Switch to pyOpenSSL for validating certificate chain #566

nabla-c0d3 · 2022-05-14T10:42:45Z

To further address the memory leak affecting the certificate validation logic (#560), we should switch from nassl's to pyOpenSSL's API (https://www.pyopenssl.org/en/stable/api/crypto.html#x509storecontext-objects).

pyOpenSSL is already an implicit dependency of SSLyze since it's a dependency of cryptography.

nabla-c0d3 · 2023-01-17T20:59:22Z

Fix released as part of v5.1.0

nabla-c0d3 added this to SSLyze 5.1.0 May 14, 2022

nabla-c0d3 mentioned this issue Nov 6, 2022

Memory leak in set0_trusted_stack and set0_untrusted nabla-c0d3/nassl#90

Open

nabla-c0d3 added a commit that referenced this issue Nov 6, 2022

[#566] Switch to pyOpenSSL for validating certificate chain

95dcccf

nabla-c0d3 added a commit that referenced this issue Nov 6, 2022

[#566] Switch to pyOpenSSL for validating certificate chain

876e2a1

nabla-c0d3 added a commit that referenced this issue Nov 6, 2022

[#566] Switch to pyOpenSSL for validating certificate chain

29e9fd2

nabla-c0d3 moved this to Done in SSLyze 5.1.0 Nov 6, 2022

nabla-c0d3 added a commit that referenced this issue Nov 6, 2022

[#566] Switch to pyOpenSSL for validating certificate chain

bf8c53e

nabla-c0d3 added a commit that referenced this issue Nov 6, 2022

[#566] Switch to pyOpenSSL for validating certificate chain

11f135d

nabla-c0d3 added a commit that referenced this issue Nov 6, 2022

[#566] Switch to pyOpenSSL for validating certificate chain

fafb4da

nabla-c0d3 closed this as completed Jan 17, 2023

Provide feedback