HOSTCERT_TXT populated, certificate end+startdate in JSON
HOSTCERT_TXT is now generated each time a HOSTCERT is written. For now it is just being used in ``read_sigalg_from_file()``. More to come. Also in JSON output the start date and end date of the certificate are now in separate objects. (the time format could need some polishing though).
This commit is contained in:
parent
c1d75f65ce
commit
88cd5528e7
17
testssl.sh
17
testssl.sh
|
@ -4981,7 +4981,10 @@ read_dhtype_from_file() {
|
|||
|
||||
# arg1: certificate file
|
||||
read_sigalg_from_file() {
|
||||
$OPENSSL x509 -noout -text -in "$1" 2>/dev/null | awk -F':' '/Signature Algorithm/ { print $2; exit; }'
|
||||
local hostcert_txt="${1//pem/txt}"
|
||||
|
||||
[[ -r "$hostcert_txt" ]] || $OPENSSL x509 -noout -text -in "$1" 2>/dev/null >$hostcert_txt
|
||||
awk -F':' '/Signature Algorithm/ { print $2; exit; }' < $hostcert_txt
|
||||
}
|
||||
|
||||
|
||||
|
@ -5694,6 +5697,7 @@ get_host_cert() {
|
|||
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $1") 2>/dev/null </dev/null >$tmpvar
|
||||
if sclient_connect_successful $? $tmpvar; then
|
||||
awk '/-----BEGIN/,/-----END/ { print $0 }' $tmpvar >$HOSTCERT
|
||||
$OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE >$HOSTCERT_TXT
|
||||
return 0
|
||||
else
|
||||
if [[ -z "$1" ]]; then
|
||||
|
@ -6019,6 +6023,7 @@ extract_certificates() {
|
|||
else
|
||||
success=0
|
||||
mv level0.crt $HOSTCERT
|
||||
$OPENSSL x509 -in "$HOSTCERT" -noout -text 2>>$ERRFILE >$HOSTCERT_TXT
|
||||
if [[ $nrsaved -eq 1 ]]; then
|
||||
echo "" > $TEMPDIR/intermediatecerts.pem
|
||||
else
|
||||
|
@ -6281,7 +6286,7 @@ must_staple() {
|
|||
fileout "${jsonID}${json_postfix}" "OK" "supported"
|
||||
else
|
||||
prln_svrty_high "requires OCSP stapling (NOT ok)"
|
||||
fileout "${jsonID}${json_postfix}" "HIGH" "must staple extension detected but no OCSP stapling provided"
|
||||
fileout "${jsonID}${json_postfix}" "HIGH" "extension detected but no OCSP stapling provided"
|
||||
fi
|
||||
else
|
||||
outln "no"
|
||||
|
@ -6962,7 +6967,8 @@ certificate_info() {
|
|||
fi
|
||||
outln " ($startdate --> $enddate)"
|
||||
fileout "cert_expiration_status${json_postfix}" "$expok" "$expfinding"
|
||||
fileout "cert_expiration_startend${json_postfix}" "$expok" "$startdate --> $enddate"
|
||||
fileout "cert_expiration_start${json_postfix}" "$expok" "$startdate"
|
||||
fileout "cert_expiration_end${json_postfix}" "$expok" "$enddate"
|
||||
|
||||
certificates_provided=1+$(grep -c "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TEMPDIR/intermediatecerts.pem)
|
||||
out "$indent"; pr_bold " # of certificates provided"; outln " $certificates_provided"
|
||||
|
@ -8596,6 +8602,7 @@ parse_sslv2_serverhello() {
|
|||
|
||||
"$parse_complete" || return $ret
|
||||
|
||||
# not sure why we need this
|
||||
rm -f $HOSTCERT $TEMPDIR/intermediatecerts.pem
|
||||
if [[ $ret -eq 3 ]]; then
|
||||
certificate_len=2*$(hex2dec "$v2_hello_cert_length")
|
||||
|
@ -8627,7 +8634,7 @@ parse_sslv2_serverhello() {
|
|||
|
||||
# arg1: hash function
|
||||
# arg2: key
|
||||
# arg3: text
|
||||
# arg3: text
|
||||
hmac() {
|
||||
local hash_fn="$1"
|
||||
local key="$2" text="$3" output
|
||||
|
@ -10064,7 +10071,6 @@ parse_tls_serverhello() {
|
|||
tmpfile_handle $FUNCNAME.txt
|
||||
return 1
|
||||
fi
|
||||
|
||||
for (( j=8; j < tls_certificate_ascii_len; j=j+extn_len )); do
|
||||
if [[ $tls_certificate_ascii_len-$j -lt 6 ]]; then
|
||||
debugme tmln_warning "Malformed Certificate Handshake message in ServerHello."
|
||||
|
@ -10243,6 +10249,7 @@ parse_tls_serverhello() {
|
|||
|
||||
# Now parse the Certificate message.
|
||||
if [[ "$process_full" == "all" ]]; then
|
||||
# not sure why we need this
|
||||
[[ -e "$HOSTCERT" ]] && rm "$HOSTCERT"
|
||||
[[ -e "$TEMPDIR/intermediatecerts.pem" ]] && rm "$TEMPDIR/intermediatecerts.pem"
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue