mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-07 17:20:57 +01:00
- fix key problem hpkp
This commit is contained in:
parent
7846fc5fef
commit
71b4c03202
15
testssl.sh
15
testssl.sh
@ -985,10 +985,13 @@ run_hpkp() {
|
|||||||
fileout "hpkp_preload" "INFO" "HPKP header is NOT marked for browser preloading"
|
fileout "hpkp_preload" "INFO" "HPKP header is NOT marked for browser preloading"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
[[ -s "$HOSTCERT" ]] || get_host_cert
|
if [[ ! -s "$HOSTCERT" ]]; then
|
||||||
# get the key fingerprints
|
get_host_cert || return 1
|
||||||
|
fi
|
||||||
|
# get the key fingerprint from the host certificate
|
||||||
hpkp_key_hostcert="$($OPENSSL x509 -in $HOSTCERT -pubkey -noout | grep -v PUBLIC | \
|
hpkp_key_hostcert="$($OPENSSL x509 -in $HOSTCERT -pubkey -noout | grep -v PUBLIC | \
|
||||||
$OPENSSL base64 -d | $OPENSSL dgst -sha256 -binary | $OPENSSL base64)"
|
$OPENSSL base64 -d | $OPENSSL dgst -sha256 -binary | $OPENSSL base64)"
|
||||||
|
# compare it with the ones provided in the header
|
||||||
while read hpkp_key; do
|
while read hpkp_key; do
|
||||||
if [[ "$hpkp_key_hostcert" == "$hpkp_key" ]] || [[ "$hpkp_key_hostcert" == "$hpkp_key=" ]]; then
|
if [[ "$hpkp_key_hostcert" == "$hpkp_key" ]] || [[ "$hpkp_key_hostcert" == "$hpkp_key=" ]]; then
|
||||||
out "\n$spaces matching host key: "
|
out "\n$spaces matching host key: "
|
||||||
@ -2626,14 +2629,16 @@ cipher_pref_check() {
|
|||||||
get_host_cert() {
|
get_host_cert() {
|
||||||
local tmpvar=$TEMPDIR/$FUNCNAME.txt # change later to $TMPFILE
|
local tmpvar=$TEMPDIR/$FUNCNAME.txt # change later to $TMPFILE
|
||||||
|
|
||||||
$OPENSSL s_client $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $1 2>/dev/null </dev/null >$tmpdir
|
$OPENSSL s_client $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $1 2>/dev/null </dev/null >$tmpvar
|
||||||
if sclient_connect_successful $? $tmpvar; then
|
if sclient_connect_successful $? $tmpvar; then
|
||||||
awk '/-----BEGIN/,/-----END/ { print $0 }' $tmpvar >$HOSTCERT
|
awk '/-----BEGIN/,/-----END/ { print $0 }' $tmpvar >$HOSTCERT
|
||||||
|
return 0
|
||||||
else
|
else
|
||||||
|
pr_litemagentaln "could not retrieve host certificate!"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
tmpfile_handle $FUNCNAME.txt
|
#tmpfile_handle $FUNCNAME.txt
|
||||||
# return $((${PIPESTATUS[0]} + ${PIPESTATUS[1]}))
|
#return $((${PIPESTATUS[0]} + ${PIPESTATUS[1]}))
|
||||||
}
|
}
|
||||||
|
|
||||||
verify_retcode_helper() {
|
verify_retcode_helper() {
|
||||||
|
Loading…
Reference in New Issue
Block a user