Tlscanary

This release improves embeddability by extracting the framework elements to a seperate module (thanks cr!). The reason for the major version bump is that we're dropping Python 2.x compatability with this release.

latest
This is an experimental release that incorporates various fixes for nightly regressions which are becoming increasingly frequent. Also this version now requires python3. Python2 support is dropped completely.

This release is not available through regular PyPI. To install it via pip, you must use testpypi as package resource:


$ pip install -i https://test.pypi.org/pypi tlscanary --pre

This is a hotfix release for the single issue 166, resulting in JS errors on Firefox Nightly 63.

This release fixes the `server_cert.getChain is not a function` error caused by the removal of this function in current nightly. See issue 163.

What's new?

This release has a completely new UI for both report pages and main project index page. As a result, we have removed legacy HTML and JS files, as well as the legacy `htmlreport` log command. This change is not backwards-compatible.

Also included is better integration with OneCRL tools and tests. The `regression` mode now uses a known revoked certificate to verify that OneCRL is working properly before running any tests. In addition, the project contains updated links to the OneCRL tool repo and stable release.

The new --remove_certs option prevents cert data from being written to logs, reducing log size to roughly a quarter.

Changelog

* Updated OneCRL tool code to point to new directory
* Improved `regression` mode to support configurable scans and caching
* Integrated OneCRL sanity test into `regression` mode
* Upgraded certificate database files for Firefox's `use_sqldb` feature
* Switched default OneCRL pin to 'stable' tag
* New UI for report pages, built on jQuery bootgrid
* Report pages consume native JSON logs
* Port new UI code to index page
* Added `webreport` to `log` mode to support the above
* Removed `htmlreport` and all old HTML/JS files
* Added --remove_certs option for keeping leaner logs (155)
* Fixed nightly regression in JS worker after bug 792808 removed XPCOM from XHR.

What's new?

This release is mostly for fixing 123 which was breaking TLS Canary deployments in the field, but it also includes various stability improvements that had accumulated since our last release. Most notably, TLS Canary 3.1.2 is now using only a fraction of memory (44). Full scan runs previously required up to 90 GBytes of memory. Incremental logging brought this down to a much more manageable 3 GBytes.

Changelog

* Replaced obsolete nsILocalFile with nsIFile, fixing 123.
* Preventing idle RunLogs from hogging file descriptors, fixing 126.
* Added chunking and fixed progress logging. The Python process now takes at most 2.5 GBytes of memory. Each Firefox instance requires 50 to 100 MBytes. (44)
* Added `sources_size` to log metadata. (36)
* Fixed bootstrapping script for Linux.
* Top sites host database update. There are now only 460k hosts. We weeded out ~80k hosts that were always throwing errors, resulting in shorter scan time for the whole set.
* HTML reports now include the profiles again.
* Added extensive integration and unit testing to repo since the last release.

This is a hotfix for upstream breakage in OneCRL-Tools. It introduces the argument `--onecrlpin` for pinning OneCRL-Tools to a specific git commit. The default value is *244e704* which is the last known-working commit in that repo. Note that the 3.1.1 effectively disables OneCRL-Tools updates. You must manually specify `--onecrlpin=master` to work with the latest release.