[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r15281: minimal working ssl scanner done (in torflow/branches/gsoc2008: . data/soat data/soat/ssl data/soat/ssl/certs data/soat/ssl/nodesResults)



Author: aleksei
Date: 2008-06-15 13:41:22 -0400 (Sun, 15 Jun 2008)
New Revision: 15281

Added:
   torflow/branches/gsoc2008/data/soat/ssl/
   torflow/branches/gsoc2008/data/soat/ssl/certs/
   torflow/branches/gsoc2008/data/soat/ssl/certs/addons.mozilla.org.pem
   torflow/branches/gsoc2008/data/soat/ssl/certs/mail.google.com.pem
   torflow/branches/gsoc2008/data/soat/ssl/certs/www.fastmail.fm.pem
   torflow/branches/gsoc2008/data/soat/ssl/certs/www.paypal.com.pem
   torflow/branches/gsoc2008/data/soat/ssl/nodesPositive/
   torflow/branches/gsoc2008/data/soat/ssl/nodesResults/
   torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$C83A1F10D9506EEF24CED4BA291A9978FE7BE8D0'_mail.google.com.result
   torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_addons.mozilla.org.result
   torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_www.fastmail.fm.result
   torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_www.paypal.com.result
Removed:
   torflow/branches/gsoc2008/data/soat/certs/
   torflow/branches/gsoc2008/data/soat/docs/
Modified:
   torflow/branches/gsoc2008/soat.py
Log:
minimal working ssl scanner done

Added: torflow/branches/gsoc2008/data/soat/ssl/certs/addons.mozilla.org.pem
===================================================================
--- torflow/branches/gsoc2008/data/soat/ssl/certs/addons.mozilla.org.pem	                        (rev 0)
+++ torflow/branches/gsoc2008/data/soat/ssl/certs/addons.mozilla.org.pem	2008-06-15 17:41:22 UTC (rev 15281)
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAmugAwIBAgIDCG47MA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
+MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
+aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMjEwMTgwMjMzWhcNMDkxMjEwMTgwMjMz
+WjCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT
+DU1vdW50YWluIFZpZXcxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xGjAY
+BgNVBAsTEVNlY3VyZSBXZWIgU2VydmVyMRYwFAYDVQQDFA0qLm1vemlsbGEub3Jn
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChC0WH3YhyVVYKWEjAfYT0q19W
+c89J2McBEX9UvBUX5vOujghbDdyDTahVSf5sgkX54mVDoLq/rv28fd8Op8Wf54ZU
+oN/n+05M/F3+j52hja3UysHgtEsCCiTUd73oWTh0GiwNhbchqGWo52rs5xKGxaEQ
+HhW+gJFC2jrEYsRzbQIDAQABo4GuMIGrMA4GA1UdDwEB/wQEAwIE8DAdBgNVHQ4E
+FgQU441V52B+eQnnlTrlE0IcnvaS77QwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDov
+L2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5jcmwwHwYDVR0jBBgwFoAU
+SOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
+BwMCMA0GCSqGSIb3DQEBBQUAA4GBAD7DR9FVBTK8jxLKebbAIetW95SIc9r1Nl5/
+PecjkP6RfKHbnCQ32j213HC9nZZR8nwCGgS1ryTKp/l0HFVWuF1L/y2fLEU7mzVP
+3cwNb/QYgOvNRh2+VDTP+rXGnLmm+MNvQoqzQNJrUlta8qxitaUFk/AL/anne8dp
+f+07Xq2p
+-----END CERTIFICATE-----

Added: torflow/branches/gsoc2008/data/soat/ssl/certs/mail.google.com.pem
===================================================================
--- torflow/branches/gsoc2008/data/soat/ssl/certs/mail.google.com.pem	                        (rev 0)
+++ torflow/branches/gsoc2008/data/soat/ssl/certs/mail.google.com.pem	2008-06-15 17:41:22 UTC (rev 15281)
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIjCCAougAwIBAgIQbldpChBPqv+BdPg4iwgN8TANBgkqhkiG9w0BAQUFADBM
+MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg
+THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0wODA1MDIxNjMyNTRaFw0w
+OTA1MDIxNjMyNTRaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
+MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRgw
+FgYDVQQDEw9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBALlkxdh2QXegdElukCSOV2+8PKiONIS+8Tu9K7MQsYpqtLNC860zwOPQ2NLI
+3Zp4jwuXVTrtzGuiqf5Jioh35Ig3CqDXtLyZoypjZUQcq4mlLzHlhIQ4EhSjDmA7
+Ffw9y3ckSOQgdBQWNLbquHh9AbEUjmhkrYxIqKXeCnRKhv6nAgMBAAGjgecwgeQw
+KAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUFBwMCBglghkgBhvhCBAEwNgYDVR0f
+BC8wLTAroCmgJ4YlaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVNHQ0NBLmNy
+bDByBggrBgEFBQcBAQRmMGQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0
+ZS5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly93d3cudGhhd3RlLmNvbS9yZXBvc2l0
+b3J5L1RoYXd0ZV9TR0NfQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEF
+BQADgYEAsRwpLg1dgCR1gYDK185MFGukXMeQFUvhGqF8eT/CjpdvezyKVuz84gSu
+6ccMXgcPQZGQN/F4Xug+Q01eccJjRSVfdvR5qwpqCj+6BFl5oiKDBsveSkrmL5dz
+s2bn7TdTSYKcLeBkjXxDLHGBqLJ6TNCJ3c4/cbbG5JhGvoema94=
+-----END CERTIFICATE-----

Added: torflow/branches/gsoc2008/data/soat/ssl/certs/www.fastmail.fm.pem
===================================================================
--- torflow/branches/gsoc2008/data/soat/ssl/certs/www.fastmail.fm.pem	                        (rev 0)
+++ torflow/branches/gsoc2008/data/soat/ssl/certs/www.fastmail.fm.pem	2008-06-15 17:41:22 UTC (rev 15281)
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAuWgAwIBAgIQbfxRUFCOzMrPD9Y7lr8MaTANBgkqhkiG9w0BAQUFADCB
+zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
+Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
+CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh
+d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
+cnZlckB0aGF3dGUuY29tMB4XDTA4MDUxNDIyMjkyMloXDTA5MDUyMDA5MjE0Nlow
+gYAxCzAJBgNVBAYTAkFVMRgwFgYDVQQIEw9OZXcgU291dGggV2FsZXMxEzARBgNV
+BAcTCkNyb3dzIE5lc3QxKDAmBgNVBAoTH09wdGltYWwgRGVjaXNpb25zIEdyb3Vw
+IFB0eSBMdGQxGDAWBgNVBAMTD3d3dy5mYXN0bWFpbC5mbTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAyJMTIn/14CHIrAYGi3913dMk1khF1C1M4f6/JlmIv7Xl
+HlOT+GJNcal38wsS/VxXTSrKgPcXDDK0kYGg/1WU6wF8HJ64LEXHou558PDBDnnp
+4pw2ayB5mVy9E3YFez0a/NHEBDKrkngmQmWQxmcVzBLNDYhoR/NQPQ6JZjtR1kMC
+AwEAAaOBpjCBozAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQAYDVR0f
+BDkwNzA1oDOgMYYvaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVByZW1pdW1T
+ZXJ2ZXJDQS5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8v
+b2NzcC50aGF3dGUuY29tMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEA
+IKus8RSbHoHfE36J44uEyGPMxFnfaEZLoZs+k6aZPnfVyvhDwNKPmfoEkaFWtqQ1
+Q+5IzVWGXCQOd5R4bWiiJRhG33KCDmRfqnVrCX0X+V6N72e9Zw51ac1Tv+Noipan
+s/yFWHIOod8fw6ELGcXzOd5mEt5XlCFWm/2IKtRCG9E=
+-----END CERTIFICATE-----

Added: torflow/branches/gsoc2008/data/soat/ssl/certs/www.paypal.com.pem
===================================================================
--- torflow/branches/gsoc2008/data/soat/ssl/certs/www.paypal.com.pem	                        (rev 0)
+++ torflow/branches/gsoc2008/data/soat/ssl/certs/www.paypal.com.pem	2008-06-15 17:41:22 UTC (rev 15281)
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF5jCCBM6gAwIBAgIQbmuco/dSNbSVN4bU5RNUqTANBgkqhkiG9w0BAQUFADCB
+vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
+YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv
+VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew
+HhcNMDcwMTMwMDAwMDAwWhcNMDkwMTI5MjM1OTU5WjCCAR4xEDAOBgNVBAUTBzMw
+MTQyNjcxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVs
+YXdhcmUxCzAJBgNVBAYTAlVTMRMwEQYDVQQRFAo5NTEzMS0yMDIxMQswCQYDVQQI
+EwJDQTERMA8GA1UEBxQIU2FuIEpvc2UxFjAUBgNVBAkUDTIyMTEgTiAxc3QgU3Qx
+FDASBgNVBAoUC1BheXBhbCBJbmMuMRwwGgYDVQQLFBNJbmZvcm1hdGlvbiBTeXN0
+ZW1zMTMwMQYDVQQLFCpUZXJtcyBvZiB1c2UgYXQgd3d3LnZlcmlzaWduLmNvbS9y
+cGEgKGMpMDYxFzAVBgNVBAMUDnd3dy5wYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC0ldZuxq9UVX26JfEnMM+U7pM+husarblH+rS18AyT8Aqf
+0oOZJ+439TESAQ521/9zDqXYpm5++VoNN5/M3HbQ63ksuqDILhA+G1sU0jA9RD38
+z992oazPJQDTfmeK+amv50+4okUT8QTDkb9WHjUI/gpf14AYQ628UFQQGO6WlQID
+AQABo4IB/zCCAfswCQYDVR0TBAIwADAdBgNVHQ4EFgQU7VBMXqBNGpJwm/AUUdLW
+nWziydAwCwYDVR0PBAQDAgWgMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly9FVklu
+dGwtY3JsLnZlcmlzaWduLmNvbS9FVkludGwyMDA2LmNybDBEBgNVHSAEPTA7MDkG
+C2CGSAGG+EUBBxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWdu
+LmNvbS9ycGEwNAYDVR0lBC0wKwYIKwYBBQUHAwEGCCsGAQUFBwMCBglghkgBhvhC
+BAEGCisGAQQBgjcKAwMwHwYDVR0jBBgwFoAUTkPIHXbvN1N6T/JYb5TzOOLVvd8w
+dgYIKwYBBQUHAQEEajBoMCsGCCsGAQUFBzABhh9odHRwOi8vRVZJbnRsLW9jc3Au
+dmVyaXNpZ24uY29tMDkGCCsGAQUFBzAChi1odHRwOi8vRVZJbnRsLWFpYS52ZXJp
+c2lnbi5jb20vRVZJbnRsMjAwNi5jZXIwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcw
+VRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4w
+JRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwDQYJKoZIhvcN
+AQEFBQADggEBADGj5/xJrl7mzkgcE6zf44jzT0Iw+/BLAzcerNixC3xZ57rPPhxu
+WRMKVzgIDYQzu/ed2oLRz6eefjF2Xs9XqLK1RDYRyDldksxP/AxB52AEGoBbufQ1
+xKWziRJXaUmqA27FBbx89lYrj3m6VQkkJ7bK+IpP9vQzpg86ZBQs0UWtxsQbO9zp
+D8IaeI+K97d5CgRfXixgfUR3OttmhofzmR9Zfawcui+MoEu0lrjeZNgAkEaCVlcH
+m0iL1rOpmhX/7b5DUpTWN3jopw9/VQTCqxcu+0zoEcNU02yadEVCNumWAEllTJ5D
+ePLh8FkejTsIkNexlknGZX4eQJYBo90wUok=
+-----END CERTIFICATE-----

Added: torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$C83A1F10D9506EEF24CED4BA291A9978FE7BE8D0'_mail.google.com.result
===================================================================
--- torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$C83A1F10D9506EEF24CED4BA291A9978FE7BE8D0'_mail.google.com.result	                        (rev 0)
+++ torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$C83A1F10D9506EEF24CED4BA291A9978FE7BE8D0'_mail.google.com.result	2008-06-15 17:41:22 UTC (rev 15281)
@@ -0,0 +1,20 @@
+(i__main__
+OpenSSLTestResult
+p0
+(dp1
+S'ssl_site'
+p2
+S'mail.google.com'
+p3
+sS'timestamp'
+p4
+F1213551284.4130349
+sS'cert'
+p5
+S'./data/soat/ssl/certs/mail.google.com.pem'
+p6
+sS'exit_node'
+p7
+S'$C83A1F10D9506EEF24CED4BA291A9978FE7BE8D0'
+p8
+sb.
\ No newline at end of file

Added: torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_addons.mozilla.org.result
===================================================================
--- torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_addons.mozilla.org.result	                        (rev 0)
+++ torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_addons.mozilla.org.result	2008-06-15 17:41:22 UTC (rev 15281)
@@ -0,0 +1,20 @@
+(i__main__
+OpenSSLTestResult
+p0
+(dp1
+S'ssl_site'
+p2
+S'addons.mozilla.org'
+p3
+sS'timestamp'
+p4
+F1213551285.951535
+sS'cert'
+p5
+S'./data/soat/ssl/certs/addons.mozilla.org.pem'
+p6
+sS'exit_node'
+p7
+S'$CEE08B38D516CC60AFB1984F46F428FC88826C14'
+p8
+sb.
\ No newline at end of file

Added: torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_www.fastmail.fm.result
===================================================================
--- torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_www.fastmail.fm.result	                        (rev 0)
+++ torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_www.fastmail.fm.result	2008-06-15 17:41:22 UTC (rev 15281)
@@ -0,0 +1,20 @@
+(i__main__
+OpenSSLTestResult
+p0
+(dp1
+S'ssl_site'
+p2
+S'www.fastmail.fm'
+p3
+sS'timestamp'
+p4
+F1213551292.174912
+sS'cert'
+p5
+S'./data/soat/ssl/certs/www.fastmail.fm.pem'
+p6
+sS'exit_node'
+p7
+S'$CEE08B38D516CC60AFB1984F46F428FC88826C14'
+p8
+sb.
\ No newline at end of file

Added: torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_www.paypal.com.result
===================================================================
--- torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_www.paypal.com.result	                        (rev 0)
+++ torflow/branches/gsoc2008/data/soat/ssl/nodesResults/'$CEE08B38D516CC60AFB1984F46F428FC88826C14'_www.paypal.com.result	2008-06-15 17:41:22 UTC (rev 15281)
@@ -0,0 +1,20 @@
+(i__main__
+OpenSSLTestResult
+p0
+(dp1
+S'ssl_site'
+p2
+S'www.paypal.com'
+p3
+sS'timestamp'
+p4
+F1213551288.8847311
+sS'cert'
+p5
+S'./data/soat/ssl/certs/www.paypal.com.pem'
+p6
+sS'exit_node'
+p7
+S'$CEE08B38D516CC60AFB1984F46F428FC88826C14'
+p8
+sb.
\ No newline at end of file

Modified: torflow/branches/gsoc2008/soat.py
===================================================================
--- torflow/branches/gsoc2008/soat.py	2008-06-15 17:35:45 UTC (rev 15280)
+++ torflow/branches/gsoc2008/soat.py	2008-06-15 17:41:22 UTC (rev 15281)
@@ -2,10 +2,12 @@
 import os
 import random
 import re
+import pickle
 from sets import Set
 import socket
 import string
 import sys
+import time
 import urllib
 import urllib2
 
@@ -28,7 +30,9 @@
 sys.path.append("./tools/pyssh")
 import pyssh
 
+#
 # config stuff
+#
 
 user_agent = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1) Gecko/20061010 Firefox/2.0' 
 
@@ -38,12 +42,20 @@
 
 same_origin_policy = True
 
+ssl_certs_directory = './data/soat/ssl/certs/';
+ssl_nodes_results_directory = './data/soat/ssl/nodesResults/';
+ssl_nodes_positive_directory = './data/soat/ssl/nodesPositive/';
+
+#
 # links of interest
+#
 
-doc_urls = ['http://www.torproject.org']
-doc_https = []
+docs_http = ['http://www.torproject.org']
+docs_https = ['mail.google.com','addons.mozilla.org','www.paypal.com','www.fastmail.fm']
 
+#
 # ports to test in the consistency test
+#
 
 ports_to_check = [
     ["pop", ExitPolicyRestriction('255.255.255.255', 110), "pops", ExitPolicyRestriction('255.255.255.255', 995)],
@@ -53,7 +65,9 @@
     ["http", ExitPolicyRestriction('255.255.255.255', 80), "https", ExitPolicyRestriction('255.255.255.255', 443)]
 ]
 
+#
 # constants
+#
 
 linebreak = '\r\n'
 
@@ -79,6 +93,21 @@
             s = s[:-1]
         return s
 
+# a class for saving ssl test results
+class OpenSSLTestResult:
+    def __init__(self, exit_node, ssl_site, cert_file):
+        self.exit_node = exit_node
+        self.ssl_site = ssl_site
+        self.timestamp = time.time()
+        self.cert = cert_file
+
+# a class for saving http test results
+class HttpTestResult:
+    def __init__(self, exit_node, website):
+        self.exit_node = exit_node
+        self.website = website
+        self.timestamp = time.time()
+
 # The scanner class
 class ExitNodeScanner:
 
@@ -115,7 +144,7 @@
         plog('INFO', 'ExitNodeScanner up and ready')
 
     def get_exit_node(self):
-        self.__client.writeline("GETLASTEXIT" + linebreak)
+        self.__client.writeline("GETLASTEXIT")
         reply = self.__client.readline()
         
         if reply[:3] != '250':
@@ -182,7 +211,7 @@
         content = f.read()
         content = content.decode('ascii', 'ignore')
 
-        print content
+        direct_page = BeautifulSoup(content)
 
         defaultsocket = socket.socket
         socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, tor_host, tor_port)
@@ -194,15 +223,20 @@
         except Exception, e:
             plog('ERROR', 'Opening ' + address + ' via tor failed')
             plog('ERROR', e)
+            socket.socket = defaultsocket
             return 0
 
         pcontent = g.read()
+        pcontent.decode('ascii', 'ignore')
 
-        print pcontent
+        node_page = BeautifulSoup(pcontent)
 
         # reset the default connection
         socket.socket = defaultsocket
 
+        # nasty tags: a, applet, div, embed, form, frame, iframe, img, link, script
+        # also check DOM event stuff
+
         return 0
 
     def check_openssh(self, address):
@@ -217,7 +251,7 @@
     def check_openssl(self, address):
 
         # specify the context
-        ctx = SSL.Context(SSL.SSLv3_METHOD)
+        ctx = SSL.Context(SSL.SSLv23_METHOD)
         ctx.set_verify_depth(1)
 
         # ready the certificate request
@@ -234,13 +268,26 @@
         c.send(crypto.dump_certificate_request(crypto.FILETYPE_ASN1,request))
 
         cert = c.get_peer_certificate()
+        cert_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
 
-        print 'Issuer: ', cert.get_issuer()
-        print 'Public key: ', cert.get_pubkey()
-        print 'Subject: ', cert.get_subject()
-        print 'Version: ', cert.get_version()
+        # save the cert 
 
-        # open a connection via tor
+        cert_file_handle = open(ssl_certs_directory + address + '.pem', 'w')
+        cert_file_handle.write(cert_pem)
+        cert_file_handle.close()
+
+        # if the original certificate was invalid, stop here
+        if cert.has_expired():
+            plog('INFO', 'SSL certificate of the ' + address + ' server has expired. Skipping to the next test')
+            return 0
+
+        # check whether we already have a circuit.
+        # if yes, open a connection via tor, otherwise skip to the next test
+        exit_node = self.get_exit_node()
+        if exit_node == 0:
+            plog('INFO', 'We have no exit node to test, skipping to the next test.')
+            return 0
+
         defaultsocket = socket.socket
         socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, tor_host, tor_port)
         socket.socket = socks.socksocket
@@ -248,25 +295,45 @@
         s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
         c2 = SSL.Connection(ctx, s2)
         c2.set_connect_state()
+ 
+        plog('INFO', 'Opening an ssl connection to ' + address + ' using exit node ' + `exit_node`)
 
-        plog('INFO', 'Opening an ssl connection to ' + address + ' using exit node ' + self.get_exit_node())
-
         c2.connect((address, 443))
         c2.send(crypto.dump_certificate_request(crypto.FILETYPE_ASN1,request))
 
         cert2 = c2.get_peer_certificate()
+        cert2_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert2)
 
-        print 'Issuer: ', cert2.get_issuer()
-        print 'Public key: ', cert2.get_pubkey()
-        print 'Subject: ', cert2.get_subject()
-        print 'Version: ', cert2.get_version()
-        
+        # compare the received cert to the original
+        #
+        # if certs match, save the result of the test only. no need to keep the same cert in two files
+        #
+        # if certs are different, file the test result under positive cases
+        # save the received cert for inspection
+
+        if cert_pem == cert2_pem:
+            cert_file = ssl_certs_directory + address + '.pem'
+            result = OpenSSLTestResult(exit_node, address, cert_file)
+            result_file = open(ssl_nodes_results_directory + `exit_node` + '_' + address + '.result','w')
+            pickle.dump(result, result_file)
+        else:
+            plog('ERROR', 'Exit node ' + `exit_node` + ' seems to be meddling with certificates. (' + address + ')')
+
+            cert_file = ssl_certs_directory + address + '_' + `exit_node` + '.pem'
+            cert_file_handle = open(cert_file, 'w')
+            cert_file_handle.write(cert2_pem)
+            cert_file_handle.close()
+
+            result = OpenSSLTestResult(exit_node, address, cert_file)
+            result_file = open(ssl_nodes_positive_directory + `exit_node` + '_' + address + '.result','w')
+            pickle.dump(result, result_file)
+
+        plog('INFO', 'Test complete. Moving on...')
         # reset the default connection
         socket.socket = defaultsocket
 
         return 0
 
-
 # some helpful methods
 
 '''
@@ -298,6 +365,18 @@
          
     return urllist
 
+def load_cert():
+    filehandler = open('./data/soat/ssl/certs/addons.mozilla.org.pem','r')
+    string = filehandler.read()
+
+    ctx = SSL.Context(SSL.SSLv23_METHOD)
+    ctx.use_certificate_file('./data/soat/ssl/certs/addons.mozilla.org.pem')
+
+    cert = crypto.load_certificate(crypto.FILETYPE_PEM, string)
+    print cert.get_subject()
+
+    return 0
+
 '''
 Find links to files related to a query
 '''
@@ -340,30 +419,32 @@
                 response.status + ' ' + response.reason)
         return []
 
+#
 # main logic
-
+#
 def main(argv):
     scanner = ExitNodeScanner(meta_host, meta_port)
-    '''
-    scanner.check_all_exits_port_consistency()
-    scanner.get_exit_node()
-    scanner.check_http("http://math.ut.ee/~aleksei/ip.php";)
     
-    scanner.check_openssh("http://math.ut.ee/~aleksei/ip.php";)
-   
-    '''
-    scanner.check_openssl("mail.google.com")
-    '''
+    # consistency test
+    # scanner.check_all_exits_port_consistency()
+    
+    # find sites for http testing if necessary
+    #
+    # global doc_urls
+    # doc_urls.extend(load_url_list())
+    # doc_urls = list(Set(doc_urls))
+    # plog('NOTICE', 'Final URL list: ' + '\n'.join(doc_urls) + '\n')
+    
+    # https test
+    for ssl_site in docs_https:
+        scanner.check_openssl(ssl_site)
 
-    global doc_urls
-    doc_urls.extend(load_url_list())
-    doc_urls = list(Set(doc_urls))
+    # http test
+    # for http_site in docs_http:
+    #   scanner.check_http(http_site)
 
-    plog('NOTICE', 'Final URL list: ' + '\n'.join(doc_urls) + '\n')
-    plog('INFO', 'Beginning scan loop... some day?')
-    '''
-
+#
 # initiate the program
-
+#
 if __name__ == '__main__':
     main(sys.argv)