diff --git a/testssl.sh b/testssl.sh index d8d9b63..845f40f 100755 --- a/testssl.sh +++ b/testssl.sh @@ -196,7 +196,7 @@ TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}" # If you run testssl.sh and it CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}" # You can have your CA stores some place else EXPERIMENTAL=${EXPERIMENTAL:-false} # a development hook which allows us to disable code PROXY_WAIT=${PROXY_WAIT:-20} # waiting at max 20 seconds for socket reply through proxy -DNS_VIA_PROXY=${DNS_VIA_PROXY:-false} # do DNS lookups via proxy. --ip=proxy reverses this +DNS_VIA_PROXY=${DNS_VIA_PROXY:-false} # do DNS lookups via proxy. --ip=proxy reverses this IGN_OCSP_PROXY=${IGN_OCSP_PROXY:-false} # Also when --proxy is supplied it is ignored when testing for revocation via OCSP via --phone-out HEADER_MAXSLEEP=${HEADER_MAXSLEEP:-5} # we wait this long before killing the process to retrieve a service banner / http header MAX_SOCKET_FAIL=${MAX_SOCKET_FAIL:-2} # If this many failures for TCP socket connects are reached we terminate @@ -19986,7 +19986,7 @@ find_openssl_binary() { HAS_ZLIB=false HAS_UDS=false HAS_UDS2=false - TRUSTED1ST="" + TRUSTED1ST="" HAS_ENABLE_PHA=false $OPENSSL ciphers -s 2>&1 | grep -aiq "unknown option" || OSSL_CIPHERS_S="-s" @@ -22041,18 +22041,18 @@ display_rdns_etc() { datebanner() { local scan_time_f="" local node_banner="" - + if [[ -n "PROXY" ]] && $DNS_VIA_PROXY;then - node_banner="$NODE:$PORT" + node_banner="$NODE:$PORT" else - node_banner="$NODEIP:$PORT ($NODE)" + node_banner="$NODEIP:$PORT ($NODE)" fi - + if [[ "$1" =~ Done ]] ; then scan_time_f="$(printf "%04ss" "$SCAN_TIME")" # 4 digits because of windows pr_reverse "$1 $(date +%F) $(date +%T) [$scan_time_f] -->> $node_banner <<--" else - pr_reverse "$1 $(date +%F) $(date +%T) -->> $node_banner <<--" + pr_reverse "$1 $(date +%F) $(date +%T) -->> $node_banner <<--" fi outln "\n" [[ "$1" =~ Start ]] && display_rdns_etc @@ -23970,30 +23970,30 @@ lets_roll() { [[ -z "$NODE" ]] && parse_hn_port "${URI}" # NODE, URL_PATH, PORT, IPADDRs and IP46ADDR is set now prepare_logging - if [[ -n "$PROXY" ]] && $DNS_VIA_PROXY; then - NODEIP="$NODE" - lets_roll "${STARTTLS_PROTOCOL}" - RET=$? - else - determine_ip_addresses - if [[ $(count_words "$IPADDRs") -gt 1 ]]; then # we have more than one ipv4 address to check - MULTIPLE_CHECKS=true - pr_bold "Testing all IPv4 addresses (port $PORT): "; outln "$IPADDRs" - for ip in $IPADDRs; do - draw_line "-" $((TERM_WIDTH * 2 / 3)) - outln - NODEIP="$ip" - lets_roll "${STARTTLS_PROTOCOL}" - RET=$((RET + $?)) # RET value per IP address - done - draw_line "-" $((TERM_WIDTH * 2 / 3)) - outln - pr_bold "Done testing now all IP addresses (on port $PORT): "; outln "$IPADDRs" - else # Just 1x ip4v to check, applies also if CMDLINE_IP was supplied - NODEIP="$IPADDRs" - lets_roll "${STARTTLS_PROTOCOL}" - RET=$? - fi - fi + if [[ -n "$PROXY" ]] && $DNS_VIA_PROXY; then + NODEIP="$NODE" + lets_roll "${STARTTLS_PROTOCOL}" + RET=$? + else + determine_ip_addresses + if [[ $(count_words "$IPADDRs") -gt 1 ]]; then # we have more than one ipv4 address to check + MULTIPLE_CHECKS=true + pr_bold "Testing all IPv4 addresses (port $PORT): "; outln "$IPADDRs" + for ip in $IPADDRs; do + draw_line "-" $((TERM_WIDTH * 2 / 3)) + outln + NODEIP="$ip" + lets_roll "${STARTTLS_PROTOCOL}" + RET=$((RET + $?)) # RET value per IP address + done + draw_line "-" $((TERM_WIDTH * 2 / 3)) + outln + pr_bold "Done testing now all IP addresses (on port $PORT): "; outln "$IPADDRs" + else # Just 1x ip4v to check, applies also if CMDLINE_IP was supplied + NODEIP="$IPADDRs" + lets_roll "${STARTTLS_PROTOCOL}" + RET=$? + fi + fi exit $RET