Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Number of trusted certificate files in $INSTALL_DIR/etc/*.pem

Browse Source 
The number of .pem files in $INSTALL_DIR/etc is currently hard-coded into determine_trust. This modifies the code so that the number of files can be changed without having to change the code.
This commit is contained in:
dcooper16 2016-02-01 14:11:50 -05:00
parent f7853f36a0
commit 9f998d8c53
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
testssl.sh
View File

@ -2641,11 +2641,14 @@ verify_retcode_helper() {
determine_trust() { determine_trust() {
local heading=$1 local heading=$1
local i=1 local -i i=1
local -i num_ca_bundles=0
local bundle_fname local bundle_fname
local -a certificate_file verify_retcode trust local -a certificate_file verify_retcode trust
local ok_was="" local ok_was=""
local notok_was="" local notok_was=""
local all_ok=true
local some_ok=false
local code local code
local ca_bundles="$INSTALL_DIR/etc/*.pem" local ca_bundles="$INSTALL_DIR/etc/*.pem"
local spaces=" " local spaces=" "
@ -2682,33 +2685,36 @@ determine_trust() {
[[ -z "${verify_retcode[i]}" ]] && verify_retcode[i]=0 [[ -z "${verify_retcode[i]}" ]] && verify_retcode[i]=0
if [[ ${verify_retcode[i]} -eq 0 ]]; then if [[ ${verify_retcode[i]} -eq 0 ]]; then
trust[i]=true trust[i]=true
some_ok=true
debugme pr_litegreen "Ok " debugme pr_litegreen "Ok "
debugme outln "${verify_retcode[i]}" debugme outln "${verify_retcode[i]}"
else else
trust[i]=false trust[i]=false
all_ok=false
debugme pr_litered "not trusted " debugme pr_litered "not trusted "
debugme outln "${verify_retcode[i]}" debugme outln "${verify_retcode[i]}"
fi fi
i=$((i + 1)) i=$((i + 1))
done done
num_ca_bundles=$(($i - 1))
debugme out " " debugme out " "
# all stores ok # all stores ok
if ${trust[1]} && ${trust[2]} && ${trust[3]}; then if $all_ok; then
pr_litegreen "Ok " pr_litegreen "Ok "
fileout "$heading trust" "OK" "All certificate trust checks passed. $addtl_warning" fileout "$heading trust" "OK" "All certificate trust checks passed. $addtl_warning"
# at least one failed # at least one failed
else else
pr_red "NOT ok" pr_red "NOT ok"
if ! ${trust[1]} && ! ${trust[2]} && ! ${trust[3]}; then if ! $some_ok; then
# all failed (we assume with the same issue), we're displaying the reason # all failed (we assume with the same issue), we're displaying the reason
out " " out " "
verify_retcode_helper "${verify_retcode[2]}" verify_retcode_helper "${verify_retcode[2]}"
fileout "$heading trust" "NOT OK" "All certificate trust checks failed: $(verify_retcode_helper "${verify_retcode[2]}"). $addtl_warning" fileout "$heading trust" "NOT OK" "All certificate trust checks failed: $(verify_retcode_helper "${verify_retcode[2]}"). $addtl_warning"
else else
# is one ok and the others not ==> display the culprit store # is one ok and the others not ==> display the culprit store
if ${trust[1]} || ${trust[2]} || ${trust[3]} ; then if $some_ok ; then
pr_red ":" pr_red ":"
for i in 1 2 3 4; do for ((i=1;i<=num_ca_bundles;i++)); do
if ${trust[i]}; then if ${trust[i]}; then
ok_was="${certificate_file[i]} $ok_was" ok_was="${certificate_file[i]} $ok_was"
else else