Merge branch 'master' into openss2rfc_rfc2openssl

This commit is contained in:
David Cooper 2016-06-13 15:00:09 -04:00
commit 42674ef2b8
3 changed files with 28 additions and 25 deletions

View File

@ -56,18 +56,18 @@ Done so far:
https://github.com/drwetter/testssl.sh/issues/11
* works on servers requiring a x509 certificate for authentication
* SSL Session ID check
* avahi/mDNS based name resolution
* Avahi/mDNS based name resolution
* HTTP2/ALPN protocol check
* Logging to a file / dir
* Logging to JSON + CSV
* check for multiple server certificates
* browser cipher simulation
* assistance for color-blind users
* Even more compatibility improvements for FreeBSD, RH-ish and F5 systems
* Check for multiple server certificates
* Browser cipher simulation
* Assistance for color-blind users
* Even more compatibility improvements for FreeBSD, RH-ish, F5 and Cisco systems
* Considerable speed improvements for each cipher runs (-e/-E)
* more robust socket interface
* More robust socket interface
* OpenSSL 1.1.0 compliant
* whole number of busg squashed
* Whole number of bugs squashed
Update notification here or @ [twitter](https://twitter.com/drwetter).
@ -89,8 +89,8 @@ Help is needed here.
#### Bug reports
Please file bugs in the issue tracker. Do not forget to provide detailed information, see https://github.com/drwetter/testssl.sh/wiki/Findings-and-HowTo-Fix-them#file-a-proper-bug-report
Nobody can read your thoughts -- yet.
Please file bugs in the issue tracker. Do not forget to provide detailed information, see https://github.com/drwetter/testssl.sh/wiki/Bug-reporting. (Nobody can read your thoughts
-- yet. And only agencies your screen) ;-)
----

View File

@ -336,16 +336,16 @@ xC0AC TLS_ECDHE_ECDSA_WITH_AES_128_CCM
xC0AD TLS_ECDHE_ECDSA_WITH_AES_256_CCM
xC0AE TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
xC0AF TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
xCCA8 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
xCCA9 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
xCCAA TLS_DHE_RSA_WITH_CHACHA20_POLY1305
xCCAB TLS_PSK_WITH_CHACHA20_POLY1305
xCCAC TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305
xCCAD TLS_DHE_PSK_WITH_CHACHA20_POLY1305
xCCAE TLS_RSA_PSK_WITH_CHACHA20_POLY1305
xCC13 OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
xCC14 OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
xCC15 OLD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
xCCA8 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
xCCA9 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
xCCAA TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
xCCAB TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
xCCAC TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
xCCAD TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
xCCAE TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256
xCC13 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_2013
xCC14 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_2013
xCC15 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_2013
xFEFE SSL_RSA_FIPS_WITH_DES_CBC_SHA
xFEFF SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
xFFE0 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA

View File

@ -3468,15 +3468,18 @@ certificate_info() {
fi
fileout "${json_prefix}cn" "$cnok" "$cnfinding"
sans=$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | grep -A3 "Subject Alternative Name" | grep "DNS:" | \
sed -e 's/DNS://g' -e 's/ //g' -e 's/,/ /g' -e 's/othername:<unsupported>//g')
sans=$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | grep -A3 "Subject Alternative Name" | \
egrep "DNS:|IP Address:|email:|URI:|DirName:|Registered ID:" | \
sed -e 's/ *DNS://g' -e 's/ *IP Address://g' -e 's/ *email://g' -e 's/ *URI://g' -e 's/ *DirName://g' \
-e 's/ *Registered ID://g' -e 's/,/\n/g' \
-e 's/ *othername:<unsupported>//g' -e 's/ *X400Name:<unsupported>//g' -e 's/ *EdiPartyName:<unsupported>//g')
# ^^^ CACert
out "$indent"; pr_bold " subjectAltName (SAN) "
if [[ -n "$sans" ]]; then
for san in $sans; do
pr_dquoted "$san"
while read san; do
[[ -n "$san" ]] && pr_dquoted "$san"
out " "
done
done <<< "$sans"
fileout "${json_prefix}san" "INFO" "subjectAltName (SAN) : $sans"
else
out "-- "