From 6a14ff37961cc2fee9c0368ecc3e29a4366dd6f7 Mon Sep 17 00:00:00 2001
From: Narbeh <narbeh@protonmail.com>
Date: Wed, 18 Apr 2018 16:32:41 +0430
Subject: [PATCH] Revert Back To pyOpenSSL Again!!!

---
 README.md      | 12 ++++++++---
 ssl_checker.py | 56 +++++++++++++++++++++++++++++++-------------------
 2 files changed, 44 insertions(+), 24 deletions(-)

diff --git a/README.md b/README.md
index 797090f..9f062cd 100644
--- a/README.md
+++ b/README.md
@@ -1,17 +1,23 @@
 # SSL Checker
 #### Simple Python script that collects SSL information from hosts
 
-# About
+## About
 
 It's a simple script running in python that collects SSL information then it returns the group of information in JSON.
 
-# Usage
+## Requirements
+
+You only need to installl pyOpenSSL:
+
+`pip install pyopenssl`
+
+## Usage
 
 `python ssl_checker.py host1[:port] [host2:port] [host3:port]...`
 
 Port is optional here. The script will use 443 if not specified.
 
-# Example
+## Example
 
 ```bash
 narbeh@narbeh-xps:~/ssl-checker$ python ssl_checker.py cisco.com archive.org ttttessssttt.com
diff --git a/ssl_checker.py b/ssl_checker.py
index 0232a67..d25d72d 100644
--- a/ssl_checker.py
+++ b/ssl_checker.py
@@ -2,8 +2,14 @@
 import socket
 import sys
 
-from ssl import create_default_context
 from datetime import datetime
+from ssl import PROTOCOL_TLSv1
+
+try:
+    from OpenSSL import SSL
+except ImportError:
+    print('Required module does not exist. Install: pip install pyopenssl')
+    sys.exit(1)
 
 
 class TextColor:
@@ -17,18 +23,28 @@ class TextColor:
 
 def get_cert(host, port):
     """Connection to the host."""
-    sslctx = create_default_context()
-    sock = sslctx.wrap_socket(socket.socket(), server_hostname=host)
+    osobj = SSL.Context(PROTOCOL_TLSv1)
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 
     try:
         sock.connect((host, int(port)))
-        print('\t{}[+]{} {}'.format(TextColor.GREEN, TextColor.RESET, host))
     except Exception as e:
         print('\t{}[-]{} {} failed: {}'.format(TextColor.RED, TextColor.RESET, host, e))
         return None
 
-    cert = sock.getpeercert()
+    oscon = SSL.Connection(osobj, sock)
+    oscon.set_tlsext_host_name(host.encode())
+    oscon.set_connect_state()
+    try:
+        oscon.do_handshake()
+    except Exception as e:
+        print('\t{}[-]{} {} failed: {}'.format(TextColor.RED, TextColor.RESET, host, e))
+        return None
+
+    print('\t{}[+]{} {}'.format(TextColor.GREEN, TextColor.RESET, host))
+    cert = oscon.get_peer_certificate()
     sock.close()
+
     return cert
 
 
@@ -36,30 +52,28 @@ def get_cert_info(cert):
     """Get all the information about cert and create a JSON file."""
     context = {}
 
-    issued_to = dict(x[0] for x in cert['subject'])
-    issued_by = dict(x[0] for x in cert['issuer'])
-
-    context['issuer_c'] = issued_by['countryName']
-    context['issuer_o'] = issued_by['organizationName']
-    context['issuer_cn'] = issued_by['commonName']
-    context['issued_to'] = issued_to['commonName']
-    context['cert_sn'] = cert['serialNumber']
-    context['cert_ver'] = cert['version']
+    context['issuer_c'] = cert.get_issuer().countryName
+    context['issuer_o'] = cert.get_issuer().organizationName
+    context['issuer_ou'] = cert.get_issuer().organizationalUnitName
+    context['issuer_cn'] = cert.get_issuer().commonName
+    context['cert_sn'] = cert.get_serial_number()
+    context['cert_alg'] = cert.get_signature_algorithm().decode()
+    context['cert_ver'] = cert.get_version()
+    context['cert_exp'] = cert.has_expired()
 
     # Valid from
-    valid_from = datetime.strptime(cert['notBefore'], '%b %d %H:%M:%S %Y %Z')
+    valid_from = datetime.strptime(cert.get_notBefore().decode('ascii'),
+                                   '%Y%m%d%H%M%SZ')
     context['valid_from'] = valid_from.strftime('%Y-%m-%d')
 
-    # Vali till
-    valid_till = datetime.strptime(cert['notAfter'], '%b %d %H:%M:%S %Y %Z')
+    # Valid till
+    valid_till = datetime.strptime(cert.get_notAfter().decode('ascii'),
+                                   '%Y%m%d%H%M%SZ')
     context['valid_till'] = valid_till.strftime('%Y-%m-%d')
 
     # Validity days
     context['validity_days'] = (valid_till - valid_from).days
 
-    # Expiry check
-    context['expired'] = False if valid_till >= datetime.now() else True
-
     return context
 
 
@@ -76,7 +90,7 @@ def show_result(hosts):
         else:
             failed_cnt += 1
 
-    print('\n{} successful and {} failed.'.format(len(hosts) - failed_cnt, failed_cnt))
+    print('\n{} successful and {} failed.\n'.format(len(hosts) - failed_cnt, failed_cnt))
 
     print(context)