Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

- minor polishing #419

Browse Source
This commit is contained in:
Dirk 2016-07-23 11:17:49 +02:00
parent 9ef0cef8ef
commit 1a099d35b7
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
testssl.sh
View File

@ -4234,7 +4234,7 @@ certificate_info() {
fileout "${json_prefix}issuer" "INFO" "Issuer: $issuerfinding" fileout "${json_prefix}issuer" "INFO" "Issuer: $issuerfinding"
fi fi
out "$indent"; pr_bold " Trust " out "$indent"; pr_bold " Trust (hostname) "
compare_server_name_to_cert "$NODE" "$HOSTCERT" compare_server_name_to_cert "$NODE" "$HOSTCERT"
trust_sni=$? trust_sni=$?
@ -4249,7 +4249,7 @@ certificate_info() {
has_dns_sans=true || has_dns_sans=false has_dns_sans=true || has_dns_sans=false
case $trust_sni in case $trust_sni in
0) trustfinding="certificate does not match URI" ;; 0) trustfinding="certificate does not match supplied URI" ;;
1) trustfinding="Ok via SAN" ;; 1) trustfinding="Ok via SAN" ;;
2) trustfinding="Ok via SAN wildcard" ;; 2) trustfinding="Ok via SAN wildcard" ;;
4) if $has_dns_sans; then 4) if $has_dns_sans; then
@ -4276,11 +4276,11 @@ certificate_info() {
if [[ $trust_sni -eq 0 ]]; then if [[ $trust_sni -eq 0 ]]; then
pr_svrty_medium "$trustfinding" pr_svrty_medium "$trustfinding"
trust_sni="fail" trust_sni="fail"
elif $has_dns_sans && ( [[ $trust_sni -eq 4 ]] || [[ $trust_sni -eq 8 ]] ); then elif "$has_dns_sans" && ( [[ $trust_sni -eq 4 ]] || [[ $trust_sni -eq 8 ]] ); then
pr_svrty_medium "$trustfinding" pr_svrty_medium "$trustfinding"
trust_sni="warn" trust_sni="warn"
else else
out "$trustfinding" pr_done_good "$trustfinding"
trust_sni="ok" trust_sni="ok"
fi fi
@ -4292,9 +4292,9 @@ certificate_info() {
has_dns_sans=true || has_dns_sans=false has_dns_sans=true || has_dns_sans=false
fi fi
if $has_dns_sans && [[ $trust_nosni -eq 4 ]]; then if "$has_dns_sans" && [[ $trust_nosni -eq 4 ]]; then
trustfinding_nosni=" (w/o SNI: Ok via CN, but not SAN)" trustfinding_nosni=" (w/o SNI: Ok via CN, but not SAN)"
elif $has_dns_sans && [[ $trust_nosni -eq 8 ]]; then elif "$has_dns_sans" && [[ $trust_nosni -eq 8 ]]; then
trustfinding_nosni=" (w/o SNI: Ok via CN wildcard, but not SAN)" trustfinding_nosni=" (w/o SNI: Ok via CN wildcard, but not SAN)"
elif [[ $trust_nosni -eq 0 ]] && ( [[ "$trust_sni" == "ok" ]] || [[ "$trust_sni" == "warn" ]] ); then elif [[ $trust_nosni -eq 0 ]] && ( [[ "$trust_sni" == "ok" ]] || [[ "$trust_sni" == "warn" ]] ); then
trustfinding_nosni=" (SNI mandatory)" trustfinding_nosni=" (SNI mandatory)"
@ -4304,9 +4304,8 @@ certificate_info() {
trustfinding_nosni=" (however, works w/o SNI)" trustfinding_nosni=" (however, works w/o SNI)"
else else
trustfinding_nosni="" trustfinding_nosni=""
outln
fi fi
if $has_dns_sans && ( [[ $trust_nosni -eq 4 ]] || [[ $trust_nosni -eq 8 ]] ); then if "$has_dns_sans" && ( [[ $trust_nosni -eq 4 ]] || [[ $trust_nosni -eq 8 ]] ); then
pr_svrty_mediumln "$trustfinding_nosni" pr_svrty_mediumln "$trustfinding_nosni"
else else
outln "$trustfinding_nosni" outln "$trustfinding_nosni"
@ -8489,4 +8488,4 @@ fi
exit $? exit $?
# $Id: testssl.sh,v 1.527 2016/07/20 15:36:50 dirkw Exp $ # $Id: testssl.sh,v 1.528 2016/07/23 09:16:12 dirkw Exp $