mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-07 17:20:57 +01:00
Merge branch 'fix_issue_276' of https://github.com/dcooper16/testssl.sh into fix_issue_276
This commit is contained in:
commit
5f120f8021
16
testssl.sh
16
testssl.sh
@ -3161,7 +3161,7 @@ compare_server_name_to_cert()
|
|||||||
{
|
{
|
||||||
local servername=$1
|
local servername=$1
|
||||||
local cert=$2
|
local cert=$2
|
||||||
local cn sans san basename
|
local cn dns_sans ip_sans san basename
|
||||||
|
|
||||||
cn="$(get_cn_from_cert $cert)"
|
cn="$(get_cn_from_cert $cert)"
|
||||||
if [[ -n "$cn" ]]; then
|
if [[ -n "$cn" ]]; then
|
||||||
@ -3173,9 +3173,10 @@ compare_server_name_to_cert()
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
sans=$($OPENSSL x509 -in $cert -noout -text 2>>$ERRFILE | grep -A3 "Subject Alternative Name" | grep "DNS:" | \
|
# Check whether any of the DNS names in the certificate match the servername
|
||||||
sed -e 's/DNS://g' -e 's/ //g' -e 's/,/ /g' -e 's/othername:<unsupported>//g')
|
dns_sans=$($OPENSSL x509 -in $cert -noout -text 2>>$ERRFILE | grep -A3 "Subject Alternative Name" | \
|
||||||
for san in $sans; do
|
sed -e 's/,/\n/g' | grep "DNS:" | sed -e 's/DNS://g' -e 's/ //g')
|
||||||
|
for san in $dns_sans; do
|
||||||
[[ "$san" == "$servername" ]] && return 0
|
[[ "$san" == "$servername" ]] && return 0
|
||||||
# If $san is a wildcard name, then do a wildcard match
|
# If $san is a wildcard name, then do a wildcard match
|
||||||
if echo -n "$san" | grep -q '^*.'; then
|
if echo -n "$san" | grep -q '^*.'; then
|
||||||
@ -3183,6 +3184,13 @@ compare_server_name_to_cert()
|
|||||||
[[ "$san" == "*.$basename" ]] && [[ "$servername" == *".$basename" ]] && return 0
|
[[ "$san" == "*.$basename" ]] && [[ "$servername" == *".$basename" ]] && return 0
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# Check whether any of the IP addresses in the certificate match the serername
|
||||||
|
ip_sans=$($OPENSSL x509 -in $cert -noout -text 2>>$ERRFILE | grep -A3 "Subject Alternative Name" | \
|
||||||
|
sed -e 's/,/\n/g' | grep "IP Address:" | sed -e 's/IP Address://g' -e 's/ //g')
|
||||||
|
for san in $ip_sans; do
|
||||||
|
[[ "$san" == "$servername" ]] && return 0
|
||||||
|
done
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user