mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-03 23:39:45 +01:00
- hooks for rfc/non-rfc
- FIX for beast: no CBC cipher at all is now displayed - minor cosmetic stuff
This commit is contained in:
Dirk
parent
edd689b53e
commit
a9643b6d1e
28
testssl.sh
28
testssl.sh
@ -1229,6 +1229,15 @@ sockread() {
|
|||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#FIXME: fill the following two:
|
||||||
|
openssl2rfc() {
|
||||||
|
:
|
||||||
|
}
|
||||||
|
|
||||||
|
rfc2openssl() {
|
||||||
|
:
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
show_rfc_style(){
|
show_rfc_style(){
|
||||||
local rfcname
|
local rfcname
|
||||||
@ -1760,7 +1769,7 @@ run_client_simulation() {
|
|||||||
debugme outln
|
debugme outln
|
||||||
for name in "${short[@]}"; do
|
for name in "${short[@]}"; do
|
||||||
#FIXME: printf formatting would look better, especially if we want a wide option here
|
#FIXME: printf formatting would look better, especially if we want a wide option here
|
||||||
out "${names[i]} "
|
out " ${names[i]} "
|
||||||
$OPENSSL s_client -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null >$TMPFILE 2>$ERRFILE
|
$OPENSSL s_client -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null >$TMPFILE 2>$ERRFILE
|
||||||
debugme echo "$OPENSSL s_client -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null"
|
debugme echo "$OPENSSL s_client -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null"
|
||||||
sclient_connect_successful $? $TMPFILE
|
sclient_connect_successful $? $TMPFILE
|
||||||
@ -2321,7 +2330,7 @@ determine_trust() {
|
|||||||
debugme outln "${verify_retcode[i]}"
|
debugme outln "${verify_retcode[i]}"
|
||||||
else
|
else
|
||||||
trust[i]=false
|
trust[i]=false
|
||||||
debugme pr_litered "not trusted"
|
debugme pr_red "not trusted"
|
||||||
debugme outln "${verify_retcode[i]}"
|
debugme outln "${verify_retcode[i]}"
|
||||||
fi
|
fi
|
||||||
i=$(($i + 1))
|
i=$(($i + 1))
|
||||||
@ -2332,21 +2341,23 @@ determine_trust() {
|
|||||||
pr_litegreen "Ok "
|
pr_litegreen "Ok "
|
||||||
# at least one failed
|
# at least one failed
|
||||||
else
|
else
|
||||||
pr_litered "NOT ok"
|
pr_ed "NOT ok"
|
||||||
# all failed (we assume with the same issue)
|
# all failed (we assume with the same issue)
|
||||||
if ! ${trust[1]} && ! ${trust[2]} && ! ${trust[3]} && ! ${trust[4]}; then
|
if ! ${trust[1]} && ! ${trust[2]} && ! ${trust[3]} && ! ${trust[4]}; then
|
||||||
verify_retcode_helper "${verify_retcode[2]}"
|
verify_retcode_helper "${verify_retcode[2]}"
|
||||||
else
|
else
|
||||||
# is one ok and the others not?
|
# is one ok and the others not?
|
||||||
if ${trust[1]} || ${trust[2]} || ${trust[3]} || ${trust[4]}; then
|
if ${trust[1]} || ${trust[2]} || ${trust[3]} || ${trust[4]}; then
|
||||||
pr_litered ":"
|
pr_red ":"
|
||||||
|
out "\n$spaces"
|
||||||
|
pr_red "FAILED:"
|
||||||
for i in 1 2 3 4; do
|
for i in 1 2 3 4; do
|
||||||
if ${trust[i]}; then
|
if ${trust[i]}; then
|
||||||
ok_was="${certificate_file[i]} $ok_was"
|
ok_was="${certificate_file[i]} $ok_was"
|
||||||
else
|
else
|
||||||
#code="$(verify_retcode_helper ${verify_retcode[i]})"
|
#code="$(verify_retcode_helper ${verify_retcode[i]})"
|
||||||
#notok_was="${certificate_file[i]} $notok_was"
|
#notok_was="${certificate_file[i]} $notok_was"
|
||||||
pr_litered " ${certificate_file[i]}:"
|
pr_litered " ${certificate_file[i]} "
|
||||||
verify_retcode_helper "${verify_retcode[i]}"
|
verify_retcode_helper "${verify_retcode[i]}"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
@ -4255,6 +4266,7 @@ run_beast(){
|
|||||||
outln " -- and no higher protocols as mitigation supported"
|
outln " -- and no higher protocols as mitigation supported"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
$first && pr_litegreenln "no CBC ciphers found for any protocol (OK)"
|
||||||
|
|
||||||
tmpfile_handle $FUNCNAME.txt
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return 0
|
return 0
|
||||||
@ -4695,7 +4707,7 @@ EOF
|
|||||||
pr_bold "$bb"
|
pr_bold "$bb"
|
||||||
outln "\n"
|
outln "\n"
|
||||||
outln " Using \"$($OPENSSL version 2>/dev/null)\" [~$nr_ciphers ciphers]"
|
outln " Using \"$($OPENSSL version 2>/dev/null)\" [~$nr_ciphers ciphers]"
|
||||||
out "on $HNAME:"
|
out " on $HNAME:"
|
||||||
|
|
||||||
[[ -n "$GIT_REL" ]] && \
|
[[ -n "$GIT_REL" ]] && \
|
||||||
cwd=$(/bin/pwd) || \
|
cwd=$(/bin/pwd) || \
|
||||||
@ -5254,7 +5266,7 @@ display_rdns_etc() {
|
|||||||
if "$LOCAL_A"; then
|
if "$LOCAL_A"; then
|
||||||
outln " A record via /etc/hosts "
|
outln " A record via /etc/hosts "
|
||||||
elif [[ -n "$CMDLINE_IP" ]]; then
|
elif [[ -n "$CMDLINE_IP" ]]; then
|
||||||
outln " A record via --ip=$CMDLINE_IP parameter"
|
outln " A record via supplied IP \"$CMDLINE_IP\""
|
||||||
fi
|
fi
|
||||||
if [[ -n "$rDNS" ]]; then
|
if [[ -n "$rDNS" ]]; then
|
||||||
if $HAS_IPv6; then
|
if $HAS_IPv6; then
|
||||||
@ -5882,4 +5894,4 @@ fi
|
|||||||
exit $?
|
exit $?
|
||||||
|
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.435 2016/01/15 14:53:02 dirkw Exp $
|
# $Id: testssl.sh,v 1.436 2016/01/15 15:37:46 dirkw Exp $
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user