Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

non-HTTP cRLDistributionPoints

Browse Source 
At the moment the code for downloading a CRL seems to only work if URL is an HTTP or HTTP URL. It fails if the URL is an LDAP URL. The wget command does not support LDAP and when curl retrieves data from an LDAP URL it stores the result in LDIF format, which http_get() cannot currently convert into a PEM-encoded CRL.

This PR addresses the issue by skipping the revocation check for any URL that does not begin with "http".
This commit is contained in:
David Cooper 2018-04-26 10:09:13 -04:00 committed by David Cooper
parent 6d919de0ad
commit 0b8409e13a
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
testssl.sh
View File

@ -1431,6 +1431,8 @@ check_revocation_crl() {
local tmpfile=""
"$PHONE_OUT" || return 0
# The code for obtaining CRLs only supports HTTP and HTTPS URLs.
[[ "$(tolower "${crl:0:4}")" == "http" ]] || return 0
tmpfile=$TEMPDIR/${NODE}-${NODEIP}.${crl##*\/} || exit $ERR_FCREATE
http_get "$crl" "$tmpfile"