Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Squashed some double quotes for grep expressions

Browse Source 
... in favor of single quotes
This commit is contained in:
Dirk Wetter 2022-09-18 19:27:36 +02:00
parent 0e61b72197
commit 8c14a42180
1 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
testssl.sh
View File

@ -1938,7 +1938,7 @@ check_revocation_crl() {
fileout "$jsonID" "WARN" "conversion of CRL to PEM format failed" fileout "$jsonID" "WARN" "conversion of CRL to PEM format failed"
return 1 return 1
fi fi
if grep -qe "-----BEGIN CERTIFICATE-----" $TEMPDIR/intermediatecerts.pem; then if grep -qe '-----BEGIN CERTIFICATE-----' $TEMPDIR/intermediatecerts.pem; then
$OPENSSL verify -crl_check -CAfile <(cat $ADDTL_CA_FILES "$GOOD_CA_BUNDLE" "${tmpfile%%.crl}.pem") -untrusted $TEMPDIR/intermediatecerts.pem $HOSTCERT &> "${tmpfile%%.crl}.err" $OPENSSL verify -crl_check -CAfile <(cat $ADDTL_CA_FILES "$GOOD_CA_BUNDLE" "${tmpfile%%.crl}.pem") -untrusted $TEMPDIR/intermediatecerts.pem $HOSTCERT &> "${tmpfile%%.crl}.err"
else else
$OPENSSL verify -crl_check -CAfile <(cat $ADDTL_CA_FILES "$GOOD_CA_BUNDLE" "${tmpfile%%.crl}.pem") $HOSTCERT &> "${tmpfile%%.crl}.err" $OPENSSL verify -crl_check -CAfile <(cat $ADDTL_CA_FILES "$GOOD_CA_BUNDLE" "${tmpfile%%.crl}.pem") $HOSTCERT &> "${tmpfile%%.crl}.err"
@ -1988,7 +1988,7 @@ check_revocation_ocsp() {
fileout "$jsonID" "WARN" "Revocation not tested as openssl ocsp doesn't support a proxy" fileout "$jsonID" "WARN" "Revocation not tested as openssl ocsp doesn't support a proxy"
return 0 return 0
fi fi
grep -qe "-----BEGIN CERTIFICATE-----" $TEMPDIR/intermediatecerts.pem || return 0 grep -qe '-----BEGIN CERTIFICATE-----' $TEMPDIR/intermediatecerts.pem || return 0
tmpfile=$TEMPDIR/${NODE}-${NODEIP}.${uri##*\/} || exit $ERR_FCREATE tmpfile=$TEMPDIR/${NODE}-${NODEIP}.${uri##*\/} || exit $ERR_FCREATE
if [[ -n "$stapled_response" ]]; then if [[ -n "$stapled_response" ]]; then
hex2binary "$stapled_response" > "$TEMPDIR/stapled_ocsp_response.dd" hex2binary "$stapled_response" > "$TEMPDIR/stapled_ocsp_response.dd"
@ -3859,7 +3859,7 @@ run_cipher_match(){
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet) dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
kx[i]="${kx[i]} $dhlen" kx[i]="${kx[i]} $dhlen"
fi fi
"$SHOW_SIGALGO" && grep -qe "-----BEGIN CERTIFICATE-----" $TMPFILE && \ "$SHOW_SIGALGO" && grep -qe '-----BEGIN CERTIFICATE-----' $TMPFILE && \
sigalg[i]="$(read_sigalg_from_file "$TMPFILE")" sigalg[i]="$(read_sigalg_from_file "$TMPFILE")"
done done
done done
@ -4134,7 +4134,7 @@ run_allciphers() {
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet) dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
kx[i]="${kx[i]} $dhlen" kx[i]="${kx[i]} $dhlen"
fi fi
"$SHOW_SIGALGO" && grep -qe "-----BEGIN CERTIFICATE-----" $TMPFILE && \ "$SHOW_SIGALGO" && grep -qe '-----BEGIN CERTIFICATE-----' $TMPFILE && \
sigalg[i]="$(read_sigalg_from_file "$TMPFILE")" sigalg[i]="$(read_sigalg_from_file "$TMPFILE")"
done done
done done
@ -4434,7 +4434,7 @@ ciphers_by_strength() {
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet) dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
kx[i]="${kx[i]} $dhlen" kx[i]="${kx[i]} $dhlen"
fi fi
"$wide" && "$SHOW_SIGALGO" && grep -qe "-----BEGIN CERTIFICATE-----" $TMPFILE && \ "$wide" && "$SHOW_SIGALGO" && grep -qe '-----BEGIN CERTIFICATE-----' $TMPFILE && \
sigalg[i]="$(read_sigalg_from_file "$TMPFILE")" sigalg[i]="$(read_sigalg_from_file "$TMPFILE")"
fi fi
fi fi
@ -7120,7 +7120,7 @@ cipher_pref_check() {
enc[nr_ciphers_found]="${TLS_CIPHER_ENC[i]}" enc[nr_ciphers_found]="${TLS_CIPHER_ENC[i]}"
export2[nr_ciphers_found]="${TLS_CIPHER_EXPORT[i]}" export2[nr_ciphers_found]="${TLS_CIPHER_EXPORT[i]}"
sigalg[nr_ciphers_found]="" sigalg[nr_ciphers_found]=""
"$SHOW_SIGALGO" && grep -qe "-----BEGIN CERTIFICATE-----" $TMPFILE && \ "$SHOW_SIGALGO" && grep -qe '-----BEGIN CERTIFICATE-----' $TMPFILE && \
sigalg[nr_ciphers_found]="$(read_sigalg_from_file "$TMPFILE")" sigalg[nr_ciphers_found]="$(read_sigalg_from_file "$TMPFILE")"
nr_ciphers_found+=1 nr_ciphers_found+=1
fi fi
@ -7454,7 +7454,7 @@ determine_trust() {
local code local code
local ca_bundles="" local ca_bundles=""
local spaces=" " local spaces=" "
local -i certificates_provided=1+$(grep -ce "-----BEGIN CERTIFICATE-----" $TEMPDIR/intermediatecerts.pem) local -i certificates_provided=1+$(grep -ce '-----BEGIN CERTIFICATE-----' $TEMPDIR/intermediatecerts.pem)
local addtl_warning local addtl_warning
# If $json_postfix is not empty, then there is more than one certificate # If $json_postfix is not empty, then there is more than one certificate
@ -9176,7 +9176,7 @@ certificate_info() {
cn_finding="" cn_finding=""
if [[ -n "$sni_used" ]]; then if [[ -n "$sni_used" ]]; then
if grep -qe "-----BEGIN" "$HOSTCERT.nosni"; then if grep -qe '-----BEGIN' "$HOSTCERT.nosni"; then
cn_nosni="$(get_cn_from_cert "$HOSTCERT.nosni")" cn_nosni="$(get_cn_from_cert "$HOSTCERT.nosni")"
[[ -z "$cn_nosni" ]] && cn_nosni="no CN field in subject" [[ -z "$cn_nosni" ]] && cn_nosni="no CN field in subject"
fi fi
@ -10477,7 +10477,7 @@ run_fs() {
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet) dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
kx[i]="${kx[i]} $dhlen" kx[i]="${kx[i]} $dhlen"
fi fi
"$WIDE" && "$SHOW_SIGALGO" && grep -qe "-----BEGIN CERTIFICATE-----" $TMPFILE && \ "$WIDE" && "$SHOW_SIGALGO" && grep -qe '-----BEGIN CERTIFICATE-----' $TMPFILE && \
sigalg[i]="$(read_sigalg_from_file "$TMPFILE")" sigalg[i]="$(read_sigalg_from_file "$TMPFILE")"
done done
done done
@ -17453,7 +17453,7 @@ run_tls_fallback_scsv() {
DEBUG=$debug_level DEBUG=$debug_level
fi fi
if grep -q "CONNECTED(00" "$TMPFILE"; then if grep -q "CONNECTED(00" "$TMPFILE"; then
if grep -qa "BEGIN CERTIFICATE" "$TMPFILE"; then if grep -qa 'BEGIN CERTIFICATE' "$TMPFILE"; then
if [[ -z "$POODLE" ]]; then if [[ -z "$POODLE" ]]; then
pr_warning "Rerun including POODLE SSL check. " pr_warning "Rerun including POODLE SSL check. "
pr_svrty_medium "Downgrade attack prevention NOT supported" pr_svrty_medium "Downgrade attack prevention NOT supported"
@ -18151,7 +18151,7 @@ run_beast(){
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet) dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
kx[i]="${kx[i]} $dhlen" kx[i]="${kx[i]} $dhlen"
fi fi
"$WIDE" && "$SHOW_SIGALGO" && grep -qe "-----BEGIN CERTIFICATE-----" $TMPFILE && \ "$WIDE" && "$SHOW_SIGALGO" && grep -qe '-----BEGIN CERTIFICATE-----' $TMPFILE && \
sigalg[i]="$(read_sigalg_from_file "$TMPFILE")" sigalg[i]="$(read_sigalg_from_file "$TMPFILE")"
done done
if "$using_sockets"; then if "$using_sockets"; then
@ -18712,7 +18712,7 @@ run_rc4() {
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet) dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
kx[i]="${kx[i]} $dhlen" kx[i]="${kx[i]} $dhlen"
fi fi
"$WIDE" && "$SHOW_SIGALGO" && grep -qe "-----BEGIN CERTIFICATE-----" $TMPFILE && \ "$WIDE" && "$SHOW_SIGALGO" && grep -qe '-----BEGIN CERTIFICATE-----' $TMPFILE && \
sigalg[i]="$(read_sigalg_from_file "$TMPFILE")" sigalg[i]="$(read_sigalg_from_file "$TMPFILE")"
# If you use RC4 with newer protocols, you are punished harder # If you use RC4 with newer protocols, you are punished harder
@ -23418,7 +23418,7 @@ parse_cmd_line() {
fi fi
for fname in $ADDTL_CA_FILES; do for fname in $ADDTL_CA_FILES; do
[[ -s "$fname" ]] || fatal "CA file \"$fname\" does not exist" $ERR_RESOURCE [[ -s "$fname" ]] || fatal "CA file \"$fname\" does not exist" $ERR_RESOURCE
grep -q "BEGIN CERTIFICATE" "$fname" || fatal "\"$fname\" is not CA file in PEM format" $ERR_RESOURCE grep -q 'BEGIN CERTIFICATE' "$fname" || fatal "\"$fname\" is not CA file in PEM format" $ERR_RESOURCE
done done
if "$do_starttls_injection" && [[ "$STARTTLS_PROTOCOL" =~ smtp ]]; then if "$do_starttls_injection" && [[ "$STARTTLS_PROTOCOL" =~ smtp ]]; then