search

trimstray / htrace.sh

My simple Swiss Army knife for http/https troubleshooting and profiling.
GNU General Public License v3.0
3.75k stars 233 forks source link

Don't use alpine:latest in Dockerfile #82

Closed EppO closed 5 years ago

EppO commented 5 years ago

Hello,

alpine:latest currently points to 3.10 which is shipping OpenSSL 1.1.1c. htrace.sh doesn't support yet 1.1.1c apparently:

Screen Shot 2019-07-05 at 18 34 50

Using alpine:3.9 in the Dockerfile fixes it:

Screen Shot 2019-07-05 at 18 34 03

Explicitly set the tag of the image could avoid this breaking changes.

trimstray commented 5 years ago

Hi!

@EppO, I'll add support for OpenSSL 1.1.1{a,b,c}.

trimstray commented 5 years ago

Hi @EppO : look at this:

htrace.sh -u https://nmap.org -s --hide-src-ip

     htrace.sh v1.1.5  (openssl 1.1.1c: ok)

    URI: https://nmap.org

         » request-method: GET
         » user-agent:     Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0

    req  time_total   time_connect    local_socket           via              remote_socket         geo   proto   ver   code     next_hop
    ---  ----------   ------------    ------------           ---              -------------         ---   -----   ---   ----     --------
 •   1   1.146685     1.146685        xxx.xxx.xxx.xxx:51616  xxx.xxx.xxx.xxx  45.33.49.119:443      US    https   1.1   200      
         ssl: on, version(TLSv1.2), cipher(ECDHE-RSA-AES128-GCM-SHA256)
         public-key(2048 bit), signature(sha256WithRSAEncryption)
         date: Mar 16 00:00:00 2018 GMT / Mar 15 23:59:59 2020 GMT (259 days to expired)
         issuer: COMODO RSA Domain Validation Secure Server CA (COMODO CA Limited)
         owner: (Domain Control Validated PositiveSSL)
         cn: nmap.org
         san: nmap.org www.nmap.org 
         sni: match
         validity: match
         chain of trust:
          └─0:nmap.org ★ ✓
            ├   COMODO RSA Domain Validation Secure Server CA
            └─1:COMODO RSA Domain Validation Secure Server CA ✓
              ├   COMODO RSA Certification Authority
              └─2:COMODO RSA Certification Authority ✓
                ├   AddTrust External CA Root
                └─3:AddTrust External CA Root ✓ ⊙
                  └ AddTrust External CA Root
         verification: unable to get local issuer certificate
EppO commented 5 years ago

Just tried it, it works!! thanks for fixing that quickly. I still think though it'd better to set explicitly the version of Alpine you're using in the Dockerfile to prevent breakage if the next version of Alpine ships with a newer version of SSL not yet supported by htrace.sh. Dockerfile should be deterministic and using latest tags on image dependencies doesn't make it consistent nor immutable. Just my 2 cents :)

trimstray commented 5 years ago

@EppO : I changed version to 3.9, thanks man!