mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-03 23:39:45 +01:00
- tempfile handling: every function leaves one, if DEBUG is set
- FIX*2: OPENSSL_CONF/GOST_CONF
This commit is contained in:
Dirk
parent
8635012cf5
commit
21493fb788
61
testssl.sh
61
testssl.sh
@ -212,7 +212,11 @@ boldandunder() { [[ "$COLOR" != 0 ]] && out "\033[1m\033[4m$1" || out "$1" ; off
|
|||||||
reverse() { [[ "$COLOR" != 0 ]] && out "\033[7m$1" || out "$1" ; off; }
|
reverse() { [[ "$COLOR" != 0 ]] && out "\033[7m$1" || out "$1" ; off; }
|
||||||
|
|
||||||
tmpfile_handle() {
|
tmpfile_handle() {
|
||||||
[[ "$DEBUG" -eq 0 ]] && rm $TMPFILE
|
if [[ "$DEBUG" -eq 0 ]] ; then
|
||||||
|
rm $TMPFILE
|
||||||
|
else
|
||||||
|
mv $TMPFILE "$TEMPDIR/$1"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -323,7 +327,7 @@ runs_HTTP() {
|
|||||||
*) outln " Couldn't determine what's running on port $PORT, assuming not HTTP\n" ;;
|
*) outln " Couldn't determine what's running on port $PORT, assuming not HTTP\n" ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
tmpfile_handle $TMPFILE
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -341,7 +345,7 @@ poodle() {
|
|||||||
fi
|
fi
|
||||||
outln
|
outln
|
||||||
|
|
||||||
tmpfile_handle $TMPFILE
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -411,7 +415,7 @@ hsts() {
|
|||||||
fi
|
fi
|
||||||
outln
|
outln
|
||||||
|
|
||||||
tmpfile_handle $TMPFILE
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return $?
|
return $?
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -437,7 +441,7 @@ hpkp() {
|
|||||||
fi
|
fi
|
||||||
outln
|
outln
|
||||||
|
|
||||||
tmpfile_handle $TMPFILE
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return $?
|
return $?
|
||||||
}
|
}
|
||||||
#FIXME: report-uri
|
#FIXME: report-uri
|
||||||
@ -472,7 +476,7 @@ serverbanner() {
|
|||||||
fi
|
fi
|
||||||
outln
|
outln
|
||||||
|
|
||||||
tmpfile_handle $TMPFILE
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return $?
|
return $?
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -491,6 +495,8 @@ secure_cookie() { # ARG1: Path
|
|||||||
outln "no secure flag"
|
outln "no secure flag"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
#FIXME: Access-Control-Allow-Origin, CSP, Upgrade, X-Frame-Options, X-XSS-Protection, X-Content-Type-Options
|
#FIXME: Access-Control-Allow-Origin, CSP, Upgrade, X-Frame-Options, X-XSS-Protection, X-Content-Type-Options
|
||||||
@ -548,6 +554,8 @@ listciphers() {
|
|||||||
$OPENSSL ciphers "$VERB_CLIST" $1 &>$TMPFILE
|
$OPENSSL ciphers "$VERB_CLIST" $1 &>$TMPFILE
|
||||||
ret=$?
|
ret=$?
|
||||||
[[ $LOCERR -eq 1 ]] && cat $TMPFILE
|
[[ $LOCERR -eq 1 ]] && cat $TMPFILE
|
||||||
|
|
||||||
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -583,7 +591,7 @@ std_cipherlists() {
|
|||||||
ok 0 1 # was not offered --> green
|
ok 0 1 # was not offered --> green
|
||||||
fi ;;
|
fi ;;
|
||||||
esac
|
esac
|
||||||
tmpfile_handle $TMPFILE
|
tmpfile_handle $FUNCNAME.txt
|
||||||
else
|
else
|
||||||
singlespaces=`echo "$2" | sed -e 's/ \+/ /g' -e 's/^ //' -e 's/ $//g' -e 's/ //g'`
|
singlespaces=`echo "$2" | sed -e 's/ \+/ /g' -e 's/^ //' -e 's/ $//g' -e 's/ //g'`
|
||||||
magentaln "Local problem: No $singlespaces configured in $OPENSSL"
|
magentaln "Local problem: No $singlespaces configured in $OPENSSL"
|
||||||
@ -683,10 +691,9 @@ test_just_one(){
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
|
||||||
outln
|
outln
|
||||||
tmpfile_handle $TMPFILE
|
|
||||||
|
|
||||||
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -712,7 +719,7 @@ allciphers(){
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
outln
|
outln
|
||||||
tmpfile_handle $TMPFILE
|
tmpfile_handle $FUNCNAME.txt
|
||||||
done
|
done
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
@ -740,7 +747,7 @@ cipher_per_proto(){
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
outln
|
outln
|
||||||
tmpfile_handle $TMPFILE
|
tmpfile_handle $FUNCNAME.txt
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
|
||||||
@ -773,7 +780,7 @@ testversion_new() {
|
|||||||
ret=5
|
ret=5
|
||||||
fi
|
fi
|
||||||
|
|
||||||
tmpfile_handle $TMPFILE
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1007,8 +1014,7 @@ server_defaults() {
|
|||||||
#fi
|
#fi
|
||||||
#http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html
|
#http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html
|
||||||
|
|
||||||
cp -p $TMPFILE $TMPFILE.tlsextdebug+status
|
tmpfile_handle tlsextdebug+status.txt
|
||||||
tmpfile_handle $TMPFILE
|
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1076,7 +1082,7 @@ pfs() {
|
|||||||
fi
|
fi
|
||||||
outln
|
outln
|
||||||
fi
|
fi
|
||||||
tmpfile_handle $TMPFILE
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1122,7 +1128,7 @@ rc4() {
|
|||||||
bad=0
|
bad=0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
tmpfile_handle $TMPFILE
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return $bad
|
return $bad
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1177,7 +1183,7 @@ spdy(){
|
|||||||
outln
|
outln
|
||||||
# btw: nmap can do that too http://nmap.org/nsedoc/scripts/tls-nextprotoneg.html
|
# btw: nmap can do that too http://nmap.org/nsedoc/scripts/tls-nextprotoneg.html
|
||||||
# nmap --script=tls-nextprotoneg #NODE -p $PORT is your friend if your openssl doesn't want to test this
|
# nmap --script=tls-nextprotoneg #NODE -p $PORT is your friend if your openssl doesn't want to test this
|
||||||
tmpfile_handle $TMPFILE
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1300,7 +1306,7 @@ ccs_injection(){
|
|||||||
outln
|
outln
|
||||||
|
|
||||||
close_socket
|
close_socket
|
||||||
tmpfile_handle $TMPFILE
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1402,7 +1408,7 @@ heartbleed(){
|
|||||||
outln
|
outln
|
||||||
|
|
||||||
close_socket
|
close_socket
|
||||||
tmpfile_handle $TMPFILE
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1642,6 +1648,7 @@ starttls() {
|
|||||||
ret=2
|
ret=2
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1750,10 +1757,12 @@ initialize_engine(){
|
|||||||
litemagenta "No engine or GOST support via engine with your $OPENSSL"; outln "\n"
|
litemagenta "No engine or GOST support via engine with your $OPENSSL"; outln "\n"
|
||||||
return 1
|
return 1
|
||||||
else
|
else
|
||||||
if [ -z "$OPENSSL_CONF" ]; then
|
if [ ! -z "$OPENSSL_CONF" ]; then
|
||||||
GOST_CONF=`mktemp /tmp/ssltester.GOST.XXXXXX` || exit 6
|
litemagenta "For now I am providing the config file in to have GOST support"; outln
|
||||||
|
else
|
||||||
|
OPENSSL_CONF=$TMPDIR/gost.conf || exit 6
|
||||||
# see https://www.mail-archive.com/openssl-users@openssl.org/msg65395.html
|
# see https://www.mail-archive.com/openssl-users@openssl.org/msg65395.html
|
||||||
cat >$GOST_CONF << EOF
|
cat >$OPENSSL_CONF << EOF
|
||||||
openssl_conf = openssl_def
|
openssl_conf = openssl_def
|
||||||
|
|
||||||
[ openssl_def ]
|
[ openssl_def ]
|
||||||
@ -1768,11 +1777,7 @@ default_algorithms = ALL
|
|||||||
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
|
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
export OPENSSL_CONF=$GOST_CONF
|
export OPENSSL_CONF
|
||||||
else
|
|
||||||
litemagenta "For now I am providing the config file in to have GOST support"; outln
|
|
||||||
sleep 2
|
|
||||||
outln
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
return 0
|
return 0
|
||||||
@ -2125,6 +2130,6 @@ case "$1" in
|
|||||||
exit $ret ;;
|
exit $ret ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.156 2014/12/19 06:12:18 dirkw Exp $
|
# $Id: testssl.sh,v 1.157 2014/12/19 16:02:25 dirkw Exp $
|
||||||
# vim:ts=5:sw=5
|
# vim:ts=5:sw=5
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user