Merge branch '2.9dev' into openssl_location

This commit is contained in:
David Cooper 2017-03-29 09:01:38 -04:00
commit 312598837f

View File

@ -81,13 +81,13 @@ readonly PS4='|${LINENO}> \011${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
# see stackoverflow.com/questions/5014823/how-to-profile-a-bash-shell-script-slow-startup#20855353
# how to paste both in order to do performance analysis
DEBUGTIME=${DEBUGTIME:-false}
DEBUG_ALLINONE=${DEBUG_ALLINONE:-false} # true: do debugging in one sceen
DEBUGTIME=${DEBUGTIME:-false}
DEBUG_ALLINONE=${DEBUG_ALLINONE:-false} # true: do debugging in one sceen (old behaviour for just debugging)
if grep -q xtrace <<< "$SHELLOPTS"; then
if "$DEBUGTIME" ; then
if "$DEBUGTIME"; then
# separate debugging, doesn't mess up the screen, $DEBUGTIME determines whether we also do performance analysis
exec 42>&2 2> >(tee /tmp/testssl-$$.log | sed -u 's/^.*$/now/' | date -f - +%s.%N >/tmp/testssl-$$.time)
BASH_XTRACEFD=42
# BASH_XTRACEFD=42
else
if ! "$DEBUG_ALLINONE"; then
exec 42>| /tmp/testssl-$$.log
@ -1222,63 +1222,74 @@ out_row_aligned() {
}
# prints text over multiple lines, trying to make no line longer than $max_width.
# Each line is indented with $spaces and each word in $text is printed using $print_function.
# Each line is indented with $spaces.
out_row_aligned_max_width() {
local text="$1"
local spaces="$2"
local -i max_width="$3"
local print_function="$4"
local -i i len
local cr=$'\n'
local line entry first=true last=false
local line
local first=true
max_width=$max_width-1 # at the moment we align to terminal width. This makes sure we don't wrap too late
max_width=$max_width-${#spaces}
len=${#text}
while true; do
i=$max_width
if [[ $i -ge $len ]]; then
if [[ $len -lt $max_width ]]; then
# If the remaining text to print is shorter than $max_width,
# then just print it.
i=$len
else
while true; do
[[ "${text:i:1}" == " " ]] && break
[[ $i -eq 0 ]] && break
i=$i-1
done
if [[ $i -eq 0 ]]; then
i=$max_width+1
while true; do
[[ "${text:i:1}" == " " ]] && break
[[ $i -eq $len ]] && break
i+=1
done
# Find the final space character in the text that is less than
# $max_width characters into the remaining text, and make the
# text up to that space character the next line to print.
line="${text:0:max_width}"
line="${line% *}"
i=${#line}
if [[ $i -eq $max_width ]]; then
# If there are no space characters in the first $max_width
# characters of the remaining text, then make the text up
# to the first space the next line to print. If there are
# no space characters in the remaining text, make the
# remaining text the next line to print.
line="${text#* }"
i=$len-${#line}
[[ $i -eq 0 ]] && i=$len
fi
fi
if [[ $i -eq $len ]]; then
line="$text"
if ! "$first"; then
out "${cr}${spaces}"
fi
last=true
else
line="${text:0:i}"
if ! "$first"; then
out "${cr}${spaces}"
fi
len=$len-$i-1
i=$i+1
text="${text:i:len}"
first=false
[[ $len -eq 0 ]] && last=true
if ! "$first"; then
tm_out "${cr}${spaces}"
fi
while read entry; do
$print_function "$entry" ; out " "
done <<< "$(tr ' ' '\n' <<< "$line")"
"$last" && break
tm_out "${text:0:i}"
[[ $i -eq $len ]] && break
len=$len-$i-1
i=$i+1
text="${text:i:len}"
first=false
[[ $len -eq 0 ]] && break
done
return 0
}
out_row_aligned_max_width_by_entry() {
local text="$1"
local spaces="$2"
local -i max_width="$3"
local print_function="$4"
local resp entry prev_entry=" "
resp="$(out_row_aligned_max_width "$text" "$spaces" "$max_width")"
while read -d " " entry; do
if [[ -n "$entry" ]]; then
$print_function "$entry"
elif [[ -n "$prev_entry" ]]; then
outln; out " "
fi
out " "
prev_entry="$entry"
done <<< "$resp"
}
tmpfile_handle() {
mv $TMPFILE "$TEMPDIR/$NODEIP.$1" 2>/dev/null
@ -4877,7 +4888,7 @@ cipher_pref_check() {
if [[ -n "$order" ]]; then
outln
out "$(printf " %-10s " "$proto: ")"
out_row_aligned_max_width "$order" " " $TERM_WIDTH out
out "$(out_row_aligned_max_width "$order" " " $TERM_WIDTH)"
fileout "order_$p" "INFO" "Default cipher order for protocol $p: $order"
fi
done
@ -5773,7 +5784,7 @@ certificate_info() {
while read san; do
[[ -n "$san" ]] && all_san+="$san "
done <<< "$sans"
out_row_aligned_max_width "$all_san" "$indent " $TERM_WIDTH pr_italic
pr_italic "$(out_row_aligned_max_width "$all_san" "$indent " $TERM_WIDTH)"
fileout "${json_prefix}san" "INFO" "subjectAltName (SAN) : $all_san"
else
out "-- "
@ -6078,7 +6089,7 @@ run_server_defaults() {
local -a previous_hostcert previous_intermediates keysize cipher
local -a ocsp_response ocsp_response_status sni_used
local -a ciphers_to_test success
local cn_nosni cn_sni sans_nosni sans_sni san
local cn_nosni cn_sni sans_nosni sans_sni san tls_extensions
local alpn_proto alpn="" alpn_list_len_hex alpn_extn_len_hex success
local -i alpn_list_len alpn_extn_len
@ -6216,7 +6227,16 @@ run_server_defaults() {
fileout "tls_extensions" "INFO" "TLS server extensions (std): (none)"
else
#FIXME: we rather want to have the chance to print each ext in italcs or another format. Atm is a string of quoted strings -- that needs to be fixed at the root
out_row_aligned_max_width "$TLS_EXTENSIONS" " " $TERM_WIDTH out; outln
# out_row_aligned_max_width() places line breaks at space characters.
# So, in order to prevent the text for an extension from being broken
# across lines, temporarily replace space characters within the text
# of an extension with "}", and then convert the "}" back to space in
# the output of out_row_aligned_max_width().
tls_extensions="${TLS_EXTENSIONS// /{}"
tls_extensions="${tls_extensions//\"{\"/\" \"}"
tls_extensions="$(out_row_aligned_max_width "$tls_extensions" " " $TERM_WIDTH)"
tls_extensions="${tls_extensions//{/ }"
outln "$tls_extensions"
fileout "tls_extensions" "INFO" "TLS server extensions (std): $TLS_EXTENSIONS"
fi
@ -6443,7 +6463,7 @@ run_pfs() {
outln "${sigalg[i]}"
fi
done
! "$WIDE" && out_row_aligned_max_width "$pfs_ciphers" " " $TERM_WIDTH out
! "$WIDE" && out "$(out_row_aligned_max_width "$pfs_ciphers" " " $TERM_WIDTH)"
debugme echo $pfs_offered
"$WIDE" || outln
fileout "pfs_ciphers" "INFO" "(Perfect) Forward Secrecy Ciphers: $pfs_ciphers"
@ -6524,7 +6544,7 @@ run_pfs() {
if [[ -n "$curves_offered" ]]; then
"$WIDE" && outln
pr_bold " Elliptic curves offered: "
out_row_aligned_max_width "$curves_offered" " " $TERM_WIDTH pr_ecdh_curve_quality
out_row_aligned_max_width_by_entry "$curves_offered" " " $TERM_WIDTH pr_ecdh_curve_quality
outln
fileout "ecdhe_curves" "INFO" "Elliptic curves offered $curves_offered"
fi
@ -10079,8 +10099,8 @@ run_beast(){
! "$first" && out "$spaces"
out "$(toupper $proto): "
[[ -n "$higher_proto_supported" ]] && \
out_row_aligned_max_width "$detected_cbc_ciphers" " " $TERM_WIDTH pr_svrty_low || \
out_row_aligned_max_width "$detected_cbc_ciphers" " " $TERM_WIDTH pr_svrty_medium
pr_svrty_low "$(out_row_aligned_max_width "$detected_cbc_ciphers" " " $TERM_WIDTH)" || \
pr_svrty_medium "$(out_row_aligned_max_width "$detected_cbc_ciphers" " " $TERM_WIDTH)"
outln
detected_cbc_ciphers="" # empty for next round
first=false
@ -10417,7 +10437,7 @@ run_rc4() {
fi
fi
done
! "$WIDE" && out_row_aligned_max_width "$rc4_detected" " " $TERM_WIDTH pr_svrty_high
! "$WIDE" && pr_svrty_high "$(out_row_aligned_max_width "$rc4_detected" " " $TERM_WIDTH)"
outln
"$WIDE" && pr_svrty_high "VULNERABLE (NOT ok)"
fileout "rc4" "HIGH" "RC4: VULNERABLE, Detected ciphers: $rc4_detected" "$cve" "$cwe" "$hint"
@ -11665,8 +11685,7 @@ display_rdns_etc() {
further_ip_addrs+="$ip "
fi
done
out_row_aligned_max_width "$further_ip_addrs" " $CORRECT_SPACES" $TERM_WIDTH out
outln
outln "$(out_row_aligned_max_width "$further_ip_addrs" " $CORRECT_SPACES" $TERM_WIDTH)"
fi
if "$LOCAL_A"; then
outln " A record via $CORRECT_SPACES /etc/hosts "
@ -11675,7 +11694,7 @@ display_rdns_etc() {
fi
if [[ -n "$rDNS" ]]; then
out "$(printf " %-23s %s" "rDNS ($nodeip):")"
out_row_aligned_max_width "$rDNS" " $CORRECT_SPACES" $TERM_WIDTH out
out "$(out_row_aligned_max_width "$rDNS" " $CORRECT_SPACES" $TERM_WIDTH)"
fi
}