Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-21 07:59:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix HTTP time for recent OpenBSD

Browse Source 
See #1429.
OpenBSD 6.6 had an offset with the HTTP header time of  -3600 seconds.
This PR fixes that by adding the GMT time zone to parse_date()'s
HAS_FREEBSDDATE incarnation. That doesn't matter to FreeBSD.

Also now for older OpenBSDs the local and remote time are now
in the same format:

```
HTTP clock skew              remote: Thu, 09 Jan 2020 12:52:32 GMT
                             local:  Thu, 09 Jan 2020 12:52:02 GMT
``

so that a time difference is easier to spot.
This commit is contained in:
Dirk Wetter 2020-01-09 13:52:28 +01:00
parent e319d6c01f
commit 34784b6c6a
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
testssl.sh
View File

@ -1880,7 +1880,7 @@ if "$HAS_GNUDATE"; then # Linux and NetBSD
} }
elif "$HAS_FREEBSDDATE"; then # FreeBSD, OS X and newer (~6.6) OpenBSD versions elif "$HAS_FREEBSDDATE"; then # FreeBSD, OS X and newer (~6.6) OpenBSD versions
parse_date() { parse_date() {
LC_ALL=C date -j -f "$3" "$2" "$1" LC_ALL=C TZ=GMT date -j -f "$3" "$2" "$1"
} }
elif "$HAS_OPENBSDDATE"; then elif "$HAS_OPENBSDDATE"; then
# We bascially echo it as a conversion as we want it is too difficult. Approach for that would be: # We bascially echo it as a conversion as we want it is too difficult. Approach for that would be:
@ -2198,7 +2198,7 @@ run_http_header() {
fi fi
# Populate vars for HTTP time # Populate vars for HTTP time
debugme echo "$NOW_TIME: $HTTP_TIME" debugme echo "NOW_TIME: $NOW_TIME | HTTP_TIME: $HTTP_TIME"
# Quit on first empty line to catch 98% of the cases. Next pattern is there because the SEDs tested # Quit on first empty line to catch 98% of the cases. Next pattern is there because the SEDs tested
# so far seem not to be fine with header containing x0d x0a (CRLF) which is the usal case. # so far seem not to be fine with header containing x0d x0a (CRLF) which is the usal case.
@ -2279,7 +2279,8 @@ match_ipv4_httpheader() {
run_http_header "$1" || return 1 run_http_header "$1" || return 1
fi fi
# Whitelist some headers as they are mistakenly identified as ipv4 address. Issues #158, #323. Also facebook has a CSP rule for 127.0.0.1 # Whitelist some headers as they are mistakenly identified as ipv4 address. Issues #158, #323.
# Also facebook used to have a CSP rule for 127.0.0.1
if grep -Evai "$whitelisted_header" $HEADERFILE | grep -Eiq "$ipv4address"; then if grep -Evai "$whitelisted_header" $HEADERFILE | grep -Eiq "$ipv4address"; then
pr_bold " IPv4 address in header " pr_bold " IPv4 address in header "
count=0 count=0
@ -2308,7 +2309,7 @@ run_http_date() {
local spaces=" " local spaces=" "
jsonID="HTTP_clock_skew" jsonID="HTTP_clock_skew"
if [[ $SERVICE != "HTTP" ]] || "$CLIENT_AUTH"; then if [[ $SERVICE != HTTP ]] || "$CLIENT_AUTH"; then
return 0 return 0
fi fi
if [[ ! -s $HEADERFILE ]]; then if [[ ! -s $HEADERFILE ]]; then
@ -2320,8 +2321,8 @@ run_http_date() {
if "$HAS_OPENBSDDATE"; then if "$HAS_OPENBSDDATE"; then
# we can't normalize the date under OpenBSD thus no subtraction is possible # we can't normalize the date under OpenBSD thus no subtraction is possible
outln "remote: $HTTP_TIME" outln "remote: $HTTP_TIME"
out "${spaces}local: $(date)" out "${spaces}local: $(LC_ALL=C TZ=GMT date "+%a, %d %b %Y %T %Z")"
fileout "$jsonID" "INFO" "$HTTP_TIME - $(date)" fileout "$jsonID" "INFO" "$HTTP_TIME - $(TZ=GMT date "+%a, %d %b %Y %T %Z")"
else else
HTTP_TIME="$(parse_date "$HTTP_TIME" "+%s" "%a, %d %b %Y %T %Z" 2>>$ERRFILE)" HTTP_TIME="$(parse_date "$HTTP_TIME" "+%s" "%a, %d %b %Y %T %Z" 2>>$ERRFILE)"
difftime=$((HTTP_TIME - NOW_TIME)) difftime=$((HTTP_TIME - NOW_TIME))
@ -2335,7 +2336,7 @@ run_http_date() {
out "Got no HTTP time, maybe try different URL?"; out "Got no HTTP time, maybe try different URL?";
fileout "$jsonID" "INFO" "Got no HTTP time, maybe try different URL?" fileout "$jsonID" "INFO" "Got no HTTP time, maybe try different URL?"
fi fi
debugme tm_out ", epoch: $HTTP_TIME" debugme tm_out ", HTTP_TIME in epoch: $HTTP_TIME"
outln outln
match_ipv4_httpheader "$1" match_ipv4_httpheader "$1"
return 0 return 0