Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-04-13 04:56:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2652 from testssl/address_addCA_issue_3.0

Browse Source 
Address CA file parsing problem
This commit is contained in:
Dirk Wetter 2025-02-07 12:28:47 +01:00 committed by GitHub
commit 5d2d9f2c00
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -54,7 +54,7 @@
* Renegotiation checks improved, also no false positive for Node.js anymore * Renegotiation checks improved, also no false positive for Node.js anymore
* Major update of client simulations with self-collected up-to-date data * Major update of client simulations with self-collected up-to-date data
* Update of CA certificate stores * Update of CA certificate stores
* Lots of bug fixes * Lots of bug and security fixes
* More travis/CI checks -- still place for improvements * More travis/CI checks -- still place for improvements
* Man page reviewed * Man page reviewed

9
testssl.sh
View File

@ -19681,10 +19681,10 @@ debug_globals() {
# arg2: value (if no = provided) # arg2: value (if no = provided)
parse_opt_equal_sign() { parse_opt_equal_sign() {
if [[ "$1" == *=* ]]; then if [[ "$1" == *=* ]]; then
echo ${1#*=} safe_echo "${1#*=}"
return 1 # = means we don't need to shift args! return 1 # = means we don't need to shift args!
else else
echo "$2" safe_echo "$2"
return 0 # we need to shift return 0 # we need to shift
fi fi
} }
@ -20254,8 +20254,11 @@ parse_cmd_line() {
[[ $CMDLINE_IP == one ]] && ( is_ipv4addr "$URI" || is_ipv6addr "$URI" ) && fatal "\"--ip=one\" plus supplying an IP address doesn't work" $ERR_CMDLINE [[ $CMDLINE_IP == one ]] && ( is_ipv4addr "$URI" || is_ipv6addr "$URI" ) && fatal "\"--ip=one\" plus supplying an IP address doesn't work" $ERR_CMDLINE
"$do_mx_all_ips" && [[ "$NODNS" == none ]] && fatal "\"--mx\" and \"--nodns=none\" don't work together" $ERR_CMDLINE "$do_mx_all_ips" && [[ "$NODNS" == none ]] && fatal "\"--mx\" and \"--nodns=none\" don't work together" $ERR_CMDLINE
if [[ "${ADDITIONAL_CA_FILES}" =~ \ ]]; then
fatal "The CA file \"${ADDITIONAL_CA_FILES}\" must not contain spaces" $ERR_RESOURCE
fi
ADDITIONAL_CA_FILES="${ADDITIONAL_CA_FILES//,/ }" ADDITIONAL_CA_FILES="${ADDITIONAL_CA_FILES//,/ }"
for fname in $ADDITIONAL_CA_FILES; do for fname in ${ADDITIONAL_CA_FILES}; do
[[ -s "$fname" ]] || fatal "CA file \"$fname\" does not exist" $ERR_RESOURCE [[ -s "$fname" ]] || fatal "CA file \"$fname\" does not exist" $ERR_RESOURCE
grep -q "BEGIN CERTIFICATE" "$fname" || fatal "\"$fname\" is not CA file in PEM format" $ERR_RESOURCE grep -q "BEGIN CERTIFICATE" "$fname" || fatal "\"$fname\" is not CA file in PEM format" $ERR_RESOURCE
done done