mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-19 06:59:30 +01:00
Merge pull request #1601 from drwetter/xmpp_server_polish
STARTTLS xmpp-server polish
This commit is contained in:
commit
8e6c80ffba
@ -1,4 +1,5 @@
|
||||
language: perl
|
||||
dist: bionic
|
||||
perl:
|
||||
- "5.26"
|
||||
addons:
|
||||
|
@ -13,6 +13,7 @@
|
||||
* Several display/output fixes
|
||||
* Security fix: DNS input
|
||||
* Don't use external pwd anymore
|
||||
* STARTTLS: XMPP server support
|
||||
* Rating (SSL Labs, not complete)
|
||||
|
||||
### Features implemented / improvements in 3.0
|
||||
|
@ -143,6 +143,9 @@ Full contribution, see git log.
|
||||
* Dmitri S
|
||||
- inspiration & help for Darwin port
|
||||
|
||||
* Jonas Schäfer
|
||||
- XMPP server patch
|
||||
|
||||
* Marcin Szychowski
|
||||
- Quick'n'dirty client certificate support
|
||||
|
||||
|
@ -189,7 +189,7 @@ The same can be achieved by setting the environment variable <code>WARNINGS</cod
|
||||
|
||||
<h3 id="SPECIAL-INVOCATIONS">SPECIAL INVOCATIONS</h3>
|
||||
|
||||
<p><code>-t <protocol>, --starttls <protocol></code> does a default run against a STARTTLS enabled <code>protocol</code>. <code>protocol</code> must be one of <code>ftp</code>, <code>smtp</code>, <code>pop3</code>, <code>imap</code>, <code>xmpp</code>, <code>telnet</code>, <code>ldap</code>, <code>irc</code>, <code>lmtp</code>, <code>nntp</code>, <code>postgres</code>, <code>mysql</code>. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, LDAP currently only works with <code>--ssl-native</code>. <code>telnet</code> and <code>irc</code> is WIP.</p>
|
||||
<p><code>-t <protocol>, --starttls <protocol></code> does a default run against a STARTTLS enabled <code>protocol</code>. <code>protocol</code> must be one of <code>ftp</code>, <code>smtp</code>, <code>pop3</code>, <code>imap</code>, <code>xmpp</code>,<code>xmpp-server<code>, <code>telnet</code>, <code>ldap</code>, <code>irc</code>, <code>lmtp</code>, <code>nntp</code>, <code>postgres</code>, <code>mysql</code>. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, LDAP currently only works with <code>--ssl-native</code>. <code>telnet</code> and <code>irc</code> is WIP.</p>
|
||||
|
||||
<p><code>--xmpphost <jabber_domain></code> is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter. This is only needed if the domain is different from the URI supplied.</p>
|
||||
|
||||
|
@ -113,7 +113,7 @@ The same can be achieved by setting the environment variable `WARNINGS`.
|
||||
|
||||
### SPECIAL INVOCATIONS
|
||||
|
||||
`-t <protocol>, --starttls <protocol>` does a default run against a STARTTLS enabled `protocol`. `protocol` must be one of `ftp`, `smtp`, `pop3`, `imap`, `xmpp`, `telnet`, `ldap`, `irc`, `lmtp`, `nntp`, `postgres`, `mysql`. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, LDAP currently only works with `--ssl-native`. `telnet` and `irc` is WIP.
|
||||
`-t <protocol>, --starttls <protocol>` does a default run against a STARTTLS enabled `protocol`. `protocol` must be one of `ftp`, `smtp`, `pop3`, `imap`, `xmpp`, `xmpp-server`, `telnet`, `ldap`, `irc`, `lmtp`, `nntp`, `postgres`, `mysql`. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, LDAP currently only works with `--ssl-native`. `telnet` and `irc` is WIP.
|
||||
|
||||
`--xmpphost <jabber_domain>` is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter. This is only needed if the domain is different from the URI supplied.
|
||||
|
||||
|
@ -99,6 +99,13 @@ $openssl_out = `./testssl.sh --ssl-native $check2run -t xmpp $uri 2>&1`;
|
||||
unlike($openssl_out, qr/$openssl_regex_bl/, "");
|
||||
$tests++;
|
||||
|
||||
# $uri="jabber.ccc.de:5269";
|
||||
# printf "\n%s\n", "Quick STARTTLS XMPP S2S unit tests via sockets --> $uri ...";
|
||||
# $openssl_out = `./testssl.sh --openssl=/usr/bin/openssl -p $check2run -t xmpp-server $uri 2>&1`;
|
||||
# # $openssl_json = json('tmp.json');
|
||||
# unlike($openssl_out, qr/$openssl_regex_bl/, "");
|
||||
# $tests++;
|
||||
|
||||
|
||||
$uri="ldap.uni-rostock.de:21";
|
||||
|
||||
|
13
testssl.sh
13
testssl.sh
@ -317,6 +317,7 @@ HAS_NPN=false
|
||||
HAS_FALLBACK_SCSV=false
|
||||
HAS_PROXY=false
|
||||
HAS_XMPP=false
|
||||
HAS_XMPP_SERVER=false
|
||||
HAS_POSTGRES=false
|
||||
HAS_MYSQL=false
|
||||
HAS_LMTP=false
|
||||
@ -5181,7 +5182,6 @@ run_protocols() {
|
||||
5) prln_svrty_high "CVE-2015-3197: $supported_no_ciph2";
|
||||
fileout "$jsonID" "HIGH" "offered, no cipher" "CVE-2015-3197" "CWE-310"
|
||||
add_proto_offered ssl2 yes
|
||||
add_tls_offered ssl2 yes
|
||||
set_grade_cap "F" "SSLv2 is offered"
|
||||
;;
|
||||
7) prln_local_problem "$OPENSSL doesn't support \"s_client -ssl2\""
|
||||
@ -5210,7 +5210,6 @@ run_protocols() {
|
||||
latest_supported_string="SSLv3"
|
||||
fi
|
||||
add_proto_offered ssl3 yes
|
||||
add_tls_offered ssl3 yes
|
||||
set_grade_cap "B" "SSLv3 is offered"
|
||||
;;
|
||||
1) prln_svrty_best "not offered (OK)"
|
||||
@ -18214,6 +18213,7 @@ find_openssl_binary() {
|
||||
HAS_FALLBACK_SCSV=false
|
||||
HAS_PROXY=false
|
||||
HAS_XMPP=false
|
||||
HAS_XMPP_SERVER=false
|
||||
HAS_POSTGRES=false
|
||||
HAS_MYSQL=false
|
||||
HAS_LMTP=false
|
||||
@ -18298,9 +18298,12 @@ find_openssl_binary() {
|
||||
grep -q '\-proxy' $s_client_has && \
|
||||
HAS_PROXY=true
|
||||
|
||||
grep -q '\-xmpp' $s_client_has && \
|
||||
grep -q 'xmpp' $s_client_starttls_has && \
|
||||
HAS_XMPP=true
|
||||
|
||||
grep -q 'xmpp-server' $s_client_starttls_has && \
|
||||
HAS_XMPP_SERVER=true
|
||||
|
||||
grep -q 'postgres' $s_client_starttls_has && \
|
||||
HAS_POSTGRES=true
|
||||
|
||||
@ -18623,6 +18626,7 @@ HAS_PKEY: $HAS_PKEY
|
||||
HAS_PKUTIL: $HAS_PKUTIL
|
||||
HAS_PROXY: $HAS_PROXY
|
||||
HAS_XMPP: $HAS_XMPP
|
||||
HAS_XMPP_SERVER: $HAS_XMPP_SERVER
|
||||
HAS_POSTGRES: $HAS_POSTGRES
|
||||
HAS_MYSQL: $HAS_MYSQL
|
||||
HAS_LMTP: $HAS_LMTP
|
||||
@ -19811,6 +19815,9 @@ determine_service() {
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
if [[ "$protocol" == xmpp-server ]] && ! "$HAS_XMPP_SERVER"; then
|
||||
fatal "Your $OPENSSL does not support the \"-xmpphost\" option" $ERR_OSSLBIN
|
||||
fi
|
||||
elif [[ "$protocol" == postgres ]]; then
|
||||
# Check if openssl version supports postgres.
|
||||
if ! "$HAS_POSTGRES"; then
|
||||
|
Loading…
Reference in New Issue
Block a user