Ensure that stderr is caught / $prg=testssl.sh

As suggested in #2780 this PR redirects all stderr on a perl level
to stdout so that we should see all errors which we miss because
we can't redirect (>/dev/null in check) or we haven't redirected yet.

Also old checks are imporved, so that $prg is used as in newer
checks.

.github/workflows/unit_tests_macos.yml

@@ -51,4 +51,4 @@ jobs:
 
       - name: run it
         run: |
-          prove -v t
+          prove -v t 2>&1

.github/workflows/unit_tests_ubuntu.yml

@@ -57,4 +57,4 @@ jobs:
 
       - name: run it
         run: |
-          prove -v t
+          prove -v t 2>&1

t/23_client_simulation.t

@@ -31,14 +31,14 @@ $uri="google.com";
 
 # unlink "tmp.json";
 printf "\n%s\n", "Client simulations unit test via sockets --> $uri ...";
-$socket_out = `./testssl.sh $check2run $uri 2>&1`;
+$socket_out = `$prg $check2run $uri 2>&1`;
 # $socket_json = json('tmp.json');
 unlike($socket_out, qr/$socket_regex_bl/, "");
 $tests++;
 
 # unlink "tmp.json";
 printf "\n%s\n", "Client simulations unit test via OpenSSL --> $uri ...";
-$openssl_out = `./testssl.sh $check2run --ssl-native $uri 2>&1`;
+$openssl_out = `$prg $check2run --ssl-native $uri 2>&1`;
 # $openssl_json = json('tmp.json');
 unlike($openssl_out, qr/$openssl_regex_bl/, "");
 $tests++;
@@ -48,7 +48,7 @@ $uri="smtp-relay.gmail.com:587";
 
 # unlink "tmp.json";
 printf "\n%s\n", "STARTTLS: Client simulations unit test via sockets --> $uri ...";
-$socket_out = `./testssl.sh $check2run -t smtp $uri 2>&1`;
+$socket_out = `$prg $check2run -t smtp $uri 2>&1`;
 # $socket_json = json('tmp.json');
 unlike($socket_out, qr/$socket_regex_bl/, "");
 $tests++;

t/31_isJSON_valid.t

@@ -29,7 +29,7 @@ unlink 'tmp.json';
 
 #1
 printf "%s\n", ".. plain JSON --> $uri ";
-$out = `./testssl.sh $check2run --jsonfile tmp.json $uri`;
+$out = `$prg $check2run --jsonfile tmp.json $uri`;
 $json = json('tmp.json');
 unlink 'tmp.json';
 my @errors=eval { decode_json($json) };
@@ -39,7 +39,7 @@ $tests++;
 
 #2
 printf "%s\n", ".. pretty JSON --> $uri ";
-$out = `./testssl.sh $check2run --jsonfile-pretty tmp.json $uri`;
+$out = `$prg $check2run --jsonfile-pretty tmp.json $uri`;
 $json = json('tmp.json');
 unlink 'tmp.json';
 @errors=eval { decode_json($json) };
@@ -50,7 +50,7 @@ $tests++;
 #3
 my $uri = "smtp-relay.gmail.com:587";
 printf "%s\n", " .. plain JSON and STARTTLS --> $uri ...";
-$out = `./testssl.sh  --jsonfile tmp.json $check2run -t smtp $uri`;
+$out = `$prg --jsonfile tmp.json $check2run -t smtp $uri`;
 $json = json('tmp.json');
 unlink 'tmp.json';
 @errors=eval { decode_json($json) };
@@ -65,7 +65,7 @@ if ( $os eq "linux" ){
      # This testssl.sh run deliberately does NOT work as github actions block port 25 egress.
      # but the output should be fine. The idea is to have a unit test for a failed connection.
      printf "%s\n", ".. plain JSON for a failed run: '--mx $uri' ...";
-     $out = `./testssl.sh --ssl-native --openssl-timeout=10 $check2run --jsonfile tmp.json --mx $uri`;
+     $out = `$prg --ssl-native --openssl-timeout=10 $check2run --jsonfile tmp.json --mx $uri`;
      $json = json('tmp.json');
      unlink 'tmp.json';
      @errors=eval { decode_json($json) };
@@ -75,7 +75,7 @@ if ( $os eq "linux" ){
      #5
      # Same as above but with pretty JSON
      printf "%s\n", ".. pretty JSON for a failed run '--mx $uri' ...";
-     $out = `./testssl.sh --ssl-native --openssl-timeout=10 $check2run --jsonfile-pretty tmp.json --mx $uri`;
+     $out = `$prg --ssl-native --openssl-timeout=10 $check2run --jsonfile-pretty tmp.json --mx $uri`;
      $json = json('tmp.json');
      unlink 'tmp.json';
      @errors=eval { decode_json($json) };

t/51_badssl.com.t

@@ -6,6 +6,7 @@ use Data::Dumper;
 use JSON;
 
 my $tests = 0;
+my $prg="./testssl.sh";
 
 my (
 	$out,
@@ -14,14 +15,14 @@ my (
 );
 # OK
 pass("Running testssl.sh against badssl.com to create a baseline (may take 2~3 minutes)"); $tests++;
-my $okout = `./testssl.sh -S -e --freak --logjam --drown --rc4 --sweet32 --breach --winshock --crime --jsonfile tmp.json --color 0 badssl.com`;
+my $okout = `$prg -S -e --freak --logjam --drown --rc4 --sweet32 --breach --winshock --crime --jsonfile tmp.json --color 0 badssl.com`;
 my $okjson = json('tmp.json');
 unlink 'tmp.json';
 cmp_ok(@$okjson,'>',10,"We should have more then 10 findings"); $tests++;
 
 # Expiration
 pass("Running testssl against expired.badssl.com"); $tests++;
-$out = `./testssl.sh -S --jsonfile tmp.json --color 0 expired.badssl.com`;
+$out = `$prg -S --jsonfile tmp.json --color 0 expired.badssl.com`;
 like($out, qr/Chain of trust\s+NOT ok \(expired\)/,"The chain of trust should be expired"); $tests++;
 like($out, qr/Certificate Validity \(UTC\)\s+expired/,"The certificate should be expired"); $tests++;
 $json = json('tmp.json');
@@ -39,7 +40,7 @@ is($found,1,"We should have a finding for this in the JSON output"); $tests++;
 
 # Self signed and not-expired
 pass("Running testssl against self-signed.badssl.com"); $tests++;
-$out = `./testssl.sh -S --jsonfile tmp.json --color 0 self-signed.badssl.com`;
+$out = `$prg -S --jsonfile tmp.json --color 0 self-signed.badssl.com`;
 unlike($out, qr/Certificate Validity \(UTC\)s+expired/,"The certificate should not be expired"); $tests++;
 $json = json('tmp.json');
 unlink 'tmp.json';
@@ -98,7 +99,7 @@ is($found,1,"We should have a finding for this in the JSON output"); $tests++;
 
 # Incomplete chain
 pass("Running testssl against incomplete-chain.badssl.com"); $tests++;
-$out = `./testssl.sh -S --jsonfile tmp.json --color 0 incomplete-chain.badssl.com`;
+$out = `$prg -S --jsonfile tmp.json --color 0 incomplete-chain.badssl.com`;
 like($out, qr/Chain of trust.*?NOT ok\s+\(chain incomplete\)/,"Chain of trust should fail because of incomplete"); $tests++;
 $json = json('tmp.json');
 unlink 'tmp.json';