Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-19 15:09:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX for missing CN (e.g. cloudflare)

Browse Source
This commit is contained in:
Dirk Wetter 2015-08-10 15:17:42 +02:00
parent e6f0f79157
commit 72aa8add5c
1 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
testssl.sh
View File

@ -1753,13 +1753,23 @@ run_server_defaults() {
outln " $($OPENSSL x509 -noout -in $HOSTCERT -fingerprint -sha256 | sed 's/Fingerprint=//' | sed 's/://g' )" outln " $($OPENSSL x509 -noout -in $HOSTCERT -fingerprint -sha256 | sed 's/Fingerprint=//' | sed 's/://g' )"
pr_bold " Common Name (CN) " pr_bold " Common Name (CN) "
if $OPENSSL x509 -in $HOSTCERT -noout -subject | grep -wq CN; then
cn=$($OPENSSL x509 -in $HOSTCERT -noout -subject | sed 's/subject= //' | sed -e 's/^.*CN=//' -e 's/\/emailAdd.*//') cn=$($OPENSSL x509 -in $HOSTCERT -noout -subject | sed 's/subject= //' | sed -e 's/^.*CN=//' -e 's/\/emailAdd.*//')
pr_underline "$cn" pr_underline "$cn"
else
cn="(no CN field in subject)"
out "$cn"
fi
cn_nosni="" cn_nosni=""
[[ -s $HOSTCERT.nosni ]] && \ if [[ -s $HOSTCERT.nosni ]] ; then
if $OPENSSL x509 -in $HOSTCERT.nosni -noout -subject | grep -wq CN; then
cn_nosni=$($OPENSSL x509 -in $HOSTCERT.nosni -noout -subject | sed 's/subject= //' | sed -e 's/^.*CN=//' -e 's/\/emailAdd.*//') cn_nosni=$($OPENSSL x509 -in $HOSTCERT.nosni -noout -subject | sed 's/subject= //' | sed -e 's/^.*CN=//' -e 's/\/emailAdd.*//')
[[ $DEBUG -ge 2 ]] && out "\'$NODE\' | \'$cn\' | \'$cn_nosni\'" else
cn_nosni="no CN field in subject"
fi
fi
debugme out "\'$NODE\' | \'$cn\' | \'$cn_nosni\'"
if [[ $NODE == $cn_nosni ]]; then if [[ $NODE == $cn_nosni ]]; then
if [[ $SERVICE != "HTTP" ]]; then if [[ $SERVICE != "HTTP" ]]; then
outln " (matches certificate directly)" outln " (matches certificate directly)"
@ -1773,6 +1783,8 @@ run_server_defaults() {
out " (request w/o SNI didn't succeed"; out " (request w/o SNI didn't succeed";
[[ $algo =~ ecdsa ]] && out ", usual for EC certificates" [[ $algo =~ ecdsa ]] && out ", usual for EC certificates"
outln ")" outln ")"
elif [[ "$cn_nosni" =~ "no CN field" ]]; then
outln ", (request w/o SNI: $cn_nosni)"
else else
out " (CN in response to request w/o SNI: "; pr_underline "$cn_nosni"; outln ")" out " (CN in response to request w/o SNI: "; pr_underline "$cn_nosni"; outln ")"
fi fi
@ -4658,4 +4670,4 @@ fi
exit $ret exit $ret
# $Id: testssl.sh,v 1.338 2015/08/10 12:47:10 dirkw Exp $ # $Id: testssl.sh,v 1.339 2015/08/10 13:17:41 dirkw Exp $