Giters

nabla-c0d3 / sslyze

Fast and powerful SSL/TLS scanning library.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

JSON output breaks if OCSP response is not successful

FestiveKyle opened this issue · comments

commented

Describe the bug
There is an uncaught ValidationError when the OCSP response status is not successful. Most OCSPResponse properties such as certificate_status, and serial_number contain an error of OCSP response status is not successful so the property has no value.

Expected behavior
Previous versions of sslyze handled this by setting optional values to None if OCSP response is not successful. Changed here.

Python environment (please complete the following information):

  • OS: openSUSE Tumbleweed 20240329
  • Python version: 3.11

Additional context
Errors from console:

pydantic_core._pydantic_core.ValidationError: 6 validation errors for ServerScanResultAsJson
result.certificate_deployments.0.ocsp_response.certificate_status
  Error extracting attribute: ValueError: OCSP response status is not successful so the property has no value [type=get_attribute_error, input_value=<cryptography.hazmat.bind...bject at 0x7f4d88af9830>, input_type=OCSPResponse]
    For further information visit https://errors.pydantic.dev/2.3/v/get_attribute_error
result.certificate_deployments.0.ocsp_response.revocation_time
  Error extracting attribute: ValueError: OCSP response status is not successful so the property has no value [type=get_attribute_error, input_value=<cryptography.hazmat.bind...bject at 0x7f4d88af9830>, input_type=OCSPResponse]
    For further information visit https://errors.pydantic.dev/2.3/v/get_attribute_error
result.certificate_deployments.0.ocsp_response.produced_at
  Error extracting attribute: ValueError: OCSP response status is not successful so the property has no value [type=get_attribute_error, input_value=<cryptography.hazmat.bind...bject at 0x7f4d88af9830>, input_type=OCSPResponse]
    For further information visit https://errors.pydantic.dev/2.3/v/get_attribute_error
result.certificate_deployments.0.ocsp_response.this_update
  Error extracting attribute: ValueError: OCSP response status is not successful so the property has no value [type=get_attribute_error, input_value=<cryptography.hazmat.bind...bject at 0x7f4d88af9830>, input_type=OCSPResponse]
    For further information visit https://errors.pydantic.dev/2.3/v/get_attribute_error
result.certificate_deployments.0.ocsp_response.next_update
  Error extracting attribute: ValueError: OCSP response status is not successful so the property has no value [type=get_attribute_error, input_value=<cryptography.hazmat.bind...bject at 0x7f4d88af9830>, input_type=OCSPResponse]
    For further information visit https://errors.pydantic.dev/2.3/v/get_attribute_error
result.certificate_deployments.0.ocsp_response.serial_number
  Error extracting attribute: ValueError: OCSP response status is not successful so the property has no value [type=get_attribute_error, input_value=<cryptography.hazmat.bind...bject at 0x7f4d88af9830>, input_type=OCSPResponse]
    For further information visit https://errors.pydantic.dev/2.3/v/get_attribute_error