Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-06 00:39:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix indentation and redundant message (BREACH) when client certificate required

Browse Source 
... see #1915
This commit is contained in:
Dirk Wetter 2021-06-17 09:23:34 +02:00
parent 96e8f67999
commit 19feed169e
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
testssl.sh
View File

@ -14614,8 +14614,9 @@ run_breach() {
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for BREACH (HTTP compression) vulnerability " && outln
pr_bold " BREACH"; out " ($cve) "
if "$CLIENT_AUTH"; then
outln "cannot be tested (server side requires x509 authentication)"
fileout "$jsonID" "INFO" "was not tested, server side requires x509 authentication" "$cve" "$cwe"
prln_warning "client x509-based authentication prevents this from being tested"
fileout "$jsonID" "WARN" "client x509-based authentication prevents this from being tested" "$cve" "$cwe"
return 7
fi
# if [[ $NR_HEADER_FAIL -ge $MAX_HEADER_FAIL ]]; then