Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-06 00:39:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Support DH server keys

Browse Source 
When `certificate_info()` is given a certificate with a DH public key it displays something like:
```
   Server key size              fixme:  dhKeyAgreement 3072 bits (FIXME: can't tell whether this is good or not)
```

This PR fixes that so that the output is:
```
   Server key size              DH 3072 bits
```
This commit is contained in:
David Cooper 2016-08-25 15:23:53 -04:00 committed by GitHub
parent 424cf233d1
commit 98dc3bfadb
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
testssl.sh
View File

@ -4216,6 +4216,7 @@ certificate_info() {
*DSA*|*dsa*) out "DSA ";; *DSA*|*dsa*) out "DSA ";;
*ecdsa*|*ecPublicKey) out "ECDSA ";; *ecdsa*|*ecPublicKey) out "ECDSA ";;
*GOST*|*gost*) out "GOST ";; *GOST*|*gost*) out "GOST ";;
*dh*|*DH*) out "DH " ;;
*) pr_warning "fixme: $cert_key_algo " ;; *) pr_warning "fixme: $cert_key_algo " ;;
esac esac
# https://tools.ietf.org/html/rfc4492, http://www.keylength.com/en/compare/ # https://tools.ietf.org/html/rfc4492, http://www.keylength.com/en/compare/
@ -4243,7 +4244,8 @@ certificate_info() {
fileout "${json_prefix}key_size" "DEBUG" "Server keys $cert_keysize bits (not expected)" fileout "${json_prefix}key_size" "DEBUG" "Server keys $cert_keysize bits (not expected)"
fi fi
outln " bits" outln " bits"
elif [[ $cert_key_algo = *RSA* ]] || [[ $cert_key_algo = *rsa* ]] || [[ $cert_key_algo = *dsa* ]]; then elif [[ $cert_key_algo = *RSA* ]] || [[ $cert_key_algo = *rsa* ]] || [[ $cert_key_algo = *dsa* ]] || \
[[ $cert_key_algo =~ dhKeyAgreement ]] || [[ $cert_key_algo =~ "X9.42 DH" ]]; then
if [[ "$cert_keysize" -le 512 ]]; then if [[ "$cert_keysize" -le 512 ]]; then
pr_svrty_critical "$cert_keysize" pr_svrty_critical "$cert_keysize"
outln " bits" outln " bits"