Defunct processes running OCSP-check

kirei / sslyze

Fast and full-featured SSL scanner

GNU General Public License v2.0

4 stars 0 forks source link

Defunct processes running OCSP-check #15

Open secworks opened 11 years ago

secworks commented 11 years ago

Trams242 gets defunct processes running OCSP-checks using the new oscsp.sh tool.

ps -ef | grep defun andreas 11311 29933 0 18:57 pts/0 00:00:00 [check-ocsp.sh] andreas 11389 29927 0 18:57 pts/0 00:00:00 [curl] andreas 11452 20345 0 18:57 pts/0 00:00:00 grep defun andreas 24879 29934 0 17:43 pts/0 00:00:00 [curl]

secworks commented 11 years ago

We need to be able to kill processes that seem to hang. This means adding a timeout functionality to python subprocess. There are some solutions:

http://stackoverflow.com/questions/1191374/subprocess-with-timeout http://stackoverflow.com/questions/3575554/python-subprocess-with-timeout-and-large-output-64k

The most promising seems to be this: https://gist.github.com/kirpit/1306188

I'll add this as a separate class and modify our external calls to use this.

secworks commented 11 years ago

Implemented new support module that can run external commands with timeout. This works, but unfortunately the problem is in HTTPvsHTTPS which does not contain external commands.