forgot to save work, followup to 4433345b16 , #120, #589

This commit is contained in:
Dirk 2017-01-18 16:23:18 +01:00
parent 4433345b16
commit 8bf7b6b31b
1 changed files with 10 additions and 4 deletions

View File

@ -9619,9 +9619,9 @@ run_logjam() {
[[ "${dh_p:0:2}" == "00" ]] && dh_p="${dh_p:2}" [[ "${dh_p:0:2}" == "00" ]] && dh_p="${dh_p:2}"
debugme outln "dh_p: $dh_p" debugme outln "dh_p: $dh_p"
echo "$dh_p" > $TEMPDIR/dh_p.txt echo "$dh_p" > $TEMPDIR/dh_p.txt
common_primes_test $dh_p common_primes_test $dh_p "$spaces"
else else
outln " no DH key detected" out " no DH key detected"
fileout "LOGJAM_common primes" "OK" "no DH key detected" fileout "LOGJAM_common primes" "OK" "no DH key detected"
fi fi
outln outln
@ -9631,13 +9631,15 @@ run_logjam() {
} }
# takes one arg and compares against a predefined set in $TESTSSL_INSTALL_DIR # takes one arg and compares against a predefined set in $TESTSSL_INSTALL_DIR
# spaces to indent
common_primes_test() { common_primes_test() {
local common_primes_file="$TESTSSL_INSTALL_DIR/etc/common-primes.txt" local common_primes_file="$TESTSSL_INSTALL_DIR/etc/common-primes.txt"
local -i lineno_matched=0 local -i lineno_matched=0
local comment="" local comment=""
if [[ ! -s "$common_primes_file" ]]; then if [[ ! -s "$common_primes_file" ]]; then
pr_warningln "couldn't read common primes file $common_primes_file" outln
pr_warning "${2}couldn't read common primes file $common_primes_file"
fileout "LOGJAM_common primes" "WARN" "couldn't read common primes file $common_primes_file" fileout "LOGJAM_common primes" "WARN" "couldn't read common primes file $common_primes_file"
return 1 return 1
else else
@ -9671,7 +9673,7 @@ run_drown() {
outln outln
fi fi
# if we want to use OPENSSL: check for < openssl 1.0.2g, openssl 1.0.1s if native openssl # if we want to use OPENSSL: check for < openssl 1.0.2g, openssl 1.0.1s if native openssl
pr_bold " DROWN"; out " ($cve) " pr_bold " DROWN"; out " ($cve) "
sslv2_sockets sslv2_sockets
case $? in case $? in
@ -9715,7 +9717,11 @@ run_drown() {
# not advertising it as it after 5 tries and account is needed # not advertising it as it after 5 tries and account is needed
cert_fingerprint_sha2=${cert_fingerprint_sha2/SHA256 /} cert_fingerprint_sha2=${cert_fingerprint_sha2/SHA256 /}
outln "$spaces https://censys.io/ipv4?q=$cert_fingerprint_sha2 could help you to find out" outln "$spaces https://censys.io/ipv4?q=$cert_fingerprint_sha2 could help you to find out"
fileout "drown" "INFO" "make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=$cert_fingerprint_sha2"
fi fi
else
outln "$spaces no RSA certificate, thus certificate can't be used with SSLv2 elsewhere"
fileout "drown" "INFO" "no RSA certificate, thus certificate can't be used with SSLv2 elsewhere"
fi fi
ret=0 ret=0
;; ;;