Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error with self-signed certificates or certificates issued by custom CA #156

Open
cwaazywabbit opened this issue Mar 2, 2020 · 1 comment
Open

Error with self-signed certificates or certificates issued by custom CA #156

cwaazywabbit opened this issue Mar 2, 2020 · 1 comment

Comments

@cwaazywabbit
Copy link

When testing an internal application with a certificate issued by a custom/intern CA the following exception is thrown:

      ____  __          __
     / __ \/ /_  ____  / /_____  ____                                                                                                                                                                                                       
    / /_/ / __ \/ __ \/ __/ __ \/ __ \                                                                                                                                                                                                      
   / ____/ / / / /_/ / /_/ /_/ / / / /                                                                                                                                                                                                      
  /_/   /_/ /_/\____/\__/\____/_/ /_/ v1.3.2

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 485, in wrap_socket
    cnx.do_handshake()
  File "/usr/local/lib/python3.7/dist-packages/OpenSSL/SSL.py", line 1806, in do_handshake
    self._raise_ssl_error(self._ssl, result)
  File "/usr/local/lib/python3.7/dist-packages/OpenSSL/SSL.py", line 1546, in _raise_ssl_error
    _raise_current_error()
  File "/usr/local/lib/python3.7/dist-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 672, in urlopen
    chunked=chunked,
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 360, in connect
    ssl_context=context,
  File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 370, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 491, in wrap_socket
    raise ssl.SSLError("bad handshake: %r" % e)
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/dist-packages/requests/adapters.py", line 449, in send
    timeout=timeout
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 720, in urlopen
    method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
  File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 436, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='CENSORED', port=443): Max retries exceeded with url: /CENSORED/sitemap.xml (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/Photon/photon.py", line 309, in <module>
    zap(main_url, args.archive, domain, host, internal, robots, proxies)
  File "/opt/Photon/core/zap.py", line 46, in zap
    proxies=random.choice(proxies)).text
  File "/usr/local/lib/python3.7/dist-packages/requests/api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/requests/api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python3.7/dist-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='CENSORED', port=443): Max retries exceeded with url: /CENSORED/sitemap.xml (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

To fix, I had to edit /opt/Photon/core/zap.py and /opt/Photon/photon.py and added verify=False to requests.get(...).

Suggestion: add a switch parameter to ignore this warning.
@sidahmed-malaoui
Copy link

I totally agree with you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cwaazywabbit @sidahmed-malaoui