TypeError: Odd-length string

von / PerProxy

A python-based proxy that uses Perspectives to detect and thwart SSL MITM attacks.

7 stars 2 forks source link

TypeError: Odd-length string #16

Closed von closed 13 years ago

von commented 13 years ago

PerProxy:Thread-33:secure-media-snc1.fbcdn.net: Server subject is C=US, ST=California, L=Palo Alto, O=Facebook, Inc., CN=*.fbcdn.net
PerProxy:Thread-33:secure-media-snc1.fbcdn.net: Checking certificate with Perspectives
PerProxy:Thread-33:secure-media-snc1.fbcdn.net: Odd-length string
Traceback (most recent call last):
  File "./PerProxy.py", line 59, in handle
    server = self.connect_to_server(hostname, port)
  File "./PerProxy.py", line 117, in connect_to_server
    fingerprint = server.get_fingerprint()
  File "/Users/vwelch/develop/PerProxy/Server.py", line 32, in get_fingerprint
    return Fingerprint.from_M2Crypto_X509(self.get_cert())
  File "/Users/vwelch/develop/PerProxy/Perspectives/Fingerprint.py", line 22, in from_M2Crypto_X509
    data = binascii.a2b_hex(cert.get_fingerprint())
TypeError: Odd-length string
PerProxy:Thread-33:secure-media-snc1.fbcdn.net: Deferring handling error connecting to server: Odd-length string

von commented 13 years ago

With better logging:

2011-06-06 09:57:47,632:Thread-51:INFO:Connecting to chatenabled.mail.google.com:443
2011-06-06 09:57:47,752:Thread-51:INFO:Checking certificate with Perspectives
2011-06-06 09:57:47,752:Thread-51:ERROR:Perspectives check failed: Error parsing fingerprint "11E96F953B595E04D2A5AF63DD32256": Odd-length string
2011-06-06 09:57:47,753:Thread-51:ERROR:Deferring handling error connecting to server: Error parsing fingerprint "11E96F953B595E04D2A5AF63DD32256": Odd-length string
2011-06-06 09:57:47,839:Thread-51:INFO:Handling deferred server error: Error parsing fingerprint "11E96F953B595E04D2A5AF63DD32256": Odd-length string

von commented 13 years ago

Another example visiting https://www.popvox.com/ - still not sure what causes this.

The PerProxy server encountered an error with the server:

Error parsing fingerprint "21A31C73CB547DFC33F7E1B9057AD7C": Odd-length string

von commented 13 years ago

Looks like leading zeros are being dropped by M2Crypto.X509.X509.get_fingerprint(). I think the right fix is to pad out to 32 characters with prepended zeros.

$ openssl s_client -connect www.popvox.com:443 < /dev/null | openssl x509 -outform DER | openssl md5 depth=3 /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com verify error:num=19:self signed certificate in certificate chain verify return:0 DONE 021a31c73cb547dfc33f7e1b9057ad7c

von commented 13 years ago

This was fixed in pyPerspectives library: https://github.com/von/pyPerspectives/issues/5