ssllabs.data package#

Submodules#

ssllabs.data.caa_policy module#

CAA Policy.

class ssllabs.data.caa_policy.CaaPolicyData(policyHostname: str, caaRecords: List[CaaRecordData])#

Bases: object

Dataclass for CAA Policy objects.

See also: ssllabs/ssllabs-scan

caaRecords: List[CaaRecordData]#: List of supported CAARecord

policyHostname: str#: hostname where policy is located

ssllabs.data.caa_record module#

CAA Record.

class ssllabs.data.caa_record.CaaRecordData(tag: str, value: str, flags: int)#

Bases: object

Dataclass for CAA Record objects.

See also: ssllabs/ssllabs-scan

flags: int#: Corresponding flags of CAA property (8 bit)

tag: str#: A property of the CAA record

value: str#: Corresponding value of a CAA property

ssllabs.data.cert module#

Cert.

class ssllabs.data.cert.CertData(id: str, subject: str, serialNumber: str, commonNames: List[str], altNames: List[str] | None, notBefore: int, notAfter: int, issuerSubject: str, sigAlg: str, revocationInfo: int, crlURIs: List[str] | None, ocspURIs: List[str] | None, revocationStatus: int, crlRevocationStatus: int, ocspRevocationStatus: int, dnsCaa: bool | None, caaPolicy: CaaPolicyData | None, mustStaple: bool, sgc: int, validationType: str | None, issues: int | None, sct: bool, sha1Hash: str, sha256Hash: str, pinSha256: str, keyAlg: str, keySize: int, keyStrength: int, keyKnownDebianInsecure: bool | None, raw: str)#

Bases: object

Dataclass for Cert objects.

See also: ssllabs/ssllabs-scan

altNames: List[str] | None#: Alternative names

caaPolicy: CaaPolicyData | None#: CAA Policy, Null if CAA is not supported

commonNames: List[str]#: Common names extracted from the subject

crlRevocationStatus: int#: Same as revocationStatus, but only for the CRL information (if any).

crlURIs: List[str] | None#: CRL URIs extracted from the certificate

dnsCaa: bool | None#: True if CAA is supported else false.

id: str#: Certificate ID

issuerSubject: str#: Issuer subject

issues: int | None#: list of certificate issues, one bit per issue

keyAlg: str#: Key algorithm.

keyKnownDebianInsecure: bool | None#: True if debian flaw is found, else false

keySize: int#: Key size, in bits appropriate for the key algorithm.

keyStrength: int#: Key strength, in equivalent RSA bits

mustStaple: bool#: True if stapling is supported else false

notAfter: int#: Timestamp after which the certificate is not valid (Unix Timestamp)

notBefore: int#: Timestamp before which the certificate is not valid (Unix Timestamp)

ocspRevocationStatus: int#: Same as revocationStatus, but only for the OCSP information (if any).

ocspURIs: List[str] | None#: OCSP URIs extracted from the certificate

pinSha256: str#: sha256 hash of the public key

raw: str#: PEM-encoded certificate

revocationInfo: int#: A number that represents revocation information present in the certificate

revocationStatus: int#: A number that describes the revocation status of the certificate

sct: bool#: True if the certificate contains an embedded SCT; false otherwise.

serialNumber: str#: Certificate serial number (hex-encoded)

sgc: int#: Server Gated Cryptography support

sha1Hash: str#: sha1 hash of the certificate

sha256Hash: str#: sha256 hash of the certificate

sigAlg: str#: Certificate signature algorithm

subject: str#: Certificate subject

validationType: str | None#: E for Extended Validation certificates

ssllabs.data.certificate_chain module#

Certificate Chain.

class ssllabs.data.certificate_chain.CertificateChainData(id: str, certIds: List[str], trustPaths: List[TrustPathData], issues: int, noSni: bool)#

Bases: object

Dataclass for certificate chain objects.

See also: ssllabs/ssllabs-scan

certIds: List[str]#: List of IDs of each certificate, representing the chain certificates in the order in which they were retrieved from the server

id: str#: Certificate chain ID

issues: int#: A number of flags that describe the chain and the problems it has.

noSni: bool#: True for certificate obtained only with No Server Name Indication (SNI).

trustPaths: List[TrustPathData]#: Trust path object

ssllabs.data.drown_hosts module#

Drown Hosts.

class ssllabs.data.drown_hosts.DrownHostsData(ip: str, export: bool, port: int, special: bool, sslv2: bool, status: str)#

Bases: object

Dataclass for Drown Hosts objects.

See also: ssllabs/ssllabs-scan

export: bool#: True if export cipher suites detected

ip: str#: IP address of server that shares same RSA-Key/hostname in its certificate

port: int#: Port number of the server

special: bool#: True if vulnerable OpenSSL version detected

sslv2: bool#: True if SSL v2 is supported

status: str#: Drown host status

ssllabs.data.endpoint module#

Endpoint.

Bases: object

Dataclass for endpoint objects.

See also: ssllabs/ssllabs-scan

delegation: int#: Indicates domain name delegation with and without the www prefix

details: EndpointDetailsData | None#: This field contains an EndpointDetails object. It’s not present by default, but can be enabled by using the “all” parameter to the analyze API call.

duration: int | None#: Assessment duration, in milliseconds

eta: int | None#: Estimated time, in seconds, until the completion of the assessment

futureGrade: str | None#: Next grade because of upcoming grading criteria changes, Null if there is no impact on current grade.

grade: str | None#: Possible values: A+, A-, A-F, T (no trust) and M (certificate name mismatch)

gradeTrustIgnored: str | None#: Grade (as above), if trust issues are ignored

hasWarnings: bool | None#: If this endpoint has warnings that might affect the score (e.g., get A- instead of A).

ipAddress: str#: Endpoint IP address, in IPv4 or IPv6 format.

isExceptional: bool | None#: This flag will be raised when an exceptional configuration is encountered. The SSL Labs test will give such sites an A+.

progress: int | None#: Assessment progress, which is a value from 0 to 100, and -1 if the assessment has not yet started

serverName: str | None#: Server name retrieved via reverse DNS

statusDetails: str | None#: Code of the operation currently in progress

statusDetailsMessage: str | None#: Description of the operation currently in progress

statusMessage: str#: Assessment status message; this field will contain ‘Ready’ if the endpoint assessment was successful.

ssllabs.data.endpoint_details module#

Endpoint Details.

Bases: object

Dataclass for endpoint detail objects.

See also: ssllabs/ssllabs-scan

alpnProtocols: str | None#: Space separated list of supported ALPN protocols

bleichenbacher: int | None#: Results of the Return Of Bleichenbacher’s Oracle Threat (ROBOT) test

certChains: List[CertificateChainData]#: Server Certificate chains

chaCha20Preference: bool | None#: True if the server takes into account client preferences when deciding if to use ChaCha20 suites. Will be deprecated in new version.

compressionMethods: int | None#: Integer value that describes supported compression methods

dhPrimes: List[str] | None#: List of hex-encoded DH primes used by the server. Not present if the server doesn’t support the DH key exchange.

dhUsesKnownPrimes: int | None#: Whether the server uses known DH primes. Not present if the server doesn’t support the DH key exchange.

dhYsReuse: bool | None#: True if the DH ephemeral server value is reused. Not present if the server doesn’t support the DH key exchange.

drownErrors: bool | None#: True if error occurred in the DROWN test.

drownHosts: List[DrownHostsData] | None#: List of DROWN hosts.

drownVulnerable: bool | None#: True if server vulnerable to the DROWN attack.

ecdhParameterReuse: bool | None#: True if the server reuses its ECDHE values

fallbackScsv: bool | None#: True if the server supports TLS_FALLBACK_SCSV, false if it doesn’t. This field will not be available if the server’s support for TLS_FALLBACK_SCSV can’t be tested because it supports only one protocol version (e.g., only TLS 1.2).

forwardSecrecy: int | None#: Indicates support for Forward Secrecy

freak: bool | None#: True if the server is vulnerable to the FREAK attack, meaning it supports 512-bit key exchange.

goldenDoodle: int | None#: Results of the GOLDENDOODLE test

hasSct: int | None#: Information about the availability of certificate transparency information (embedded SCTs)

heartbeat: bool | None#: True if the server supports the Heartbeat extension.

heartbleed: bool | None#: True if the server is vulnerable to the Heartbleed attack.

hostStartTime: int#: Endpoint assessment starting time, in milliseconds since 1970. This field is useful when test results are retrieved in several HTTP invocations. Then, you should check that the hostStartTime value matches the startTime value of the host.

hpkpPolicy: HpkpPolicyData | None#: Server’s HPKP policy.

hpkpRoPolicy: HpkpPolicyData | None#: Server’s HPKP-RO policy.

hstsPolicy: HstsPolicyData | None#: Server’s HSTS policy. Experimental.

hstsPreloads: List[HstsPreloadData] | None#: Information about preloaded HSTS policies.

httpForwarding: str | None#: Available on a server that responded with a redirection to some other hostname.

httpStatusCode: int | None#: Status code of the final HTTP response seen. When submitting HTTP requests, redirections are followed, but only if they lead to the same hostname. If this field is not available, that means the HTTP request failed.

httpTransactions: List[HttpTransactionData] | None#: An array of HttpTransaction objects.

implementsTLS13MandatoryCS: bool | None#: True if server supports mandatory TLS 1.3 cipher suite (TLS_AES_128_GCM_SHA256), null if TLS 1.3 not supported.

logjam: bool | None#: True if the server uses DH parameters weaker than 1024 bits.

miscIntolerance: int | None#: Indicates various other types of intolerance

namedGroups: NamedGroupsData | None#: Instance of NamedGroups object.

noSniSuites: ProtocolSuitesData | None#: Cipher suites observed only with client that does not support Server Name Indication (SNI).

nonPrefixDelegation: bool#: True if this endpoint is reachable via a hostname without the www prefix

npnProtocols: str | None#: Space separated list of supported NPN protocols

ocspStapling: bool | None#: True if OCSP stapling is deployed on the server

openSSLLuckyMinus20: int | None#: Results of the CVE-2016-2107 test

openSslCcs: int | None#: Results of the CVE-2014-0224 test

poodle: bool | None#: True if the endpoint is vulnerable to POODLE

poodleTls: int | None#: Results of the POODLE TLS test

prefixDelegation: bool#: True if this endpoint is reachable via a hostname with the www prefix

protocolIntolerance: int | None#: Indicates protocol version intolerance issues

protocols: List[ProtocolData]#: Supported protocols

rc4Only: bool | None#: True if only RC4 suites are supported.

rc4WithModern: bool | None#: True if RC4 is used with modern clients.

renegSupport: int | None#: This is an integer value that describes the endpoint support for renegotiation.

serverSignature: str | None#: Contents of the HTTP Server response header when known. This field could be absent for one of two reasons: 1) the HTTP request failed (check httpStatusCode) or 2) there was no Server response header returned.

sessionResumption: int | None#: This is an integer value that describes endpoint support for session resumption.

sessionTickets: int | None#: Indicates support for Session Tickets

sims: SimDetailsData | None#: Instance of SimDetails.

sleepingPoodle: int | None#: Results of the Sleeping POODLE test

sniRequired: bool | None#: If SNI support is required to access the web site.

staplingRevocationErrorMessage: str | None#: Description of the problem with the stapled OCSP response, if any.

staplingRevocationStatus: int | None#: Same as Cert.revocationStatus, but for the stapled OCSP response.

staticPkpPolicy: StaticPkpPolicyData | None#: Server’s SPKP policy.

suites: List[ProtocolSuitesData] | None#: Supported cipher suites per protocol

supportsAead: bool | None#: True if the server supports at least one AEAD suite.

supportsAlpn: bool | None#: True if the server supports ALPN

supportsCBC: bool | None#: True if the server supports at least one CBC suite.

supportsNpn: bool | None#: True if the server supports NPN

supportsRc4: bool | None#: True if the server supports at least one RC4 suite.

ticketbleed: int | None#: Results of the ticketbleed CVE-2016-9244 test

vulnBeast: bool | None#: True if the endpoint is vulnerable to the BEAST attack

zeroLengthPaddingOracle: int | None#: Results of the 0-Length Padding Oracle (CVE-2019-1559) test

zeroRTTEnabled: int | None#: Results of the 0-RTT test. This test will only be performed if TLS 1.3 is enabled.

zombiePoodle: int | None#: Results of the Zombie POODLE test

ssllabs.data.host module#

Host.

class ssllabs.data.host.HostData(host: str, port: int, protocol: str, isPublic: bool, status: str, statusMessage: str | None, startTime: int, testTime: int | None, engineVersion: str, criteriaVersion: str, cacheExpiryTime: int | None, certHostnames: List[str] | None, endpoints: List[EndpointData] | None, certs: List[CertData] | None)#

Bases: object

Dataclass for host objects.

See also: ssllabs/ssllabs-scan

cacheExpiryTime: int | None#: When will the assessment results expire from the cache (typically set only for assessment with errors; otherwise the results stay in the cache for as long as there’s sufficient room)

certHostnames: List[str] | None#: The list of certificate hostnames collected from the certificates seen during assessment. The hostnames may not be valid. This field is available only if the server certificate doesn’t match the requested hostname. In that case, this field saves you some time as you don’t have to inspect the certificates yourself to find out what valid hostnames might be.

certs: List[CertData] | None#: A list of Cert object, representing the chain certificates in the order in which they were retrieved from the server.

criteriaVersion: str#: Grading criteria version (e.g., ‘2009l’)

endpoints: List[EndpointData] | None#: List of Endpoint objects

engineVersion: str#: Assessment engine version (e.g., ‘1.26.5’)

host: str#: Assessment host, which can be a hostname or an IP address

isPublic: bool#: True if this assessment is publicly available (listed on the SSL Labs assessment boards)

port: int#: Assessment port (e.g., 443)

protocol: str#: Protocol (e.g., HTTP)

startTime: int#: Assessment starting time, in milliseconds since 1970

status: str#: Assessment status; possible values: DNS, ERROR, IN_PROGRESS, and READY.

statusMessage: str | None#: Status message in English. When status is ERROR, this field will contain an error message.

testTime: int | None#: Assessment completion time, in milliseconds since 1970

ssllabs.data.hpkp_policy module#

HPKP Policy.

class ssllabs.data.hpkp_policy.HpkpPolicyData(header: str | None, status: str, error: str | None, maxAge: int | None, includeSubDomains: bool | None, reportUri: str | None, pins: List[Dict], matchedPins: List[Dict], directives: List[Dict])#

Bases: object

Dataclass for HPKP Policy objects.

See also: ssllabs/ssllabs-scan

directives: List[Dict]#: List of raw policy directives (name-value pairs)

error: str | None#: Error message, when the policy is invalid

header: str | None#: The contents of the HPKP response header, if present

includeSubDomains: bool | None#: True if the includeSubDomains directive is set; null otherwise

matchedPins: List[Dict]#: List of pins that match the current configuration

maxAge: int | None#: The max-age value from the policy

pins: List[Dict]#: List of all pins used by the policy

reportUri: str | None#: The report-uri value from the policy

status: str#: HPKP status

ssllabs.data.hsts_policy module#

HSTS Policy.

Bases: object

Dataclass for HSTS Policy objects.

See also: ssllabs/ssllabs-scan

LONG_MAX_AGE: int#: This constant contains what SSL Labs considers to be sufficiently large max-age value

directives: Dict | None#: List of raw policy directives

error: str | None#: Error message when error is encountered, null otherwise

header: str | None#: The contents of the HSTS response header, if present

includeSubDomains: bool | None#: True if the includeSubDomains directive is set; null otherwise

maxAge: int | None#: The max-age value specified in the policy; null if policy is missing or invalid or on parsing error

preload: bool | None#: True if the preload directive is set; null otherwise

status: str#: HSTS status

ssllabs.data.hsts_preload module#

HSTS Preload.

class ssllabs.data.hsts_preload.HstsPreloadData(source: str, hostname: str, status: str, error: str | None, sourceTime: int | None)#

Bases: object

Dataclass for HSTS Preload objects.

See also: ssllabs/ssllabs-scan

error: str | None#: Error message, when status is ‘error’

hostname: str#: Name of the host

source: str#: Source name

sourceTime: int | None#: Time, as a Unix timestamp, when the preload database was retrieved

status: str#: preload status

ssllabs.data.http_transaction module#

HTTP Transaction.

class ssllabs.data.http_transaction.HttpTransactionData(requestUrl: str, statusCode: int | None, requestLine: str | None, requestHeaders: List[str], responseLine: str | None, responseHeadersRaw: List[str], responseHeaders: List[Dict], fragileServer: bool)#

Bases: object

Dataclass for HTTP Transaction objects.

See also: ssllabs/ssllabs-scan

fragileServer: bool#: True if the server crashes when inspected by SSL Labs (in which case the full test is refused)

requestHeaders: List[str]#: An array of request HTTP headers, each with name and value

requestLine: str | None#: The entire request line as a single field

requestUrl: str#: Request URL

responseHeaders: List[Dict]#: An array of response HTTP headers, each with name and value

responseHeadersRaw: List[str]#: All response headers as a single field (useful if the headers are malformed)

responseLine: str | None#: The entire response line as a single field

statusCode: int | None#: Response status code

ssllabs.data.info module#

Info.

class ssllabs.data.info.InfoData(engineVersion: str, criteriaVersion: str, maxAssessments: int, currentAssessments: int, newAssessmentCoolOff: int, messages: List[str])#

Bases: object

Dataclass for info objects.

See also: ssllabs/ssllabs-scan

criteriaVersion: str#: Rating criteria version as a string (e.g., ‘2009f’)

currentAssessments: int#: The number of ongoing assessments submitted by this client.

engineVersion: str#: SSL Labs software version as a string (e.g., ‘1.11.14’)

maxAssessments: int#: The maximum number of concurrent assessments the client is allowed to initiate.

messages: List[str]#: A list of messages (strings). Messages can be public (sent to everyone) and private (sent only to the invoking client). Private messages are prefixed with ‘[Private]’.

newAssessmentCoolOff: int#: The cool-off period after each new assessment, in milliseconds; you’re not allowed to submit a new assessment before the cool-off expires, otherwise you’ll get a 429.

ssllabs.data.named_group module#

NamedGroup.

class ssllabs.data.named_group.NamedGroupData(id: int, name: str, bits: int)#

Bases: object

Dataclass for NamedGroup objects.

See also: ssllabs/ssllabs-scan

bits: int#: Named curve strength in EC bits

id: int#: Named curve ID

name: str#: named curve name

ssllabs.data.named_groups module#

NamedGroup.

class ssllabs.data.named_groups.NamedGroupsData(list: List[NamedGroupData], preference: bool | None)#

Bases: object

Dataclass for NamedGroup object lists.

See also: ssllabs/ssllabs-scan

list: List[NamedGroupData]#: An array of NamedGroup objects

preference: bool | None#: True if the server has preferred curves that it uses first

ssllabs.data.protocol module#

Protocol.

class ssllabs.data.protocol.ProtocolData(id: int, name: str, version: str, v2SuitesDisabled: bool | None, q: int | None)#

Bases: object

Dataclass for protocol objects.

See also: ssllabs/ssllabs-scan

id: int#: Protocol version, e.g. 771 for TLS 1.2 (0x0303)

name: str#: Protocol name SSL/TLS.

q: int | None#: 0 if the protocol is insecure

v2SuitesDisabled: bool | None#: Some servers have SSLv2 protocol enabled, but with all SSLv2 cipher suites disabled. In that case, this field is set to True.

version: str#: Protocol version, e.g. 1.2, 1.1 etc

ssllabs.data.protocol_suites module#

Protocol suites.

class ssllabs.data.protocol_suites.ProtocolSuitesData(protocol: int, list: List[SuiteData], preference: bool | None, chaCha20Preference: bool | None)#

Bases: object

Dataclass for protocol suites objects.

See also: ssllabs/ssllabs-scan

chaCha20Preference: bool | None#: True if the server takes into account client preferences when deciding if to use ChaCha20 suites. null, we were not able to determine if the server has a chacha preference.

list: List[SuiteData]#: List of Suite objects

preference: bool | None#: True if the server actively selects cipher suites; if null, we were not able to determine if the server has a preference

protocol: int#: Protocol version.

ssllabs.data.sim_client module#

Simulation Client.

class ssllabs.data.sim_client.SimClientData(id: int, name: str, platform: str | None, version: str, isReference: bool)#

Bases: object

Dataclass for Simulation Client objects.

See also: ssllabs/ssllabs-scan

id: int#: Unique client ID.

isReference: bool#: True if the browser is considered representative of modern browsers, false otherwise. This flag does not correlate to client’s capabilities, but is used by SSL Labs to determine if a particular configuration is effective. For example, to track Forward Secrecy support, we mark several representative browsers as “modern” and then test to see if they succeed in negotiating a FS suite. Just as an illustration, modern browsers are currently Chrome, Firefox (not ESR versions), IE/Win7, and Safari.

name: str#: Name of the client (e.g., Chrome).

platform: str | None#: Name of the platform (e.g., XP SP3).

version: str#: Version of the software being simulated (e.g., 49)

ssllabs.data.sim_details module#

Simulation Objects.

class ssllabs.data.sim_details.SimDetailsData(results: List[SimulationData])#

Bases: object

Dataclass for Simulation object lists.

See also: ssllabs/ssllabs-scan

results: List[SimulationData]#: Instances of Simulation.

ssllabs.data.simulation module#

Simulation.

Bases: object

Dataclass for Simulation objects.

See also: ssllabs/ssllabs-scan

attempts: int#: Always 1 with the current implementation.

certChainId: str | None#: ID of the certificate chain.

client: SimClientData#: Instance of SimClient.

dhBits: int | None#: Strength of DH params (e.g., 1024)

dhG: int | None#: DH params, g component

dhP: int | None#: DH params, p component

dhYs: int | None#: DH params, Ys component

errorCode: int#: Zero if handshake was successful, 1 if it was not.

errorMessage: str | None#: Error message if simulation has failed.

keyAlg: str | None#: Connection certificate key algorithsm (e.g., ‘RSA’).

keySize: int | None#: Connection certificate key size (e.g., 2048).

kxStrength: int | None#: Negotiated key exchange strength, in RSA-equivalent bits.

kxType: str | None#: Negotiated key exchange, for example ‘ECDH’.

namedGroupBits: int | None#: When ECDHE is negotiated, length of EC parameters.

namedGroupId: int | None#: When ECDHE is negotiated, EC curve ID.

namedGroupName: str | None#: When ECDHE is negotiated, EC curve nanme (e.g., ‘secp256r1’).

protocolId: int | None#: Negotiated protocol ID.

sigAlg: str | None#: Connection certificate signature algorithm (e.g, ‘SHA256withRSA’).

suiteId: int | None#: Negotiated suite ID.

suiteName: str | None#: Negotiated suite Name.

ssllabs.data.static_pkp_policy module#

SPKP Policy.

class ssllabs.data.static_pkp_policy.StaticPkpPolicyData(status: str, error: str | None, includeSubDomains: bool | None, reportUri: str | None, pins: List[Dict], matchedPins: List[Dict], forbiddenPins: List[Dict], matchedForbiddenPins: List[Dict])#

Bases: object

Dataclass for SPKP Policy objects.

See also: ssllabs/ssllabs-scan

error: str | None#: Error message, when the policy is invalid

forbiddenPins: List[Dict]#: List of all forbidden pins used by policy

includeSubDomains: bool | None#: True if the includeSubDomains directive is set else false

matchedForbiddenPins: List[Dict]#: List of forbidden pins that match the current configuration

matchedPins: List[Dict]#: List of pins that match the current configuration

pins: List[Dict]#: List of all pins used by the policy

reportUri: str | None#: The report-uri value from the policy

status: str#: SPKP status

ssllabs.data.status_codes module#

StatusCodes.

class ssllabs.data.status_codes.StatusCodesData(statusDetails: Dict)#

Bases: object

Dataclass for StatusCodes instances.

See also: ssllabs/ssllabs-scan

statusDetails: Dict#: A map containing all status details codes and the corresponding English translations. Please note that, once in use, the codes will not change, whereas the translations may change at any time.

ssllabs.data.suite module#

Suite.

Bases: object

Dataclass for suite objects.

See also: ssllabs/ssllabs-scan

cipherStrength: int#: Suite strength (e.g., 128)

dhG: int | None#: DH params, g component

dhP: int | None#: DH params, p component

dhYs: int | None#: DH params, Ys component

id: int#: Suite RFC ID

kxStrength: int | None#: Key exchange strength, in RSA-equivalent bits

kxType: str | None#: Key exchange type (e.g., ECDH)

name: str#: Suite name (e.g., TLS_RSA_WITH_RC4_128_SHA)

namedGroupBits: int | None#: EC bits

namedGroupId: int | None#: EC curve ID

namedGroupName: str | None#: EC curve name

q: int | None#: Flag for suite insecure or weak. Not present if suite is strong or good

ssllabs.data.trust module#

Trust.

class ssllabs.data.trust.TrustData(rootStore: str, isTrusted: bool | None, trustErrorMessage: str | None)#

Bases: object

Dataclass for trust objects.

See also: ssllabs/ssllabs-scan

isTrusted: bool | None#: True if trusted against above rootStore

rootStore: str#: this field shows the Trust store being used (eg. ‘Mozilla’)

trustErrorMessage: str | None#: Shows the error message if any

ssllabs.data.trust_path module#

Trust Path.

class ssllabs.data.trust_path.TrustPathData(certIds: List[str], trust: List[TrustData], isPinned: bool | None, matchedPins: int | None, unmatchedPins: int | None)#

Bases: object

Dataclass for trust path objects.

See also: ssllabs/ssllabs-scan

certIds: List[str]#: List of certificate ID from leaf to root.

isPinned: bool | None#: True if a key is pinned, else false

matchedPins: int | None#: Number of matched pins with HPKP policy

trust: List[TrustData]#: Trust object. This object shows info about the trusted certificate by using Mozilla trust store.

unmatchedPins: int | None#: Number of unmatched pins with HPKP policy

Module contents#

Data classes returned by the API.