mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-06 00:39:44 +01:00
simplify life for OSX users running gnu's coreutils...
Signed-off-by: António Meireles <antonio.meireles@reformi.st>
This commit is contained in:
António Meireles
parent
8b10dc9638
commit
4063e38ccf
46
testssl.sh
46
testssl.sh
@ -1459,10 +1459,12 @@ server_defaults() {
|
|||||||
now=$(date "+%s")
|
now=$(date "+%s")
|
||||||
HTTP_TIME=$(awk -F': ' '/^date:/ { print $2 } /^Date:/ { print $2 }' $TMPFILE)
|
HTTP_TIME=$(awk -F': ' '/^date:/ { print $2 } /^Date:/ { print $2 }' $TMPFILE)
|
||||||
if [ -n "$HTTP_TIME" ] ; then
|
if [ -n "$HTTP_TIME" ] ; then
|
||||||
case $SYSTEM in
|
if [[ $(date --help 2>/dev/null) ]]; then
|
||||||
*BSD|Darwin) HTTP_TIME=$(date -j -f "%a, %d %b %Y %T %Z" "$HTTP_TIME" "+%s" 2>/dev/null) ;; # the trailing \r confuses BSD flavors otherwise
|
HTTP_TIME=$(date --date="$HTTP_TIME" "+%s")
|
||||||
*) HTTP_TIME=$(date --date="$HTTP_TIME" "+%s") ;;
|
else
|
||||||
esac
|
HTTP_TIME=$(date -j -f "%a, %d %b %Y %T %Z" "$HTTP_TIME" "+%s" 2>/dev/null) # the trailing \r confuses BSD flavors otherwise
|
||||||
|
fi
|
||||||
|
|
||||||
difftime=$(($now - $HTTP_TIME))
|
difftime=$(($now - $HTTP_TIME))
|
||||||
[[ $difftime != "-"* ]] && [[ $difftime != "0" ]] && difftime="+$difftime"
|
[[ $difftime != "-"* ]] && [[ $difftime != "0" ]] && difftime="+$difftime"
|
||||||
out "$difftime sec from localtime";
|
out "$difftime sec from localtime";
|
||||||
@ -1599,7 +1601,7 @@ server_defaults() {
|
|||||||
out " Certificate Expiration "
|
out " Certificate Expiration "
|
||||||
expire=$($OPENSSL x509 -in $HOSTCERT -checkend 0)
|
expire=$($OPENSSL x509 -in $HOSTCERT -checkend 0)
|
||||||
if ! echo $expire | grep -qw not; then
|
if ! echo $expire | grep -qw not; then
|
||||||
pr_red "expired!"
|
pr_red "expired!"
|
||||||
else
|
else
|
||||||
SECS2WARN=$((24 * 60 * 60 * $DAYS2WARN2)) # low threshold first
|
SECS2WARN=$((24 * 60 * 60 * $DAYS2WARN2)) # low threshold first
|
||||||
expire=$($OPENSSL x509 -in $HOSTCERT -checkend $SECS2WARN)
|
expire=$($OPENSSL x509 -in $HOSTCERT -checkend $SECS2WARN)
|
||||||
@ -1609,27 +1611,26 @@ server_defaults() {
|
|||||||
if echo "$expire" | grep -qw not; then
|
if echo "$expire" | grep -qw not; then
|
||||||
pr_litegreen ">= $DAYS2WARN1 days"
|
pr_litegreen ">= $DAYS2WARN1 days"
|
||||||
else
|
else
|
||||||
pr_brown "expires < $DAYS2WARN1 days"
|
pr_brown "expires < $DAYS2WARN1 days"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
pr_litered "expires < $DAYS2WARN2 days!"
|
pr_litered "expires < $DAYS2WARN2 days!"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
case $SYSTEM in
|
|
||||||
*BSD|Darwin*)
|
if [[ $(date --help 2>/dev/null) ]]; then
|
||||||
enddate=$(date -j -f "%b %d %T %Y %Z" "$($OPENSSL x509 -in $HOSTCERT -noout -enddate | cut -d= -f 2)" +"%F %H:%M %z")
|
enddate=$(date --date="$($OPENSSL x509 -in $HOSTCERT -noout -enddate | cut -d= -f 2)" +"%F %H:%M %z")
|
||||||
startdate=$(date -j -f "%b %d %T %Y %Z" "$($OPENSSL x509 -in $HOSTCERT -noout -startdate | cut -d= -f 2)" +"%F %H:%M")
|
startdate=$(date --date="$($OPENSSL x509 -in $HOSTCERT -noout -startdate | cut -d= -f 2)" +"%F %H:%M")
|
||||||
;;
|
else
|
||||||
*)
|
enddate=$(date -j -f "%b %d %T %Y %Z" "$($OPENSSL x509 -in $HOSTCERT -noout -enddate | cut -d= -f 2)" +"%F %H:%M %z")
|
||||||
enddate=$(date --date="$($OPENSSL x509 -in $HOSTCERT -noout -enddate | cut -d= -f 2)" +"%F %H:%M %z")
|
startdate=$(date -j -f "%b %d %T %Y %Z" "$($OPENSSL x509 -in $HOSTCERT -noout -startdate | cut -d= -f 2)" +"%F %H:%M")
|
||||||
startdate=$(date --date="$($OPENSSL x509 -in $HOSTCERT -noout -startdate | cut -d= -f 2)" +"%F %H:%M")
|
fi
|
||||||
;;
|
|
||||||
esac
|
|
||||||
outln " ($startdate --> $enddate)"
|
outln " ($startdate --> $enddate)"
|
||||||
|
|
||||||
savedir=$(pwd); cd $TEMPDIR
|
savedir=$(pwd); cd $TEMPDIR
|
||||||
$OPENSSL s_client -showcerts $STARTTLS -connect $NODEIP:$PORT $SNI 2>/dev/null </dev/null | \
|
$OPENSSL s_client -showcerts $STARTTLS -connect $NODEIP:$PORT $SNI 2>/dev/null </dev/null | \
|
||||||
awk -v c=-1 '/-----BEGIN CERTIFICATE-----/{inc=1;c++} inc {print > ("level" c ".crt")} /---END CERTIFICATE-----/{inc=0}'
|
awk -v c=-1 '/-----BEGIN CERTIFICATE-----/{inc=1;c++} inc {print > ("level" c ".crt")} /---END CERTIFICATE-----/{inc=0}'
|
||||||
nrsaved=$(ls $TEMPDIR/level?.crt 2>/dev/null | wc -w | sed 's/^ *//')
|
nrsaved=$(ls $TEMPDIR/level?.crt 2>/dev/null | wc -w | sed 's/^ *//')
|
||||||
outln " # of certificates provided $nrsaved"
|
outln " # of certificates provided $nrsaved"
|
||||||
cd $savedir
|
cd $savedir
|
||||||
@ -1945,10 +1946,11 @@ display_tls_serverhello() {
|
|||||||
tls_hello_protocol2="${tls_hello_ascii:18:4}"
|
tls_hello_protocol2="${tls_hello_ascii:18:4}"
|
||||||
tls_hello_time="${tls_hello_ascii:22:8}"
|
tls_hello_time="${tls_hello_ascii:22:8}"
|
||||||
TLS_TIME=$(printf "%d\n" 0x$tls_hello_time)
|
TLS_TIME=$(printf "%d\n" 0x$tls_hello_time)
|
||||||
case $SYSTEM in
|
if [[ $(date --help 2> /dev/null ) ]]; then
|
||||||
*BSD|Darwin) tls_time=$(date -j -f %s "$TLS_TIME" "+%Y-%m-%d %r") ;;
|
tls_time=$(date --date="@$TLS_TIME" "+%Y-%m-%d %r")
|
||||||
*) tls_time=$(date --date="@$TLS_TIME" "+%Y-%m-%d %r") ;;
|
else
|
||||||
esac
|
tls_time=$(date -j -f %s "$TLS_TIME" "+%Y-%m-%d %r")
|
||||||
|
fi
|
||||||
tls_sid_len=$(printf "%d\n" 0x${tls_hello_ascii:86:2})
|
tls_sid_len=$(printf "%d\n" 0x${tls_hello_ascii:86:2})
|
||||||
let sid_offset=88+$tls_sid_len*2
|
let sid_offset=88+$tls_sid_len*2
|
||||||
tls_cipher_suite="${tls_hello_ascii:$sid_offset:4}"
|
tls_cipher_suite="${tls_hello_ascii:$sid_offset:4}"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user