Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

merged #416

Browse Source
This commit is contained in:
Dirk Wetter 2016-07-20 17:38:55 +02:00
parent b342db6b38
commit 6e5c2a824e
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
testssl.sh
View File

@ -3839,7 +3839,8 @@ certificate_info() {
local ocsp_response=$5 local ocsp_response=$5
local ocsp_response_status=$6 local ocsp_response_status=$6
local cert_sig_algo cert_sig_hash_algo cert_key_algo local cert_sig_algo cert_sig_hash_algo cert_key_algo
local expire days2expire secs2warn ocsp_uri crl startdate enddate issuer_CN issuer_C issuer_O issuer sans san cn cn_nosni local expire days2expire secs2warn ocsp_uri crl startdate enddate issuer_CN issuer_C issuer_O issuer sans san cn
local cn_nosni=""
local cert_fingerprint_sha1 cert_fingerprint_sha2 cert_fingerprint_serial local cert_fingerprint_sha1 cert_fingerprint_sha2 cert_fingerprint_serial
local policy_oid local policy_oid
local spaces="" local spaces=""
@ -4079,8 +4080,10 @@ certificate_info() {
# no cipher suites specified here. We just want the default vhost subject # no cipher suites specified here. We just want the default vhost subject
$OPENSSL s_client $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $OPTIMAL_PROTO 2>>$ERRFILE </dev/null | awk '/-----BEGIN/,/-----END/ { print $0 }' >$HOSTCERT.nosni $OPENSSL s_client $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $OPTIMAL_PROTO 2>>$ERRFILE </dev/null | awk '/-----BEGIN/,/-----END/ { print $0 }' >$HOSTCERT.nosni
cn_nosni="$(get_cn_from_cert "$HOSTCERT.nosni")" if grep -q "\-\-\-\-\-BEGIN" "$HOSTCERT.nosni"; then
[[ -z "$cn_nosni" ]] && cn_nosni="no CN field in subject" cn_nosni="$(get_cn_from_cert "$HOSTCERT.nosni")"
[[ -z "$cn_nosni" ]] && cn_nosni="no CN field in subject"
fi
#FIXME: check for SSLv3/v2 and look whether it goes to a different CN (probably not polite) #FIXME: check for SSLv3/v2 and look whether it goes to a different CN (probably not polite)
@ -8335,4 +8338,4 @@ fi
exit $? exit $?
# $Id: testssl.sh,v 1.526 2016/07/16 18:48:55 dirkw Exp $ # $Id: testssl.sh,v 1.527 2016/07/20 15:36:50 dirkw Exp $