Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 05:45:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix missing issuer CN

Browse Source 
This fixes a problem which was introduced @ 8d8f83ace5.
It caused for some hosts not to parse / display the issuer CN correctly.

Also it adds some code in testssl.sh and in a unit test to detect
this earlier. In general an output string FIXME will now cause a
unit test to fail. This can + should be used at other places too!

Fixes #2789
This commit is contained in:
Dirk Wetter
2025-06-10 22:54:11 +02:00
parent fbbf68857f
commit 61947405e0
2 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
t/10_baseline_ipv4_http.t
View File

@@ -26,8 +26,8 @@ my $openssl_json="";
# @args="$prg $check2run $uri >/dev/null"; # @args="$prg $check2run $uri >/dev/null";
# system("@args") == 0 # system("@args") == 0
# or die ("FAILED: \"@args\" "); # or die ("FAILED: \"@args\" ");
my $socket_errors='(e|E)rror|\.\/testssl\.sh: line |(f|F)atal|(c|C)ommand not found'; my $socket_errors='(e|E)rror|FIXME|\.\/testssl\.sh: line |(f|F)atal|(c|C)ommand not found';
my $openssl_errors='(e|E)rror|(f|F)atal|\.\/testssl\.sh: line |Oops|s_client connect problem|(c|C)ommand not found'; my $openssl_errors='(e|E)rror|FIXME|(f|F)atal|\.\/testssl\.sh: line |Oops|s_client connect problem|(c|C)ommand not found';
my $json_errors='(id".*:\s"scanProblem"|severity".*:\s"FATAL"|"Scan interrupted")'; my $json_errors='(id".*:\s"scanProblem"|severity".*:\s"FATAL"|"Scan interrupted")';

9
testssl.sh
View File

@@ -10121,9 +10121,12 @@ certificate_info() {
expok="OK" expok="OK"
fi fi
out " ($enddate). " out " ($enddate). "
# Match on Subject/Issuer plus next 3 lines # Match on Subject/Issuer plus next 4 lines, there should be the CN
cn="$(awk '/Subject:/{stop=NR+3}; NR<=stop' <<< "${intermediate_certs_txt[i]}" | awk -F= '/CN/ { print $NF }')" cn="$(awk '/Subject:/{stop=NR+4}; NR<=stop' <<< "${intermediate_certs_txt[i]}" | awk -F= '/CN/ { print $NF }')"
issuer_CN="$(awk '/Issuer:/{stop=NR+3}; NR<=stop' <<< "${intermediate_certs_txt[i]}" | awk -F= '/CN/ { print $NF }')" issuer_CN="$(awk '/Issuer:/{stop=NR+4}; NR<=stop' <<< "${intermediate_certs_txt[i]}" | awk -F= '/CN/ { print $NF }')"
# to catch errors like #2789 during unit test:
[[ -z "$cn" ]] && cn="FIXME: cn Error"
[[ -z "$issuer_CN" ]] && issuer_CN="FIXME: issuer_CN Error"
pr_italic "$(strip_leading_space "$cn")"; out " <-- "; prln_italic "$(strip_leading_space "$issuer_CN")" pr_italic "$(strip_leading_space "$cn")"; out " <-- "; prln_italic "$(strip_leading_space "$issuer_CN")"
fileout "intermediate_cert_notAfter <#${i}>${json_postfix}" "$expok" "$enddate" fileout "intermediate_cert_notAfter <#${i}>${json_postfix}" "$expok" "$enddate"
fileout "intermediate_cert_expiration <#${i}>${json_postfix}" "$expok" "$cn_finding" fileout "intermediate_cert_expiration <#${i}>${json_postfix}" "$expok" "$cn_finding"