mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-10-30 21:35:26 +01:00
Merge branch '2.9dev' into openssl_location
This commit is contained in:
David Cooper
121
testssl.sh
121
testssl.sh
@@ -82,12 +82,12 @@ readonly PS4='|${LINENO}> \011${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
|
|||||||
# see stackoverflow.com/questions/5014823/how-to-profile-a-bash-shell-script-slow-startup#20855353
|
# see stackoverflow.com/questions/5014823/how-to-profile-a-bash-shell-script-slow-startup#20855353
|
||||||
# how to paste both in order to do performance analysis
|
# how to paste both in order to do performance analysis
|
||||||
DEBUGTIME=${DEBUGTIME:-false}
|
DEBUGTIME=${DEBUGTIME:-false}
|
||||||
DEBUG_ALLINONE=${DEBUG_ALLINONE:-false} # true: do debugging in one sceen
|
DEBUG_ALLINONE=${DEBUG_ALLINONE:-false} # true: do debugging in one sceen (old behaviour for just debugging)
|
||||||
if grep -q xtrace <<< "$SHELLOPTS"; then
|
if grep -q xtrace <<< "$SHELLOPTS"; then
|
||||||
if "$DEBUGTIME" ; then
|
if "$DEBUGTIME"; then
|
||||||
# separate debugging, doesn't mess up the screen, $DEBUGTIME determines whether we also do performance analysis
|
# separate debugging, doesn't mess up the screen, $DEBUGTIME determines whether we also do performance analysis
|
||||||
exec 42>&2 2> >(tee /tmp/testssl-$$.log | sed -u 's/^.*$/now/' | date -f - +%s.%N >/tmp/testssl-$$.time)
|
exec 42>&2 2> >(tee /tmp/testssl-$$.log | sed -u 's/^.*$/now/' | date -f - +%s.%N >/tmp/testssl-$$.time)
|
||||||
BASH_XTRACEFD=42
|
# BASH_XTRACEFD=42
|
||||||
else
|
else
|
||||||
if ! "$DEBUG_ALLINONE"; then
|
if ! "$DEBUG_ALLINONE"; then
|
||||||
exec 42>| /tmp/testssl-$$.log
|
exec 42>| /tmp/testssl-$$.log
|
||||||
@@ -1222,63 +1222,74 @@ out_row_aligned() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# prints text over multiple lines, trying to make no line longer than $max_width.
|
# prints text over multiple lines, trying to make no line longer than $max_width.
|
||||||
# Each line is indented with $spaces and each word in $text is printed using $print_function.
|
# Each line is indented with $spaces.
|
||||||
out_row_aligned_max_width() {
|
out_row_aligned_max_width() {
|
||||||
local text="$1"
|
local text="$1"
|
||||||
local spaces="$2"
|
local spaces="$2"
|
||||||
local -i max_width="$3"
|
local -i max_width="$3"
|
||||||
local print_function="$4"
|
|
||||||
local -i i len
|
local -i i len
|
||||||
local cr=$'\n'
|
local cr=$'\n'
|
||||||
local line entry first=true last=false
|
local line
|
||||||
|
local first=true
|
||||||
|
|
||||||
max_width=$max_width-1 # at the moment we align to terminal width. This makes sure we don't wrap too late
|
|
||||||
max_width=$max_width-${#spaces}
|
max_width=$max_width-${#spaces}
|
||||||
len=${#text}
|
len=${#text}
|
||||||
while true; do
|
while true; do
|
||||||
i=$max_width
|
if [[ $len -lt $max_width ]]; then
|
||||||
if [[ $i -ge $len ]]; then
|
# If the remaining text to print is shorter than $max_width,
|
||||||
|
# then just print it.
|
||||||
i=$len
|
i=$len
|
||||||
else
|
else
|
||||||
while true; do
|
# Find the final space character in the text that is less than
|
||||||
[[ "${text:i:1}" == " " ]] && break
|
# $max_width characters into the remaining text, and make the
|
||||||
[[ $i -eq 0 ]] && break
|
# text up to that space character the next line to print.
|
||||||
i=$i-1
|
line="${text:0:max_width}"
|
||||||
done
|
line="${line% *}"
|
||||||
if [[ $i -eq 0 ]]; then
|
i=${#line}
|
||||||
i=$max_width+1
|
if [[ $i -eq $max_width ]]; then
|
||||||
while true; do
|
# If there are no space characters in the first $max_width
|
||||||
[[ "${text:i:1}" == " " ]] && break
|
# characters of the remaining text, then make the text up
|
||||||
|
# to the first space the next line to print. If there are
|
||||||
|
# no space characters in the remaining text, make the
|
||||||
|
# remaining text the next line to print.
|
||||||
|
line="${text#* }"
|
||||||
|
i=$len-${#line}
|
||||||
|
[[ $i -eq 0 ]] && i=$len
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if ! "$first"; then
|
||||||
|
tm_out "${cr}${spaces}"
|
||||||
|
fi
|
||||||
|
tm_out "${text:0:i}"
|
||||||
[[ $i -eq $len ]] && break
|
[[ $i -eq $len ]] && break
|
||||||
i+=1
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
if [[ $i -eq $len ]]; then
|
|
||||||
line="$text"
|
|
||||||
if ! "$first"; then
|
|
||||||
out "${cr}${spaces}"
|
|
||||||
fi
|
|
||||||
last=true
|
|
||||||
else
|
|
||||||
line="${text:0:i}"
|
|
||||||
if ! "$first"; then
|
|
||||||
out "${cr}${spaces}"
|
|
||||||
fi
|
|
||||||
len=$len-$i-1
|
len=$len-$i-1
|
||||||
i=$i+1
|
i=$i+1
|
||||||
text="${text:i:len}"
|
text="${text:i:len}"
|
||||||
first=false
|
first=false
|
||||||
[[ $len -eq 0 ]] && last=true
|
[[ $len -eq 0 ]] && break
|
||||||
fi
|
|
||||||
while read entry; do
|
|
||||||
$print_function "$entry" ; out " "
|
|
||||||
done <<< "$(tr ' ' '\n' <<< "$line")"
|
|
||||||
"$last" && break
|
|
||||||
done
|
done
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
out_row_aligned_max_width_by_entry() {
|
||||||
|
local text="$1"
|
||||||
|
local spaces="$2"
|
||||||
|
local -i max_width="$3"
|
||||||
|
local print_function="$4"
|
||||||
|
local resp entry prev_entry=" "
|
||||||
|
|
||||||
|
resp="$(out_row_aligned_max_width "$text" "$spaces" "$max_width")"
|
||||||
|
while read -d " " entry; do
|
||||||
|
if [[ -n "$entry" ]]; then
|
||||||
|
$print_function "$entry"
|
||||||
|
elif [[ -n "$prev_entry" ]]; then
|
||||||
|
outln; out " "
|
||||||
|
fi
|
||||||
|
out " "
|
||||||
|
prev_entry="$entry"
|
||||||
|
done <<< "$resp"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
tmpfile_handle() {
|
tmpfile_handle() {
|
||||||
mv $TMPFILE "$TEMPDIR/$NODEIP.$1" 2>/dev/null
|
mv $TMPFILE "$TEMPDIR/$NODEIP.$1" 2>/dev/null
|
||||||
@@ -4877,7 +4888,7 @@ cipher_pref_check() {
|
|||||||
if [[ -n "$order" ]]; then
|
if [[ -n "$order" ]]; then
|
||||||
outln
|
outln
|
||||||
out "$(printf " %-10s " "$proto: ")"
|
out "$(printf " %-10s " "$proto: ")"
|
||||||
out_row_aligned_max_width "$order" " " $TERM_WIDTH out
|
out "$(out_row_aligned_max_width "$order" " " $TERM_WIDTH)"
|
||||||
fileout "order_$p" "INFO" "Default cipher order for protocol $p: $order"
|
fileout "order_$p" "INFO" "Default cipher order for protocol $p: $order"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
@@ -5773,7 +5784,7 @@ certificate_info() {
|
|||||||
while read san; do
|
while read san; do
|
||||||
[[ -n "$san" ]] && all_san+="$san "
|
[[ -n "$san" ]] && all_san+="$san "
|
||||||
done <<< "$sans"
|
done <<< "$sans"
|
||||||
out_row_aligned_max_width "$all_san" "$indent " $TERM_WIDTH pr_italic
|
pr_italic "$(out_row_aligned_max_width "$all_san" "$indent " $TERM_WIDTH)"
|
||||||
fileout "${json_prefix}san" "INFO" "subjectAltName (SAN) : $all_san"
|
fileout "${json_prefix}san" "INFO" "subjectAltName (SAN) : $all_san"
|
||||||
else
|
else
|
||||||
out "-- "
|
out "-- "
|
||||||
@@ -6078,7 +6089,7 @@ run_server_defaults() {
|
|||||||
local -a previous_hostcert previous_intermediates keysize cipher
|
local -a previous_hostcert previous_intermediates keysize cipher
|
||||||
local -a ocsp_response ocsp_response_status sni_used
|
local -a ocsp_response ocsp_response_status sni_used
|
||||||
local -a ciphers_to_test success
|
local -a ciphers_to_test success
|
||||||
local cn_nosni cn_sni sans_nosni sans_sni san
|
local cn_nosni cn_sni sans_nosni sans_sni san tls_extensions
|
||||||
local alpn_proto alpn="" alpn_list_len_hex alpn_extn_len_hex success
|
local alpn_proto alpn="" alpn_list_len_hex alpn_extn_len_hex success
|
||||||
local -i alpn_list_len alpn_extn_len
|
local -i alpn_list_len alpn_extn_len
|
||||||
|
|
||||||
@@ -6216,7 +6227,16 @@ run_server_defaults() {
|
|||||||
fileout "tls_extensions" "INFO" "TLS server extensions (std): (none)"
|
fileout "tls_extensions" "INFO" "TLS server extensions (std): (none)"
|
||||||
else
|
else
|
||||||
#FIXME: we rather want to have the chance to print each ext in italcs or another format. Atm is a string of quoted strings -- that needs to be fixed at the root
|
#FIXME: we rather want to have the chance to print each ext in italcs or another format. Atm is a string of quoted strings -- that needs to be fixed at the root
|
||||||
out_row_aligned_max_width "$TLS_EXTENSIONS" " " $TERM_WIDTH out; outln
|
# out_row_aligned_max_width() places line breaks at space characters.
|
||||||
|
# So, in order to prevent the text for an extension from being broken
|
||||||
|
# across lines, temporarily replace space characters within the text
|
||||||
|
# of an extension with "}", and then convert the "}" back to space in
|
||||||
|
# the output of out_row_aligned_max_width().
|
||||||
|
tls_extensions="${TLS_EXTENSIONS// /{}"
|
||||||
|
tls_extensions="${tls_extensions//\"{\"/\" \"}"
|
||||||
|
tls_extensions="$(out_row_aligned_max_width "$tls_extensions" " " $TERM_WIDTH)"
|
||||||
|
tls_extensions="${tls_extensions//{/ }"
|
||||||
|
outln "$tls_extensions"
|
||||||
fileout "tls_extensions" "INFO" "TLS server extensions (std): $TLS_EXTENSIONS"
|
fileout "tls_extensions" "INFO" "TLS server extensions (std): $TLS_EXTENSIONS"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@@ -6443,7 +6463,7 @@ run_pfs() {
|
|||||||
outln "${sigalg[i]}"
|
outln "${sigalg[i]}"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
! "$WIDE" && out_row_aligned_max_width "$pfs_ciphers" " " $TERM_WIDTH out
|
! "$WIDE" && out "$(out_row_aligned_max_width "$pfs_ciphers" " " $TERM_WIDTH)"
|
||||||
debugme echo $pfs_offered
|
debugme echo $pfs_offered
|
||||||
"$WIDE" || outln
|
"$WIDE" || outln
|
||||||
fileout "pfs_ciphers" "INFO" "(Perfect) Forward Secrecy Ciphers: $pfs_ciphers"
|
fileout "pfs_ciphers" "INFO" "(Perfect) Forward Secrecy Ciphers: $pfs_ciphers"
|
||||||
@@ -6524,7 +6544,7 @@ run_pfs() {
|
|||||||
if [[ -n "$curves_offered" ]]; then
|
if [[ -n "$curves_offered" ]]; then
|
||||||
"$WIDE" && outln
|
"$WIDE" && outln
|
||||||
pr_bold " Elliptic curves offered: "
|
pr_bold " Elliptic curves offered: "
|
||||||
out_row_aligned_max_width "$curves_offered" " " $TERM_WIDTH pr_ecdh_curve_quality
|
out_row_aligned_max_width_by_entry "$curves_offered" " " $TERM_WIDTH pr_ecdh_curve_quality
|
||||||
outln
|
outln
|
||||||
fileout "ecdhe_curves" "INFO" "Elliptic curves offered $curves_offered"
|
fileout "ecdhe_curves" "INFO" "Elliptic curves offered $curves_offered"
|
||||||
fi
|
fi
|
||||||
@@ -10079,8 +10099,8 @@ run_beast(){
|
|||||||
! "$first" && out "$spaces"
|
! "$first" && out "$spaces"
|
||||||
out "$(toupper $proto): "
|
out "$(toupper $proto): "
|
||||||
[[ -n "$higher_proto_supported" ]] && \
|
[[ -n "$higher_proto_supported" ]] && \
|
||||||
out_row_aligned_max_width "$detected_cbc_ciphers" " " $TERM_WIDTH pr_svrty_low || \
|
pr_svrty_low "$(out_row_aligned_max_width "$detected_cbc_ciphers" " " $TERM_WIDTH)" || \
|
||||||
out_row_aligned_max_width "$detected_cbc_ciphers" " " $TERM_WIDTH pr_svrty_medium
|
pr_svrty_medium "$(out_row_aligned_max_width "$detected_cbc_ciphers" " " $TERM_WIDTH)"
|
||||||
outln
|
outln
|
||||||
detected_cbc_ciphers="" # empty for next round
|
detected_cbc_ciphers="" # empty for next round
|
||||||
first=false
|
first=false
|
||||||
@@ -10417,7 +10437,7 @@ run_rc4() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
! "$WIDE" && out_row_aligned_max_width "$rc4_detected" " " $TERM_WIDTH pr_svrty_high
|
! "$WIDE" && pr_svrty_high "$(out_row_aligned_max_width "$rc4_detected" " " $TERM_WIDTH)"
|
||||||
outln
|
outln
|
||||||
"$WIDE" && pr_svrty_high "VULNERABLE (NOT ok)"
|
"$WIDE" && pr_svrty_high "VULNERABLE (NOT ok)"
|
||||||
fileout "rc4" "HIGH" "RC4: VULNERABLE, Detected ciphers: $rc4_detected" "$cve" "$cwe" "$hint"
|
fileout "rc4" "HIGH" "RC4: VULNERABLE, Detected ciphers: $rc4_detected" "$cve" "$cwe" "$hint"
|
||||||
@@ -11665,8 +11685,7 @@ display_rdns_etc() {
|
|||||||
further_ip_addrs+="$ip "
|
further_ip_addrs+="$ip "
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
out_row_aligned_max_width "$further_ip_addrs" " $CORRECT_SPACES" $TERM_WIDTH out
|
outln "$(out_row_aligned_max_width "$further_ip_addrs" " $CORRECT_SPACES" $TERM_WIDTH)"
|
||||||
outln
|
|
||||||
fi
|
fi
|
||||||
if "$LOCAL_A"; then
|
if "$LOCAL_A"; then
|
||||||
outln " A record via $CORRECT_SPACES /etc/hosts "
|
outln " A record via $CORRECT_SPACES /etc/hosts "
|
||||||
@@ -11675,7 +11694,7 @@ display_rdns_etc() {
|
|||||||
fi
|
fi
|
||||||
if [[ -n "$rDNS" ]]; then
|
if [[ -n "$rDNS" ]]; then
|
||||||
out "$(printf " %-23s %s" "rDNS ($nodeip):")"
|
out "$(printf " %-23s %s" "rDNS ($nodeip):")"
|
||||||
out_row_aligned_max_width "$rDNS" " $CORRECT_SPACES" $TERM_WIDTH out
|
out "$(out_row_aligned_max_width "$rDNS" " $CORRECT_SPACES" $TERM_WIDTH)"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user