Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 13:25:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

- NEW: certificate fingerprints + serial

Browse Source
This commit is contained in:
Dirk
2015-02-03 23:46:47 +01:00
parent d2b833b2fa
commit 1b8d96f1d8
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
testssl.sh
View File

@@ -462,9 +462,6 @@ hpkp() {
tmpfile_handle $FUNCNAME.txt tmpfile_handle $FUNCNAME.txt
return $? return $?
} }
#FIXME: once checkcert.sh is here: fingerprints!
# FIXME: revoked, see checkcert.sh
# FIXME: Trust (only CN)
emphasize_numbers_in_headers(){ emphasize_numbers_in_headers(){
# see http://www.grymoire.com/Unix/Sed.html#uh-3 # see http://www.grymoire.com/Unix/Sed.html#uh-3
@@ -753,9 +750,7 @@ test_just_one(){
# test for all ciphers locally configured (w/o distinguishing whether they are good or bad # test for all ciphers locally configured (w/o distinguishing whether they are good or bad
allciphers(){ allciphers(){
nr_ciphers=`$OPENSSL ciphers 'ALL:COMPLEMENTOFALL:@STRENGTH' | sed 's/:/ /g' | wc -w` nr_ciphers=`$OPENSSL ciphers 'ALL:COMPLEMENTOFALL:@STRENGTH' | sed 's/:/ /g' | wc -w`
pr_blue "--> Testing all locally available $nr_ciphers ciphers against the server"; outln "\n" pr_blue "--> Testing all locally available $nr_ciphers ciphers against the server"; outln "\n"
neat_header neat_header
@@ -1085,6 +1080,9 @@ server_defaults() {
esac esac
# old, but interesting: https://blog.hboeck.de/archives/754-Playing-with-the-EFF-SSL-Observatory.html # old, but interesting: https://blog.hboeck.de/archives/754-Playing-with-the-EFF-SSL-Observatory.html
out " Fingerprint / Serial "
outln "$($OPENSSL x509 -noout -in $HOSTCERT -fingerprint | sed 's/Fingerprint=//' ) / $($OPENSSL x509 -noout -in $HOSTCERT -serial | sed 's/serial=//')"
out " Common Name (CN) " out " Common Name (CN) "
CN=`$OPENSSL x509 -in $HOSTCERT -noout -subject | sed 's/subject= //' | sed -e 's/^.*CN=//' -e 's/\/emailAdd.*//'` CN=`$OPENSSL x509 -in $HOSTCERT -noout -subject | sed 's/subject= //' | sed -e 's/^.*CN=//' -e 's/\/emailAdd.*//'`
out "$CN" out "$CN"
@@ -1185,6 +1183,9 @@ server_defaults() {
tmpfile_handle tlsextdebug+status.txt tmpfile_handle tlsextdebug+status.txt
return $ret return $ret
} }
# FIXME: revoked, see checkcert.sh
# FIXME: Trust (only CN)
# http://www.heise.de/security/artikel/Forward-Secrecy-testen-und-einrichten-1932806.html # http://www.heise.de/security/artikel/Forward-Secrecy-testen-und-einrichten-1932806.html
@@ -2557,6 +2558,6 @@ case "$1" in
exit $ret ;; exit $ret ;;
esac esac
# $Id: testssl.sh,v 1.179 2015/02/03 22:20:58 dirkw Exp $ # $Id: testssl.sh,v 1.180 2015/02/03 22:46:46 dirkw Exp $
# vim:ts=5:sw=5 # vim:ts=5:sw=5