Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-10 18:50:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

allow ca_bundles path to be configurable from command line

Browse Source
This commit is contained in:
mailsvb 2016-09-16 15:58:31 +02:00
parent 05fe064763
commit 33b1b2f73a
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
testssl.sh
View File

@ -211,6 +211,7 @@ OSSL_VER="" # openssl version, will be auto-determin
OSSL_VER_MAJOR=0 OSSL_VER_MAJOR=0
OSSL_VER_MINOR=0 OSSL_VER_MINOR=0
OSSL_VER_APPENDIX="none" OSSL_VER_APPENDIX="none"
CA_BUNDLES="$INSTALL_DIR/etc/*.pem"
HAS_DH_BITS=${HAS_DH_BITS:-false} # initialize openssl variables HAS_DH_BITS=${HAS_DH_BITS:-false} # initialize openssl variables
HAS_SSL2=false HAS_SSL2=false
HAS_SSL3=false HAS_SSL3=false
@ -3798,7 +3799,6 @@ determine_trust() {
local all_ok=true local all_ok=true
local some_ok=false local some_ok=false
local code local code
local ca_bundles="$INSTALL_DIR/etc/*.pem"
local spaces=" " local spaces=" "
local -i certificates_provided=1+$(grep -c "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TEMPDIR/intermediatecerts.pem) local -i certificates_provided=1+$(grep -c "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TEMPDIR/intermediatecerts.pem)
local addtl_warning local addtl_warning
@ -3812,7 +3812,7 @@ determine_trust() {
fileout "${json_prefix}chain_of_trust_warn" "WARN" "$addtl_warning" fileout "${json_prefix}chain_of_trust_warn" "WARN" "$addtl_warning"
fi fi
debugme outln debugme outln
for bundle_fname in $ca_bundles; do for bundle_fname in $CA_BUNDLES; do
certificate_file[i]=$(basename ${bundle_fname//.pem}) certificate_file[i]=$(basename ${bundle_fname//.pem})
if [[ ! -r $bundle_fname ]]; then if [[ ! -r $bundle_fname ]]; then
pr_warningln "\"$bundle_fname\" cannot be found / not readable" pr_warningln "\"$bundle_fname\" cannot be found / not readable"
@ -7344,6 +7344,8 @@ tuning options (can also be preset via environment variables):
--proxy <host>:<port> connect via the specified HTTP proxy --proxy <host>:<port> connect via the specified HTTP proxy
-6 use also IPv6. Works only with supporting OpenSSL version and IPv6 connectivity -6 use also IPv6. Works only with supporting OpenSSL version and IPv6 connectivity
--sneaky leave less traces in target logs: user agent, referer --sneaky leave less traces in target logs: user agent, referer
--ca-bundles <PATH> set path to trusted ca certificates for building the chain of trust
defaults to "$INSTALL_DIR/etc/*.pem"
output options (can also be preset via environment variables): output options (can also be preset via environment variables):
--warnings <batch|off|false> "batch" doesn't wait for keypress, "off" or "false" skips connection warning --warnings <batch|off|false> "batch" doesn't wait for keypress, "off" or "false" skips connection warning
@ -8391,6 +8393,10 @@ parse_cmd_line() {
-E|--cipher-per-proto|--cipher_per_proto) -E|--cipher-per-proto|--cipher_per_proto)
do_cipher_per_proto=true do_cipher_per_proto=true
;; ;;
--ca-bundles|--ca-bundles=*)
CA_BUNDLES=$(parse_opt_equal_sign "$1" "$2")
[[ $? -eq 0 ]] && shift
;;
-p|--protocols) -p|--protocols)
do_protocols=true do_protocols=true
do_spdy=true do_spdy=true