Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix HPKP regression where it stated that only one SPKI was used

Browse Source
This commit is contained in:
Dirk 2018-03-01 15:29:28 +01:00
parent b5fcc00031
commit 8c9fdc6cc9
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
testssl.sh
View File

@ -1851,12 +1851,9 @@ run_hpkp() {
fileout "HPKP_multiple" "WARN" "Multiple HPKP headers $hpkp_headers. Using first header \'$first_hpkp_header\'"
fi
# remove leading Public-Key-Pins*, any colons, double quotes and trailing spaces and taking the first -- whatever that is
sed -e 's/Public-Key-Pins://g' -e s'/Public-Key-Pins-Report-Only://' $TMPFILE | \
sed -e 's/;//g' -e 's/\"//g' -e 's/^ //' | head -1 > $TMPFILE.2
# BSD lacks -i, otherwise we would have done it inline
# now separate key value and other stuff per line:
tr ' ' '\n' < $TMPFILE.2 >$TMPFILE
# remove leading Public-Key-Pins* and convert it to mulitline arg
sed -e 's/Public-Key-Pins://g' -e s'/Public-Key-Pins-Report-Only://' $TMPFILE | tr ';' '\n' | sed -e 's/\"//g' -e 's/^ //' >$TMPFILE.2
mv $TMPFILE.2 $TMPFILE
hpkp_nr_keys=$(grep -ac pin-sha $TMPFILE)
if [[ $hpkp_nr_keys -eq 1 ]]; then