Merge branch 'master' into more_sslv2_sslv3_fixes

This commit is contained in:
David Cooper 2016-06-13 15:00:52 -04:00
commit 35deb6a40d
3 changed files with 28 additions and 25 deletions

View File

@ -56,18 +56,18 @@ Done so far:
https://github.com/drwetter/testssl.sh/issues/11 https://github.com/drwetter/testssl.sh/issues/11
* works on servers requiring a x509 certificate for authentication * works on servers requiring a x509 certificate for authentication
* SSL Session ID check * SSL Session ID check
* avahi/mDNS based name resolution * Avahi/mDNS based name resolution
* HTTP2/ALPN protocol check * HTTP2/ALPN protocol check
* Logging to a file / dir * Logging to a file / dir
* Logging to JSON + CSV * Logging to JSON + CSV
* check for multiple server certificates * Check for multiple server certificates
* browser cipher simulation * Browser cipher simulation
* assistance for color-blind users * Assistance for color-blind users
* Even more compatibility improvements for FreeBSD, RH-ish and F5 systems * Even more compatibility improvements for FreeBSD, RH-ish, F5 and Cisco systems
* Considerable speed improvements for each cipher runs (-e/-E) * Considerable speed improvements for each cipher runs (-e/-E)
* more robust socket interface * More robust socket interface
* OpenSSL 1.1.0 compliant * OpenSSL 1.1.0 compliant
* whole number of busg squashed * Whole number of bugs squashed
Update notification here or @ [twitter](https://twitter.com/drwetter). Update notification here or @ [twitter](https://twitter.com/drwetter).
@ -89,8 +89,8 @@ Help is needed here.
#### Bug reports #### Bug reports
Please file bugs in the issue tracker. Do not forget to provide detailed information, see https://github.com/drwetter/testssl.sh/wiki/Findings-and-HowTo-Fix-them#file-a-proper-bug-report Please file bugs in the issue tracker. Do not forget to provide detailed information, see https://github.com/drwetter/testssl.sh/wiki/Bug-reporting. (Nobody can read your thoughts
Nobody can read your thoughts -- yet. -- yet. And only agencies your screen) ;-)
---- ----

View File

@ -336,16 +336,16 @@ xC0AC TLS_ECDHE_ECDSA_WITH_AES_128_CCM
xC0AD TLS_ECDHE_ECDSA_WITH_AES_256_CCM xC0AD TLS_ECDHE_ECDSA_WITH_AES_256_CCM
xC0AE TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 xC0AE TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
xC0AF TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 xC0AF TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
xCCA8 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 xCCA8 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
xCCA9 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 xCCA9 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
xCCAA TLS_DHE_RSA_WITH_CHACHA20_POLY1305 xCCAA TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
xCCAB TLS_PSK_WITH_CHACHA20_POLY1305 xCCAB TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
xCCAC TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305 xCCAC TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
xCCAD TLS_DHE_PSK_WITH_CHACHA20_POLY1305 xCCAD TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
xCCAE TLS_RSA_PSK_WITH_CHACHA20_POLY1305 xCCAE TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256
xCC13 OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 xCC13 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_2013
xCC14 OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 xCC14 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_2013
xCC15 OLD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 xCC15 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_2013
xFEFE SSL_RSA_FIPS_WITH_DES_CBC_SHA xFEFE SSL_RSA_FIPS_WITH_DES_CBC_SHA
xFEFF SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA xFEFF SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
xFFE0 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA xFFE0 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA

View File

@ -3505,15 +3505,18 @@ certificate_info() {
fi fi
fileout "${json_prefix}cn" "$cnok" "$cnfinding" fileout "${json_prefix}cn" "$cnok" "$cnfinding"
sans=$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | grep -A3 "Subject Alternative Name" | grep "DNS:" | \ sans=$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | grep -A3 "Subject Alternative Name" | \
sed -e 's/DNS://g' -e 's/ //g' -e 's/,/ /g' -e 's/othername:<unsupported>//g') egrep "DNS:|IP Address:|email:|URI:|DirName:|Registered ID:" | \
# ^^^ CACert sed -e 's/ *DNS://g' -e 's/ *IP Address://g' -e 's/ *email://g' -e 's/ *URI://g' -e 's/ *DirName://g' \
-e 's/ *Registered ID://g' -e 's/,/\n/g' \
-e 's/ *othername:<unsupported>//g' -e 's/ *X400Name:<unsupported>//g' -e 's/ *EdiPartyName:<unsupported>//g')
# ^^^ CACert
out "$indent"; pr_bold " subjectAltName (SAN) " out "$indent"; pr_bold " subjectAltName (SAN) "
if [[ -n "$sans" ]]; then if [[ -n "$sans" ]]; then
for san in $sans; do while read san; do
pr_dquoted "$san" [[ -n "$san" ]] && pr_dquoted "$san"
out " " out " "
done done <<< "$sans"
fileout "${json_prefix}san" "INFO" "subjectAltName (SAN) : $sans" fileout "${json_prefix}san" "INFO" "subjectAltName (SAN) : $sans"
else else
out "-- " out "-- "