From 70b1ee643ff3e6308c3cd4a9a80e89b1e9775db6 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Tue, 12 Apr 2022 14:01:02 -0400 Subject: [PATCH] Fix #2147 This commit fixes #2147 by having awk search for additional possible strings to start the CRL Distribution Points output. Unless the CRLDP extension is malformed, it will begin with "Full Name", "Relative Name", "Reasons", or "CRL Issuer". --- testssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index b5a279b..0102060 100755 --- a/testssl.sh +++ b/testssl.sh @@ -9455,7 +9455,7 @@ certificate_info() { out "$indent"; pr_bold " Certificate Revocation List " jsonID="cert_crlDistributionPoints" # ~ get next 50 lines after pattern , strip until Signature Algorithm and retrieve URIs - crl="$(awk '/X509v3 CRL Distribution/{i=50} i&&i--' <<< "$cert_txt" | awk '/^$/,/^ [a-zA-Z0-9]+|^ Signature Algorithm:/' | awk -F'URI:' '/URI/ { print $2 }')" + crl="$(awk '/X509v3 CRL Distribution/{i=50} i&&i--' <<< "$cert_txt" | awk '/^$|^.*Name.*$|^.*Reasons.*$|^.*CRL Issuer.*$/,/^ [a-zA-Z0-9]+|^ Signature Algorithm:/' | awk -F'URI:' '/URI/ { print $2 }')" if [[ -z "$crl" ]] ; then fileout "${jsonID}${json_postfix}" "INFO" "--" outln "--"