diff --git a/doc/testssl.1 b/doc/testssl.1 index 9c0f684..9d6decb 100644 --- a/doc/testssl.1 +++ b/doc/testssl.1 @@ -134,7 +134,7 @@ Please note that \fBfname\fR has to be in Unix format\. DOS carriage returns won \fB\-\-basicauth \fR This can be set to provide HTTP basic auth credentials which are used during checks for security headers\. BASICAUTH is the ENV variable you can use instead\. . .SS "SPECIAL INVOCATIONS" -\fB\-t , \-\-starttls \fR does a default run against a STARTTLS enabled \fBprotocol\fR\. \fBprotocol\fR must be one of \fBftp\fR, \fBsmtp\fR, \fBpop3\fR, \fBimap\fR, \fBxmpp\fR, \fBtelnet\fR, \fBldap\fR, \fBirc\fR, \fBlmtp\fR, \fBnntp\fR, \fBpostgres\fR, \fBmysql\fR\. For the latter four you need e\.g\. the supplied OpenSSL or OpenSSL version 1\.1\.1\. Please note: MongoDB doesn\'t offer a STARTTLS connection, LDAP currently only works with \fB\-\-ssl\-native\fR\. \fBtelnet\fR and \fBirc\fR is WIP\. +\fB\-t , \-\-starttls \fR does a default run against a STARTTLS enabled \fBprotocol\fR\. \fBprotocol\fR must be one of \fBftp\fR, \fBsmtp\fR, \fBpop3\fR, \fBimap\fR, \fBxmpp\fR, \fBxmpp-server\fR, \fBtelnet\fR, \fBldap\fR, \fBirc\fR, \fBlmtp\fR, \fBnntp\fR, \fBpostgres\fR, \fBmysql\fR\. For the latter four you need e\.g\. the supplied OpenSSL or OpenSSL version 1\.1\.1\. Please note: MongoDB doesn\'t offer a STARTTLS connection, LDAP currently only works with \fB\-\-ssl\-native\fR\. \fBtelnet\fR and \fBirc\fR is WIP\. . .P \fB\-\-xmpphost \fR is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter\. This is only needed if the domain is different from the URI supplied\. diff --git a/testssl.sh b/testssl.sh index d5d7ee7..19e0031 100755 --- a/testssl.sh +++ b/testssl.sh @@ -10296,7 +10296,10 @@ starttls_xmpp_dialog() { debugme echo "=== starting xmpp STARTTLS dialog ===" [[ -z $XMPP_HOST ]] && XMPP_HOST="$NODE" - starttls_io "" 'starttls(.*)features' 1 && + namespace="jabber:client" + [[ "$STARTTLS_PROTOCOL" == xmpp-server ]] && namespace="jabber:server" + + starttls_io "" 'starttls(.*)features' 1 && starttls_io "" '", where [options] is: -t, --starttls Does a default run against a STARTTLS enabled + protocol is --xmpphost For STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed --mx Tests MX records from high to low priority (STARTTLS, port 25) --file/-iL Mass testing option: Reads one testssl.sh command line per line from . @@ -19646,9 +19649,9 @@ determine_service() { fi case "$protocol" in - ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|postgres|mysql|nntp) + ftp|smtp|lmtp|pop3|imap|xmpp|xmpp-server|telnet|ldap|postgres|mysql|nntp) STARTTLS="-starttls $protocol" - if [[ "$protocol" == xmpp ]]; then + if [[ "$protocol" == xmpp ]] || [[ "$protocol" == xmpp-server ]]; then # for XMPP, openssl has a problem using -connect $NODEIP:$PORT. thus we use -connect $NODE:$PORT instead! NODEIP="$NODE" if [[ -n "$XMPP_HOST" ]]; then @@ -20591,7 +20594,7 @@ parse_cmd_line() { STARTTLS_PROTOCOL="$(parse_opt_equal_sign "$1" "$2")" [[ $? -eq 0 ]] && shift case $STARTTLS_PROTOCOL in - ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|irc|nntp|postgres|mysql) ;; + ftp|smtp|lmtp|pop3|imap|xmpp|xmpp-server|telnet|ldap|irc|nntp|postgres|mysql) ;; ftps|smtps|lmtps|pop3s|imaps|xmpps|telnets|ldaps|ircs|nntps|mysqls) ;; *) tmln_magenta "\nunrecognized STARTTLS protocol \"$1\", see help" 1>&2 help 1 ;;