-
Notifications
You must be signed in to change notification settings - Fork 455
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UnicodeError thrown when --certinfo_ca_file is encoded with UTF-8 #670
Comments
Arguably CA bundle files shouldn't included non-ascii bytes. I've reported this against Fedora's |
I just realised that the problem is not with
If |
A CA bundle may contain non-ASCII characters (e.g., CA distinguished names may include accents). When we try to encode these into bytes, the choise of the "ascii" codec causes a UnicodeError to be thrown. Since we don't actaully want to do anythign with the CA bundle other than pass it to cryptograhpy, just load it as bytes in the first place. Fixes: nabla-c0d3#670
Fedora's The change in the linked pull request resolves the problem for me. |
Describe the bug
UnicodeError is thrown when sslyze parses my system's CA certificate authority list.
Here are the problematic bytes in
ca-bundle.crt
. They are in the file because their CA's DN has non-ascii characters in it, and the UTF-8 encoding is tripping upcryptography
.(sslyze currently requires cryptography <43,>42 so maybe this is fixed in a later cryptography version, I will check this later and update.)
You'll see the offset
0x21cd8
being mentioned in the exception below (in decimal, as138456
).To Reproduce
Steps to reproduce the behavior:
uv
uvx sslyze --certinfo_ca_file=/etc/pki/tls/certs/ca-bundle.crt --certinfo token.actions.githubusercontent.com
Expected behavior
No exception
Python environment (please complete the following information):
The text was updated successfully, but these errors were encountered: