Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-30 12:21:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '3.2' into links

Browse Source
This commit is contained in:
Dirk Wetter 2025-01-06 15:41:16 +01:00 committed by GitHub
commit 5f4ca15e57
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/docker-3.2.yml vendored
View File

@ -48,7 +48,7 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push - name: Build and push
uses: docker/build-push-action@v6.9.0 uses: docker/build-push-action@v6.10.0
with: with:
push: ${{ github.event_name != 'pull_request' }} push: ${{ github.event_name != 'pull_request' }}
context: . context: .

4
Readme.md
View File

@ -1,12 +1,12 @@
## Intro ## Intro
<!-- [![Travis CI Status](https://img.shields.io/travis/testssl/testssl.sh)](https://travis-ci.org/drwetter/testssl.sh) --> [![CI tests](https://github.com/testssl/testssl.sh/actions/workflows/unit_tests.yml/badge.svg)](https://github.com/testssl/testssl.sh/actions/workflows/unit_tests.yml)
[![Build Status](https://github.com/testssl/testssl.sh/actions/workflows/test.yml/badge.svg)](https://github.com/testssl/testssl.sh/actions/workflows/test.yml)
[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/testssl/testssl.sh?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/testssl/testssl.sh?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
[![License](https://img.shields.io/github/license/testssl/testssl.sh)](https://github.com/testssl/testssl.sh/LICENSE) [![License](https://img.shields.io/github/license/testssl/testssl.sh)](https://github.com/testssl/testssl.sh/LICENSE)
[![Docker](https://img.shields.io/docker/pulls/testssl/testssl.sh)](https://github.com/testssl/testssl.sh/blob/3.2/Dockerfile.md) [![Docker](https://img.shields.io/docker/pulls/testssl/testssl.sh)](https://github.com/testssl/testssl.sh/blob/3.2/Dockerfile.md)
`testssl.sh` is a free command line tool which checks a server's service on `testssl.sh` is a free command line tool which checks a server's service on
any port for the support of TLS/SSL ciphers, protocols as well as some any port for the support of TLS/SSL ciphers, protocols as well as some
cryptographic flaws. cryptographic flaws.

10
testssl.sh
View File

@ -1371,13 +1371,17 @@ fileout_insert_warning() {
[[ "$CMDLINE=" =~ -iL ]] && return 0 [[ "$CMDLINE=" =~ -iL ]] && return 0
# Note we still have the message on screen + in HTML which is not as optimal as it could be # Note we still have the message on screen + in HTML which is not as optimal as it could be
if "$do_pretty_json" && "$JSONHEADER"; then # See #2599. The "clientProblem" wrapper should only be added if fileout_insert_warning()
# is called before fileout_banner(). The only instance in which this function is called
# after fileout_banner() is in the case of a TLS 1.3 only server when $OPENSSL does not
# support TLS 1.3.
if "$do_pretty_json" && "$JSONHEADER" && ! "$TLS13_ONLY"; then
echo -e " \"clientProblem${CLIENT_PROB_NO}\" : [" >>"$JSONFILE" echo -e " \"clientProblem${CLIENT_PROB_NO}\" : [" >>"$JSONFILE"
CLIENT_PROB_NO=$((CLIENT_PROB_NO + 1)) CLIENT_PROB_NO=$((CLIENT_PROB_NO + 1))
FIRST_FINDING=true # make sure we don't have a comma here FIRST_FINDING=true # make sure we don't have a comma here
fi fi
fileout "$1" "$2" "$3" fileout "$1" "$2" "$3"
if "$do_pretty_json"; then if "$do_pretty_json" && ! "$TLS13_ONLY"; then
if "$JSONHEADER"; then if "$JSONHEADER"; then
echo -e "\n ]," >>"$JSONFILE" echo -e "\n ]," >>"$JSONFILE"
else else
@ -17189,7 +17193,7 @@ run_renego() {
sec_client_renego=1 sec_client_renego=1
else else
# second try in the foreground as we are sure now it won't hang # second try in the foreground as we are sure now it won't hang
echo R | $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE (echo R; sleep 1) | $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE
sec_client_renego=$? sec_client_renego=$?
# 0 means client is renegotiating & doesn't return an error --> vuln! # 0 means client is renegotiating & doesn't return an error --> vuln!
# 1 means client tried to renegotiating but the server side errored then. You still see RENEGOTIATING in the output # 1 means client tried to renegotiating but the server side errored then. You still see RENEGOTIATING in the output