From 91caad69c5e899726b88f3aa695f8d6ae11cabf6 Mon Sep 17 00:00:00 2001
From: Andreas Landgraf <alandgraf@gmx.at>
Date: Mon, 17 Nov 2025 08:26:15 +0100
Subject: [PATCH] Improve regex for private key check in mTLS

---
 testssl.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index 12d4715..85cc891 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -25214,7 +25214,7 @@ parse_cmd_line() {
      if [[ ! -z "$MTLS" ]]; then
           if [[ -f $MTLS ]]; then
                grep -q 'BEGIN CERTIFICATE' "$MTLS" || fatal_cmd_line "\"$MTLS\" is not a client certificate file in PEM format" $ERR_RESOURCE
-               grep -q 'BEGIN PRIVATE KEY\|BEGIN RSA PRIVATE KEY\|BEGIN EC PRIVATE KEY' "$MTLS" || fatal_cmd_line "\"$MTLS\" the not encrypted private key is missing in the specified PEM file" $ERR_RESOURCE
+               grep -Eaq 'BEGIN PRIVATE KEY|BEGIN RSA PRIVATE KEY|BEGIN EC PRIVATE KEY' "$MTLS" || fatal_cmd_line "\"$MTLS\" the not encrypted private key is missing in the specified PEM file" $ERR_RESOURCE
                MTLS=$MTLS
           else
                [[ -s "$MTLS" ]] || fatal_cmd_line "the specified client certificate file \"$MTLS\" does not exist" $ERR_RESOURCE