Merge branch 'master' into openss2rfc_rfc2openssl
This commit is contained in:
commit
42674ef2b8
18
Readme.md
18
Readme.md
|
@ -56,18 +56,18 @@ Done so far:
|
||||||
https://github.com/drwetter/testssl.sh/issues/11
|
https://github.com/drwetter/testssl.sh/issues/11
|
||||||
* works on servers requiring a x509 certificate for authentication
|
* works on servers requiring a x509 certificate for authentication
|
||||||
* SSL Session ID check
|
* SSL Session ID check
|
||||||
* avahi/mDNS based name resolution
|
* Avahi/mDNS based name resolution
|
||||||
* HTTP2/ALPN protocol check
|
* HTTP2/ALPN protocol check
|
||||||
* Logging to a file / dir
|
* Logging to a file / dir
|
||||||
* Logging to JSON + CSV
|
* Logging to JSON + CSV
|
||||||
* check for multiple server certificates
|
* Check for multiple server certificates
|
||||||
* browser cipher simulation
|
* Browser cipher simulation
|
||||||
* assistance for color-blind users
|
* Assistance for color-blind users
|
||||||
* Even more compatibility improvements for FreeBSD, RH-ish and F5 systems
|
* Even more compatibility improvements for FreeBSD, RH-ish, F5 and Cisco systems
|
||||||
* Considerable speed improvements for each cipher runs (-e/-E)
|
* Considerable speed improvements for each cipher runs (-e/-E)
|
||||||
* more robust socket interface
|
* More robust socket interface
|
||||||
* OpenSSL 1.1.0 compliant
|
* OpenSSL 1.1.0 compliant
|
||||||
* whole number of busg squashed
|
* Whole number of bugs squashed
|
||||||
|
|
||||||
Update notification here or @ [twitter](https://twitter.com/drwetter).
|
Update notification here or @ [twitter](https://twitter.com/drwetter).
|
||||||
|
|
||||||
|
@ -89,8 +89,8 @@ Help is needed here.
|
||||||
|
|
||||||
#### Bug reports
|
#### Bug reports
|
||||||
|
|
||||||
Please file bugs in the issue tracker. Do not forget to provide detailed information, see https://github.com/drwetter/testssl.sh/wiki/Findings-and-HowTo-Fix-them#file-a-proper-bug-report
|
Please file bugs in the issue tracker. Do not forget to provide detailed information, see https://github.com/drwetter/testssl.sh/wiki/Bug-reporting. (Nobody can read your thoughts
|
||||||
Nobody can read your thoughts -- yet.
|
-- yet. And only agencies your screen) ;-)
|
||||||
|
|
||||||
----
|
----
|
||||||
|
|
||||||
|
|
|
@ -336,16 +336,16 @@ xC0AC TLS_ECDHE_ECDSA_WITH_AES_128_CCM
|
||||||
xC0AD TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
xC0AD TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
||||||
xC0AE TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
|
xC0AE TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
|
||||||
xC0AF TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
|
xC0AF TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
|
||||||
xCCA8 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
xCCA8 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
||||||
xCCA9 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
|
xCCA9 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
|
||||||
xCCAA TLS_DHE_RSA_WITH_CHACHA20_POLY1305
|
xCCAA TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
||||||
xCCAB TLS_PSK_WITH_CHACHA20_POLY1305
|
xCCAB TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
|
||||||
xCCAC TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305
|
xCCAC TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
|
||||||
xCCAD TLS_DHE_PSK_WITH_CHACHA20_POLY1305
|
xCCAD TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
|
||||||
xCCAE TLS_RSA_PSK_WITH_CHACHA20_POLY1305
|
xCCAE TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256
|
||||||
xCC13 OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
xCC13 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_2013
|
||||||
xCC14 OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
|
xCC14 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_2013
|
||||||
xCC15 OLD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
xCC15 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_2013
|
||||||
xFEFE SSL_RSA_FIPS_WITH_DES_CBC_SHA
|
xFEFE SSL_RSA_FIPS_WITH_DES_CBC_SHA
|
||||||
xFEFF SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
|
xFEFF SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
|
||||||
xFFE0 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
|
xFFE0 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
|
||||||
|
|
15
testssl.sh
15
testssl.sh
|
@ -3468,15 +3468,18 @@ certificate_info() {
|
||||||
fi
|
fi
|
||||||
fileout "${json_prefix}cn" "$cnok" "$cnfinding"
|
fileout "${json_prefix}cn" "$cnok" "$cnfinding"
|
||||||
|
|
||||||
sans=$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | grep -A3 "Subject Alternative Name" | grep "DNS:" | \
|
sans=$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | grep -A3 "Subject Alternative Name" | \
|
||||||
sed -e 's/DNS://g' -e 's/ //g' -e 's/,/ /g' -e 's/othername:<unsupported>//g')
|
egrep "DNS:|IP Address:|email:|URI:|DirName:|Registered ID:" | \
|
||||||
# ^^^ CACert
|
sed -e 's/ *DNS://g' -e 's/ *IP Address://g' -e 's/ *email://g' -e 's/ *URI://g' -e 's/ *DirName://g' \
|
||||||
|
-e 's/ *Registered ID://g' -e 's/,/\n/g' \
|
||||||
|
-e 's/ *othername:<unsupported>//g' -e 's/ *X400Name:<unsupported>//g' -e 's/ *EdiPartyName:<unsupported>//g')
|
||||||
|
# ^^^ CACert
|
||||||
out "$indent"; pr_bold " subjectAltName (SAN) "
|
out "$indent"; pr_bold " subjectAltName (SAN) "
|
||||||
if [[ -n "$sans" ]]; then
|
if [[ -n "$sans" ]]; then
|
||||||
for san in $sans; do
|
while read san; do
|
||||||
pr_dquoted "$san"
|
[[ -n "$san" ]] && pr_dquoted "$san"
|
||||||
out " "
|
out " "
|
||||||
done
|
done <<< "$sans"
|
||||||
fileout "${json_prefix}san" "INFO" "subjectAltName (SAN) : $sans"
|
fileout "${json_prefix}san" "INFO" "subjectAltName (SAN) : $sans"
|
||||||
else
|
else
|
||||||
out "-- "
|
out "-- "
|
||||||
|
|
Loading…
Reference in New Issue