From 352ed61a2e62524ae0bbeede43687802bcf904e2 Mon Sep 17 00:00:00 2001
From: Brett Randall <javabrett@gmail.com>
Date: Wed, 19 Feb 2025 18:59:15 +1100
Subject: [PATCH] Improved (experimental) Extended Validation (EV) certificate
 identification.

Three changes:

- added grep for "EV TLS" in addition to "EV SSL", as some issuers are
  using this.  This grep link actually picks-up most EV policies.
- Added policy detection for 2.23.140.1.1.  This is from CA Browser
  Forum https://cabforum.org/resources/object-registry/ extended-validation(1).
- Added policy detection for 1.3.6.1.4.1.38064.1.3.1.4 , which is SSL.com's EV policy.
---
 testssl.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index 0ae0160..7279976 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -9637,13 +9637,15 @@ certificate_info() {
      jsonID="cert_certificatePolicies_EV"
      # only the first one, seldom we have two
      policy_oid=$(awk '/ .Policy: / { print $2 }' <<< "$cert_txt" | awk 'NR < 2')
-     if grep -Eq 'Extended Validation|Extended Validated|EV SSL|EV CA' <<< "$issuer" || \
+     if grep -Eq 'Extended Validation|Extended Validated|EV SSL|EV CA|EV TLS' <<< "$issuer" || \
+          [[ 2.23.140.1.1 == "$policy_oid" ]] || \
           [[ 2.16.840.1.114028.10.1.2 == "$policy_oid" ]] || \
           [[ 2.16.840.1.114412.1.3.0.2 == "$policy_oid" ]] || \
           [[ 2.16.840.1.114412.2.1 == "$policy_oid" ]] || \
           [[ 2.16.578.1.26.1.3.3 == "$policy_oid" ]] || \
           [[ 1.3.6.1.4.1.17326.10.14.2.1.2 == "$policy_oid" ]] || \
           [[ 1.3.6.1.4.1.17326.10.8.12.1.2 == "$policy_oid" ]] || \
+          [[ 1.3.6.1.4.1.38064.1.3.1.4 == "$policy_oid" ]] || \
           [[ 1.3.6.1.4.1.13177.10.1.3.10 == "$policy_oid" ]] ; then
           out "yes "
           fileout "${jsonID}${json_postfix}" "OK" "yes"