From 2313aee22da0a7e6d2be56a759273e182d507b4c Mon Sep 17 00:00:00 2001 From: Dirk Date: Thu, 1 Sep 2016 19:09:12 +0200 Subject: [PATCH] fix for previously borken HPKP_MIN value --- testssl.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/testssl.sh b/testssl.sh index 614a3e8..d3b1e91 100755 --- a/testssl.sh +++ b/testssl.sh @@ -172,7 +172,7 @@ USLEEP_REC=${USLEEP_REC:-0.2} # sleep time for general socket receive HSTS_MIN=${HSTS_MIN:-179} # >179 days is ok for HSTS HSTS_MIN=$((HSTS_MIN * 86400)) # correct to seconds HPKP_MIN=${HPKP_MIN:-30} # >=30 days should be ok for HPKP_MIN, practical hints? -# HPKP_MIN=$((HPKP_MIN * 86400)) # correct to seconds + HPKP_MIN=$((HPKP_MIN * 86400)) # correct to seconds DAYS2WARN1=${DAYS2WARN1:-60} # days to warn before cert expires, threshold 1 DAYS2WARN2=${DAYS2WARN2:-30} # days to warn before cert expires, threshold 2 VULN_THRESHLD=${VULN_THRESHLD:-1} # if vulnerabilities to check >$VULN_THRESHLD we DON'T show a separate header line in the output each vuln. check @@ -1012,7 +1012,7 @@ run_hpkp() { # print key=value pair with awk, then strip non-numbers, to be improved with proper parsing of key-value with awk hpkp_age_sec=$(awk -F= '/max-age/{max_age=$2; print max_age}' $TMPFILE | sed -E 's/[^[:digit:]]//g') hpkp_age_days=$((hpkp_age_sec / 86400)) - if [[ $hpkp_age_days -ge $HPKP_MIN ]]; then + if [[ $hpkp_age_sec -ge $HPKP_MIN ]]; then pr_done_good "$hpkp_age_days days" ; out "=$hpkp_age_sec s" fileout "hpkp_age" "OK" "HPKP age is set to $hpkp_age_days days ($hpkp_age_sec sec)" else @@ -8684,4 +8684,4 @@ fi exit $? -# $Id: testssl.sh,v 1.536 2016/09/01 17:04:46 dirkw Exp $ +# $Id: testssl.sh,v 1.537 2016/09/01 17:09:11 dirkw Exp $