diff --git a/CHANGELOG.md b/CHANGELOG.md index 4a9e74d..e8c4303 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -54,7 +54,7 @@ * Renegotiation checks improved, also no false positive for Node.js anymore * Major update of client simulations with self-collected up-to-date data * Update of CA certificate stores -* Lots of bug fixes +* Lots of bug and security fixes * More travis/CI checks -- still place for improvements * Man page reviewed diff --git a/testssl.sh b/testssl.sh index 21077d8..ac0eda3 100755 --- a/testssl.sh +++ b/testssl.sh @@ -19681,10 +19681,10 @@ debug_globals() { # arg2: value (if no = provided) parse_opt_equal_sign() { if [[ "$1" == *=* ]]; then - echo ${1#*=} + safe_echo "${1#*=}" return 1 # = means we don't need to shift args! else - echo "$2" + safe_echo "$2" return 0 # we need to shift fi } @@ -20254,8 +20254,11 @@ parse_cmd_line() { [[ $CMDLINE_IP == one ]] && ( is_ipv4addr "$URI" || is_ipv6addr "$URI" ) && fatal "\"--ip=one\" plus supplying an IP address doesn't work" $ERR_CMDLINE "$do_mx_all_ips" && [[ "$NODNS" == none ]] && fatal "\"--mx\" and \"--nodns=none\" don't work together" $ERR_CMDLINE + if [[ "${ADDITIONAL_CA_FILES}" =~ \ ]]; then + fatal "The CA file \"${ADDITIONAL_CA_FILES}\" must not contain spaces" $ERR_RESOURCE + fi ADDITIONAL_CA_FILES="${ADDITIONAL_CA_FILES//,/ }" - for fname in $ADDITIONAL_CA_FILES; do + for fname in ${ADDITIONAL_CA_FILES}; do [[ -s "$fname" ]] || fatal "CA file \"$fname\" does not exist" $ERR_RESOURCE grep -q "BEGIN CERTIFICATE" "$fname" || fatal "\"$fname\" is not CA file in PEM format" $ERR_RESOURCE done