Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 13:55:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix LibreSSL parsing (-nameopt utf8)

Browse Source 
When parsing the intermediate cerificates there was a parser problem when using
LibreSSL and not OpenSSL.

This PR fixes the issue #2705 and addresses the problem by using the -nameopt multiline command
of LibreSSL/OpenSSL .
This commit is contained in:
Dirk Wetter
2025-03-19 22:36:37 +01:00
parent a43261fc6f
commit 8d8f83ace5
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
testssl.sh
View File

@@ -10035,7 +10035,7 @@ certificate_info() {
fileout "intermediate_cert <#${i}>${json_postfix}" "INFO" "$(pem_to_one_line "$cert")" fileout "intermediate_cert <#${i}>${json_postfix}" "INFO" "$(pem_to_one_line "$cert")"
fileout "intermediate_cert_fingerprintSHA256 <#${i}>${json_postfix}" "INFO" "$(determine_cert_fingerprint_serial "$cert" "-fingerprint -sha256")" fileout "intermediate_cert_fingerprintSHA256 <#${i}>${json_postfix}" "INFO" "$(determine_cert_fingerprint_serial "$cert" "-fingerprint -sha256")"
intermediate_certs_txt[i]="$($OPENSSL x509 -text -nameopt utf8 -noout 2>/dev/null <<< "$cert")" intermediate_certs_txt[i]="$($OPENSSL x509 -text -nameopt multiline,-align,sname,-esc_msb,utf8,-space_eq -noout 2>/dev/null <<< "$cert")"
# We don't need every value here. For the sake of being consistent here we add the rest # We don't need every value here. For the sake of being consistent here we add the rest
IFS=',' read -r startdate enddate diffseconds days2expire yearstart < <(determine_dates_certificate "${intermediate_certs_txt[i]}") IFS=',' read -r startdate enddate diffseconds days2expire yearstart < <(determine_dates_certificate "${intermediate_certs_txt[i]}")
@@ -10066,8 +10066,9 @@ certificate_info() {
expok="OK" expok="OK"
fi fi
out " ($enddate). " out " ($enddate). "
cn="$(awk -F= '/Subject:.*CN/ { print $NF }' <<< "${intermediate_certs_txt[i]}")" # Match on Subject/Issuer plus next 3 lines
issuer_CN="$(awk -F= '/Issuer:.*CN/ { print $NF }' <<< "${intermediate_certs_txt[i]}")" cn="$(awk '/Subject:/{stop=NR+3}; NR<=stop' <<< "${intermediate_certs_txt[i]}" | awk -F= '/CN/ { print $NF }')"
issuer_CN="$(awk '/Issuer:/{stop=NR+3}; NR<=stop' <<< "${intermediate_certs_txt[i]}" | awk -F= '/CN/ { print $NF }')"
pr_italic "$(strip_leading_space "$cn")"; out " <-- "; prln_italic "$(strip_leading_space "$issuer_CN")" pr_italic "$(strip_leading_space "$cn")"; out " <-- "; prln_italic "$(strip_leading_space "$issuer_CN")"
fileout "intermediate_cert_notAfter <#${i}>${json_postfix}" "$expok" "$enddate" fileout "intermediate_cert_notAfter <#${i}>${json_postfix}" "$expok" "$enddate"
fileout "intermediate_cert_expiration <#${i}>${json_postfix}" "$expok" "$cn_finding" fileout "intermediate_cert_expiration <#${i}>${json_postfix}" "$expok" "$cn_finding"