search

prbinu / tls-scan

An Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )
https://prbinu.github.io/tls-scan
Other
290 stars 54 forks source link

Malformed json output for some domains #43

Closed wilco375 closed 2 years ago

wilco375 commented 2 years ago

Some domains return an invalid json output. Look for example at the response below from tls-scan --cacert /etc/ssl/certs/ca-certificates.crt --all -c wolfgangmobile.com. It seems to go wrong at the tlsVersions key, where an array is opened but never closed.

{ "host": "wolfgangmobile.com", "ip": "34.249.138.199", "port": 443, "elapsedTime": 4922, "tlsVersion": "TLSv1.2", "cipher": "ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD", "tempPublicKeyAlg": "ECDH prime256v1", "tempPublicKeySize": 256, "secureRenego": true, "compression": "NONE", "expansion": "NONE", "sessionLifetimeHint": 7200, "tlsVersions": [ "cipherSuite": { "supported": [ "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-SHA384", "ECDHE-RSA-AES256-SHA", "AES256-GCM-SHA384", "AES256-SHA256", "AES256-SHA", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA256", "ECDHE-RSA-AES128-SHA", "AES128-GCM-SHA256", "AES128-SHA256", "AES128-SHA" ] }, "x509ChainDepth": 3, "verifyCertResult": false, "verifyCertError": "certificate has expired", "verifyHostResult": true, "ocspStapled": false, "ocspStapled": false, "certificateChain": [ { "version": 3, "subject": "CN=wolfgangmobile.com", "issuer": "CN=R3; O=Let's Encrypt; C=US", "subjectCN": "wolfgangmobile.com", "subjectAltName": "DNS:*.wolfgangmobile.com, DNS:wolfgangmobile.com", "signatureAlg": "sha256WithRSAEncryption", "notBefore": "Dec 11 00:09:26 2021 GMT", "notAfter": "Mar 11 00:09:25 2022 GMT", "expired": false, "serialNo": "03:65:44:7C:58:15:BE:86:A2:29:90:8A:7D:01:A3:E9:B7:69", "keyUsage": "Digital Signature, Key Encipherment critical", "extKeyUsage": "TLS Web Server Authentication, TLS Web Client Authentication", "publicKeyAlg": "RSA", "publicKeySize": 2048, "basicConstraints": "CA:FALSE critical", "subjectKeyIdentifier": "91:70:F6:7B:F3:46:95:40:49:28:6F:A2:B8:CB:5D:C5:21:9C:F0:48", "sha1Fingerprint": "36:DA:9E:9D:41:CB:0B:6F:D4:00:3F:F3:CF:71:2D:6A:59:55:BC:EB" },{ "version": 3, "subject": "CN=R3; O=Let's Encrypt; C=US", "issuer": "CN=ISRG Root X1; O=Internet Security Research Group; C=US", "subjectCN": "R3", "signatureAlg": "sha256WithRSAEncryption", "notBefore": "Sep  4 00:00:00 2020 GMT", "notAfter": "Sep 15 16:00:00 2025 GMT", "expired": false, "serialNo": "91:2B:08:4A:CF:0C:18:A7:53:F6:D6:2E:25:A7:5F:5A", "keyUsage": "Digital Signature, Certificate Sign, CRL Sign critical", "extKeyUsage": "TLS Web Client Authentication, TLS Web Server Authentication", "publicKeyAlg": "RSA", "publicKeySize": 2048, "basicConstraints": "CA:TRUE, pathlen:0 critical", "subjectKeyIdentifier": "14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6", "sha1Fingerprint": "A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05" },{ "version": 3, "subject": "CN=ISRG Root X1; O=Internet Security Research Group; C=US", "issuer": "CN=DST Root CA X3; O=Digital Signature Trust Co.", "subjectCN": "ISRG Root X1", "signatureAlg": "sha256WithRSAEncryption", "notBefore": "Jan 20 19:14:03 2021 GMT", "notAfter": "Sep 30 18:14:03 2024 GMT", "expired": false, "serialNo": "40:01:77:21:37:D4:E9:42:B8:EE:76:AA:3C:64:0A:B7", "keyUsage": "Certificate Sign, CRL Sign critical", "publicKeyAlg": "RSA", "publicKeySize": 4096, "basicConstraints": "CA:TRUE critical", "subjectKeyIdentifier": "79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E", "sha1Fingerprint": "93:3C:6D:DE:E9:5C:9C:41:A4:0F:9F:50:49:3D:82:BE:03:AD:87:BF" } ] }
prbinu commented 2 years ago

Thanks for reporting this bug. The fix is available in release version 1.4.8.