Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'Void' object has no attribute 'human_friendly' #37

Open
chrisdlangton opened this issue Oct 4, 2021 · 0 comments
Open

'Void' object has no attribute 'human_friendly' #37

chrisdlangton opened this issue Oct 4, 2021 · 0 comments

Comments

@chrisdlangton
Copy link

When run on revoked.badssl.com

    ctx = ValidationContext(allow_fetching=True, revocation_mode='hard-fail', weak_hash_algos=set(["md2", "md5", "sha1"]))
    validator = CertificateValidator(pem, validation_context=ctx, intermediate_certs=intermediate_certs)
    validator.validate_usage(
        key_usage=set(validator_key_usage),
        extended_key_usage=set(validator_extended_key_usage),
    )

full self-enclosed test:

from socket import socket, AF_INET, SOCK_STREAM
from certvalidator import CertificateValidator, ValidationContext
import idna
from OpenSSL import SSL
from OpenSSL.crypto import dump_certificate, FILETYPE_PEM

host = 'revoked.badssl.com'
ctx = SSL.Context(method=SSL.TLSv1_2_METHOD)
ctx.check_hostname = False
ctx.verify_mode = SSL.VERIFY_NONE
conn = SSL.Connection(ctx, socket(AF_INET, SOCK_STREAM))
conn.connect((host, 443))
conn.settimeout(3)
conn.set_tlsext_host_name(idna.encode(host))
conn.setblocking(1)
conn.do_handshake()
x509 = conn.get_peer_certificate()
intermediate_certs = []
for (_, cert) in enumerate(conn.get_peer_cert_chain()):
    intermediate_certs.append(dump_certificate(FILETYPE_PEM, cert))
conn.close()
pem = dump_certificate(FILETYPE_PEM, x509)
ctx = ValidationContext(allow_fetching=True, revocation_mode='hard-fail', weak_hash_algos=set(["md2", "md5", "sha1"]))
validator = CertificateValidator(pem, validation_context=ctx, intermediate_certs=intermediate_certs)
validator.validate_usage(
    key_usage=set(['digital_signature', 'key_encipherment']),
    extended_key_usage=set(['server_auth']),
)

full trace

Traceback (most recent call last):
  File "<redacted>/src/main.py", line 39, in <module>
    validator.validate_usage(
  File "<redacted>/.venv/lib/python3.9/site-packages/certvalidator/__init__.py", line 193, in validate_usage
    self._validate_path()
  File "<redacted>/.venv/lib/python3.9/site-packages/certvalidator/__init__.py", line 121, in _validate_path
    validate_path(self._context, candidate_path)
  File "<redacted>/.venv/lib/python3.9/site-packages/certvalidator/validate.py", line 50, in validate_path
    return _validate_path(validation_context, path)
  File "<redacted>/.venv/lib/python3.9/site-packages/certvalidator/validate.py", line 376, in _validate_path
    verify_ocsp_response(
  File "<redacted>/.venv/lib/python3.9/site-packages/certvalidator/validate.py", line 1101, in verify_ocsp_response
    reason = revocation_info['revocation_reason'].human_friendly
AttributeError: 'Void' object has no attribute 'human_friendly'

Via pip certvalidator==0.11.1

** Expected

Your docs explain I should see RevokedError not AttributeError which seems more about a source code bug within CertificateValidator then an actual error realted to OCSP revocation.

You may want to do some testing against badssl.com if you don't have something better
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chrisdlangton