From 4e01f86c99435a632e2ca018c8513b4d9fbc58e8 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Sat, 7 Aug 2021 15:20:09 +0200
Subject: [PATCH] Redirect debugme() outputs to stderr (3.1dev)

... to address #1956 and other places. Similar to #1957,
only for the 3.1dev rolling release branch.

Also it changes debugme1() back? to output debug
statements only when $DEBUG >= 1. Per default here
also stderr is used.
---
 testssl.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index f925eef..7e3a604 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -780,11 +780,11 @@ get_last_char() {
 }
                          # Checking for last char. If already a separator supplied, we don't need an additional one
 debugme() {
-     [[ "$DEBUG" -ge 2 ]] && "$@"
+     [[ "$DEBUG" -ge 2 ]] && "$@" >&2
      return 0
 }
 
-debugme1() { [[ "$DEBUG" -ge 2 ]] && "$@"; }
+debugme1() { [[ "$DEBUG" -ge 1 ]] && "$@" >&2; }
 
 hex2dec() {
      echo $((16#$1))
@@ -9124,7 +9124,7 @@ certificate_info() {
           out "no "
           fileout "${jsonID}${json_postfix}" "INFO" "no"
      fi
-     debugme1 echo -n "($(newline_to_spaces "$policy_oid"))"
+     debugme echo -n "($(newline_to_spaces "$policy_oid"))"
      outln
 #TODO: check browser OIDs:
 #         https://dxr.mozilla.org/mozilla-central/source/security/certverifier/ExtendedValidation.cpp
@@ -9224,7 +9224,7 @@ certificate_info() {
      else
           # All is fine with validity period
           # We ignore for now certificates < 2018/03/01. On the screen we only show debug info
-          debugme1 echo "${spaces}DEBUG: all is fine with total certificate life time"
+          debugme echo "${spaces}DEBUG: all is fine with total certificate life time"
           fileout "cert_extlifeSpan${json_postfix}" "OK" "certificate has no extended life time according to browser forum"
      fi
 
@@ -17800,7 +17800,7 @@ run_winshock() {
      if [[ "$(has_server_protocol "tls1_3")" -eq 0 ]] ; then
           # There's no MS server supporting TLS 1.3. Winshock was way back in time
           pr_svrty_best "not vulnerable (OK)"
-          debugme1 echo " - TLS 1.3 found"
+          debugme echo " - TLS 1.3 found"
           fileout "$jsonID" "OK" "not vulnerable " "$cve" "$cwe"
           outln
           return 0