mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-23 17:09:31 +01:00
Just commit old work
... just comments and minor corrections in terminal output
This commit is contained in:
parent
c832e8b12a
commit
3fa9b16982
12
testssl.sh
12
testssl.sh
@ -7362,6 +7362,7 @@ tls_time() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# rfc8461, rfc8460
|
# rfc8461, rfc8460
|
||||||
|
#
|
||||||
sub_mta_sts() {
|
sub_mta_sts() {
|
||||||
local mta_sts_record=""
|
local mta_sts_record=""
|
||||||
local policy=""
|
local policy=""
|
||||||
@ -7387,7 +7388,7 @@ sub_mta_sts() {
|
|||||||
if [[ "${CMDLINE[@]}" =~ \ --mx\ ]]; then
|
if [[ "${CMDLINE[@]}" =~ \ --mx\ ]]; then
|
||||||
domain="$URI"
|
domain="$URI"
|
||||||
elif [[ fqdnparts -eq 2 ]] && [[ "$NODE" == ${URI%:*} ]]; then
|
elif [[ fqdnparts -eq 2 ]] && [[ "$NODE" == ${URI%:*} ]]; then
|
||||||
# remove the port an check whether bot are the same when there's no subdomain
|
# remove the port and check whether bot are the same when there's no subdomain
|
||||||
domain="$NODE"
|
domain="$NODE"
|
||||||
else
|
else
|
||||||
# What's left now is a sub.domain.tld or sub.sub.domain.tld or ...
|
# What's left now is a sub.domain.tld or sub.sub.domain.tld or ...
|
||||||
@ -7443,9 +7444,10 @@ sub_mta_sts() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
set +x
|
|
||||||
|
|
||||||
policy="$(safe_echo "GET /.well-known/mta-sts.txt HTTP/1.1\r\nHost: mta-sts.$domain\r\nUser-Agent: $useragent\r\nAccept-Encoding: identity\r\nAccept: text/*\r\nConnection: Close\r\n\r\n" | $OPENSSL s_client $(s_client_options "-quiet -ign_eof -connect mta-sts.$domain:443 $PROXY -servername mta-sts.$domain") 2>$ERRFILE)"
|
policy="$(safe_echo "GET /.well-known/mta-sts.txt HTTP/1.1\r\nHost: mta-sts.$domain\r\nUser-Agent: $useragent\r\nAccept-Encoding: identity\r\nAccept: text/*\r\nConnection: Close\r\n\r\n" | $OPENSSL s_client $(s_client_options "-quiet -ign_eof -connect mta-sts.$domain:443 $PROXY -servername mta-sts.$domain") 2>$ERRFILE)"
|
||||||
|
# echo "${PIPESTATUS[0]} ${PIPESTATUS[1]} ${PIPESTATUS[2]}"
|
||||||
|
# set -o pipefail? --> https://unix.stackexchange.com/questions/14270/get-exit-status-of-process-thats-piped-to-another
|
||||||
# here also the openssl return val needs to be checked
|
# here also the openssl return val needs to be checked
|
||||||
|
|
||||||
policy="$(print_after_blankline "$policy")"
|
policy="$(print_after_blankline "$policy")"
|
||||||
@ -7463,7 +7465,7 @@ set +x
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
# we use at most 10 spaces. ToDo: check with RFC wrt to the format of the policy
|
#TODO: check with RFC wrt to the format of the policy
|
||||||
if "$policy_ok"; then
|
if "$policy_ok"; then
|
||||||
if [[ ! "$policy" =~ version:[\ ]+STSv1 ]]; then
|
if [[ ! "$policy" =~ version:[\ ]+STSv1 ]]; then
|
||||||
failreason_policy+=("version should be STSv1 ")
|
failreason_policy+=("version should be STSv1 ")
|
||||||
@ -7550,11 +7552,11 @@ set +x
|
|||||||
out "$spaces"
|
out "$spaces"
|
||||||
|
|
||||||
if "$smtp_tls_record_ok"; then
|
if "$smtp_tls_record_ok"; then
|
||||||
outln "found (optional) TLS RPT TXT record '$smtp_tls_record'"
|
outln "found optional TLS RPT TXT record '$smtp_tls_record'"
|
||||||
fileout "${jsonID}_tlsrpt" "INFO" "optional TLS-RPT TXT record '$smtp_tls_record'"
|
fileout "${jsonID}_tlsrpt" "INFO" "optional TLS-RPT TXT record '$smtp_tls_record'"
|
||||||
else
|
else
|
||||||
outln "No TLS RPT record"
|
outln "No TLS RPT record"
|
||||||
fileout "${jsonID}_tlsrpt" "INFO" "no or invalid (optional) TLS RPT record '$smtp_tls_record'"
|
fileout "${jsonID}_tlsrpt" "INFO" "no or invalid optional TLS RPT record '$smtp_tls_record'"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
|
Loading…
Reference in New Issue
Block a user