mirror of
https://github.com/drwetter/testssl.sh.git
synced 2024-12-29 04:49:44 +01:00
Address grading bug when --show-each is used
This fixes #2203. When used -E with -9 and --show-each the grading wasn't correct as all ciphers printed were included in the grading verdict instead of just the ones available.
This commit is contained in:
parent
88e80d2688
commit
4f38646523
26
testssl.sh
26
testssl.sh
@ -3551,14 +3551,18 @@ neat_header(){
|
|||||||
# arg3: keyexchange
|
# arg3: keyexchange
|
||||||
# arg4: encryption (maybe included "export")
|
# arg4: encryption (maybe included "export")
|
||||||
# arg5: "export" if the cipher is an export-quality cipher, empty otherwise.
|
# arg5: "export" if the cipher is an export-quality cipher, empty otherwise.
|
||||||
# arg6: "true" if the cipher's "quality" should be highlighted
|
# arg6: not a boolean!
|
||||||
# "false" if the line should be printed in light grey
|
# "true" : if the cipher's "quality" should be highlighted
|
||||||
# empty if line should be returned as a string
|
# "false": if the line should be printed in light grey
|
||||||
|
# "" : if line should be returned as a string
|
||||||
|
# "available" / "not a/v" when SHOW_EACH_C is set
|
||||||
|
|
||||||
neat_list(){
|
neat_list(){
|
||||||
local hexcode="$1"
|
local hexcode="$1"
|
||||||
local ossl_cipher="$2" export="$5" tls_cipher=""
|
local ossl_cipher="$2" export="$5" tls_cipher=""
|
||||||
local kx enc strength line what_dh bits
|
local kx enc strength line what_dh bits
|
||||||
local -i i len
|
local -i i len
|
||||||
|
local how2show="$6"
|
||||||
|
|
||||||
kx="${3//Kx=/}"
|
kx="${3//Kx=/}"
|
||||||
enc="${4//Enc=/}"
|
enc="${4//Enc=/}"
|
||||||
@ -3574,14 +3578,19 @@ neat_list(){
|
|||||||
enc="${enc//POLY1305/}" # remove POLY1305
|
enc="${enc//POLY1305/}" # remove POLY1305
|
||||||
enc="${enc//\//}" # remove "/"
|
enc="${enc//\//}" # remove "/"
|
||||||
|
|
||||||
# For rating set bit size
|
# For rating set bit size but only when we're not on all display mode (global var SHOW_EACH_C)
|
||||||
set_ciph_str_score $strength
|
if [[ $how2show != "not a/v" ]] && "$SHOW_EACH_C" ]]; then
|
||||||
|
:
|
||||||
|
else
|
||||||
|
set_ciph_str_score $strength
|
||||||
|
fi
|
||||||
|
|
||||||
[[ "$export" =~ export ]] && strength="$strength,exp"
|
[[ "$export" =~ export ]] && strength="$strength,exp"
|
||||||
|
|
||||||
[[ "$DISPLAY_CIPHERNAMES" != openssl-only ]] && tls_cipher="$(show_rfc_style "$hexcode")"
|
[[ "$DISPLAY_CIPHERNAMES" != openssl-only ]] && tls_cipher="$(show_rfc_style "$hexcode")"
|
||||||
|
|
||||||
if [[ "$6" != true ]]; then
|
# global var SHOW_EACH_C determines whether we display all tested ciphers
|
||||||
|
if [[ "$how2show" != true ]]; then
|
||||||
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
|
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
|
||||||
line="$(printf -- " %-7s %-49s %-10s %-12s%-8s" "$hexcode" "$tls_cipher" "$kx" "$enc" "$strength")"
|
line="$(printf -- " %-7s %-49s %-10s %-12s%-8s" "$hexcode" "$tls_cipher" "$kx" "$enc" "$strength")"
|
||||||
[[ "$DISPLAY_CIPHERNAMES" != rfc-only ]] && line+="$(printf -- " %-33s${SHOW_EACH_C:+ %-0s}" "$ossl_cipher")"
|
[[ "$DISPLAY_CIPHERNAMES" != rfc-only ]] && line+="$(printf -- " %-33s${SHOW_EACH_C:+ %-0s}" "$ossl_cipher")"
|
||||||
@ -3589,7 +3598,7 @@ neat_list(){
|
|||||||
line="$(printf -- " %-7s %-33s %-10s %-12s%-8s" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength")"
|
line="$(printf -- " %-7s %-33s %-10s %-12s%-8s" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength")"
|
||||||
[[ "$DISPLAY_CIPHERNAMES" != openssl-only ]] && line+="$(printf -- " %-49s${SHOW_EACH_C:+ %-0s}" "$tls_cipher")"
|
[[ "$DISPLAY_CIPHERNAMES" != openssl-only ]] && line+="$(printf -- " %-49s${SHOW_EACH_C:+ %-0s}" "$tls_cipher")"
|
||||||
fi
|
fi
|
||||||
if [[ -z "$6" ]]; then
|
if [[ -z "$how2show" ]]; then
|
||||||
tm_out "$line"
|
tm_out "$line"
|
||||||
else
|
else
|
||||||
pr_deemphasize "$line"
|
pr_deemphasize "$line"
|
||||||
@ -4504,7 +4513,7 @@ ciphers_by_strength() {
|
|||||||
elif "$wide" && "$proto_supported" || [[ $proto != -ssl2 ]]; then
|
elif "$wide" && "$proto_supported" || [[ $proto != -ssl2 ]]; then
|
||||||
outln
|
outln
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cipher=""
|
cipher=""
|
||||||
for (( i=0 ; i<nr_ciphers; i++ )); do
|
for (( i=0 ; i<nr_ciphers; i++ )); do
|
||||||
if "${ciphers_found[i]}"; then
|
if "${ciphers_found[i]}"; then
|
||||||
@ -6805,7 +6814,6 @@ run_server_preference() {
|
|||||||
else
|
else
|
||||||
ciphers_by_strength "-$proto_ossl" "$proto_hex" "$proto_txt" "$using_sockets" "true" "false"
|
ciphers_by_strength "-$proto_ossl" "$proto_hex" "$proto_txt" "$using_sockets" "true" "false"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
else
|
else
|
||||||
cipher_pref_check "$proto_ossl" "$proto_hex" "$proto_txt" "$using_sockets" "true"
|
cipher_pref_check "$proto_ossl" "$proto_hex" "$proto_txt" "$using_sockets" "true"
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user