Reduce redundant code
Move some checks into functions so that the code doesn't have to be repeated.
This commit is contained in:
parent
998c2aa1f8
commit
02d1071b9c
13
testssl.sh
13
testssl.sh
|
@ -1456,6 +1456,7 @@ check_revocation_crl() {
|
||||||
local -i success
|
local -i success
|
||||||
|
|
||||||
"$PHONE_OUT" || return 0
|
"$PHONE_OUT" || return 0
|
||||||
|
[[ -n "$GOOD_CA_BUNDLE" ]] || return 0
|
||||||
scheme="$(tolower "${crl%%://*}")"
|
scheme="$(tolower "${crl%%://*}")"
|
||||||
# The code for obtaining CRLs only supports LDAP, HTTP, and HTTPS URLs.
|
# The code for obtaining CRLs only supports LDAP, HTTP, and HTTPS URLs.
|
||||||
[[ "$scheme" == "http" ]] || [[ "$scheme" == "https" ]] || [[ "$scheme" == "ldap" ]] || return 0
|
[[ "$scheme" == "http" ]] || [[ "$scheme" == "https" ]] || [[ "$scheme" == "ldap" ]] || return 0
|
||||||
|
@ -1520,6 +1521,8 @@ check_revocation_ocsp() {
|
||||||
local host_header=""
|
local host_header=""
|
||||||
|
|
||||||
"$PHONE_OUT" || return 0
|
"$PHONE_OUT" || return 0
|
||||||
|
[[ -n "$GOOD_CA_BUNDLE" ]] || return 0
|
||||||
|
grep -q "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TEMPDIR/intermediatecerts.pem || return 0
|
||||||
tmpfile=$TEMPDIR/${NODE}-${NODEIP}.${uri##*\/} || exit $ERR_FCREATE
|
tmpfile=$TEMPDIR/${NODE}-${NODEIP}.${uri##*\/} || exit $ERR_FCREATE
|
||||||
host_header=${uri##http://}
|
host_header=${uri##http://}
|
||||||
host_header=${host_header%%/*}
|
host_header=${host_header%%/*}
|
||||||
|
@ -7597,7 +7600,7 @@ certificate_info() {
|
||||||
else
|
else
|
||||||
if [[ $(count_lines "$crl") -eq 1 ]]; then
|
if [[ $(count_lines "$crl") -eq 1 ]]; then
|
||||||
out "$crl"
|
out "$crl"
|
||||||
if [[ "$expfinding" != "expired" ]] && [[ -n "$GOOD_CA_BUNDLE" ]]; then
|
if [[ "$expfinding" != "expired" ]]; then
|
||||||
check_revocation_crl "$crl" "cert_crlRevoked${json_postfix}"
|
check_revocation_crl "$crl" "cert_crlRevoked${json_postfix}"
|
||||||
ret=$((ret +$?))
|
ret=$((ret +$?))
|
||||||
fi
|
fi
|
||||||
|
@ -7611,7 +7614,7 @@ certificate_info() {
|
||||||
out "$spaces"
|
out "$spaces"
|
||||||
fi
|
fi
|
||||||
out "$line"
|
out "$line"
|
||||||
if [[ "$expfinding" != "expired" ]] && [[ -n "$GOOD_CA_BUNDLE" ]]; then
|
if [[ "$expfinding" != "expired" ]]; then
|
||||||
check_revocation_crl "$line" "cert_crlRevoked${json_postfix}"
|
check_revocation_crl "$line" "cert_crlRevoked${json_postfix}"
|
||||||
ret=$((ret +$?))
|
ret=$((ret +$?))
|
||||||
fi
|
fi
|
||||||
|
@ -7630,8 +7633,7 @@ certificate_info() {
|
||||||
else
|
else
|
||||||
if [[ $(count_lines "$ocsp_uri") -eq 1 ]]; then
|
if [[ $(count_lines "$ocsp_uri") -eq 1 ]]; then
|
||||||
out "$ocsp_uri"
|
out "$ocsp_uri"
|
||||||
if [[ "$expfinding" != "expired" ]] && [[ -n "$GOOD_CA_BUNDLE" ]] && \
|
if [[ "$expfinding" != "expired" ]]; then
|
||||||
grep -q "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TEMPDIR/intermediatecerts.pem; then
|
|
||||||
check_revocation_ocsp "$ocsp_uri" "cert_ocspRevoked${json_postfix}"
|
check_revocation_ocsp "$ocsp_uri" "cert_ocspRevoked${json_postfix}"
|
||||||
fi
|
fi
|
||||||
ret=$((ret +$?))
|
ret=$((ret +$?))
|
||||||
|
@ -7645,8 +7647,7 @@ certificate_info() {
|
||||||
out "$spaces"
|
out "$spaces"
|
||||||
fi
|
fi
|
||||||
out "$line"
|
out "$line"
|
||||||
if [[ "$expfinding" != "expired" ]] && [[ -n "$GOOD_CA_BUNDLE" ]] && \
|
if [[ "$expfinding" != "expired" ]]; then
|
||||||
grep -q "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TEMPDIR/intermediatecerts.pem; then
|
|
||||||
check_revocation_ocsp "$line" "cert_ocspRevoked${json_postfix}"
|
check_revocation_ocsp "$line" "cert_ocspRevoked${json_postfix}"
|
||||||
ret=$((ret +$?))
|
ret=$((ret +$?))
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in New Issue