Closed jsf9k closed 6 years ago
Note that I forked nabla-c0d3/nassl
because I had to change some #!/usr/bin/python
lines to #!/usr/bin/env python
to get off the ground because I'm running pyenv
and hence my python
binary isn't located at /usr/bin/python
.
Make sure you are using commit 1f5878b8e25a785dde330bf485e6ed5a6ae09a1a for the “modern” OpenSSL (it’s more recent than draft-18 or 19). (Source: https://github.com/nabla-c0d3/nassl/blob/master/build_from_scratch.py#L27 )
Using that particular commit I get two errors:
======================================================================
ERROR: test_write_early_data_doesnot_finish_handshake (tests.ssl_client_tests.ModernSslClientOnlineEarlyDataTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/jeremy_frasier/jsf9k/nassl/tests/ssl_client_tests.py", line 233, in test_write_early_data_doesnot_finish_handshake
self.ssl_client.do_handshake()
File "/home/jeremy_frasier/jsf9k/nassl/nassl/ssl_client.py", line 180, in do_handshake
self._ssl.do_handshake()
nassl._nassl.OpenSSLError: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
======================================================================
ERROR: test_write_early_data_fail_when_trying_to_send_more_than_max_ealry_data (tests.ssl_client_tests.ModernSslClientOnlineEarlyDataTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/jeremy_frasier/jsf9k/nassl/tests/ssl_client_tests.py", line 251, in test_write_early_data_fail_when_trying_to_send_more_than_max_ealry_data
self.ssl_client.do_handshake()
File "/home/jeremy_frasier/jsf9k/nassl/nassl/ssl_client.py", line 180, in do_handshake
self._ssl.do_handshake()
nassl._nassl.OpenSSLError: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
@nabla-c0d3, it looks like the same two tests that I identified as failing here are also causing TravisCI to fail in #35.
Yes these tests are not expected to work at the moment; I needed to do a release for some other feature.
Looks like bd4acb2 fixed this. Thanks @nabla-c0d3!
I've been seeing a few segfaults when running 30k-40k
sslyze
scans with the new 1.4+ versions ofsslyze
. As a result I was trying to buildnassl
from scratch so I can attach with a debugger and figure out what is going on. This is with a debug build ofpython
3.6.4 on an up-to-date installation of Arch.Unfortunately I can't get
nassl
to build from scratch. When I do this:I get some failed tests:
Any thoughts on why these tests would be failing? When I try to use the
tls1.3-draft-18
ortls1.3-draft-19
branches ofopenssl/openssl
I don't even get this far.