fix to prevent handshake failure

This commit is contained in:
Beu 2019-03-07 08:58:20 +01:00
parent 87e1c957a7
commit d60356067d

View File

@ -4,12 +4,12 @@
# IMPORTATION # IMPORTATION
import cgi import cgi
import json import json
import urllib.request
import ssl import ssl
import hashlib import hashlib
import dns.query import dns.query
import dns.message import dns.message
import socket import socket
import requests
from cryptography import x509 from cryptography import x509
from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends import default_backend
@ -50,11 +50,14 @@ def tlsa_validation(DOMAIN):
mtype = str(tlsalist[6]) mtype = str(tlsalist[6])
hexdata1 = str(tlsalist[7]) hexdata1 = str(tlsalist[7])
try:
conn = ssl.create_connection((DOMAIN , 443)) conn = ssl.create_connection((DOMAIN , 443))
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
sock = context.wrap_socket(conn, server_hostname=DOMAIN) sock = context.wrap_socket(conn, server_hostname=DOMAIN)
cert = ssl.DER_cert_to_PEM_cert(sock.getpeercert(True)) cert = ssl.DER_cert_to_PEM_cert(sock.getpeercert(True))
cert = cert.encode('ascii') cert = cert.encode('ascii')
except:
return(False)
if selector == "0": if selector == "0":
certdata = cert.as_der() certdata = cert.as_der()
@ -81,7 +84,8 @@ def tlsa_validation(DOMAIN):
def headers_validation(DOMAIN): def headers_validation(DOMAIN):
url = "https://" + DOMAIN + "/" url = "https://" + DOMAIN + "/"
try: try:
headers = urllib.request.urlopen(url,timeout=3).info() r = requests.get(url)
headers = r.headers
except: except:
return("NO HTTPS") return("NO HTTPS")
@ -130,5 +134,3 @@ if "HPKP_TRUE" in headers:
JSON_RESULT = json.dumps(JSON_DATA) JSON_RESULT = json.dumps(JSON_DATA)
print(JSON_RESULT) print(JSON_RESULT)