SSL certificate tests not present in JSON output?

[mejofi]

It looks like the JSON output is missing the results of the SSL certificate tests? Compare this, for example;

$ ready --check-filter=ssl ur.nl
Domain: ur.nl, Domain (no path): ur.nl, First Level Domain: ur.nl
[ OK ] SSL expiry should be less than one year (60 days)
[ OK ] SSL expiry should be greater than five days (60 days)
[ OK ] SSL certificate should be trusted
[ OK ] SSL connection fails when using TLS 1.1
[ OK ] SSL connection fails when using TLS 1.0

with this;

$ ready --check-filter=ssl --json --quiet ur.nl
Domain: ur.nl, Domain (no path): ur.nl, First Level Domain: ur.nl
{
  "domain": "ur.nl",
  "score": 100,
  "checks": {
    "ssl_tls_1_1": {
      "passed": true,
      "message": "SSL connection fails when using TLS 1.1"
    },
    "ssl_tls_1_0": {
      "passed": true,
      "message": "SSL connection fails when using TLS 1.0"
    }
  },
  "when": "2024-02-26T14:39:07Z"
}

This happens both with and without the use of a --check-filter parameter.

[sesh]

This one is interesting. It works for me:

> python3 -m ready.ready ur.nl --json --quiet | jq '.checks|keys|map(select(startswith("ssl")))'

[
  "ssl_dns_caa",
  "ssl_dns_caa_accounturi",
  "ssl_dns_caa_validationmethods",
  "ssl_hsts",
  "ssl_hsts_duration",
  "ssl_hsts_preload",
  "ssl_hsts_subdomains",
  "ssl_tls_1_0",
  "ssl_tls_1_1"
]

and

 python3 -m ready.ready example.org --json --quiet | jq '.checks|keys|map(select(startswith("ssl")))'
[
  "ssl_dns_caa",
  "ssl_dns_caa_accounturi",
  "ssl_dns_caa_validationmethods",
  "ssl_hsts",
  "ssl_hsts_duration",
  "ssl_hsts_preload",
  "ssl_hsts_subdomains",
  "ssl_tls_1_0",
  "ssl_tls_1_1"
]

If the checks don't return properly it's possible that they aren't included in the output. I'll have a deeper look into them later today and try to get the same output as you.

[mejofi]

Yeah, that's what I get here, too;

$ ready ur.nl --json --quiet | jq '.checks|keys|map(select(startswith("ssl")))'
[
  "ssl_dns_caa",
  "ssl_dns_caa_accounturi",
  "ssl_dns_caa_validationmethods",
  "ssl_hsts",
  "ssl_hsts_duration",
  "ssl_hsts_preload",
  "ssl_hsts_subdomains",
  "ssl_tls_1_0",
  "ssl_tls_1_1"
]

But notice that none of these are the actual certificate tests, but the CAA, HSTS, and TLS version tests, instead?

And with a different filter;

$ ready --check-filter=expiry ur.nl
Domain: ur.nl, Domain (no path): ur.nl, First Level Domain: ur.nl
[ OK ] SSL expiry should be less than one year (59 days)
[ OK ] SSL expiry should be greater than five days (59 days)

$ ready --check-filter=expiry --json --quiet ur.nl
{
  "domain": "ur.nl",
  "score": 100,
  "checks": {},
  "when": "2024-02-27T20:53:50Z",
  "version": "1.2.5"
}

it does not show any tests at all?

[sesh]

Oh right, I see! I've found the issue – those checks weren't returning the result. Thanks for picking this up!

Release incoming.

[sesh]

This should be resolved in the latest release.

> ready brntn.me --json --quiet | jq '.checks|keys|map(select(startswith("ssl")))'

[
  "ssl_dns_caa",
  "ssl_dns_caa_accounturi",
  "ssl_dns_caa_validationmethods",
  "ssl_expiry_max",
  "ssl_expiry_min",
  "ssl_hsts",
  "ssl_hsts_duration",
  "ssl_hsts_preload",
  "ssl_hsts_subdomains",
  "ssl_tls_1_0",
  "ssl_tls_1_1",
  "ssl_trusted"
]

[mejofi]

Yup, there it is!

$ ready --check-filter=expiry --json --quiet ur.nl
{
  "domain": "ur.nl",
  "score": 100,
  "checks": {
    "ssl_expiry_max": {
      "passed": true,
      "message": "SSL expiry should be less than one year (59 days)"
    },
    "ssl_expiry_min": {
      "passed": true,
      "message": "SSL expiry should be greater than five days (59 days)"
    }
  },
  "when": "2024-02-27T22:15:05Z",
  "version": "1.2.6"
}

$ ready ur.nl --json --quiet | jq '.checks|keys|map(select(startswith("ssl")))'
[
  "ssl_dns_caa",
  "ssl_dns_caa_accounturi",
  "ssl_dns_caa_validationmethods",
  "ssl_expiry_max",
  "ssl_expiry_min",
  "ssl_hsts",
  "ssl_hsts_duration",
  "ssl_hsts_preload",
  "ssl_hsts_subdomains",
  "ssl_tls_1_0",
  "ssl_tls_1_1",
  "ssl_trusted"
]

Thanks! 🙂