Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 05:45:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '2.9dev' into openssl_location

Browse Source
This commit is contained in:
David Cooper
2017-04-03 09:00:47 -04:00
parent 32418e39db 498dda94ce
commit a26a53ccef
1 changed files with 5 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
testssl.sh
View File

@@ -5449,8 +5449,7 @@ compare_server_name_to_cert()
local -i ret=0 local -i ret=0
# Check whether any of the DNS names in the certificate match the servername # Check whether any of the DNS names in the certificate match the servername
dns_sans=$($OPENSSL x509 -in "$cert" -noout -text 2>>$ERRFILE | grep -A2 "Subject Alternative Name" | \ dns_sans="$(get_san_dns_from_cert "$cert")"
tr ',' '\n' | grep "DNS:" | sed -e 's/DNS://g' -e 's/ //g')
for san in $dns_sans; do for san in $dns_sans; do
[[ $(toupper "$san") == "$servername" ]] && ret=1 && break [[ $(toupper "$san") == "$servername" ]] && ret=1 && break
done done
@@ -6209,9 +6208,7 @@ run_server_defaults() {
if [[ ${success[n]} -ne 0 ]]; then if [[ ${success[n]} -ne 0 ]]; then
cn_nosni="$(toupper "$(get_cn_from_cert $HOSTCERT)")" cn_nosni="$(toupper "$(get_cn_from_cert $HOSTCERT)")"
sans_nosni="$(toupper "$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | \ sans_nosni="$(toupper "$(get_san_dns_from_cert "$HOSTCERT")")"
grep -A2 "Subject Alternative Name" | tr ',' '\n' | grep "DNS:" | \
sed -e 's/DNS://g' -e 's/ //g' | tr '\n' ' ')")"
echo "${previous_hostcert[1]}" > $HOSTCERT echo "${previous_hostcert[1]}" > $HOSTCERT
cn_sni="$(toupper "$(get_cn_from_cert $HOSTCERT)")" cn_sni="$(toupper "$(get_cn_from_cert $HOSTCERT)")"
@@ -6221,9 +6218,7 @@ run_server_defaults() {
# match if the CNs are the same and the SANs (if # match if the CNs are the same and the SANs (if
# present) contain at least one DNS name in common. # present) contain at least one DNS name in common.
if [[ "$cn_nosni" == "$cn_sni" ]]; then if [[ "$cn_nosni" == "$cn_sni" ]]; then
sans_sni="$(toupper "$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | \ sans_sni="$(toupper "$(get_san_dns_from_cert "$HOSTCERT")")"
grep -A2 "Subject Alternative Name" | tr ',' '\n' | grep "DNS:" | \
sed -e 's/DNS://g' -e 's/ //g' | tr '\n' ' ')")"
if [[ "$sans_nosni" == "$sans_sni" ]]; then if [[ "$sans_nosni" == "$sans_sni" ]]; then
success[n]=0 success[n]=0
else else
@@ -6320,7 +6315,7 @@ get_session_ticket_lifetime_from_serverhello() {
} }
get_san_dns_from_cert() { get_san_dns_from_cert() {
toupper "$($OPENSSL x509 -in "$1" -noout -text 2>>$ERRFILE | \ echo "$($OPENSSL x509 -in "$1" -noout -text 2>>$ERRFILE | \
grep -A2 "Subject Alternative Name" | tr ',' '\n' | grep "DNS:" | \ grep -A2 "Subject Alternative Name" | tr ',' '\n' | grep "DNS:" | \
sed -e 's/DNS://g' -e 's/ //g' | tr '\n' ' ')" sed -e 's/DNS://g' -e 's/ //g' | tr '\n' ' ')"
} }