adding Referrer-Policy header (FIX #604)

introduced get_san_dns_from_cert()

added two stub function get_session_ticket_lifetime_from_serverhello
This commit is contained in:
Dirk 2017-03-31 17:04:04 +02:00
parent 75c794546d
commit 6b601e22c7
1 changed files with 16 additions and 3 deletions

View File

@ -2284,7 +2284,7 @@ run_cookie_flags() { # ARG1: Path
run_more_flags() {
local good_flags2test="X-Frame-Options X-XSS-Protection X-Content-Type-Options Content-Security-Policy X-Content-Security-Policy X-WebKit-CSP Content-Security-Policy-Report-Only"
local other_flags2test="Access-Control-Allow-Origin Upgrade X-Served-By X-UA-Compatible"
local other_flags2test="Access-Control-Allow-Origin Upgrade X-Served-By X-UA-Compatible Referrer-Policy"
local f2t
local first=true
local spaces=" "
@ -5477,7 +5477,7 @@ compare_server_name_to_cert()
# If the CN contains any characters that are not valid for a DNS name,
# then assume it does not contain a DNS name.
[[ -n $(echo -n "$cn" | sed 's/^[\.a-zA-Z0-9*\-]*//') ]] && return $ret
[[ -n $(sed 's/^[\.a-zA-Z0-9*\-]*//' <<< "$cn") ]] && return $ret
# Check whether the CN in the certificate matches the servername
[[ $(toupper "$cn") == "$servername" ]] && ret+=4 && return $ret
@ -6241,7 +6241,7 @@ run_server_defaults() {
if ! "$match_found"; then
certs_found=$(($certs_found + 1))
cipher[certs_found]=${ciphers_to_test[n]}
keysize[certs_found]=$(grep -aw "^Server public key is" $TMPFILE | sed -e 's/^Server public key is //' -e 's/bit//' -e 's/ //')
keysize[certs_found]=$(awk '/Server public key/ { print $(NF-1) }' $TMPFILE)
ocsp_response[certs_found]=$(grep -aA 20 "OCSP response" $TMPFILE)
ocsp_response_status[certs_found]=$(grep -a "OCSP Response Status" $TMPFILE)
previous_hostcert[certs_found]=$newhostcert
@ -6315,6 +6315,19 @@ run_server_defaults() {
done
}
get_session_ticket_lifetime_from_serverhello() {
awk '/session ticket.*lifetime/ { print $(NF-1) "$1" }'
}
get_san_dns_from_cert() {
toupper "$($OPENSSL x509 -in "$1" -noout -text 2>>$ERRFILE | \
grep -A2 "Subject Alternative Name" | tr ',' '\n' | grep "DNS:" | \
sed -e 's/DNS://g' -e 's/ //g' | tr '\n' ' ')"
}
run_pfs() {
local -i sclient_success
local pfs_offered=false ecdhe_offered=false ffdhe_offered=false