From ae386700673f2e47b5cc70a7ee15055f65b5f173 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Fri, 22 Jul 2016 12:06:52 -0400 Subject: [PATCH] Fix check for self-signed certificate The check for whether a certificate is self-signed was using the undefined variable $CN rather than $cn. --- testssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index a857644..989709a 100755 --- a/testssl.sh +++ b/testssl.sh @@ -4151,7 +4151,7 @@ certificate_info() { issuer_C="$(awk -F'=' '/ C=/ { print $2 }' <<< "$issuer")" issuer_DC="$(awk -F'=' '/DC=/ { print $2 }' <<< "$issuer")" - if [[ "$issuer_O" == "issuer=" ]] || [[ "$issuer_O" == "issuer= " ]] || [[ "$issuer_CN" == "$CN" ]]; then + if [[ "$issuer_O" == "issuer=" ]] || [[ "$issuer_O" == "issuer= " ]] || [[ "$issuer_CN" == "$cn" ]]; then pr_svrty_criticalln "self-signed (NOT ok)" fileout "${json_prefix}issuer" "NOT ok" "Issuer: selfsigned (NOT ok)" else