Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-07 17:20:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactor date parsing. Makes testssl.sh work on NetBSD too.

Browse Source 
Introduce a parse_date() function to handle all date parsing.
Check for the following date(1) variants:
GNU: accepts "-d date-to-parse".
FreeBSD/OS X: accepts "-j -f input-format"
everything else: accepts "-j date-to-parse"

usage: parse-date date output-format input-format

Tested on NetBSD, OS X 10.11 and Debian jessie.
This commit is contained in:
Christoph Badura 2016-06-20 21:51:40 +02:00
parent 48d5e5a7a1
commit 0fd261eb6c
1 changed files with 25 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
testssl.sh
View File

@ -109,9 +109,13 @@ else
readonly REL_DATE=$(tail -5 "$0" | awk '/dirkw Exp/ { print $5 }') readonly REL_DATE=$(tail -5 "$0" | awk '/dirkw Exp/ { print $5 }')
fi fi
readonly SYSTEM=$(uname -s) readonly SYSTEM=$(uname -s)
date --help >/dev/null 2>&1 && \ date -d @735275209 >/dev/null 2>&1 && \
readonly HAS_GNUDATE=true || \ readonly HAS_GNUDATE=true || \
readonly HAS_GNUDATE=false readonly HAS_GNUDATE=false
# FreeBSD and OS X date(1) accept "-f inputformat"
date -j -f '%s' 1234567 >/dev/null 2>&1 && \
readonly HAS_FREEBSDDATE=true || \
readonly HAS_FREEBSDDATE=false
echo A | sed -E 's/A//' >/dev/null 2>&1 && \ echo A | sed -E 's/A//' >/dev/null 2>&1 && \
readonly HAS_SED_E=true || \ readonly HAS_SED_E=true || \
readonly HAS_SED_E=false readonly HAS_SED_E=false
@ -609,6 +613,20 @@ wait_kill(){
return 3 # means killed return 3 # means killed
} }
# parse_date date format input-format
if "$HAS_GNUDATE"; then # Linux and NetBSD
parse_date() {
LC_ALL=C date -d "$1" "$2"
}
elif "$HAS_FREEBSDDATE"; then # FreeBSD and OS X
parse_date() {
LC_ALL=C date -j -f "$3" "$2" "$1"
}
else
parse_date() {
LC_ALL=C date -j "$2" "$1"
}
fi
###### check code starts here ###### ###### check code starts here ######
@ -830,11 +848,7 @@ run_http_date() {
out "not tested as we're not targeting HTTP" out "not tested as we're not targeting HTTP"
else else
if [[ -n "$HTTP_TIME" ]]; then if [[ -n "$HTTP_TIME" ]]; then
if "$HAS_GNUDATE"; then HTTP_TIME=$(parse_date "$HTTP_TIME" "+%s" "%a, %d %b %Y %T %Z" 2>>$ERRFILE) # the trailing \r confuses BSD flavors otherwise
HTTP_TIME=$(date --date="$HTTP_TIME" "+%s")
else
HTTP_TIME=$(LC_ALL=C date -j -f "%a, %d %b %Y %T %Z" "$HTTP_TIME" "+%s" 2>>$ERRFILE) # the trailing \r confuses BSD flavors otherwise
fi
difftime=$((HTTP_TIME - $NOW_TIME)) difftime=$((HTTP_TIME - $NOW_TIME))
[[ $difftime != "-"* ]] && [[ $difftime != "0" ]] && difftime="+$difftime" [[ $difftime != "-"* ]] && [[ $difftime != "0" ]] && difftime="+$difftime"
@ -3511,15 +3525,9 @@ certificate_info() {
out "$indent"; pr_bold " Certificate Expiration " out "$indent"; pr_bold " Certificate Expiration "
if "$HAS_GNUDATE"; then enddate=$(parse_date "$($OPENSSL x509 -in $HOSTCERT -noout -enddate 2>>$ERRFILE | cut -d= -f 2)" +"%F %H:%M %z" "%b %d %T %Y %Z")
enddate=$(date --date="$($OPENSSL x509 -in $HOSTCERT -noout -enddate 2>>$ERRFILE | cut -d= -f 2)" +"%F %H:%M %z") startdate=$(parse_date "$($OPENSSL x509 -in $HOSTCERT -noout -startdate 2>>$ERRFILE | cut -d= -f 2)" +"%F %H:%M" "%b %d %T %Y %Z")
startdate=$(date --date="$($OPENSSL x509 -in $HOSTCERT -noout -startdate 2>>$ERRFILE | cut -d= -f 2)" +"%F %H:%M") days2expire=$(( $(parse_date "$enddate" "+%s" "%F %H:%M %z") - $(LC_ALL=C date "+%s") )) # in seconds
days2expire=$(( $(date --date="$enddate" "+%s") - $(date "+%s") )) # in seconds
else
enddate=$(LC_ALL=C date -j -f "%b %d %T %Y %Z" "$($OPENSSL x509 -in $HOSTCERT -noout -enddate 2>>$ERRFILE | cut -d= -f 2)" +"%F %H:%M %z")
startdate=$(LC_ALL=C date -j -f "%b %d %T %Y %Z" "$($OPENSSL x509 -in $HOSTCERT -noout -startdate 2>>$ERRFILE | cut -d= -f 2)" +"%F %H:%M")
LC_ALL=C days2expire=$(( $(date -j -f "%F %H:%M %z" "$enddate" "+%s") - $(date "+%s") )) # in seconds
fi
days2expire=$((days2expire / 3600 / 24 )) days2expire=$((days2expire / 3600 / 24 ))
if grep -q "^Let's Encrypt Authority" <<< "$issuer_CN"; then # we take the half of the thresholds for LE certificates if grep -q "^Let's Encrypt Authority" <<< "$issuer_CN"; then # we take the half of the thresholds for LE certificates
@ -4481,11 +4489,7 @@ parse_tls_serverhello() {
echo " tls_sid_len: 0x$tls_sid_len_hex / = $((tls_sid_len/2))" echo " tls_sid_len: 0x$tls_sid_len_hex / = $((tls_sid_len/2))"
fi fi
echo -n " tls_hello_time: 0x$tls_hello_time " echo -n " tls_hello_time: 0x$tls_hello_time "
if "$HAS_GNUDATE"; then parse_date "$TLS_TIME" "+%Y-%m-%d %r" "%s"
date --date="@$TLS_TIME" "+%Y-%m-%d %r"
else
LC_ALL=C date -j -f %s "$TLS_TIME" "+%Y-%m-%d %r"
fi
echo " tls_cipher_suite: 0x$tls_cipher_suite" echo " tls_cipher_suite: 0x$tls_cipher_suite"
echo -n " tls_compression_method: 0x$tls_compression_method " echo -n " tls_compression_method: 0x$tls_compression_method "
case $tls_compression_method in case $tls_compression_method in
@ -6154,6 +6158,7 @@ COLORBLIND: $COLORBLIND
TERM_DWITH: $TERM_DWITH TERM_DWITH: $TERM_DWITH
INTERACTIVE: $INTERACTIVE INTERACTIVE: $INTERACTIVE
HAS_GNUDATE: $HAS_GNUDATE HAS_GNUDATE: $HAS_GNUDATE
HAS_FREEBSDDATE: $HAS_FREEBSDDATE
HAS_SED_E: $HAS_SED_E HAS_SED_E: $HAS_SED_E
SHOW_EACH_C: $SHOW_EACH_C SHOW_EACH_C: $SHOW_EACH_C