Trim excess whitespace

This commit is contained in:
a1346054 2021-09-03 21:32:24 +00:00
parent 6782e2a3b9
commit b1f5c6c9af
12 changed files with 28 additions and 41 deletions

View File

@ -32,7 +32,6 @@
* Added --reqheader to support custom headers in HTTP requests * Added --reqheader to support custom headers in HTTP requests
* Test for support for RFC 8879 certificate compression * Test for support for RFC 8879 certificate compression
### Features implemented / improvements in 3.0 ### Features implemented / improvements in 3.0
* Full support of TLS 1.3, shows also drafts supported * Full support of TLS 1.3, shows also drafts supported
@ -115,7 +114,6 @@
* Postgres und MySQL STARTTLS support * Postgres und MySQL STARTTLS support
* Man page * Man page
### New in 2.8 ### New in 2.8
* Trust chain check against certificate stores from Apple (OS), Linux (OS), * Trust chain check against certificate stores from Apple (OS), Linux (OS),
@ -169,7 +167,6 @@
Full log @ https://github.com/drwetter/testssl.sh/commits/2.6/testssl.sh Full log @ https://github.com/drwetter/testssl.sh/commits/2.6/testssl.sh
### New in 2.4 ### New in 2.4
* "only one cmd line option at a time" is completely gone * "only one cmd line option at a time" is completely gone
* several tuning parameters on the cmd line (only available through environment variables b4): --assuming-http, --ssl-native, --sneaky, --warnings, --color, -- debug, --long * several tuning parameters on the cmd line (only available through environment variables b4): --assuming-http, --ssl-native, --sneaky, --warnings, --color, -- debug, --long
@ -324,7 +321,6 @@ Full changelog @ https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
- fix for netweaver banner (server is lowercase) - fix for netweaver banner (server is lowercase)
- no server banner is no disadvantage (color code) - no server banner is no disadvantage (color code)
1.89 1.89
- reordered! : protocols + cipher come first - reordered! : protocols + cipher come first
- colorized preferred server preference (e.g. CBC+RC4 is light red now, TLSv1.2 green) - colorized preferred server preference (e.g. CBC+RC4 is light red now, TLSv1.2 green)
@ -471,7 +467,6 @@ Full changelog @ https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
default now and there's a comment default now and there's a comment
* openssl version + path to it in the banner * openssl version + path to it in the banner
1.20 1.20
* bugfix (ssl in ssl handshake failure is sometimes too much) * bugfix (ssl in ssl handshake failure is sometimes too much)
* date in output * date in output

View File

@ -10,7 +10,7 @@ Note please the following
* Document your PR, both in the PR and/or commit message and in the code. * Document your PR, both in the PR and/or commit message and in the code.
* Please test your changes thoroughly as reliability is important for this project. You may want to check different servers with different settings. * Please test your changes thoroughly as reliability is important for this project. You may want to check different servers with different settings.
* Travis runs automatically when anything is committed/PR'd. You should check any complains from Travis. Beforehand you can check with `prove -v`. * Travis runs automatically when anything is committed/PR'd. You should check any complains from Travis. Beforehand you can check with `prove -v`.
* If it's a new feature please consider writing a unit test for it. You can use e.g. `t/20_baseline_ipv4_http.t` as a template. The general documentation for [Test::More](https://perldoc.perl.org/Test/More.html) is a good start. * If it's a new feature please consider writing a unit test for it. You can use e.g. `t/20_baseline_ipv4_http.t` as a template. The general documentation for [Test::More](https://perldoc.perl.org/Test/More.html) is a good start.
* If it's a new feature it would need to be documented in the appropriate section in `help()` and in `~/doc/testssl.1.md` * If it's a new feature it would need to be documented in the appropriate section in `help()` and in `~/doc/testssl.1.md`
For questions just open an issue or feel free to send me an e-mail. For questions just open an issue or feel free to send me an e-mail.

View File

@ -47,7 +47,7 @@ Bash is actually quite powerful -- not only with respect to sockets. It's not as
* Watch out for any input especially (but not only) supplied from the server. Input should never be trusted. * Watch out for any input especially (but not only) supplied from the server. Input should never be trusted.
* Unless you're really sure where the values come from, variables need to be put in quotes. * Unless you're really sure where the values come from, variables need to be put in quotes.
* You can use `safe_echo()` when processing input which does some input validation. * You can use `safe_echo()` when processing input which does some input validation.
* Use ``out()`` or similar output functions when writing something back to the user. * Use ``out()`` or similar output functions when writing something back to the user.
* Use `$OPENSSL` instead of `openssl`. The latter is highly system depended and also $OPENSSL is a binary which capabilities are checked internally before using it, independent whether the supplied one is being used or another one. * Use `$OPENSSL` instead of `openssl`. The latter is highly system depended and also $OPENSSL is a binary which capabilities are checked internally before using it, independent whether the supplied one is being used or another one.
#### Variables #### Variables
@ -70,4 +70,3 @@ Bash is actually quite powerful -- not only with respect to sockets. It's not as
* Unit tests are done automatically done with Perl using Travis. The trigger is `~/.travis.yml`. The general documentation for [Test::More](https://perldoc.perl.org/Test/More.html) is a good start. You are encouraged to write own checks. You can use e.g. `t/20_baseline_ipv4_http.t` as an example. * Unit tests are done automatically done with Perl using Travis. The trigger is `~/.travis.yml`. The general documentation for [Test::More](https://perldoc.perl.org/Test/More.html) is a good start. You are encouraged to write own checks. You can use e.g. `t/20_baseline_ipv4_http.t` as an example.
* If it's an OpenSSL feature you want to use and it could be not available for older OpenSSL versions testssl.sh needs to find out whether OpenSSL has that feature. Best do this with OpenSSL itself and not by checking the version as some vendors do backports. See the examples for `HAS_SSL2` or proxy option check of OpenSSL in `check_proxy()`. * If it's an OpenSSL feature you want to use and it could be not available for older OpenSSL versions testssl.sh needs to find out whether OpenSSL has that feature. Best do this with OpenSSL itself and not by checking the version as some vendors do backports. See the examples for `HAS_SSL2` or proxy option check of OpenSSL in `check_proxy()`.
* If a feature of OpenSSL is not available you need to tell this the user by using `pr_warning*()`. Or accordingly with `fatal()` if a continuation of the program doesn't make sense anymore. * If a feature of OpenSSL is not available you need to tell this the user by using `pr_warning*()`. Or accordingly with `fatal()` if a continuation of the program doesn't make sense anymore.

View File

@ -5,7 +5,7 @@ RUN apk update && \
apk add bash procps drill git coreutils libidn curl socat openssl xxd && \ apk add bash procps drill git coreutils libidn curl socat openssl xxd && \
rm -rf /var/cache/apk/* && \ rm -rf /var/cache/apk/* && \
addgroup testssl && \ addgroup testssl && \
adduser -G testssl -g "testssl user" -s /bin/bash -D testssl && \ adduser -G testssl -g "testssl user" -s /bin/bash -D testssl && \
ln -s /home/testssl/testssl.sh /usr/local/bin/ && \ ln -s /home/testssl/testssl.sh /usr/local/bin/ && \
mkdir -m 755 -p /home/testssl/etc /home/testssl/bin mkdir -m 755 -p /home/testssl/etc /home/testssl/bin
@ -14,7 +14,7 @@ WORKDIR /home/testssl/
COPY --chown=testssl:testssl etc/. /home/testssl/etc/ COPY --chown=testssl:testssl etc/. /home/testssl/etc/
COPY --chown=testssl:testssl bin/. /home/testssl/bin/ COPY --chown=testssl:testssl bin/. /home/testssl/bin/
COPY --chown=testssl:testssl testssl.sh /home/testssl/ COPY --chown=testssl:testssl testssl.sh /home/testssl/
ENTRYPOINT ["testssl.sh"] ENTRYPOINT ["testssl.sh"]

View File

@ -11,7 +11,7 @@ ARG URL=https://github.com/drwetter/testssl.sh.git
RUN test -n "${BUILD_VERSION}" \ RUN test -n "${BUILD_VERSION}" \
&& apk update \ && apk update \
&& apk add --no-cache bash procps drill git coreutils libidn curl socat openssl xxd \ && apk add --no-cache bash procps drill git coreutils libidn curl socat openssl xxd \
&& git clone --depth 1 --branch ${BUILD_VERSION} $URL /home/testssl \ && git clone --depth 1 --branch ${BUILD_VERSION} $URL /home/testssl \
&& addgroup testssl \ && addgroup testssl \
&& adduser -G testssl -g "testssl user" -s /bin/bash -D testssl \ && adduser -G testssl -g "testssl user" -s /bin/bash -D testssl \
&& ln -s /home/testssl/testssl.sh /usr/local/bin/ \ && ln -s /home/testssl/testssl.sh /usr/local/bin/ \

View File

@ -130,5 +130,3 @@ Enjoy, Dirk
[1] https://en.wikipedia.org/wiki/GOST_%29block_cipher%29 [1] https://en.wikipedia.org/wiki/GOST_%29block_cipher%29
[2] http://fossies.org/linux/openssl/engines/ccgost/README.gost [2] http://fossies.org/linux/openssl/engines/ccgost/README.gost

View File

@ -14,7 +14,7 @@ The certificate trust stores were retrieved from
--> "Keychain Access" (2 click). In that window --> "Keychains" --> "System" --> "Keychain Access" (2 click). In that window --> "Keychains" --> "System"
--> "Category" --> "All Items" --> "Category" --> "All Items"
Select all CA certificates except for Developer ID Certification Authority, "File" --> "Export Items" Select all CA certificates except for Developer ID Certification Authority, "File" --> "Export Items"
2. __Internet:__ Pick the latest subdir (=highest number) from https://opensource.apple.com/source/security_certificates/. They are in DER format despite their file extension. Download them with ``wget --level=1 --cut-dirs=5 --mirror --convert-links --adjust-extension --page-requisites --no-parent https://opensource.apple.com/source/security_certificates/security_certificates-*/certificates/roots/`` 2. __Internet:__ Pick the latest subdir (=highest number) from https://opensource.apple.com/source/security_certificates/. They are in DER format despite their file extension. Download them with ``wget --level=1 --cut-dirs=5 --mirror --convert-links --adjust-extension --page-requisites --no-parent https://opensource.apple.com/source/security_certificates/security_certificates-*/certificates/roots/``
Google Chromium uses basically the trust stores above, see https://www.chromium.org/Home/chromium-security/root-ca-policy. Google Chromium uses basically the trust stores above, see https://www.chromium.org/Home/chromium-security/root-ca-policy.

View File

@ -22,7 +22,3 @@ The whole process is done manually.
* "ciphersutes" are TLS 1.3 ciphersuites. You can identify them as they currently are like 0x130?. Retrieve them from above see ``~/utils/hexstream2cipher.sh`` * "ciphersutes" are TLS 1.3 ciphersuites. You can identify them as they currently are like 0x130?. Retrieve them from above see ``~/utils/hexstream2cipher.sh``
* Figure out the services by applying a good piece of human logic * Figure out the services by applying a good piece of human logic
* Before submitting a PR: test it yourself! You can also watch it again via wireshark * Before submitting a PR: test it yourself! You can also watch it again via wireshark

View File

@ -59,4 +59,3 @@ sub json($) {
unlink $file; unlink $file;
return from_json($file); return from_json($file);
} }