Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 13:55:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2798 from secinto/3.2

Browse Source 
Modify grading for incomplete chain. 

suggested corrections will be done after merge
This commit is contained in:
Dirk Wetter
2025-06-23 18:41:00 +02:00
committed by GitHub
parent a209f92d4f 529a373b2e
commit 71f0f32cf5
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
testssl.sh
View File

@@ -7814,7 +7814,11 @@ determine_trust() {
out "$code" out "$code"
fi fi
fileout "${jsonID}${json_postfix}" "CRITICAL" "failed $code. $addtl_warning" fileout "${jsonID}${json_postfix}" "CRITICAL" "failed $code. $addtl_warning"
set_grade_cap "T" "Issues with the chain of trust $code" if [[ "$code" =~ "chain incomplete" ]]; then
set_grade_cap "B" "Issues with chain of trust $code"
else
set_grade_cap "T" "Issues with chain of trust $code"
fi
else else
# alt least one ok and other(s) not ==> display the culprit store(s) # alt least one ok and other(s) not ==> display the culprit store(s)
if "$some_ok"; then if "$some_ok"; then
@@ -7834,9 +7838,14 @@ determine_trust() {
if ! [[ ${certificate_file[i]} =~ Java ]]; then if ! [[ ${certificate_file[i]} =~ Java ]]; then
# Exemption for Java AND rating, as this store doesn't seem to be as complete. # Exemption for Java AND rating, as this store doesn't seem to be as complete.
# We won't penalize this but we still need to raise a red flag. See #1648 # We won't penalize this but we still need to raise a red flag. See #1648
# set_grade_cap "T" "Issues with chain of trust $code"
if [[ "$code" =~ "chain incomplete" ]]; then
set_grade_cap "B" "Issues with chain of trust $code"
else
set_grade_cap "T" "Issues with chain of trust $code" set_grade_cap "T" "Issues with chain of trust $code"
fi fi
fi fi
fi
done done
outln outln
# lf + green ones # lf + green ones