From ab27cc46f64b27b86fd8629e627a3cabe858dd63 Mon Sep 17 00:00:00 2001 From: Sam Morris Date: Fri, 1 Nov 2024 15:03:00 +0000 Subject: [PATCH] Load CA bundle as bytes, not text A CA bundle may contain non-ASCII characters (e.g., CA distinguished names may include accents). When we try to encode these into bytes, the choise of the "ascii" codec causes a UnicodeError to be thrown. Since we don't actaully want to do anythign with the CA bundle other than pass it to cryptograhpy, just load it as bytes in the first place. Fixes: https://github.com/nabla-c0d3/sslyze/issues/670 --- sslyze/plugins/certificate_info/trust_stores/trust_store.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sslyze/plugins/certificate_info/trust_stores/trust_store.py b/sslyze/plugins/certificate_info/trust_stores/trust_store.py index 84f7387f..ce483ff1 100644 --- a/sslyze/plugins/certificate_info/trust_stores/trust_store.py +++ b/sslyze/plugins/certificate_info/trust_stores/trust_store.py @@ -52,7 +52,7 @@ def __init__(self, path: Path, name: str, version: str, ev_oids: Optional[List[O self.version = version self.ev_oids = ev_oids - self._x509_store = Store(load_pem_x509_certificates(self.path.read_text().encode("ascii"))) + self._x509_store = Store(load_pem_x509_certificates(self.path.read_bytes())) def is_certificate_extended_validation(self, certificate: Certificate) -> bool: """Is the supplied server certificate EV?"""