Skip to content

Ports other than 443 result in null values where there shouldn't be null values #254

Open
Open
Ports other than 443 result in null values where there shouldn't be null values#254
@arcsector

Description

@arcsector
arcsector
opened on Jun 26, 2024

🐛 Summary

"HTTPS Custom Truststore Trusted" and "HTTPS Cert Chain Length" check results are null when specifying a port number with a URL. These should not be null, and should instead be representative of the actual values reflected.

To reproduce

Steps to reproduce the behavior:

  • Scan a normal website without a port number with a custom CA file: pshtt --timeout 2 --ca-file=custom_ca_file.pem google.com
  • Observe that these fields are not null
  • Scan the same website, but with the port number: pshtt --timeout 2 --ca-file=custom_ca_file.pem google.com:443
  • Observe that these fields are null
  • Scan any other website on any port specified: pshtt --timeout 2 --ca-file=custom_ca_file.pem example.com:9443
  • Observe that these fields are null

Expected behavior

These should not be null, and should instead be representative of the actual values reflected. SSLyze, for example, gets these values correct even when the port is provided, but PSHTT does not.

Any helpful log output or screenshots

Paste the results here:

arcsector@device ~/test pshtt> pshtt --timeout 2 --ca-file=google_root.pem google.com:443 --debug --json 2> /dev/null

-------------------------

Fetching Chrome preload list from source...
Starting new HTTPS connection (1): chromium.googlesource.com:443
https://chromium.googlesource.com:443 "GET /chromium/src/+/main/net/http/transport_security_state_static.json?format=TEXT HTTP/1.1" 200 None

-------------------------

Fetching hstspreload.org pending list...
Starting new HTTPS connection (1): hstspreload.org:443
https://hstspreload.org:443 "GET /api/v2/pending HTTP/1.1" 200 None

-------------------------

Pinging http://google.com:443...
Starting new HTTP connection (1): google.com:443
[
  {
    "Base Domain": "google.com:443",
    "Base Domain HSTS Preloaded": false,
    "Canonical URL": "https://www.google.com:443",
    "Defaults to HTTPS": true,
    "Domain": "google.com:443",
    "Domain Enforces HTTPS": true,
    "Domain Supports HTTPS": true,
    "Domain Uses Strong HSTS": false,
    "Downgrades HTTPS": false,
    "HSTS": false,
    "HSTS Entire Domain": false,
    "HSTS Header": null,
    "HSTS Max Age": null,
    "HSTS Preload Pending": false,
    "HSTS Preload Ready": false,
    "HSTS Preloaded": false,
    "HTTPS Bad Chain": false,
    "HTTPS Bad Hostname": false,
    "HTTPS Cert Chain Length": null, # <--- HERE
    "HTTPS Client Auth Required": false,
    "HTTPS Custom Truststore Trusted": null, # <--- HERE
    "HTTPS Expired Cert": false,
    "HTTPS Full Connection": true,
    "HTTPS Live": true,
    "HTTPS Probably Missing Intermediate Cert": false,
    "HTTPS Publicly Trusted": null,
    "HTTPS Self Signed Cert": false,
    "IP": null,
    "Live": true,
    "Notes": "",
    "Redirect": false,
    "Redirect To": null,
    "Server Header": "gws",
    "Server Version": null,
    "Strictly Forces HTTPS": true,
    "Unknown Error": true,
    "Valid HTTPS": true
    ...
  }
]

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions