Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-02 18:18:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update testssl.sh

Browse Source 
Modified grading for incomplete chain
This commit is contained in:
secinto
2025-06-13 10:54:13 +02:00
committed by GitHub
parent b6a951d40a
commit 529a373b2e
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
testssl.sh
View File

@ -7814,7 +7814,11 @@ determine_trust() {
out "$code"
fi
fileout "${jsonID}${json_postfix}" "CRITICAL" "failed $code. $addtl_warning"
set_grade_cap "T" "Issues with the chain of trust $code"
if [[ "$code" =~ "chain incomplete" ]]; then
set_grade_cap "B" "Issues with chain of trust $code"
else
set_grade_cap "T" "Issues with chain of trust $code"
fi
else
# alt least one ok and other(s) not ==> display the culprit store(s)
if "$some_ok"; then
@ -7834,9 +7838,14 @@ determine_trust() {
if ! [[ ${certificate_file[i]} =~ Java ]]; then
# Exemption for Java AND rating, as this store doesn't seem to be as complete.
# We won't penalize this but we still need to raise a red flag. See #1648
# set_grade_cap "T" "Issues with chain of trust $code"
if [[ "$code" =~ "chain incomplete" ]]; then
set_grade_cap "B" "Issues with chain of trust $code"
else
set_grade_cap "T" "Issues with chain of trust $code"
fi
fi
fi
done
outln
# lf + green ones