From 1488baeac5deaa56f7f2ad4697c0540c7db4c7db Mon Sep 17 00:00:00 2001 From: Dirk Date: Wed, 20 Dec 2017 09:00:00 +0100 Subject: [PATCH] Documentation of CA_BUNDLES_PATH See also #941 --- doc/testssl.1 | 3 +++ doc/testssl.1.html | 5 ++++- doc/testssl.1.md | 5 ++++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/doc/testssl.1 b/doc/testssl.1 index 133af5c..908780e 100644 --- a/doc/testssl.1 +++ b/doc/testssl.1 @@ -498,6 +498,9 @@ HEARTBLEED_MAX_WAITSOCK Is the similar to MAX_WAITSOCK but applies only to the S .IP "\(bu" 4 MEASURE_TIME_FILE For seldom cases when you don\'t want the scan time to be included in the output you can set this to false\. . +.IP "\(bu" 4 +CA_BUNDLES_PATH: If you have an own set of CA bundles or you want to point testssl\.sh to a specific location of a CA bundle, you can use this variable to set the directory which testssl\.sh will use\. Please note that it overrides completely the builtin path of testssl\.sh which means that you will only test against the bundles you point to\. Also you might want to use ~/utils/create_ca_hashes\.sh to create the hashes for HPKP\. +. .IP "" 0 . .SH "EXAMPLES" diff --git a/doc/testssl.1.html b/doc/testssl.1.html index d403115..2a7fff8 100644 --- a/doc/testssl.1.html +++ b/doc/testssl.1.html @@ -403,7 +403,10 @@ The same can be achieved by setting the environment variable WARNINGSMAX_WAITSOCK: It instructs testssl.sh to wait until the specified time before declaring a socket connection dead. Don't change this unless you're absolutely sure what you're doing. Value is in seconds.
  • CCS_MAX_WAITSOCK Is the similar to above but applies only to the CCS handshakes, for both of the two the two CCS payload. Don't change this unless you're absolutely sure what you're doing. Value is in seconds.
  • HEARTBLEED_MAX_WAITSOCK Is the similar to MAX_WAITSOCK but applies only to the ServerHello after sending the Heartbleed payload. Don't change this unless you're absolutely sure what you're doing. Value is in seconds.
  • -
  • MEASURE_TIME_FILE For seldom cases when you don't want the scan time to be included in the output you can set this to false.
  • +
  • MEASURE_TIME_FILE For seldom cases when you don't want the scan time to be included in the output you can set this to false.

  • +
  • CA_BUNDLES_PATH: If you have an own set of CA bundles or you want to point testssl.sh to a specific location of a CA bundle, you can use this variable to set the directory which testssl.sh will +use. Please note that it overrides completely the builtin path of testssl.sh which means that you will only test against the bundles you point to. Also you might want to use ~/utils/create_ca_hashes.sh +to create the hashes for HPKP.

  • diff --git a/doc/testssl.1.md b/doc/testssl.1.md index 88a9c53..1d50da4 100644 --- a/doc/testssl.1.md +++ b/doc/testssl.1.md @@ -334,7 +334,10 @@ Except the environment variables mentioned above which replace command line opti [comment]: # DAYS2WARN1 [comment]: # DAYS2WARN2 [comment]: # TESTSSL_INSTALL_DIR -[comment]: # CA_BUNDLES_PATH +* CA_BUNDLES_PATH: If you have an own set of CA bundles or you want to point testssl.sh to a specific location of a CA bundle, you can use this variable to set the directory which testssl.sh will +use. Please note that it overrides completely the builtin path of testssl.sh which means that you will only test against the bundles you point to. Also you might want to use ~/utils/create_ca_hashes.sh +to create the hashes for HPKP. + [comment]: # CAPATH