search

cisagov / pshtt

Scan domains and return data based on HTTPS best practices
Creative Commons Zero v1.0 Universal
671 stars 80 forks source link

Other requests response exception #195

Open jsf9k opened 5 years ago

jsf9k commented 5 years ago

🐛 Bug Report

When performing pshtt scanning, sometimes we get an error in AWS Lambda stating "other requests response exception". In this case we do not receive scan results for the domain that errored.

To Reproduce

caats3.va.gov is a domain where this happens often.

Expected behavior

A successful scan.

Any helpful log output

None.

echudow commented 5 years ago

@jsf9k I wonder if this has to do with the breaking change in sslyze v2.1.0 in early June where they changed how certificate verification works and so a number of the fields in the certificate plugin went away. I think there were some missing attribute exceptions. See the commits in my fork at https://github.com/echudow/pshtt/commit/c2f427b005f799ea7e916a5b067dbb4c55cce3f9 and https://github.com/echudow/pshtt/commit/ce0ccaf39c51aa7b5d97e14ef04c0fd4f1cc7240 for how I addressed this issue with some workarounds to handle both the older and newer versions of sslyze. We're still testing those changes though.

jsf9k commented 5 years ago

@echudow This issue can't be due to that, since the pshtt lambda hadn't been rebundled since May. Thanks for mentioning that, though, since it will be a problem now (as I'm rebundling to deploy the logging improvements in #197, which will pull in a newer sslyze).