search

danwent / Perspectives-Server

network notary implementation for the Perspectives project
http://perspectives-project.org
GNU General Public License v3.0
50 stars 13 forks source link

Catch and explain SSLAlertException #33

Closed daveschaefer closed 10 years ago

daveschaefer commented 10 years ago

If ssl_scan_sock.py is used to scan sites, SSLAlertExceptions will cause a traceback (see error below). Instead we should catch and print the exception and continue.

Note we'll need to implement catching in all places that call attempt_observation_for_service(). Currently this is three: threaded_scanner.py running scans, notary_http.py running on-demand scans, and ssl_scan_sock.py itself running as the main python module.

In addition, we should decipher the TLS Alert record that caused the error and print it for the user so they can see what went wrong.

Example traceback:

Traceback (most recent call last): File "notary_http.py", line 359, in run fp = attempt_observation_for_service(self.sid, self.timeout_sec, self.use_sni) File "/home/notary/Perspectives-Server/util/ssl_scan_sock.py", line 226, in attempt_observation_for_service return _run_scan(dns,port,timeout_sec,False) File "/home/notary/Perspectives-Server/util/ssl_scan_sock.py", line 159, in _run_scan raise SSLAlertException(rec_data) SSLAlertException

daveschaefer commented 10 years ago

With the 3.3.1 release the scanner now properly catches and explains SSL Alert records. We also stop generating tracebacks for known error types.