Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-06 00:39:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

- fix bug where a host name like AAA.BBB.CCC.DDD.in-addr.arpa.DOMAIN.TLS was taken as an ipv4 address

Browse Source 
- freebsd 9 supports now also colors with setaf, Darwin?
- correct indentation of help
- improved parsing in command line so that where a distinct option is required it is also tested in the 1st place
- removed -q in help (deprecated as we might want to use it for other things in the future)
- fix: if $PWD/openssl was a dir it bailed out
- cleanup of fatal errors ==> provide ONE function
This commit is contained in:
Dirk 2015-08-24 22:17:35 +02:00
parent 83bf9067aa
commit aa91990fb3
1 changed files with 121 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

205
testssl.sh
View File

@ -299,6 +299,8 @@ pr_reverse() { [[ "$COLOR" -ne 0 ]] && out "\033[7m$1" || out "$1"; pr_off;
### colorswitcher (see e.g. https://linuxtidbits.wordpress.com/2008/08/11/output-color-on-bash-scripts/ ### colorswitcher (see e.g. https://linuxtidbits.wordpress.com/2008/08/11/output-color-on-bash-scripts/
### http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x405.html ### http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x405.html
set_color_functions() { set_color_functions() {
local linux_tput=true
# empty vars if we have no color: # empty vars if we have no color:
red="" red=""
green="" green=""
@ -312,21 +314,40 @@ set_color_functions() {
bold="" bold=""
underline="" underline=""
tput sgr0 || linux_tput=false
if [[ "$COLOR" -eq 2 ]]; then if [[ "$COLOR" -eq 2 ]]; then
red=$(tput setaf 1) if $linux_tput; then
green=$(tput setaf 2) red=$(tput setaf 1)
brown=$(tput setaf 3) green=$(tput setaf 2)
blue=$(tput setaf 4) brown=$(tput setaf 3)
magenta=$(tput setaf 5) blue=$(tput setaf 4)
cyan=$(tput setaf 6) magenta=$(tput setaf 5)
grey=$(tput setaf 7) cyan=$(tput setaf 6)
yellow=$(tput setaf 3; tput bold) grey=$(tput setaf 7)
yellow=$(tput setaf 3; tput bold)
else # this is a try for old BSD, see terminfo(5)
red=$(tput AF 1)
green=$(tput AF 2)
brown=$(tput AF 3)
blue=$(tput AF 4)
magenta=$(tput AF 5)
cyan=$(tput AF 6)
grey=$(tput AF 7)
yellow=$(tput AF 3; tput md)
fi
fi fi
if [[ "$COLOR" -ge 1 ]]; then if [[ "$COLOR" -ge 1 ]]; then
bold=$(tput bold) if $linux_tput; then
underline=$(tput sgr 0 1) bold=$(tput bold)
off=$(tput sgr0) underline=$(tput sgr 0 1)
off=$(tput sgr0)
else # this is a try for old BSD, see terminfo(5)
bold=$(tput md)
underline=$(tput us)
reverse=$(tput mr)
off=$(tput me)
fi
fi fi
} }
@ -570,7 +591,7 @@ run_http_date() {
detect_ipv4() { detect_ipv4() {
local octet="(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])" local octet="(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])"
local ipv4address="$octet\\.$octet\\.$octet\\.$octet" local ipv4address="$octet\\.$octet\\.$octet\\.$octet"
local your_ip_msg=" (check if it's yours or e.g. a cluster IP)" local your_ip_msg="(check if it's your IP address or e.g. a cluster IP)"
local result local result
local first=true local first=true
local spaces=" " local spaces=" "
@ -594,7 +615,7 @@ detect_ipv4() {
first=false first=false
fi fi
pr_litered "$result" pr_litered "$result"
outln "$your_ip_msg" outln "\n$spaces$your_ip_msg"
fi fi
done done
fi fi
@ -1652,6 +1673,25 @@ get_host_cert() {
return $? return $?
} }
get_all_certs() {
local savedir
local nrsaved
local ret
$OPENSSL s_client -showcerts $STARTTLS -connect $NODEIP:$PORT $PROXY $SNI 2>/dev/null </dev/null >$TEMPDIR/allcerts.txt
ret=$?
savedir=$(pwd); cd $TEMPDIR
# http://backreference.org/2010/05/09/ocsp-verification-with-openssl/
awk -v n=-1 '/-----BEGIN CERTIFICATE-----/{ inc=1; n++ }
inc { print > ("level" n ".crt") }
/---END CERTIFICATE-----/{ inc=0 }' $TEMPDIR/allcerts.txt
nrsaved=$(count_words "$(echo level?.crt 2>/dev/null)")
cd "$savedir"
echo $nrsaved
return $ret
}
tls_time() { tls_time() {
local now difftime local now difftime
@ -1682,7 +1722,7 @@ run_server_defaults() {
local gost_status_problem=false local gost_status_problem=false
local extensions local extensions
local sessticket_str lifetime unit keysize sig_algo key_algo local sessticket_str lifetime unit keysize sig_algo key_algo
local expire secs2warn ocsp_uri crl savedir startdate enddate issuer_c issuer_o issuer sans san cn cn_nosni local expire secs2warn ocsp_uri crl startdate enddate issuer_c issuer_o issuer sans san cn cn_nosni
local policy_oid local policy_oid
local spaces=" " local spaces=" "
@ -1785,7 +1825,7 @@ run_server_defaults() {
cn_nosni="no CN field in subject" cn_nosni="no CN field in subject"
fi fi
fi fi
debugme out "\'$NODE\' | \'$cn\' | \'$cn_nosni\'" debugme out "\"$NODE\" | \"$cn\" | \"$cn_nosni\""
if [[ $NODE == $cn_nosni ]]; then if [[ $NODE == $cn_nosni ]]; then
if [[ $SERVICE != "HTTP" ]]; then if [[ $SERVICE != "HTTP" ]]; then
outln " (matches certificate directly)" outln " (matches certificate directly)"
@ -1885,15 +1925,8 @@ run_server_defaults() {
outln " ($startdate --> $enddate)" outln " ($startdate --> $enddate)"
$OPENSSL s_client -showcerts $STARTTLS -connect $NODEIP:$PORT $PROXY $SNI 2>/dev/null </dev/null >$TEMPDIR/allcerts.txt
savedir=$(pwd); cd $TEMPDIR pr_bold " # of certificates provided"; outln " $(get_all_certs)"
# http://backreference.org/2010/05/09/ocsp-verification-with-openssl/
awk -v n=-1 '/-----BEGIN CERTIFICATE-----/{ inc=1; n++ }
inc { print > ("level" n ".crt") }
/---END CERTIFICATE-----/{ inc=0 }' $TEMPDIR/allcerts.txt
nrsaved=$(count_words "$(echo level?.crt 2>/dev/null)")
cd "$savedir"
pr_bold " # of certificates provided"; outln " $nrsaved"
pr_bold " Certificate Revocation List " pr_bold " Certificate Revocation List "
crl="$($OPENSSL x509 -in $HOSTCERT -noout -text | grep -A 4 "CRL Distribution" | grep URI | sed 's/^.*URI://')" crl="$($OPENSSL x509 -in $HOSTCERT -noout -text | grep -A 4 "CRL Distribution" | grep URI | sed 's/^.*URI://')"
@ -2152,7 +2185,7 @@ fd_socket() {
done done
elif ! exec 5<>/dev/tcp/$NODEIP/$PORT; then # 2>/dev/null would remove an error message, but disables debugging elif ! exec 5<>/dev/tcp/$NODEIP/$PORT; then # 2>/dev/null would remove an error message, but disables debugging
outln outln
pr_magentaln "Unable to open a socket to $NODEIP:$PORT. " pr_magenta "Unable to open a socket to $NODEIP:$PORT. "
# It can last ~2 minutes but for for those rare occasions we don't do a timeout handler here, KISS # It can last ~2 minutes but for for those rare occasions we don't do a timeout handler here, KISS
return 6 return 6
fi fi
@ -2184,7 +2217,7 @@ fd_socket() {
starttls_line "a002 STARTTLS" "OK" starttls_line "a002 STARTTLS" "OK"
;; ;;
ldap) # LDAP, https://tools.ietf.org/html/rfc2830, https://tools.ietf.org/html/rfc4511 ldap) # LDAP, https://tools.ietf.org/html/rfc2830, https://tools.ietf.org/html/rfc4511
pr_magentaln "FIXME: LDAP/STARTTLS not yet supported" pr_magentaln "FIXME: LDAP+STARTTLS over sockets not yet supported (try \"--ssl-native\")"
exit -4 exit -4
;; ;;
acap) # ACAP = Application Configuration Access Protocol, see https://tools.ietf.org/html/rfc2595 acap) # ACAP = Application Configuration Access Protocol, see https://tools.ietf.org/html/rfc2595
@ -3444,9 +3477,8 @@ run_tls_truncation() {
} }
old_fart() { old_fart() {
pr_magentaln "Your $OPENSSL $OSSL_VER version is an old fart... . It doesn\'t make much sense to proceed."
outln "Get precompiled bins or compile https://github.com/PeterMosmans/openssl ." outln "Get precompiled bins or compile https://github.com/PeterMosmans/openssl ."
exit -2 fatal "Your $OPENSSL $OSSL_VER version is an old fart... . It doesn\'t make much sense to proceed." -2
} }
# try very hard to determine th install path to get ahold of the mapping file # try very hard to determine th install path to get ahold of the mapping file
@ -3484,14 +3516,13 @@ test_openssl_suffix() {
local uname_arch=$(uname -m) local uname_arch=$(uname -m)
[[ $uname_arch =~ "64" ]] && myarch_suffix=64 || myarch_suffix=32 [[ $uname_arch =~ "64" ]] && myarch_suffix=64 || myarch_suffix=32
if [[ -f "$1/openssl" ]] && [[ -x "$1/openssl" ]]; then
if [[ -n "$1/openssl" ]] && [[ -x "$1/openssl" ]]; then
OPENSSL="$1/openssl" OPENSSL="$1/openssl"
return 0 return 0
elif [[ -n "$1/openssl.$naming_ext" ]] && [[ -x "$1/openssl.$naming_ext" ]]; then elif [[ -f "$1/openssl.$naming_ext" ]] && [[ -x "$1/openssl.$naming_ext" ]]; then
OPENSSL="$1/openssl.$naming_ext" OPENSSL="$1/openssl.$naming_ext"
return 0 return 0
elif [[ -n "$1/openssl.$uname_arch" ]] && [[ -x "$1/openssl.$uname_arch" ]]; then elif [[ -f "$1/openssl.$uname_arch" ]] && [[ -x "$1/openssl.$uname_arch" ]]; then
OPENSSL="$1/openssl.$uname_arch" OPENSSL="$1/openssl.$uname_arch"
return 0 return 0
fi fi
@ -3506,7 +3537,7 @@ find_openssl_binary() {
[[ $uname_arch =~ "64" ]] && myarch_suffix=64 || myarch_suffix=32 [[ $uname_arch =~ "64" ]] && myarch_suffix=64 || myarch_suffix=32
# 0. check environment variable whether it's executable # 0. check environment variable whether it's executable
if [[ -n "$OPENSSL" ]] && [[ ! -x "$OPENSSL" ]]; then if [[ -n "$OPENSSL" ]] && [[ ! -x "$OPENSSL" ]]; then
pr_red "\ncannot find specified (\$OPENSSL=$OPENSSL) binary." pr_litemagentaln "\ncannot find specified (\$OPENSSL=$OPENSSL) binary."
outln " Looking some place else ..." outln " Looking some place else ..."
elif [[ -x "$OPENSSL" ]]; then elif [[ -x "$OPENSSL" ]]; then
: # 1. all ok supplied $OPENSSL is excutable : # 1. all ok supplied $OPENSSL is excutable
@ -3516,9 +3547,9 @@ find_openssl_binary() {
: # 3. otherwise here, this is supposed to be the standard --platform independed path in the future!!! : # 3. otherwise here, this is supposed to be the standard --platform independed path in the future!!!
elif [[ -x "$RUN_DIR/openssl-bins/openssl-1.0.2-chacha.pm/openssl"$myarch_suffix"-1.0.2pm-krb5" ]]; then elif [[ -x "$RUN_DIR/openssl-bins/openssl-1.0.2-chacha.pm/openssl"$myarch_suffix"-1.0.2pm-krb5" ]]; then
OPENSSL="$RUN_DIR/openssl-bins/openssl-1.0.2-chacha.pm/openssl"$myarch_suffix"-1.0.2pm-krb5" OPENSSL="$RUN_DIR/openssl-bins/openssl-1.0.2-chacha.pm/openssl"$myarch_suffix"-1.0.2pm-krb5"
# 4. legacy dirs follow, first kerberos binaries from pm (if executable) # 4. legacy dirs follow, first kerberos binaries from pm (if executable) ^^^^ deprecated!
elif [[ -x "$RUN_DIR/openssl-bins/openssl-1.0.2-chacha.pm/openssl"$myarch_suffix"-1.0.2pm-static" ]]; then elif [[ -x "$RUN_DIR/openssl-bins/openssl-1.0.2-chacha.pm/openssl"$myarch_suffix"-1.0.2pm-static" ]]; then
# 5. otherwise default is trying the statically linked ones # 5. otherwise default is trying the statically linked ones ^^^^ deprecated!
OPENSSL="$RUN_DIR/openssl-bins/openssl-1.0.2-chacha.pm/openssl"$myarch_suffix"-1.0.2pm-static" OPENSSL="$RUN_DIR/openssl-bins/openssl-1.0.2-chacha.pm/openssl"$myarch_suffix"-1.0.2pm-static"
elif test_openssl_suffix $(dirname $(which openssl)); then elif test_openssl_suffix $(dirname $(which openssl)); then
: # 5. we tried hard and failed, so now we use the system binaries : # 5. we tried hard and failed, so now we use the system binaries
@ -3526,9 +3557,7 @@ find_openssl_binary() {
$OPENSSL version -a 2>/dev/null >/dev/null $OPENSSL version -a 2>/dev/null >/dev/null
if [ $? -ne 0 ] || [ ! -x "$OPENSSL" ]; then if [ $? -ne 0 ] || [ ! -x "$OPENSSL" ]; then
outln fatal "cannot exec or find any openssl binary" -1
pr_magentaln "FATAL: cannot exec or find any openssl binary "
exit -1
fi fi
# http://www.openssl.org/news/openssl-notes.html # http://www.openssl.org/news/openssl-notes.html
@ -3634,23 +3663,23 @@ $PROG_NAME <options> URI ("$PROG_NAME URI" does everything except -E)
partly mandatory parameters: partly mandatory parameters:
URI host|host:port|URL|URL:port (port 443 is assumed unless otherwise specified) URI host|host:port|URL|URL:port (port 443 is assumed unless otherwise specified)
pattern an ignore case word pattern of cipher hexcode or any other string in the name, kx or bits pattern an ignore case word pattern of cipher hexcode or any other string in the name, kx or bits
protocol is one of ftp,smtp,pop3,imap,xmpp,telnet,ldap (for the latter two you need e.g. the supplied openssl) protocol is one of ftp,smtp,pop3,imap,xmpp,telnet,ldap (for the latter two you need e.g. the supplied openssl)
tuning options: tuning options:
--assuming-http if protocol check fails it assumes HTTP protocol and enforces HTTP checks --assuming-http if protocol check fails it assumes HTTP protocol and enforces HTTP checks
--ssl-native <true|false> fallback to checks with OpenSSL where sockets are normally used --ssl-native <true|false> fallback to checks with OpenSSL where sockets are normally used
--openssl <PATH> use this openssl binary (default: look in \$PATH, \$RUN_DIR of $PROG_NAME --openssl <PATH> use this openssl binary (default: look in \$PATH, \$RUN_DIR of $PROG_NAME
--proxy <host>:<port> connect via the specified HTTP proxy --proxy <host>:<port> connect via the specified HTTP proxy
--sneaky be less verbose wrt referer headers --sneaky be less verbose wrt referer headers
-q. --quiet don't out put the banner. By doing this you acknowledge usage terms normally appearing in the banner --quiet don't output the banner. By doing this you acknowledge usage terms normally appearing in the banner
--wide wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name --wide wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name
--show-each for wide outputs: display all ciphers tested -- not only succeeded ones --show-each for wide outputs: display all ciphers tested -- not only succeeded ones
--warnings <batch|off|false> "batch" doesn't wait for keypress, "off" or "false" skips connection warning --warnings <batch|off|false> "batch" doesn't wait for keypress, "off" or "false" skips connection warning
--color <0|1|2> 0: no escape or other codes, 1: b/w escape codes, 2: color (default) --color <0|1|2> 0: no escape or other codes, 1: b/w escape codes, 2: color (default)
--debug <0-6> 1: screen output normal but debug output in temp files. 2-6: see line ~105 --debug <0-6> 1: screen output normal but debug output in temp files. 2-6: see line ~105
All options requiring a value can also be called with '=' (e.g. testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl <URI>. All options requiring a value can also be called with '=' (e.g. testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl <URI>.
<URI> is always the last parameter. <URI> is always the last parameter.
@ -3893,6 +3922,8 @@ is_ipv4addr() {
local ipv4address="$octet\\.$octet\\.$octet\\.$octet" local ipv4address="$octet\\.$octet\\.$octet\\.$octet"
[[ -z "$1" ]] && return 1 [[ -z "$1" ]] && return 1
# more than numbers, important for hosts like AAA.BBB.CCC.DDD.in-addr.arpa.DOMAIN.TLS
[[ -n $(tr -d '[0-9\.]' <<< "$1") ]] && return 1
echo -n "$1" | grep -Eq $ipv4address && \ echo -n "$1" | grep -Eq $ipv4address && \
return 0 || \ return 0 || \
@ -3901,7 +3932,6 @@ is_ipv4addr() {
# a bit easier # a bit easier
is_ipv6addr() { is_ipv6addr() {
[[ -z "$1" ]] && return 1 [[ -z "$1" ]] && return 1
# less than 2x ":" # less than 2x ":"
[[ $(count_lines "$(echo -n "$1" | tr ':' '\n')") -le 1 ]] && \ [[ $(count_lines "$(echo -n "$1" | tr ':' '\n')") -le 1 ]] && \
@ -4025,7 +4055,7 @@ determine_ip_addresses() {
SNI="" # override Server Name Indication as we test the IP only SNI="" # override Server Name Indication as we test the IP only
else else
ip4=$(get_local_a $NODE) # is there a local host entry? ip4=$(get_local_a $NODE) # is there a local host entry?
if [ -z $ip4 ]; then # empty: no (LOCAL_A is predefined as false) if [[ -z $ip4 ]]; then # empty: no (LOCAL_A is predefined as false)
ip4=$(get_a_record $NODE) ip4=$(get_a_record $NODE)
else else
LOCAL_A=true # we have the ip4 from local host entry and need to set this LOCAL_A=true # we have the ip4 from local host entry and need to set this
@ -4041,9 +4071,7 @@ determine_ip_addresses() {
fi fi
IPADDRs=$(newline_to_spaces "$ip4") IPADDRs=$(newline_to_spaces "$ip4")
if [[ -z "$IPADDRs" ]] && [[ -z "$CMDLINE_IP" ]] ; then if [[ -z "$IPADDRs" ]] && [[ -z "$CMDLINE_IP" ]] ; then
pr_magenta "Can't proceed: No IPv4 address for \"$NODE\" available" fatal "No IPv4 address for \"$NODE\" available" -1
outln "\n"
exit -1
fi fi
[[ -z "$ip6" ]] && IP46ADDRs="$IPADDRs" || IP46ADDRs="$ip4 $ip6" [[ -z "$ip6" ]] && IP46ADDRs="$IPADDRs" || IP46ADDRs="$ip4 $ip6"
IP46ADDRs=$(newline_to_spaces "$IP46ADDRs") IP46ADDRs=$(newline_to_spaces "$IP46ADDRs")
@ -4086,6 +4114,11 @@ get_mx_record() {
echo "$mxs" echo "$mxs"
} }
fatal() {
pr_magentaln "Fatal error: $1"
exit $2
}
# We need to get the IP address of the proxy so we can use it in fd_socket # We need to get the IP address of the proxy so we can use it in fd_socket
check_proxy(){ check_proxy(){
@ -4094,8 +4127,7 @@ check_proxy(){
if [[ -n "$PROXY" ]]; then if [[ -n "$PROXY" ]]; then
if ! $OPENSSL s_client help 2>&1 | grep -qw proxy; then if ! $OPENSSL s_client help 2>&1 | grep -qw proxy; then
pr_magentaln "Local problem: Your $OPENSSL is too old to support the \"--proxy\" option" fatal "Your $OPENSSL is too old to support the \"--proxy\" option" -1
exit -1
fi fi
PROXYNODE=${PROXY%:*} PROXYNODE=${PROXY%:*}
PROXYPORT=${PROXY#*:} PROXYPORT=${PROXY#*:}
@ -4105,10 +4137,7 @@ check_proxy(){
LOCAL_AAAA=$save_LOCAL_AAAA LOCAL_AAAA=$save_LOCAL_AAAA
# no RFC 1918: # no RFC 1918:
#if ! is_ipv4addr $PROXYIP ; then #if ! is_ipv4addr $PROXYIP ; then
if [[ -z "$PROXYIP" ]]; then [[ -z "$PROXYIP" ]] && fatal "Proxy IP cannot be determined from \"$PROXYNODE\"" "-3"
pr_magentaln "Fatal error: Proxy IP cannot be determined from \"$PROXYNODE\""
exit -3
fi
PROXY="-proxy $PROXYIP:$PROXYPORT" PROXY="-proxy $PROXYIP:$PROXYPORT"
fi fi
} }
@ -4121,9 +4150,7 @@ determine_service() {
local protocol local protocol
if ! fd_socket; then # check if we can connect to $NODEIP:$PORT if ! fd_socket; then # check if we can connect to $NODEIP:$PORT
pr_magentaln "Fatal error: can't connect to $NODEIP:$PORT" fatal "can't connect to \"$NODEIP:$PORT\"\nMake sure a firewall is not between you and your scanning target!" -2
outln "\nMake sure a firewall is not between you and your scanning target"
exit -2
fi fi
close_socket close_socket
@ -4163,9 +4190,7 @@ determine_service() {
if [[ -n "$XMPP_HOST" ]] ; then if [[ -n "$XMPP_HOST" ]] ; then
if ! $OPENSSL s_client --help 2>&1 | grep -q xmpphost; then if ! $OPENSSL s_client --help 2>&1 | grep -q xmpphost; then
outln fatal "Your $OPENSSL does not support the \"-xmpphost\" option" -3
pr_magentaln " Local problem: Your $OPENSSL does not support the \"-xmpphost\" option"
exit -3
fi fi
STARTTLS="$STARTTLS -xmpphost $XMPP_HOST" # it's a hack -- instead of changing calls all over the place STARTTLS="$STARTTLS -xmpphost $XMPP_HOST" # it's a hack -- instead of changing calls all over the place
# see http://xmpp.org/rfcs/rfc3920.html # see http://xmpp.org/rfcs/rfc3920.html
@ -4409,6 +4434,12 @@ parse_cmd_line() {
do_starttls=true do_starttls=true
STARTTLS_PROTOCOL=$(parse_opt_equal_sign "$1" "$2") STARTTLS_PROTOCOL=$(parse_opt_equal_sign "$1" "$2")
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
case $STARTTLS_PROTOCOL in
ftp|smtp|pop3|imap|xmpp|telnet|ldap) ;;
ftps|smtps|pop3s|imaps|xmpps|telnets|ldaps) ;;
*) pr_magentaln "\nunrecognized STARTTLS protocol \"$1\", see help" 1>&2
help 1 ;;
esac
;; ;;
--xmpphost|--xmpphost=*) --xmpphost|--xmpphost=*)
XMPP_HOST=$(parse_opt_equal_sign "$1" "$2") XMPP_HOST=$(parse_opt_equal_sign "$1" "$2")
@ -4538,7 +4569,8 @@ parse_cmd_line() {
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
case "$WARNING" in case "$WARNING" in
batch|off|false) ;; batch|off|false) ;;
default) pr_magentaln "warnings can be either \"batch\", \"off\" or \"false\"" ;; *) pr_magentaln "\nwarnings can be either \"batch\", \"off\" or \"false\""
help 1;;
esac esac
;; ;;
--show[-_]each) --show[-_]each)
@ -4547,15 +4579,21 @@ parse_cmd_line() {
--debug|--debug=*) --debug|--debug=*)
DEBUG=$(parse_opt_equal_sign "$1" "$2") DEBUG=$(parse_opt_equal_sign "$1" "$2")
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
case $DEBUG in
[0-6]) ;;
*) pr_magentaln "\nunrecognized debug value \"$1\", must be between 0..6" 1>&2
help 1 ;;
esac
;; ;;
--color|--color=*) --color|--color=*)
COLOR=$(parse_opt_equal_sign "$1" "$2") COLOR=$(parse_opt_equal_sign "$1" "$2")
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
if [ $COLOR -ne 0 ] && [ $COLOR -ne 1 ] && [ $COLOR -ne 2 ] ; then case $COLOR in
COLOR=2 [0-2]) ;;
pr_magentaln "$0: unrecognized color: $2" 1>&2 *) COLOR=2
help 1 pr_magentaln "\nunrecognized color: \"$1\", must be between 0..2" 1>&2
fi help 1 ;;
esac
;; ;;
--openssl|--openssl=*) --openssl|--openssl=*)
OPENSSL=$(parse_opt_equal_sign "$1" "$2") OPENSSL=$(parse_opt_equal_sign "$1" "$2")
@ -4571,7 +4609,7 @@ parse_cmd_line() {
(--) shift (--) shift
break break
;; ;;
(-*) pr_magentaln "$0: unrecognized option $1" 1>&2; (-*) pr_magentaln "\n$0: unrecognized option \"$1\"" 1>&2;
help 1 help 1
;; ;;
(*) break (*) break
@ -4581,10 +4619,10 @@ parse_cmd_line() {
done done
# Show usage if no options were specified # Show usage if no options were specified
[ -z $1 ] && help 0 [[ -z "$1" ]] && help 0
# left off here is the URI # left off here is the URI
URI=$1 URI="$1"
[ "$DEBUG" -ge 4 ] && debug_globals [ "$DEBUG" -ge 4 ] && debug_globals
# if we have no "do_*" set here --> query_globals: we do a standard run -- otherwise just the one specified # if we have no "do_*" set here --> query_globals: we do a standard run -- otherwise just the one specified
@ -4595,7 +4633,7 @@ parse_cmd_line() {
lets_roll() { lets_roll() {
local ret local ret
[ -z "$NODEIP" ] && pr_magentaln "$NODE doesn't resolve to an IP address" && exit -1 [ -z "$NODEIP" ] && fatal "$NODE doesn't resolve to an IP address" -1
determine_rdns determine_rdns
determine_service "$1" # any starttls service goes here determine_service "$1" # any starttls service goes here
@ -4671,8 +4709,7 @@ ip=""
if $do_read_from_file; then if $do_read_from_file; then
if [[ ! -r "$FNAME" ]] && $IKNOW_FNAME; then if [[ ! -r "$FNAME" ]] && $IKNOW_FNAME; then
pr_magentaln "Fatal error: Can't read \"$FNAME\"" fatal "Can't read file \"$FNAME\"" "-1"
exit -1
fi fi
pr_reverse "====== Running in file batch mode with file=\"$FNAME\" ======"; outln "\n" pr_reverse "====== Running in file batch mode with file=\"$FNAME\" ======"; outln "\n"
cat "$FNAME" | while read cmdline; do cat "$FNAME" | while read cmdline; do
@ -4694,8 +4731,8 @@ if $do_mx_all_ips; then
ret=$? ret=$?
else else
parse_hn_port "${URI}" # NODE, URL_PATH, PORT, IPADDR and IP46ADDR is set now parse_hn_port "${URI}" # NODE, URL_PATH, PORT, IPADDR and IP46ADDR is set now
if ! determine_ip_addresses && [[ -z $CMDLINE_IP ]]; then if ! determine_ip_addresses && [[ -z "$CMDLINE_IP" ]]; then
pr_magentaln "fatal error: No IP address could be determined" fatal "No IP address could be determined"
fi fi
if [[ -n "$CMDLINE_IP" ]]; then if [[ -n "$CMDLINE_IP" ]]; then
[[ "$CMDLINE_IP" == "one" ]] && \ [[ "$CMDLINE_IP" == "one" ]] && \
@ -4727,4 +4764,4 @@ fi
exit $ret exit $ret
# $Id: testssl.sh,v 1.353 2015/08/23 19:16:33 dirkw Exp $ # $Id: testssl.sh,v 1.357 2015/08/24 12:09:44 dirkw Exp $