Fix getting CRL

OpenSSL 3.X pretty prints certificates in a slightly different way than previous versions, and this breaks the code for getting the URIs from the CRLDP extension. This commit fixes the issue by having awk search for additional possible strings to start the CRL Distribution Points output. Unless the CRLDP extension is malformed, it will begin with "Full Name", "Relative Name", "Reasons", or "CRL Issuer".
2025-01-05 16:29:45 +01:00 · 2022-04-14 08:31:57 -04:00 · 2022-04-14 08:31:57 -04:00 · 6e6b8731c9
commit 6e6b8731c9
parent a47bc2097e
1 changed files with 1 additions and 1 deletions
--- a/testssl.sh
+++ b/testssl.sh
@ -8947,7 +8947,7 @@ certificate_info() {
     out "$indent"; pr_bold " Certificate Revocation List  "
     jsonID="cert_crlDistributionPoints"
     # ~ get next 50 lines after pattern , strip until Signature Algorithm and retrieve URIs
-     crl="$(awk '/X509v3 CRL Distribution/{i=50} i&&i--' <<< "$cert_txt" | awk '/^$/,/^            [a-zA-Z0-9]+|^    Signature Algorithm:/' | awk -F'URI:' '/URI/ { print $2 }')"
+     crl="$(awk '/X509v3 CRL Distribution/{i=50} i&&i--' <<< "$cert_txt" | awk '/^$|^.*Name.*$|^.*Reasons.*$|^.*CRL Issuer.*$/,/^            [a-zA-Z0-9]+|^    Signature Algorithm:/' | awk -F'URI:' '/URI/ { print $2 }')"
     if [[ -z "$crl" ]] ; then
          fileout "${jsonID}${json_postfix}" "INFO" "--"
          outln "--"