from untrusted roots should be feasible by counting the number of certificates returned in "Certificate Chain Received" from sslyze. requests may also return something that could be useful.

I recallopenssl returns a 'depth' value, which, when a site is less than 2 deep, is a strong indication intermediate certs are not served, making the chain incomplete. If depth<2 and the certificate is not trusted in the Mozilla store, this seems to indicate an incomplete chain, while depth>=2 seems to indicate an untrusted root.
@konklone konklone mentioned this issue Oct 17, 2016
Closed
@konklone konklone added the WSC label Aug 25, 2017
@konklone
Copy link
Collaborator

This remains a great idea, if we can somehow distinguish those things. I think it means going beyond sslyze's STDOUT output and digging into the (new) Python API in some way.

@hillaryj hillaryj removed the WSC label Dec 5, 2020
mcdonnnj pushed a commit that referenced this issue Mar 9, 2022
@felddy
Merge pull request #25 from cisagov/improvement/action_cache
ff684c0 
Add caches for GitHub Actions.
mcdonnnj pushed a commit that referenced this issue Mar 9, 2022
@felddy
Merge pull request #25 from cisagov/improvement/codeowners
3f93760 
Add codeowners file with team OIS maintainers.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@konklone @h-m-f-t @hillaryj