mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-20 23:49:30 +01:00
Polish #646
"=~" doesn't need quotes if there's a text string one wants to match against (and shellcheck complains about this) pr_magenta shouldn't be used anymore as the logic what color we use should be done some place else.
This commit is contained in:
parent
f7c3139545
commit
2232929bc5
50
testssl.sh
50
testssl.sh
@ -2265,7 +2265,7 @@ show_rfc_style(){
|
||||
}
|
||||
|
||||
neat_header(){
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ "rfc" ]]; then
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
|
||||
printf -- "Hexcode Cipher Suite Name (RFC) KeyExch. Encryption Bits"
|
||||
[[ "$DISPLAY_CIPHERNAMES" != "rfc-only" ]] && printf -- " Cipher Suite Name (OpenSSL)"
|
||||
outln
|
||||
@ -2304,12 +2304,12 @@ neat_list(){
|
||||
enc="${enc//POLY1305/}" # remove POLY1305
|
||||
enc="${enc//\//}" # remove "/"
|
||||
|
||||
echo "$export" | grep -iq export && strength="$strength,exp"
|
||||
grep -iq export <<< "$export" && strength="$strength,exp"
|
||||
|
||||
[[ "$DISPLAY_CIPHERNAMES" != "openssl-only" ]] && tls_cipher="$(show_rfc_style "$hexcode")"
|
||||
|
||||
if [[ "$5" == "false" ]]; then
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ "rfc" ]]; then
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
|
||||
line="$(printf -- " %-7s %-49s %-10s %-12s%-8s" "$hexcode" "$tls_cipher" "$kx" "$enc" "$strength")"
|
||||
[[ "$DISPLAY_CIPHERNAMES" != "rfc-only" ]] && line+="$(printf -- " %-33s${SHOW_EACH_C:+ %-0s}" "$ossl_cipher")"
|
||||
else
|
||||
@ -2332,7 +2332,7 @@ neat_list(){
|
||||
done
|
||||
fi
|
||||
#echo "${#kx}" # should be always 20 / 13
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ "rfc" ]]; then
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
|
||||
printf -- " %-7s %-49s %-10s %-12s%-8s" "$hexcode" "$tls_cipher" "$kx" "$enc" "$strength"
|
||||
[[ "$DISPLAY_CIPHERNAMES" != "rfc-only" ]] && printf -- " %-33s${SHOW_EACH_C:+ %-0s}" "$ossl_cipher"
|
||||
else
|
||||
@ -4196,10 +4196,10 @@ run_client_simulation() {
|
||||
fi
|
||||
#FiXME: awk
|
||||
cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]] && ( [[ "$cipher" == TLS_* ]] || [[ "$cipher" == SSL_* ]] ); then
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && ( [[ "$cipher" == TLS_* ]] || [[ "$cipher" == SSL_* ]] ); then
|
||||
cipher="$(rfc2openssl "$cipher")"
|
||||
[[ -z "$cipher" ]] && cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
|
||||
elif [[ "$DISPLAY_CIPHERNAMES" =~ "rfc" ]] && [[ "$cipher" != TLS_* ]] && [[ "$cipher" != SSL_* ]]; then
|
||||
elif [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]] && [[ "$cipher" != TLS_* ]] && [[ "$cipher" != SSL_* ]]; then
|
||||
cipher="$(openssl2rfc "$cipher")"
|
||||
[[ -z "$cipher" ]] && cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
|
||||
fi
|
||||
@ -4962,7 +4962,7 @@ run_server_preference() {
|
||||
|
||||
pr_bold " Negotiated cipher "
|
||||
default_cipher_ossl=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]]; then
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then
|
||||
default_cipher="$default_cipher_ossl"
|
||||
else
|
||||
default_cipher="$(openssl2rfc "$default_cipher_ossl")"
|
||||
@ -5021,7 +5021,7 @@ run_server_preference() {
|
||||
cipher1="${TLS_CIPHER_HEXCODE[j]}"
|
||||
cipher1="$(tolower "x${cipher1:2:2}${cipher1:7:2}${cipher1:12:2}")"
|
||||
if [[ "$supported_sslv2_ciphers" =~ "$cipher1" ]]; then
|
||||
if ( [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]] && [[ "${TLS_CIPHER_OSSL_NAME[j]}" != "-" ]] ) || [[ "${TLS_CIPHER_RFC_NAME[j]}" == "-" ]]; then
|
||||
if ( [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ "${TLS_CIPHER_OSSL_NAME[j]}" != "-" ]] ) || [[ "${TLS_CIPHER_RFC_NAME[j]}" == "-" ]]; then
|
||||
cipher[i]="${TLS_CIPHER_OSSL_NAME[j]}"
|
||||
else
|
||||
cipher[i]="${TLS_CIPHER_RFC_NAME[j]}"
|
||||
@ -5046,7 +5046,7 @@ run_server_preference() {
|
||||
proto[i]="SSLv3"
|
||||
cipher[i]=""
|
||||
cipher1=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]] && [[ $TLS_NR_CIPHERS -ne 0 ]]; then
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ $TLS_NR_CIPHERS -ne 0 ]]; then
|
||||
cipher[i]="$(rfc2openssl "$cipher1")"
|
||||
[[ -z "${cipher[i]}" ]] && cipher[i]="$cipher1"
|
||||
fi
|
||||
@ -5063,7 +5063,7 @@ run_server_preference() {
|
||||
proto[i]=$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol.*://' -e 's/ //g')
|
||||
cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
||||
[[ ${cipher[i]} == "0000" ]] && cipher[i]="" # Hack!
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ "rfc" ]] && [[ -n "${cipher[i]}" ]]; then
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]] && [[ -n "${cipher[i]}" ]]; then
|
||||
cipher[i]="$(openssl2rfc "${cipher[i]}")"
|
||||
[[ -z "${cipher[i]}" ]] && cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
||||
fi
|
||||
@ -5087,7 +5087,7 @@ run_server_preference() {
|
||||
cipher[i]=""
|
||||
else
|
||||
cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ "rfc" ]] && [[ -n "${cipher[i]}" ]]; then
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]] && [[ -n "${cipher[i]}" ]]; then
|
||||
cipher[i]="$(openssl2rfc "${cipher[i]}")"
|
||||
[[ -z "${cipher[i]}" ]] && cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
||||
fi
|
||||
@ -5102,7 +5102,7 @@ run_server_preference() {
|
||||
if [[ -n "${cipher[i]}" ]]; then # cipher not empty
|
||||
if [[ -z "${cipher[i-1]}" ]]; then # previous one empty
|
||||
#outln
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]]; then
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then
|
||||
printf -- " %-30s %s" "${cipher[i]}:" "${proto[i]}" # print out both
|
||||
else
|
||||
printf -- " %-51s %s" "${cipher[i]}:" "${proto[i]}" # print out both
|
||||
@ -5112,7 +5112,7 @@ run_server_preference() {
|
||||
out ", ${proto[i]}" # same cipher --> only print out protocol behind it
|
||||
else
|
||||
outln
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]]; then
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then
|
||||
printf -- " %-30s %s" "${cipher[i]}:" "${proto[i]}" # print out both
|
||||
else
|
||||
printf -- " %-51s %s" "${cipher[i]}:" "${proto[i]}" # print out both
|
||||
@ -5373,14 +5373,14 @@ cipher_pref_check() {
|
||||
for (( i=0; i < nr_ciphers; i++ )); do
|
||||
[[ "$cipher" == "${rfc_ciph[i]}" ]] && ciphers_found2[i]=true && break
|
||||
done
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]] && [[ $TLS_NR_CIPHERS -ne 0 ]]; then
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ $TLS_NR_CIPHERS -ne 0 ]]; then
|
||||
cipher="$(rfc2openssl "$cipher")"
|
||||
# If there is no OpenSSL name for the cipher, then use the RFC name
|
||||
[[ -z "$cipher" ]] && cipher=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
||||
fi
|
||||
order+="$cipher "
|
||||
done
|
||||
elif [[ -n "$order" ]] && [[ "$DISPLAY_CIPHERNAMES" =~ "rfc" ]]; then
|
||||
elif [[ -n "$order" ]] && [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
|
||||
rfc_order=""
|
||||
while read -d " " cipher; do
|
||||
rfc_ciph="$(openssl2rfc "$cipher")"
|
||||
@ -5422,7 +5422,7 @@ cipher_pref_check() {
|
||||
order+="$cipher "
|
||||
done
|
||||
fi
|
||||
if [[ -n "$order" ]] && [[ "$DISPLAY_CIPHERNAMES" =~ "rfc" ]]; then
|
||||
if [[ -n "$order" ]] && [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
|
||||
rfc_order=""
|
||||
while read -d " " cipher; do
|
||||
rfc_ciph="$(openssl2rfc "$cipher")"
|
||||
@ -6964,7 +6964,7 @@ run_pfs() {
|
||||
for (( i=0; i < nr_supported_ciphers; i++ )); do
|
||||
! "${ciphers_found[i]}" && ! "$SHOW_EACH_C" && continue
|
||||
if "${ciphers_found[i]}"; then
|
||||
if ( [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]] && [[ "${ciph[i]}" != "-" ]] ) || [[ "${rfc_ciph[i]}" == "-" ]]; then
|
||||
if ( [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ "${ciph[i]}" != "-" ]] ) || [[ "${rfc_ciph[i]}" == "-" ]]; then
|
||||
pfs_cipher="${ciph[i]}"
|
||||
else
|
||||
pfs_cipher="${rfc_ciph[i]}"
|
||||
@ -10556,7 +10556,7 @@ run_beast(){
|
||||
[[ "$cbc_cipher" == "${ciph[i]}" ]] && break
|
||||
done
|
||||
ciphers_found[i]=true
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]] || [[ "${rfc_ciph[i]}" == "-" ]]; then
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] || [[ "${rfc_ciph[i]}" == "-" ]]; then
|
||||
detected_cbc_ciphers+="${ciph[i]} "
|
||||
else
|
||||
detected_cbc_ciphers+="${rfc_ciph[i]} "
|
||||
@ -10587,7 +10587,7 @@ run_beast(){
|
||||
[[ "$cbc_cipher" == "${rfc_ciph[i]}" ]] && break
|
||||
done
|
||||
ciphers_found[i]=true
|
||||
if ( [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]] && [[ "${ciph[i]}" != "-" ]] ) || [[ "${rfc_ciph[i]}" == "-" ]]; then
|
||||
if ( [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ "${ciph[i]}" != "-" ]] ) || [[ "${rfc_ciph[i]}" == "-" ]]; then
|
||||
detected_cbc_ciphers+=" ${ciph[i]}"
|
||||
else
|
||||
detected_cbc_ciphers+=" ${rfc_ciph[i]}"
|
||||
@ -10965,7 +10965,7 @@ run_rc4() {
|
||||
outln "${sigalg[i]}"
|
||||
fi
|
||||
if "${ciphers_found[i]}"; then
|
||||
if ( [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]] && [[ "${ciph[i]}" != "-" ]] ) || [[ "${rfc_ciph[i]}" == "-" ]]; then
|
||||
if ( [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ "${ciph[i]}" != "-" ]] ) || [[ "${rfc_ciph[i]}" == "-" ]]; then
|
||||
rc4_detected+="${ciph[i]} "
|
||||
else
|
||||
rc4_detected+="${rfc_ciph[i]} "
|
||||
@ -11316,10 +11316,10 @@ output options (can also be preset via environment variables):
|
||||
--quiet don't output the banner. By doing this you acknowledge usage terms normally appearing in the banner
|
||||
--wide wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name
|
||||
--show-each for wide outputs: display all ciphers tested -- not only succeeded ones
|
||||
--mapping <openssl|rfc| (openssl: use the OpenSSL Cipher suite name as the primary name cipher suite name form (default);
|
||||
no-openssl|no-rfc> rfc: use the RFC Cipher suite name as the primary name cipher suite name form;
|
||||
no-openssl: don't display the OpenSSL Cipher Suite Name;
|
||||
no-rfc: don't display the RFC Cipher Suite Name)
|
||||
--mapping <openssl| openssl: use the OpenSSL Cipher suite name as the primary name cipher suite name form (default)
|
||||
rfc| rfc: use the RFC Cipher suite name as the primary name cipher suite name form
|
||||
no-openssl| no-openssl: don't display the OpenSSL Cipher Suite Name, display RFC names only
|
||||
no-rfc> no-rfc: don't display the RFC Cipher Suite Name, display OpenSSL names only
|
||||
--color <0|1|2> 0: no escape or other codes, 1: b/w escape codes, 2: color (default)
|
||||
--colorblind swap green and blue in the output
|
||||
--debug <0-6> 1: screen output normal but keeps debug output in /tmp/. 2-6: see "grep -A 5 '^DEBUG=' testssl.sh"
|
||||
@ -12764,7 +12764,7 @@ parse_cmd_line() {
|
||||
no-rfc) DISPLAY_CIPHERNAMES="openssl-only" ;;
|
||||
openssl) DISPLAY_CIPHERNAMES="openssl" ;;
|
||||
rfc) DISPLAY_CIPHERNAMES="rfc" ;;
|
||||
*) pr_magentaln "\nmapping can only be \"no-openssl\", \"no-rfc\", \"openssl\", or \"rfc\""
|
||||
*) pr_warningln "\nmapping can only be \"no-openssl\", \"no-rfc\", \"openssl\" or \"rfc\""
|
||||
help 1 ;;
|
||||
esac
|
||||
;;
|
||||
|
Loading…
Reference in New Issue
Block a user