mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-03 23:39:45 +01:00
Merge pull request #2474 from drwetter/mtls_beta
Polish PR2461 (mTLS) + label as beta
This commit is contained in:
commit
a2fdfb011e
@ -2315,8 +2315,7 @@ s_client_options() {
|
|||||||
[[ "$1" =~ secp192r1 ]] && options="${options//secp192r1/prime192v1}"
|
[[ "$1" =~ secp192r1 ]] && options="${options//secp192r1/prime192v1}"
|
||||||
[[ "$1" =~ secp256r1 ]] && options="${options//secp256r1/prime256v1}"
|
[[ "$1" =~ secp256r1 ]] && options="${options//secp256r1/prime256v1}"
|
||||||
fi
|
fi
|
||||||
# $keyopts may be set as an environment variable to enable client authentication (see PR #1383)
|
tm_out "$options"
|
||||||
tm_out "$options $keyopts"
|
|
||||||
|
|
||||||
# In case of mutual TLS authentication is required by the server
|
# In case of mutual TLS authentication is required by the server
|
||||||
# Note: the PEM certificate file must contain: client certificate and certificate key (not encrypted)
|
# Note: the PEM certificate file must contain: client certificate and certificate key (not encrypted)
|
||||||
@ -20536,8 +20535,8 @@ tuning / connect options (most also can be preset via environment variables):
|
|||||||
--ids-friendly skips a few vulnerability checks which may cause IDSs to block the scanning IP
|
--ids-friendly skips a few vulnerability checks which may cause IDSs to block the scanning IP
|
||||||
--phone-out allow to contact external servers for CRL download and querying OCSP responder
|
--phone-out allow to contact external servers for CRL download and querying OCSP responder
|
||||||
--add-ca <CA files|CA dir> path to <CAdir> with *.pem or a comma separated list of CA files to include in trust check
|
--add-ca <CA files|CA dir> path to <CAdir> with *.pem or a comma separated list of CA files to include in trust check
|
||||||
--mtls <CLIENT CERT file> path to <CLIENT CERT> file, it must be in PEM format and contain client certificate with certificate key (not encrypted)
|
--mtls <CLIENT CERT file> path to <CLIENT CERT> file in PEM format containing unencrypted certificate key (beta)
|
||||||
--basicauth <user:pass> provide HTTP basic auth information.
|
--basicauth <user:pass> provide HTTP basic auth information
|
||||||
--reqheader <header> add custom http request headers
|
--reqheader <header> add custom http request headers
|
||||||
|
|
||||||
output options (can also be preset via environment variables):
|
output options (can also be preset via environment variables):
|
||||||
|
Loading…
Reference in New Issue
Block a user