Implement warning for wildcard match

fixes #2122
2024-12-29 04:49:44 +01:00 · 2023-11-10 15:37:13 +01:00 · 2023-11-10 15:37:13 +01:00 · 81ba1fe818
commit 81ba1fe818
parent f59f3bd64b
1 changed files with 8 additions and 0 deletions
--- a/testssl.sh
+++ b/testssl.sh
@ -9491,6 +9491,14 @@ certificate_info() {

     fileout "cert_trust${json_postfix}" "$trust_sni_finding" "${trustfinding}${trustfinding_nosni}"

+     if [[ "$trust_sni" =~ ^(2|6|8|9|10)$ ]] || [[ "$trust_nosni" =~ ^(2|6|8|9|10)$ ]]; then
+          out "${spaces}"
+          pr_svrty_low "wildcard certificate" ; outln " could be problematic, see other hosts at"
+          outln "${spaces}https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=$cert_fingerprint_sha2"
+          fileout "cert_trust${json_postfix}_wildcard" "LOW" "trust is via wildcard"
+     fi
+
+
     out "$indent"; pr_bold " Chain of trust"; out "               "
     jsonID="cert_chain_of_trust"
     # Looks for CA's that have their trust removed by the first part of their Organization Name, add multiple with ^(TrustCor Systems|WoSign) etc.