Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-05 19:42:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Printing of subjectAltName extension

Browse Source 
Modify the extraction of the subjectAltName extension from certificates in order to address SANs with name forms other than DNS and otherName.
This commit is contained in:
David Cooper
2016-06-13 12:52:19 -04:00
committed by GitHub
parent 88fd5c4e19
commit 1d0c8cb3f8
1 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
testssl.sh
View File

@ -3442,15 +3442,18 @@ certificate_info() {
fi fi
fileout "${json_prefix}cn" "$cnok" "$cnfinding" fileout "${json_prefix}cn" "$cnok" "$cnfinding"
sans=$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | grep -A3 "Subject Alternative Name" | grep "DNS:" | \ sans=$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | grep -A3 "Subject Alternative Name" | \
sed -e 's/DNS://g' -e 's/ //g' -e 's/,/ /g' -e 's/othername:<unsupported>//g') egrep "DNS:|IP Address:|email:|URI:|DirName:|Registered ID:" | \
# ^^^ CACert sed -e 's/ *DNS://g' -e 's/ *IP Address://g' -e 's/ *email://g' -e 's/ *URI://g' -e 's/ *DirName://g' \
-e 's/ *Registered ID://g' -e 's/,/\n/g' \
-e 's/ *othername:<unsupported>//g' -e 's/ *X400Name:<unsupported>//g' -e 's/ *EdiPartyName:<unsupported>//g')
# ^^^ CACert
out "$indent"; pr_bold " subjectAltName (SAN) " out "$indent"; pr_bold " subjectAltName (SAN) "
if [[ -n "$sans" ]]; then if [[ -n "$sans" ]]; then
for san in $sans; do while read san; do
pr_dquoted "$san" [[ -n "$san" ]] && pr_dquoted "$san"
out " " out " "
done done <<< "$sans"
fileout "${json_prefix}san" "INFO" "subjectAltName (SAN) : $sans" fileout "${json_prefix}san" "INFO" "subjectAltName (SAN) : $sans"
else else
out "-- " out "-- "