mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-22 08:29:31 +01:00
Merge pull request #707 from dcooper16/more_702_fixes
More fixes for #702
This commit is contained in:
commit
9f7ab1cef6
36
testssl.sh
36
testssl.sh
@ -106,8 +106,8 @@ egrep -q "dev|rc" <<< "$VERSION" && \
|
|||||||
SWURL="https://testssl.sh/dev/" ||
|
SWURL="https://testssl.sh/dev/" ||
|
||||||
SWURL="https://testssl.sh/ "
|
SWURL="https://testssl.sh/ "
|
||||||
|
|
||||||
readonly PROG_NAME=$(basename "$0")
|
readonly PROG_NAME="$(basename "$0")"
|
||||||
readonly RUN_DIR=$(dirname "$0")
|
readonly RUN_DIR="$(dirname "$0")"
|
||||||
TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}" # if you run testssl.sh from a different path you can set either TESTSSL_INSTALL_DIR
|
TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}" # if you run testssl.sh from a different path you can set either TESTSSL_INSTALL_DIR
|
||||||
CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}" # or CA_BUNDLES_PATH to find the CA BUNDLES. TESTSSL_INSTALL_DIR helps you to find the RFC mapping also
|
CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}" # or CA_BUNDLES_PATH to find the CA BUNDLES. TESTSSL_INSTALL_DIR helps you to find the RFC mapping also
|
||||||
CIPHERS_BY_STRENGTH_FILE=""
|
CIPHERS_BY_STRENGTH_FILE=""
|
||||||
@ -3489,7 +3489,7 @@ run_client_simulation() {
|
|||||||
local using_sockets=true
|
local using_sockets=true
|
||||||
|
|
||||||
# source the external file
|
# source the external file
|
||||||
. $TESTSSL_INSTALL_DIR/etc/client_simulation.txt 2>/dev/null
|
. "$TESTSSL_INSTALL_DIR/etc/client_simulation.txt" 2>/dev/null
|
||||||
if [[ $? -ne 0 ]]; then
|
if [[ $? -ne 0 ]]; then
|
||||||
prln_local_problem "couldn't find client simulation data in $TESTSSL_INSTALL_DIR/etc/client_simulation.txt"
|
prln_local_problem "couldn't find client simulation data in $TESTSSL_INSTALL_DIR/etc/client_simulation.txt"
|
||||||
return 1
|
return 1
|
||||||
@ -4820,7 +4820,7 @@ determine_trust() {
|
|||||||
debugme tmln_out
|
debugme tmln_out
|
||||||
|
|
||||||
# if you run testssl.sh from a different path /you can set either TESTSSL_INSTALL_DIR or CA_BUNDLES_PATH to find the CA BUNDLES
|
# if you run testssl.sh from a different path /you can set either TESTSSL_INSTALL_DIR or CA_BUNDLES_PATH to find the CA BUNDLES
|
||||||
if [[ -z $CA_BUNDLES_PATH ]]; then
|
if [[ -z "$CA_BUNDLES_PATH" ]]; then
|
||||||
ca_bundles="$TESTSSL_INSTALL_DIR/etc/*.pem"
|
ca_bundles="$TESTSSL_INSTALL_DIR/etc/*.pem"
|
||||||
else
|
else
|
||||||
ca_bundles="$CA_BUNDLES_PATH/*.pem"
|
ca_bundles="$CA_BUNDLES_PATH/*.pem"
|
||||||
@ -10345,7 +10345,7 @@ old_fart() {
|
|||||||
# TESTSSL_INSTALL_DIR can be supplied via environment so that the cipher mapping and CA bundles can be found
|
# TESTSSL_INSTALL_DIR can be supplied via environment so that the cipher mapping and CA bundles can be found
|
||||||
# www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_simple_table_all.htm
|
# www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_simple_table_all.htm
|
||||||
get_install_dir() {
|
get_install_dir() {
|
||||||
[[ -z "$TESTSSL_INSTALL_DIR" ]] && TESTSSL_INSTALL_DIR="$(dirname ${BASH_SOURCE[0]})"
|
[[ -z "$TESTSSL_INSTALL_DIR" ]] && TESTSSL_INSTALL_DIR="$(dirname "${BASH_SOURCE[0]}")"
|
||||||
|
|
||||||
if [[ -r "$RUN_DIR/etc/cipher-mapping.txt" ]]; then
|
if [[ -r "$RUN_DIR/etc/cipher-mapping.txt" ]]; then
|
||||||
CIPHERS_BY_STRENGTH_FILE="$RUN_DIR/etc/cipher-mapping.txt"
|
CIPHERS_BY_STRENGTH_FILE="$RUN_DIR/etc/cipher-mapping.txt"
|
||||||
@ -10361,17 +10361,17 @@ get_install_dir() {
|
|||||||
# we haven't found the cipher file yet...
|
# we haven't found the cipher file yet...
|
||||||
if [[ ! -r "$CIPHERS_BY_STRENGTH_FILE" ]] && which readlink &>/dev/null ; then
|
if [[ ! -r "$CIPHERS_BY_STRENGTH_FILE" ]] && which readlink &>/dev/null ; then
|
||||||
readlink -f ls &>/dev/null && \
|
readlink -f ls &>/dev/null && \
|
||||||
TESTSSL_INSTALL_DIR=$(readlink -f $(basename ${BASH_SOURCE[0]})) || \
|
TESTSSL_INSTALL_DIR="$(readlink -f "$(basename "${BASH_SOURCE[0]}")")" || \
|
||||||
TESTSSL_INSTALL_DIR=$(readlink $(basename ${BASH_SOURCE[0]}))
|
TESTSSL_INSTALL_DIR="$(readlink "$(basename "${BASH_SOURCE[0]}")")"
|
||||||
# not sure whether Darwin has -f
|
# not sure whether Darwin has -f
|
||||||
TESTSSL_INSTALL_DIR=$(dirname $TESTSSL_INSTALL_DIR 2>/dev/null)
|
TESTSSL_INSTALL_DIR="$(dirname "$TESTSSL_INSTALL_DIR" 2>/dev/null)"
|
||||||
[[ -r "$TESTSSL_INSTALL_DIR/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/cipher-mapping.txt"
|
[[ -r "$TESTSSL_INSTALL_DIR/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/cipher-mapping.txt"
|
||||||
[[ -r "$TESTSSL_INSTALL_DIR/etc/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/etc/cipher-mapping.txt"
|
[[ -r "$TESTSSL_INSTALL_DIR/etc/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/etc/cipher-mapping.txt"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# still no cipher mapping file:
|
# still no cipher mapping file:
|
||||||
if [[ ! -r "$CIPHERS_BY_STRENGTH_FILE" ]] && which realpath &>/dev/null ; then
|
if [[ ! -r "$CIPHERS_BY_STRENGTH_FILE" ]] && which realpath &>/dev/null ; then
|
||||||
TESTSSL_INSTALL_DIR=$(dirname $(realpath ${BASH_SOURCE[0]}))
|
TESTSSL_INSTALL_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")"
|
||||||
CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/etc/cipher-mapping.txt"
|
CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/etc/cipher-mapping.txt"
|
||||||
[[ -r "$TESTSSL_INSTALL_DIR/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/cipher-mapping.txt"
|
[[ -r "$TESTSSL_INSTALL_DIR/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/cipher-mapping.txt"
|
||||||
fi
|
fi
|
||||||
@ -10379,8 +10379,8 @@ get_install_dir() {
|
|||||||
# still no cipher mapping file (and realpath is not present):
|
# still no cipher mapping file (and realpath is not present):
|
||||||
if [[ ! -r "$CIPHERS_BY_STRENGTH_FILE" ]] && which readlink &>/dev/null ; then
|
if [[ ! -r "$CIPHERS_BY_STRENGTH_FILE" ]] && which readlink &>/dev/null ; then
|
||||||
readlink -f ls &>/dev/null && \
|
readlink -f ls &>/dev/null && \
|
||||||
TESTSSL_INSTALL_DIR=$(dirname $(readlink -f ${BASH_SOURCE[0]})) || \
|
TESTSSL_INSTALL_DIR="$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")" || \
|
||||||
TESTSSL_INSTALL_DIR=$(dirname $(readlink ${BASH_SOURCE[0]}))
|
TESTSSL_INSTALL_DIR="$(dirname "$(readlink "${BASH_SOURCE[0]}")")"
|
||||||
# not sure whether Darwin has -f
|
# not sure whether Darwin has -f
|
||||||
CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/etc/cipher-mapping.txt"
|
CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/etc/cipher-mapping.txt"
|
||||||
[[ -r "$TESTSSL_INSTALL_DIR/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/cipher-mapping.txt"
|
[[ -r "$TESTSSL_INSTALL_DIR/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/cipher-mapping.txt"
|
||||||
@ -10396,7 +10396,7 @@ get_install_dir() {
|
|||||||
[[ $? -ne 0 ]] && exit -2
|
[[ $? -ne 0 ]] && exit -2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
TLS_DATA_FILE=$TESTSSL_INSTALL_DIR/etc/tls_data.txt
|
TLS_DATA_FILE="$TESTSSL_INSTALL_DIR/etc/tls_data.txt"
|
||||||
if [[ ! -r "$TLS_DATA_FILE" ]]; then
|
if [[ ! -r "$TLS_DATA_FILE" ]]; then
|
||||||
prln_warning "\nATTENTION: No TLS data file found -- needed for socket based handshakes"
|
prln_warning "\nATTENTION: No TLS data file found -- needed for socket based handshakes"
|
||||||
outln "Please note from 2.9dev on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/etc/\" to function correctly."
|
outln "Please note from 2.9dev on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/etc/\" to function correctly."
|
||||||
@ -10445,9 +10445,9 @@ find_openssl_binary() {
|
|||||||
elif [[ -e "/mnt/c/Windows/System32/bash.exe" ]] && test_openssl_suffix "$(dirname "$(which openssl)")"; then
|
elif [[ -e "/mnt/c/Windows/System32/bash.exe" ]] && test_openssl_suffix "$(dirname "$(which openssl)")"; then
|
||||||
# 2. otherwise, only if on Bash on Windows, use system binaries only.
|
# 2. otherwise, only if on Bash on Windows, use system binaries only.
|
||||||
SYSTEM2="WSL"
|
SYSTEM2="WSL"
|
||||||
elif test_openssl_suffix $RUN_DIR; then
|
elif test_openssl_suffix "$RUN_DIR"; then
|
||||||
: # 3. otherwise try openssl in path of testssl.sh
|
: # 3. otherwise try openssl in path of testssl.sh
|
||||||
elif test_openssl_suffix $RUN_DIR/bin; then
|
elif test_openssl_suffix "$RUN_DIR/bin"; then
|
||||||
: # 4. otherwise here, this is supposed to be the standard --platform independed path in the future!!!
|
: # 4. otherwise here, this is supposed to be the standard --platform independed path in the future!!!
|
||||||
elif test_openssl_suffix "$(dirname "$(which openssl)")"; then
|
elif test_openssl_suffix "$(dirname "$(which openssl)")"; then
|
||||||
: # 5. we tried hard and failed, so now we use the system binaries
|
: # 5. we tried hard and failed, so now we use the system binaries
|
||||||
@ -10784,7 +10784,7 @@ prepare_arrays() {
|
|||||||
local hexc mac ossl_ciph
|
local hexc mac ossl_ciph
|
||||||
local ossl_supported_tls="" ossl_supported_sslv2=""
|
local ossl_supported_tls="" ossl_supported_sslv2=""
|
||||||
|
|
||||||
if [[ -e $CIPHERS_BY_STRENGTH_FILE ]]; then
|
if [[ -e "$CIPHERS_BY_STRENGTH_FILE" ]]; then
|
||||||
"$HAS_SSL2" && ossl_supported_sslv2="$($OPENSSL ciphers -ssl2 -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE)"
|
"$HAS_SSL2" && ossl_supported_sslv2="$($OPENSSL ciphers -ssl2 -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE)"
|
||||||
ossl_supported_tls="$($OPENSSL ciphers -tls1 -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE)"
|
ossl_supported_tls="$($OPENSSL ciphers -tls1 -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE)"
|
||||||
while read hexc n TLS_CIPHER_OSSL_NAME[TLS_NR_CIPHERS] TLS_CIPHER_RFC_NAME[TLS_NR_CIPHERS] TLS_CIPHER_SSLVERS[TLS_NR_CIPHERS] TLS_CIPHER_KX[TLS_NR_CIPHERS] TLS_CIPHER_AUTH[TLS_NR_CIPHERS] TLS_CIPHER_ENC[TLS_NR_CIPHERS] mac TLS_CIPHER_EXPORT[TLS_NR_CIPHERS]; do
|
while read hexc n TLS_CIPHER_OSSL_NAME[TLS_NR_CIPHERS] TLS_CIPHER_RFC_NAME[TLS_NR_CIPHERS] TLS_CIPHER_SSLVERS[TLS_NR_CIPHERS] TLS_CIPHER_KX[TLS_NR_CIPHERS] TLS_CIPHER_AUTH[TLS_NR_CIPHERS] TLS_CIPHER_ENC[TLS_NR_CIPHERS] mac TLS_CIPHER_EXPORT[TLS_NR_CIPHERS]; do
|
||||||
@ -10806,7 +10806,7 @@ prepare_arrays() {
|
|||||||
grep -qw "$hexc" <<< "$ossl_supported_sslv2" && TLS_CIPHER_OSSL_SUPPORTED[TLS_NR_CIPHERS]=true
|
grep -qw "$hexc" <<< "$ossl_supported_sslv2" && TLS_CIPHER_OSSL_SUPPORTED[TLS_NR_CIPHERS]=true
|
||||||
fi
|
fi
|
||||||
TLS_NR_CIPHERS+=1
|
TLS_NR_CIPHERS+=1
|
||||||
done < $CIPHERS_BY_STRENGTH_FILE
|
done < "$CIPHERS_BY_STRENGTH_FILE"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -10860,8 +10860,8 @@ EOF
|
|||||||
out " on $HNAME:"
|
out " on $HNAME:"
|
||||||
|
|
||||||
[[ -n "$GIT_REL" ]] && \
|
[[ -n "$GIT_REL" ]] && \
|
||||||
cwd=$(/bin/pwd) || \
|
cwd="$(/bin/pwd)" || \
|
||||||
cwd=$RUN_DIR
|
cwd="$RUN_DIR"
|
||||||
if [[ "$openssl_location" =~ $(/bin/pwd)/bin ]]; then
|
if [[ "$openssl_location" =~ $(/bin/pwd)/bin ]]; then
|
||||||
OPENSSL_LOCATION="\$PWD/bin/$(basename "$openssl_location")"
|
OPENSSL_LOCATION="\$PWD/bin/$(basename "$openssl_location")"
|
||||||
elif [[ "$openssl_location" =~ $cwd ]] && [[ "$cwd" != '.' ]]; then
|
elif [[ "$openssl_location" =~ $cwd ]] && [[ "$cwd" != '.' ]]; then
|
||||||
|
Loading…
Reference in New Issue
Block a user