mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-03 23:39:45 +01:00
Merge pull request #1601 from drwetter/xmpp_server_polish
STARTTLS xmpp-server polish
This commit is contained in:
commit
8e6c80ffba
@ -1,4 +1,5 @@
|
|||||||
language: perl
|
language: perl
|
||||||
|
dist: bionic
|
||||||
perl:
|
perl:
|
||||||
- "5.26"
|
- "5.26"
|
||||||
addons:
|
addons:
|
||||||
|
@ -13,6 +13,7 @@
|
|||||||
* Several display/output fixes
|
* Several display/output fixes
|
||||||
* Security fix: DNS input
|
* Security fix: DNS input
|
||||||
* Don't use external pwd anymore
|
* Don't use external pwd anymore
|
||||||
|
* STARTTLS: XMPP server support
|
||||||
* Rating (SSL Labs, not complete)
|
* Rating (SSL Labs, not complete)
|
||||||
|
|
||||||
### Features implemented / improvements in 3.0
|
### Features implemented / improvements in 3.0
|
||||||
|
@ -143,6 +143,9 @@ Full contribution, see git log.
|
|||||||
* Dmitri S
|
* Dmitri S
|
||||||
- inspiration & help for Darwin port
|
- inspiration & help for Darwin port
|
||||||
|
|
||||||
|
* Jonas Schäfer
|
||||||
|
- XMPP server patch
|
||||||
|
|
||||||
* Marcin Szychowski
|
* Marcin Szychowski
|
||||||
- Quick'n'dirty client certificate support
|
- Quick'n'dirty client certificate support
|
||||||
|
|
||||||
|
@ -189,7 +189,7 @@ The same can be achieved by setting the environment variable <code>WARNINGS</cod
|
|||||||
|
|
||||||
<h3 id="SPECIAL-INVOCATIONS">SPECIAL INVOCATIONS</h3>
|
<h3 id="SPECIAL-INVOCATIONS">SPECIAL INVOCATIONS</h3>
|
||||||
|
|
||||||
<p><code>-t <protocol>, --starttls <protocol></code> does a default run against a STARTTLS enabled <code>protocol</code>. <code>protocol</code> must be one of <code>ftp</code>, <code>smtp</code>, <code>pop3</code>, <code>imap</code>, <code>xmpp</code>, <code>telnet</code>, <code>ldap</code>, <code>irc</code>, <code>lmtp</code>, <code>nntp</code>, <code>postgres</code>, <code>mysql</code>. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, LDAP currently only works with <code>--ssl-native</code>. <code>telnet</code> and <code>irc</code> is WIP.</p>
|
<p><code>-t <protocol>, --starttls <protocol></code> does a default run against a STARTTLS enabled <code>protocol</code>. <code>protocol</code> must be one of <code>ftp</code>, <code>smtp</code>, <code>pop3</code>, <code>imap</code>, <code>xmpp</code>,<code>xmpp-server<code>, <code>telnet</code>, <code>ldap</code>, <code>irc</code>, <code>lmtp</code>, <code>nntp</code>, <code>postgres</code>, <code>mysql</code>. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, LDAP currently only works with <code>--ssl-native</code>. <code>telnet</code> and <code>irc</code> is WIP.</p>
|
||||||
|
|
||||||
<p><code>--xmpphost <jabber_domain></code> is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter. This is only needed if the domain is different from the URI supplied.</p>
|
<p><code>--xmpphost <jabber_domain></code> is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter. This is only needed if the domain is different from the URI supplied.</p>
|
||||||
|
|
||||||
|
@ -113,7 +113,7 @@ The same can be achieved by setting the environment variable `WARNINGS`.
|
|||||||
|
|
||||||
### SPECIAL INVOCATIONS
|
### SPECIAL INVOCATIONS
|
||||||
|
|
||||||
`-t <protocol>, --starttls <protocol>` does a default run against a STARTTLS enabled `protocol`. `protocol` must be one of `ftp`, `smtp`, `pop3`, `imap`, `xmpp`, `telnet`, `ldap`, `irc`, `lmtp`, `nntp`, `postgres`, `mysql`. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, LDAP currently only works with `--ssl-native`. `telnet` and `irc` is WIP.
|
`-t <protocol>, --starttls <protocol>` does a default run against a STARTTLS enabled `protocol`. `protocol` must be one of `ftp`, `smtp`, `pop3`, `imap`, `xmpp`, `xmpp-server`, `telnet`, `ldap`, `irc`, `lmtp`, `nntp`, `postgres`, `mysql`. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, LDAP currently only works with `--ssl-native`. `telnet` and `irc` is WIP.
|
||||||
|
|
||||||
`--xmpphost <jabber_domain>` is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter. This is only needed if the domain is different from the URI supplied.
|
`--xmpphost <jabber_domain>` is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter. This is only needed if the domain is different from the URI supplied.
|
||||||
|
|
||||||
|
@ -99,6 +99,13 @@ $openssl_out = `./testssl.sh --ssl-native $check2run -t xmpp $uri 2>&1`;
|
|||||||
unlike($openssl_out, qr/$openssl_regex_bl/, "");
|
unlike($openssl_out, qr/$openssl_regex_bl/, "");
|
||||||
$tests++;
|
$tests++;
|
||||||
|
|
||||||
|
# $uri="jabber.ccc.de:5269";
|
||||||
|
# printf "\n%s\n", "Quick STARTTLS XMPP S2S unit tests via sockets --> $uri ...";
|
||||||
|
# $openssl_out = `./testssl.sh --openssl=/usr/bin/openssl -p $check2run -t xmpp-server $uri 2>&1`;
|
||||||
|
# # $openssl_json = json('tmp.json');
|
||||||
|
# unlike($openssl_out, qr/$openssl_regex_bl/, "");
|
||||||
|
# $tests++;
|
||||||
|
|
||||||
|
|
||||||
$uri="ldap.uni-rostock.de:21";
|
$uri="ldap.uni-rostock.de:21";
|
||||||
|
|
||||||
|
13
testssl.sh
13
testssl.sh
@ -317,6 +317,7 @@ HAS_NPN=false
|
|||||||
HAS_FALLBACK_SCSV=false
|
HAS_FALLBACK_SCSV=false
|
||||||
HAS_PROXY=false
|
HAS_PROXY=false
|
||||||
HAS_XMPP=false
|
HAS_XMPP=false
|
||||||
|
HAS_XMPP_SERVER=false
|
||||||
HAS_POSTGRES=false
|
HAS_POSTGRES=false
|
||||||
HAS_MYSQL=false
|
HAS_MYSQL=false
|
||||||
HAS_LMTP=false
|
HAS_LMTP=false
|
||||||
@ -5181,7 +5182,6 @@ run_protocols() {
|
|||||||
5) prln_svrty_high "CVE-2015-3197: $supported_no_ciph2";
|
5) prln_svrty_high "CVE-2015-3197: $supported_no_ciph2";
|
||||||
fileout "$jsonID" "HIGH" "offered, no cipher" "CVE-2015-3197" "CWE-310"
|
fileout "$jsonID" "HIGH" "offered, no cipher" "CVE-2015-3197" "CWE-310"
|
||||||
add_proto_offered ssl2 yes
|
add_proto_offered ssl2 yes
|
||||||
add_tls_offered ssl2 yes
|
|
||||||
set_grade_cap "F" "SSLv2 is offered"
|
set_grade_cap "F" "SSLv2 is offered"
|
||||||
;;
|
;;
|
||||||
7) prln_local_problem "$OPENSSL doesn't support \"s_client -ssl2\""
|
7) prln_local_problem "$OPENSSL doesn't support \"s_client -ssl2\""
|
||||||
@ -5210,7 +5210,6 @@ run_protocols() {
|
|||||||
latest_supported_string="SSLv3"
|
latest_supported_string="SSLv3"
|
||||||
fi
|
fi
|
||||||
add_proto_offered ssl3 yes
|
add_proto_offered ssl3 yes
|
||||||
add_tls_offered ssl3 yes
|
|
||||||
set_grade_cap "B" "SSLv3 is offered"
|
set_grade_cap "B" "SSLv3 is offered"
|
||||||
;;
|
;;
|
||||||
1) prln_svrty_best "not offered (OK)"
|
1) prln_svrty_best "not offered (OK)"
|
||||||
@ -18214,6 +18213,7 @@ find_openssl_binary() {
|
|||||||
HAS_FALLBACK_SCSV=false
|
HAS_FALLBACK_SCSV=false
|
||||||
HAS_PROXY=false
|
HAS_PROXY=false
|
||||||
HAS_XMPP=false
|
HAS_XMPP=false
|
||||||
|
HAS_XMPP_SERVER=false
|
||||||
HAS_POSTGRES=false
|
HAS_POSTGRES=false
|
||||||
HAS_MYSQL=false
|
HAS_MYSQL=false
|
||||||
HAS_LMTP=false
|
HAS_LMTP=false
|
||||||
@ -18298,9 +18298,12 @@ find_openssl_binary() {
|
|||||||
grep -q '\-proxy' $s_client_has && \
|
grep -q '\-proxy' $s_client_has && \
|
||||||
HAS_PROXY=true
|
HAS_PROXY=true
|
||||||
|
|
||||||
grep -q '\-xmpp' $s_client_has && \
|
grep -q 'xmpp' $s_client_starttls_has && \
|
||||||
HAS_XMPP=true
|
HAS_XMPP=true
|
||||||
|
|
||||||
|
grep -q 'xmpp-server' $s_client_starttls_has && \
|
||||||
|
HAS_XMPP_SERVER=true
|
||||||
|
|
||||||
grep -q 'postgres' $s_client_starttls_has && \
|
grep -q 'postgres' $s_client_starttls_has && \
|
||||||
HAS_POSTGRES=true
|
HAS_POSTGRES=true
|
||||||
|
|
||||||
@ -18623,6 +18626,7 @@ HAS_PKEY: $HAS_PKEY
|
|||||||
HAS_PKUTIL: $HAS_PKUTIL
|
HAS_PKUTIL: $HAS_PKUTIL
|
||||||
HAS_PROXY: $HAS_PROXY
|
HAS_PROXY: $HAS_PROXY
|
||||||
HAS_XMPP: $HAS_XMPP
|
HAS_XMPP: $HAS_XMPP
|
||||||
|
HAS_XMPP_SERVER: $HAS_XMPP_SERVER
|
||||||
HAS_POSTGRES: $HAS_POSTGRES
|
HAS_POSTGRES: $HAS_POSTGRES
|
||||||
HAS_MYSQL: $HAS_MYSQL
|
HAS_MYSQL: $HAS_MYSQL
|
||||||
HAS_LMTP: $HAS_LMTP
|
HAS_LMTP: $HAS_LMTP
|
||||||
@ -19811,6 +19815,9 @@ determine_service() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
if [[ "$protocol" == xmpp-server ]] && ! "$HAS_XMPP_SERVER"; then
|
||||||
|
fatal "Your $OPENSSL does not support the \"-xmpphost\" option" $ERR_OSSLBIN
|
||||||
|
fi
|
||||||
elif [[ "$protocol" == postgres ]]; then
|
elif [[ "$protocol" == postgres ]]; then
|
||||||
# Check if openssl version supports postgres.
|
# Check if openssl version supports postgres.
|
||||||
if ! "$HAS_POSTGRES"; then
|
if ! "$HAS_POSTGRES"; then
|
||||||
|
Loading…
Reference in New Issue
Block a user