Merge branch 'master' of github.com:yaroslaff/showcert

Author: yaroslaff

.github/workflows/main.yml

@@ -37,6 +37,9 @@ jobs:
       - name: List files
         run: ls -al
 
+      - name: Print coverage.xml
+        run: cat coverage.xml
+
       - name: Upload results to Codecov
         uses: codecov/codecov-action@v5
         with:

showcert/__about__.py

@@ -1 +1 @@
-__version__ = '0.4.4'
+__version__ = '0.4.6'

showcert/getremote.py

@@ -138,7 +138,19 @@ def get_certificate_chain(host, name=None, port=443, insecure=False, starttls='a
     conn.set_tlsext_host_name(name.encode())
 
     conn.set_connect_state()
-    conn.do_handshake()
+
+    try:
+        conn.do_handshake()
+    except SSL.Error as e:
+        # rare case, e.g. RabbitMQ on 5671 which reset connection if client certificate is not sent
+        # never happens on webservers
+        if insecure and 'ssl/tls alert handshake failure' in str(e):
+            print("# Server likely requires a client certificate (handshake failure)")
+        else:
+            raise
+                
+    if conn.get_client_ca_list():
+        print("# Remote asks for a client certificate")
 
     chain = conn.get_peer_cert_chain()
     return sock_host, chain

tests/test_client.py

@@ -0,0 +1,19 @@
+from showcert import process_cert
+from OpenSSL import SSL
+
+import pytest
+
+class TestClient:
+    def test_client(self):
+        srv = "client.badssl.com"
+        process_cert(srv)
+
+    def test_handshake_failure(self, monkeypatch):
+        def fake_handshake(self):
+            original_handshake(self)
+            raise SSL.Error([('SSL routines', '', 'ssl/tls alert handshake failure')])
+
+        original_handshake = SSL.Connection.do_handshake
+        monkeypatch.setattr("OpenSSL.SSL.Connection.do_handshake", fake_handshake)
+        process_cert("client.badssl.com", insecure=True)
+