Red Hat Linux: Segmentation Fault when trying to scan local apache server #556
Description
To Reproduce
Steps to reproduce the behavior:
- Install latest SSLyze version using git clone
- Create and activate python3.9 venv
- Follow the steps: https://github.com/nabla-c0d3/sslyze/tree/5.0.0#development-environment
- See error
Expected behavior
Tests succeed
Python environment
- OS: RHEL 8.5
- Python version: 3.9.6
- OpenSSL 1.1.1k FIPS 25 Mar 2021
- update-crypto-policies --show: LEGACY
Additional context
When trying to scan a local apache webserver using python -m sslyze [webserver cname] with SSLyze version 4.1.0, which was previously installed using pip, or with the latest version from git, a segmentation fault happens aswell.
gdb -ex r --args /opt/testsslyze/venv/bin/python -m sslyze [webserver cname] results in error 2
Error
# invoke test
============================= test session starts ==============================
platform linux -- Python 3.9.6, pytest-6.2.5, py-1.11.0, pluggy-1.0.0
rootdir: /opt/testsslyze/sslyze
plugins: Faker-13.0.0, cov-3.0.0
collected 163 items
tests/test_main.py . [ 0%]
tests/cli_tests/test_console_output.py ......... [ 6%]
tests/cli_tests/test_server_string_parser.py ........ [ 11%]
tests/json_tests/test_json_output.py ..... [ 14%]
tests/plugins_tests/test_compression_plugin.py Fs. [ 15%]
tests/plugins_tests/test_early_data_plugin.py ... [ 17%]
tests/plugins_tests/test_elliptic_curves_plugin.py FF [ 19%]
tests/plugins_tests/test_fallback_scsv_plugin.py FFFF [ 21%]
tests/plugins_tests/test_heartbleed_plugin.py FF... [ 24%]
tests/plugins_tests/test_http_headers_plugin.py FFF........ [ 31%]
tests/plugins_tests/test_openssl_ccs_injection_plugin.py FF... [ 34%]
tests/plugins_tests/test_robot_plugin.py Fs. [ 36%]
tests/plugins_tests/test_scan_commands.py . [ 36%]
tests/plugins_tests/test_session_renegotiation_plugin.py F..F [ 39%]
tests/plugins_tests/test_session_resumption_plugin.py FF.. [ 41%]
tests/plugins_tests/certificate_info/test_certificate_algorithms.py ..FF [ 44%]
F [ 44%]
tests/plugins_tests/certificate_info/test_certificate_info_plugin.py FFF [ 46%]
FFFsFFFFFF. [ 53%]
tests/plugins_tests/certificate_info/test_certificate_utils.py ...... [ 57%]
tests/plugins_tests/certificate_info/test_cli_connector.py F [ 57%]
tests/plugins_tests/certificate_info/test_json.py F [ 58%]
tests/plugins_tests/certificate_info/test_symantec.py ... [ 60%]
tests/plugins_tests/certificate_info/test_trust_store_repository.py .F [ 61%]
tests/plugins_tests/openssl_cipher_suites/test_cipher_suites.py . [ 61%]
tests/plugins_tests/openssl_cipher_suites/test_cli_connector.py F [ 62%]
tests/plugins_tests/openssl_cipher_suites/test_openssl_cipher_suites_plugin.py F [ 63%]
FFFFFFFFFFFFFatal Python error: Segmentation fault
Current thread 0x00007f4d107e0700 (most recent call first):
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/nassl/ssl_client.py", line 319 in get_ephemeral_key
File "/opt/testsslyze/sslyze/sslyze/plugins/openssl_cipher_suites/_test_cipher_suite.py", line 56 in connect_with_cipher_suite
File "/usr/lib64/python3.9/concurrent/futures/thread.py", line 52 in run
File "/usr/lib64/python3.9/concurrent/futures/thread.py", line 77 in _worker
File "/usr/lib64/python3.9/threading.py", line 910 in run
File "/usr/lib64/python3.9/threading.py", line 973 in _bootstrap_inner
File "/usr/lib64/python3.9/threading.py", line 930 in _bootstrap
Thread 0x00007f4d117e2700 (most recent call first):
File "/opt/testsslyze/sslyze/tests/openssl_server/__init__.py", line 44 in read_and_log_and_reply
File "/usr/lib64/python3.9/threading.py", line 910 in run
File "/usr/lib64/python3.9/threading.py", line 973 in _bootstrap_inner
File "/usr/lib64/python3.9/threading.py", line 930 in _bootstrap
Thread 0x00007f4d71b66100 (most recent call first):
File "/usr/lib64/python3.9/threading.py", line 312 in wait
File "/usr/lib64/python3.9/concurrent/futures/_base.py", line 440 in result
File "/opt/testsslyze/sslyze/sslyze/plugins/plugin_base.py", line 115 in scan_server
File "/opt/testsslyze/sslyze/tests/plugins_tests/openssl_cipher_suites/test_openssl_cipher_suites_plugin.py", line 321 in test_sslv3_enabled
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/python.py", line 183 in pytest_pyfunc_call
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/python.py", line 1641 in runtest
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 162 in pytest_runtest_call
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 255 in <lambda>
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 311 in from_call
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 254 in call_runtest_hook
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 215 in call_and_report
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 126 in runtestprotocol
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 109 in pytest_runtest_protocol
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/main.py", line 348 in pytest_runtestloop
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/main.py", line 323 in _main
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/main.py", line 269 in wrap_session
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/main.py", line 316 in pytest_cmdline_main
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/config/__init__.py", line 162 in main
File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/config/__init__.py", line 185 in console_main
File "/opt/testsslyze/venv/bin/pytest", line 8 in <module>
Error 2
# gdb -ex r --args /opt/testsslyze/venv/bin/python -m sslyze [webserver cname]
...
[Thread 0x7fffcf7fe700 (LWP 366897) exited]
[webserver cname]:443 => 10.225.76.137 WARNING: Server requested optional client authentication
Thread 15 "python" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffefc80700 (LWP 366902)]
nassl_SSL_get_dh_info (self=<optimized out>) at nassl/_nassl/nassl_SSL.c:861
861 nassl/_nassl/nassl_SSL.c: No such file or directory.