How to use the nassl.SslClient.ClientCertificateRequested function in nassl
To help you get started, we’ve selected a few nassl examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
iSECPartners / sslyze / plugins / PluginChromeSha1Deprecation.py View on Github 
def process_task(self, target, command, arg):
(_, _, _, sslVersion) = target
# Get the server's cert chain
sslConn = create_sslyze_connection(target, self._shared_settings, sslVersion)
try: # Perform the SSL handshake
sslConn.connect()
certChain = sslConn.get_peer_cert_chain()
except ClientCertificateRequested: # The server asked for a client cert
# We can get the server cert chain anyway
certChain = sslConn.get_peer_cert_chain()
finally:
sslConn.close()
outputXml = Element(command, title = self.CMD_TITLE)
outputTxt = [self.PLUGIN_TITLE_FORMAT(self.CMD_TITLE)]
# Is this cert chain affected ?
leafNotAfter = datetime.datetime.strptime(certChain[0].as_dict()['validity']['notAfter'], "%b %d %H:%M:%S %Y %Z")
if leafNotAfter.year < 2016:
# Not affected - the certificate expires before 2016
outputTxt.append(self.FIELD_FORMAT('OK - Leaf certificate expires before 2016.', ''))
outputXml.append(Element('chromeSha1Deprecation', isServerAffected = str(False)))
else:def process_task(self, target, command, args):
sslConn = create_sslyze_connection(target, self._shared_settings)
# Make sure OpenSSL was built with support for compression to avoid false negatives
if 'zlib compression' not in sslConn.get_available_compression_methods():
raise RuntimeError('OpenSSL was not built with support for zlib / compression. Did you build nassl yourself ?')
try: # Perform the SSL handshake
sslConn.connect()
compName = sslConn.get_current_compression_method()
except ClientCertificateRequested: # The server asked for a client cert
compName = sslConn.get_current_compression_method()
finally:
sslConn.close()
# Text output
if compName:
compTxt = 'VULNERABLE - Server supports Deflate compression'
else:
compTxt = 'OK - Compression disabled'
cmdTitle = 'Deflate Compression'
txtOutput = [self.PLUGIN_TITLE_FORMAT(cmdTitle)]
txtOutput.append(self.FIELD_FORMAT(compTxt, ""))
# XML output
xmlOutput = Element(command, title=cmdTitle)(_, _, _, sslVersion) = target
sslConn = create_sslyze_connection(target, self._shared_settings,
sslVersion,
sslVerifyLocations=storePath)
# Enable OCSP stapling
sslConn.set_tlsext_status_ocsp()
try: # Perform the SSL handshake
sslConn.connect()
ocspResp = sslConn.get_tlsext_status_ocsp_resp()
x509Chain = sslConn.get_peer_cert_chain()
(_, verifyStr) = sslConn.get_certificate_chain_verify_result()
except ClientCertificateRequested: # The server asked for a client cert
# We can get the server cert anyway
ocspResp = sslConn.get_tlsext_status_ocsp_resp()
x509Chain = sslConn.get_peer_cert_chain()
(_, verifyStr) = sslConn.get_certificate_chain_verify_result()
finally:
sslConn.close()
return (x509Chain, verifyStr, ocspResp)nassl
Experimental OpenSSL wrapper for Python 3.8+ and SSLyze.
Package Health Score
74 / 100Popular nassl functions
- nassl._nassl
- nassl._nassl.OpenSSLError
- nassl._nassl.WantReadError
- nassl.ssl_client.OpenSslVersionEnum
- nassl.ssl_client.OpenSslVersionEnum.SSLV23
- nassl.SSL_FILETYPE_ASN1
- nassl.SSL_FILETYPE_PEM
- nassl.SSL_OP_NO_TICKET
- nassl.SSL_VERIFY_NONE
- nassl.SslClient.ClientCertificateRequested
- nassl.SslClient.SslClient
- nassl.SSLV2
- nassl.SSLV23
- nassl.SSLV3
- nassl.TLSV1
- nassl.TLSV1_1
- nassl.TLSV1_2
- nassl.X509_NAME_MATCHES_CN
- nassl.X509_NAME_MATCHES_SAN
- nassl.X509_NAME_MISMATCH