mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-10 10:40:57 +01:00
Addl warning for trust with an old-ish OPENSSH version
This commit is contained in:
parent
70a2456cd7
commit
3f3f1f27e6
10
testssl.sh
10
testssl.sh
@ -2646,6 +2646,7 @@ determine_trust() {
|
|||||||
local code
|
local code
|
||||||
local ca_bundles="$INSTALL_DIR/etc/*.pem"
|
local ca_bundles="$INSTALL_DIR/etc/*.pem"
|
||||||
local spaces=" "
|
local spaces=" "
|
||||||
|
local addtl_warning
|
||||||
|
|
||||||
if [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == "1.1.0" ]]; then
|
if [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == "1.1.0" ]]; then
|
||||||
pr_litemagentaln "Your $OPENSSL is too new, needed is version 1.0.2"
|
pr_litemagentaln "Your $OPENSSL is too new, needed is version 1.0.2"
|
||||||
@ -2653,7 +2654,8 @@ determine_trust() {
|
|||||||
return 7
|
return 7
|
||||||
elif [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != "1.0.2" ]]; then
|
elif [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != "1.0.2" ]]; then
|
||||||
pr_litemagentaln "Your $OPENSSL is too old, needed is version >=1.0.2"
|
pr_litemagentaln "Your $OPENSSL is too old, needed is version >=1.0.2"
|
||||||
output_finding "trust" "$NODEIP" "$PORT" "WARN" "Your $OPENSSL is too old, need version 1.0.2 to determine trust"
|
addtl_warning="Your $OPENSSL is too old, need version 1.0.2 to determine trust. Results may be unrelyable."
|
||||||
|
output_finding "trust_warn" "$NODEIP" "$PORT" "WARN" "$addtl_warning"
|
||||||
fi
|
fi
|
||||||
debugme outln
|
debugme outln
|
||||||
for bundle_fname in $ca_bundles; do
|
for bundle_fname in $ca_bundles; do
|
||||||
@ -2680,14 +2682,14 @@ determine_trust() {
|
|||||||
# all stores ok
|
# all stores ok
|
||||||
if ${trust[1]} && ${trust[2]} && ${trust[3]} && ${trust[4]}; then
|
if ${trust[1]} && ${trust[2]} && ${trust[3]} && ${trust[4]}; then
|
||||||
pr_litegreen "Ok "
|
pr_litegreen "Ok "
|
||||||
output_finding "trust" "$NODEIP" "$PORT" "OK" "All certificate trust checks passed"
|
output_finding "trust" "$NODEIP" "$PORT" "OK" "All certificate trust checks passed.\n$addtl_warning"
|
||||||
# at least one failed
|
# at least one failed
|
||||||
else
|
else
|
||||||
pr_red "NOT ok"
|
pr_red "NOT ok"
|
||||||
# all failed (we assume with the same issue)
|
# all failed (we assume with the same issue)
|
||||||
if ! ${trust[1]} && ! ${trust[2]} && ! ${trust[3]} && ! ${trust[4]}; then
|
if ! ${trust[1]} && ! ${trust[2]} && ! ${trust[3]} && ! ${trust[4]}; then
|
||||||
verify_retcode_helper "${verify_retcode[2]}"
|
verify_retcode_helper "${verify_retcode[2]}"
|
||||||
output_finding "trust" "$NODEIP" "$PORT" "NOT OK" "All certificate trust checks failed: `verify_retcode_helper "${verify_retcode[2]}"`"
|
output_finding "trust" "$NODEIP" "$PORT" "NOT OK" "All certificate trust checks failed: `verify_retcode_helper "${verify_retcode[2]}"`.\n$addtl_warning"
|
||||||
else
|
else
|
||||||
# is one ok and the others not?
|
# is one ok and the others not?
|
||||||
if ${trust[1]} || ${trust[2]} || ${trust[3]} || ${trust[4]}; then
|
if ${trust[1]} || ${trust[2]} || ${trust[3]} || ${trust[4]}; then
|
||||||
@ -2712,7 +2714,7 @@ determine_trust() {
|
|||||||
[[ $DEBUG -eq 0 ]] && out "$spaces"
|
[[ $DEBUG -eq 0 ]] && out "$spaces"
|
||||||
pr_litegreen "OK: $ok_was"
|
pr_litegreen "OK: $ok_was"
|
||||||
fi
|
fi
|
||||||
output_finding "trust" "$NODEIP" "$PORT" "NOT OK" "Some certificate trust checks failed\nOK : $ok_was\nNOT ok:\n$notok_was"
|
output_finding "trust" "$NODEIP" "$PORT" "NOT OK" "Some certificate trust checks failed\nOK : $ok_was\nNOT ok:\n$notok_was\n\n$addtl_warning"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
outln
|
outln
|
||||||
|
Loading…
Reference in New Issue
Block a user