From 826ac435041e066c89de60e01563b62bb519bf1d Mon Sep 17 00:00:00 2001
From: Frank Breedijk <fbreedijk@schubergphilis.com>
Date: Mon, 21 Dec 2015 20:59:40 +0100
Subject: [PATCH] Redirect test that doesn't depend om JSON/CSV output

---
 CREDITS.md | 3 +++
 testssl.sh | 9 ++++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/CREDITS.md b/CREDITS.md
index 719817a..09aeb0b 100644
--- a/CREDITS.md
+++ b/CREDITS.md
@@ -66,6 +66,9 @@
 * Dmitri S
  - inspiration & help for Darwin port
 
+* Frank Breedijk
+ - Detection of insecure redirect
+
 * Bug reports:
   - Viktor Szépe, Olivier Paroz, Jan H. Terstegge, Lorenz Adena, Jonathon Rossi, Stefan Stidl
 
diff --git a/testssl.sh b/testssl.sh
index 8f08aea..1172cf9 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -643,7 +643,14 @@ run_http_header() {
 
      out "  $status_code$msg_thereafter" 
      case $status_code in
-          301|302|307|308)    out ", redirecting to \"$(grep -a '^Location' $HEADERFILE | sed 's/Location: //' | tr -d '\r\n')\"" ;;
+          301|302|307|308)    
+               out ", redirecting to \"$(grep -a '^Location' $HEADERFILE | sed 's/Location: //' | tr -d '\r\n')\"" 
+               if [[ ( $redirect == https* ) || ( $redirect == /* ) ]]; then
+                    # Ok
+               else
+                    pr_litered " -- Redirect to insecure url (NOT ok)"
+               fi
+               ;;
           200) ;;
           206) out " -- WTF?" ;;
           400) pr_litemagenta " (Hint: better try another URL)" ;;