Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-02-27 10:01:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improved (experimental) Extended Validation (EV) certificate identification.

Browse Source 
Three changes:

- added grep for "EV TLS" in addition to "EV SSL", as some issuers are
  using this.  This grep link actually picks-up most EV policies.
- Added policy detection for 2.23.140.1.1.  This is from CA Browser
  Forum https://cabforum.org/resources/object-registry/ extended-validation(1).
- Added policy detection for 1.3.6.1.4.1.38064.1.3.1.4 , which is SSL.com's EV policy.
This commit is contained in:
Brett Randall 2025-02-19 18:59:15 +11:00
parent ff41cbbb89
commit 352ed61a2e
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
testssl.sh
View File

@ -9637,13 +9637,15 @@ certificate_info() {
jsonID="cert_certificatePolicies_EV"
# only the first one, seldom we have two
policy_oid=$(awk '/ .Policy: / { print $2 }' <<< "$cert_txt" | awk 'NR < 2')
if grep -Eq 'Extended Validation|Extended Validated|EV SSL|EV CA' <<< "$issuer" || \
if grep -Eq 'Extended Validation|Extended Validated|EV SSL|EV CA|EV TLS' <<< "$issuer" || \
[[ 2.23.140.1.1 == "$policy_oid" ]] || \
[[ 2.16.840.1.114028.10.1.2 == "$policy_oid" ]] || \
[[ 2.16.840.1.114412.1.3.0.2 == "$policy_oid" ]] || \
[[ 2.16.840.1.114412.2.1 == "$policy_oid" ]] || \
[[ 2.16.578.1.26.1.3.3 == "$policy_oid" ]] || \
[[ 1.3.6.1.4.1.17326.10.14.2.1.2 == "$policy_oid" ]] || \
[[ 1.3.6.1.4.1.17326.10.8.12.1.2 == "$policy_oid" ]] || \
[[ 1.3.6.1.4.1.38064.1.3.1.4 == "$policy_oid" ]] || \
[[ 1.3.6.1.4.1.13177.10.1.3.10 == "$policy_oid" ]] ; then
out "yes "
fileout "${jsonID}${json_postfix}" "OK" "yes"