Your message dated Fri, 06 Jun 2025 16:49:12 +0000
with message-id <e1unafk-00etck...@fasolo.debian.org>
and subject line Bug#1105177: fixed in onionprobe 1.4.0+ds-1
has caused the Debian Bug report #1105177,
regarding onionprobe: TLS (https) probes fail to verify certificates
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1105177: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105177
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: onionprobe
Version: 1.2.0+ds-1
Severity: normal
Tags: upstream patch
Hello,
I've just tried setting up onionprobe 1.2.0 on a trixie host to make it
monitor a .onion service with https (on port 443). After some delay,
onionprobe checked the site and showed the following errors:
May 12 20:13:48 hetzner-nbg1-01 onionprobe[584091]: 2025-05-12
20:13:48,480 INFO: Trying to do a TLS connection to
v236xhqtyullodhf26szyjepvkbv6iitrhjgrqj4avaoukebkk6n6syd.onion on port
443 (attempt 1)...
May 12 20:13:50 hetzner-nbg1-01 onionprobe[584091]: 2025-05-12
20:13:50,194 INFO: TLS connection succeeded at
v236xhqtyullodhf26szyjepvkbv6iitrhjgrqj4avaoukebkk6n6syd.onion on port 443
May 12 20:13:50 hetzner-nbg1-01 onionprobe[584091]: 2025-05-12
20:13:50,194 INFO: Retrieving certificate information for
v236xhqtyullodhf26szyjepvkbv6iitrhjgrqj4avaoukebkk6n6syd.onion on port 443
May 12 20:13:50 hetzner-nbg1-01 onionprobe[584091]:
/usr/lib/python3/dist-packages/onionprobe/certificate.py:212:
CryptographyDeprecationWarning: Properties that return a naïve datetime
object have been deprecated. Please switch to not_valid_before_utc.
May 12 20:13:50 hetzner-nbg1-01 onionprobe[584091]: not_valid_before =
cert.not_valid_before.timestamp()
May 12 20:13:50 hetzner-nbg1-01 onionprobe[584091]:
/usr/lib/python3/dist-packages/onionprobe/certificate.py:213:
CryptographyDeprecationWarning: Properties that return a naïve datetime
object have been deprecated. Please switch to not_valid_after_utc.
May 12 20:13:50 hetzner-nbg1-01 onionprobe[584091]: not_valid_after =
cert.not_valid_after.timestamp()
May 12 20:13:50 hetzner-nbg1-01 onionprobe[584091]:
/usr/lib/python3/dist-packages/onionprobe/certificate.py:142:
CryptographyDeprecationWarning: Properties that return a naïve datetime
object have been deprecated. Please switch to not_valid_after_utc.
May 12 20:13:50 hetzner-nbg1-01 onionprobe[584091]: 'notAfter'
: cert.not_valid_after.replace(
May 12 20:13:50 hetzner-nbg1-01 onionprobe[584091]:
/usr/lib/python3/dist-packages/onionprobe/certificate.py:144:
CryptographyDeprecationWarning: Properties that return a naïve datetime
object have been deprecated. Please switch to not_valid_before_utc.
May 12 20:13:50 hetzner-nbg1-01 onionprobe[584091]: 'notBefore'
: cert.not_valid_before.replace(
May 12 20:13:50 hetzner-nbg1-01 onionprobe[584091]:
/usr/lib/python3/dist-packages/onionprobe/certificate.py:177:
CryptographyDeprecationWarning: Properties that return a naïve datetime
object have been deprecated. Please switch to not_valid_after_utc.
May 12 20:13:50 hetzner-nbg1-01 onionprobe[584091]: not_valid_after =
cert.not_valid_after.replace(tzinfo=timezone.utc).timestamp()
May 12 20:13:50 hetzner-nbg1-01 onionprobe[584091]: 2025-05-12
20:13:50,198 ERROR: module 'ssl' has no attribute 'match_hostname'
the result is a metric onion_service_valid_certificate exported to
prometheus with a value of 2 indicating that the certificate is invalid,
but curl is able to reach the website without erors. really the issue
seems to be that the code failed to run its verification.
upstream has already addressed the errors above so we could backport the
patches:
https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/commit/26b18404cdd3bb64d73eba0df6b09b014232d3ae
https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/merge_requests/110/commits
cheers!
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.12.22-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE
not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages onionprobe depends on:
ii adduser 3.150
ii init-system-helpers 1.68
ii python3 3.13.3-1
ii python3-cryptography 43.0.0-2
ii python3-prometheus-client 0.21.1+ds1-1
ii python3-requests 2.32.3+dfsg-5
ii python3-socks 1.7.1+dfsg-1
pn python3-stem <none>
ii python3-yaml 6.0.2-1+b2
ii tor 0.4.8.16-1
onionprobe recommends no packages.
Versions of packages onionprobe suggests:
pn prometheus <none>
--- End Message ---
--- Begin Message ---
Source: onionprobe
Source-Version: 1.4.0+ds-1
Done: Georg Faerber <ge...@debian.org>
We believe that the bug you reported is fixed in the latest version of
onionprobe, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1105...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Georg Faerber <ge...@debian.org> (supplier of updated onionprobe package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 06 Jun 2025 16:01:57 +0000
Source: onionprobe
Architecture: source
Version: 1.4.0+ds-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Privacy Tools Maintainers
<pkg-privacy-maintain...@lists.alioth.debian.org>
Changed-By: Georg Faerber <ge...@debian.org>
Closes: 1105177
Changes:
onionprobe (1.4.0+ds-1) unstable; urgency=medium
.
* New upstream version. (Closes: #1105177)
* debian/control:
- Bump Standards-Version to 4.7.2.0, no changes required.
* debian/tests:
- Add autopkgtest.
Checksums-Sha1:
44ebe9cac0b19ee9c81eb78571e5c080e41fde28 1496 onionprobe_1.4.0+ds-1.dsc
ceb7f13923cefed92705dc7923c4358030822d9e 524680 onionprobe_1.4.0+ds.orig.tar.xz
7d2e064efe6499c9971ac66129e08646ce62c1a1 7388
onionprobe_1.4.0+ds-1.debian.tar.xz
e8cb04e78e325b0ad07059cd9b13b7a32f3c688f 6387
onionprobe_1.4.0+ds-1_amd64.buildinfo
Checksums-Sha256:
9582115c0e9ed40bb8a2360b95fcc7ca2b70fa6715756459830ef0c35229309e 1496
onionprobe_1.4.0+ds-1.dsc
c2a7ebc6f7bffbf4d38eaf637f23f04b861ea7071a0fd29f8ba1084625665cda 524680
onionprobe_1.4.0+ds.orig.tar.xz
db4972f48b9134d97af711cc62b54400a4459202a65004ee7ed693c582351198 7388
onionprobe_1.4.0+ds-1.debian.tar.xz
f84bb3b30fc5e655c54219cbad9f016cf70c89d4654005b4decbb67de1c5981e 6387
onionprobe_1.4.0+ds-1_amd64.buildinfo
Files:
56d22bf92c8a0c5ec907fc34164da6cd 1496 net optional onionprobe_1.4.0+ds-1.dsc
42039b4b28d0ce904d53fd935bcd3322 524680 net optional
onionprobe_1.4.0+ds.orig.tar.xz
edd290e509108be52095689985ffa0bb 7388 net optional
onionprobe_1.4.0+ds-1.debian.tar.xz
027d1e4e5e4879642aace39f4784dd9a 6387 net optional
onionprobe_1.4.0+ds-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQTEfr/MTlfp/DLKNABGG+5dJAqekQUCaEMWrAAKCRBGG+5dJAqe
kaTHAPsHMb+RD6cUsIJywn3ItUnXgLiUDR90GhJjgSOsvLfZ3QD/QyFOUmKROsS+
RVx5R2kaa0MkPo0a/+KNHlk962BagAc=
=VdQ5
-----END PGP SIGNATURE-----
pgpu1hEP8Q5Rg.pgp
Description: PGP signature
--- End Message ---
