Describe the bug
UnicodeError is thrown when sslyze parses my system's CA certificate authority list.
Here are the problematic bytes in ca-bundle.crt. They are in the file because their CA's DN has non-ascii characters in it, and the UTF-8 encoding is tripping up cryptography.
(sslyze currently requires cryptography <43,>42 so maybe this is fixed in a later cryptography version, I will check this later and update.)
You'll see the offset 0x21cd8 being mentioned in the exception below (in decimal, as 138456).
$ uvx sslyze --certinfo_ca_file=/etc/pki/tls/certs/ca-bundle.crt --certinfo token.actions.githubusercontent.com
[...]
* Error when running --certinfo:
You can open an issue at https://github.com/nabla-c0d3/sslyze/issues with the following information:
* SSLyze version: 6.0.0
* Server: token.actions.githubusercontent.com:443 - 140.82.112.22
* Scan command: ScanCommand.CERTIFICATE_INFO
Traceback (most recent call last):
File "/home/sam/.local/share/uv/tools/sslyze/lib64/python3.12/site-packages/sslyze/scanner/_mass_scanner.py", line 279, in _generate_result_for_completed_server_scan
scan_cmd_result = plugin_implementation_cls.result_for_completed_scan_jobs(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/sam/.local/share/uv/tools/sslyze/lib64/python3.12/site-packages/sslyze/plugins/certificate_info/implementation.py", line 130, in result_for_completed_scan_jobs
all_trust_stores.append(TrustStore(custom_ca_file, "Supplied CA file", "N/A"))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/sam/.local/share/uv/tools/sslyze/lib64/python3.12/site-packages/sslyze/plugins/certificate_info/trust_stores/trust_store.py", line 55, in __init__
self._x509_store = Store(load_pem_x509_certificates(self.path.read_text().encode("ascii")))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeEncodeError: 'ascii' codec can't encode character '\u0151' in position 138456: ordinal not in range(128)
To Reproduce
Steps to reproduce the behavior:
Install uv
Run the following command uvx sslyze --certinfo_ca_file=/etc/pki/tls/certs/ca-bundle.crt --certinfo token.actions.githubusercontent.com
See error
Expected behavior
No exception
Python environment (please complete the following information):
Describe the bug UnicodeError is thrown when sslyze parses my system's CA certificate authority list.
Here are the problematic bytes in
ca-bundle.crt
. They are in the file because their CA's DN has non-ascii characters in it, and the UTF-8 encoding is tripping upcryptography
.(sslyze currently requires cryptography <43,>42 so maybe this is fixed in a later cryptography version, I will check this later and update.)
You'll see the offset
0x21cd8
being mentioned in the exception below (in decimal, as138456
).To Reproduce Steps to reproduce the behavior:
uv
uvx sslyze --certinfo_ca_file=/etc/pki/tls/certs/ca-bundle.crt --certinfo token.actions.githubusercontent.com
Expected behavior No exception
Python environment (please complete the following information):