From 699b48c8b81c9a554e67df5241b352ffb98c4d7e Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Thu, 4 May 2017 12:34:20 +0200
Subject: [PATCH] lowering severity and taking other clients as browsers into
 account #735

---
 testssl.sh | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 5a062a1..37b1ea3 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -5758,11 +5758,17 @@ certificate_info() {
           while read san; do
                [[ -n "$san" ]] && all_san+="$san "
           done <<< "$sans"
-          pr_italic "$(out_row_aligned_max_width "$all_san" "$indent                              " $TERM_WIDTH)"
+          prln_italic "$(out_row_aligned_max_width "$all_san" "$indent                              " $TERM_WIDTH)"
           fileout "${json_prefix}san" "INFO" "subjectAltName (SAN) : $all_san"
      else
-          prln_svrty_high "missing (NOT ok)"
-          fileout "${json_prefix}san" "HIGH" "subjectAltName (SAN) : --"
+          if [[ $SERVICE == "HTTP" ]]; then
+               # https://bugzilla.mozilla.org/show_bug.cgi?id=1245280, https://bugzilla.mozilla.org/show_bug.cgi?id=1245280
+               pr_svrty_medium "missing (NOT ok)"; outln " -- Browser will complain soon"
+               fileout "${json_prefix}san" "MEDIUM" "subjectAltName (SAN) : -- Browser will complain soon"
+          else
+               pr_svrty_low "missing"; outln " -- no SAN is deprecated"
+               fileout "${json_prefix}san" "LOW" "subjectAltName (SAN) : -- no SAN is deprecated"
+          fi
      fi
      out "$indent"; pr_bold " Issuer                       "
      #FIXME: oid would be better maybe (see above)