Git
/
testssl.sh
mirror of https://github.com/drwetter/testssl.sh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Trim excess whitespace

This commit is contained in:
a1346054 2021-09-03 21:32:24 +00:00
parent 6782e2a3b9
commit b1f5c6c9af
12 changed files with 28 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG.md
View File

@ -32,7 +32,6 @@
* Added --reqheader to support custom headers in HTTP requests
* Test for support for RFC 8879 certificate compression
### Features implemented / improvements in 3.0
* Full support of TLS 1.3, shows also drafts supported
@ -115,7 +114,6 @@
* Postgres und MySQL STARTTLS support
* Man page
### New in 2.8
* Trust chain check against certificate stores from Apple (OS), Linux (OS),
@ -169,7 +167,6 @@
Full log @ https://github.com/drwetter/testssl.sh/commits/2.6/testssl.sh
### New in 2.4
* "only one cmd line option at a time" is completely gone
* several tuning parameters on the cmd line (only available through environment variables b4): --assuming-http, --ssl-native, --sneaky, --warnings, --color, -- debug, --long
@ -324,7 +321,6 @@ Full changelog @ https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
- fix for netweaver banner (server is lowercase)
- no server banner is no disadvantage (color code)
1.89
- reordered! : protocols + cipher come first
- colorized preferred server preference (e.g. CBC+RC4 is light red now, TLSv1.2 green)
@ -471,7 +467,6 @@ Full changelog @ https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
default now and there's a comment
* openssl version + path to it in the banner
1.20
* bugfix (ssl in ssl handshake failure is sometimes too much)
* date in output

2
CONTRIBUTING.md
View File

@ -10,7 +10,7 @@ Note please the following
* Document your PR, both in the PR and/or commit message and in the code.
* Please test your changes thoroughly as reliability is important for this project. You may want to check different servers with different settings.
* Travis runs automatically when anything is committed/PR'd. You should check any complains from Travis. Beforehand you can check with `prove -v`.
* If it's a new feature please consider writing a unit test for it. You can use e.g. `t/20_baseline_ipv4_http.t` as a template. The general documentation for [Test::More](https://perldoc.perl.org/Test/More.html) is a good start.
* If it's a new feature please consider writing a unit test for it. You can use e.g. `t/20_baseline_ipv4_http.t` as a template. The general documentation for [Test::More](https://perldoc.perl.org/Test/More.html) is a good start.
* If it's a new feature it would need to be documented in the appropriate section in `help()` and in `~/doc/testssl.1.md`
For questions just open an issue or feel free to send me an e-mail.

3
Coding_Convention.md
View File

@ -47,7 +47,7 @@ Bash is actually quite powerful -- not only with respect to sockets. It's not as
* Watch out for any input especially (but not only) supplied from the server. Input should never be trusted.
* Unless you're really sure where the values come from, variables need to be put in quotes.
* You can use `safe_echo()` when processing input which does some input validation.
* Use ``out()`` or similar output functions when writing something back to the user.
* Use ``out()`` or similar output functions when writing something back to the user.
* Use `$OPENSSL` instead of `openssl`. The latter is highly system depended and also $OPENSSL is a binary which capabilities are checked internally before using it, independent whether the supplied one is being used or another one.
#### Variables
@ -70,4 +70,3 @@ Bash is actually quite powerful -- not only with respect to sockets. It's not as
* Unit tests are done automatically done with Perl using Travis. The trigger is `~/.travis.yml`. The general documentation for [Test::More](https://perldoc.perl.org/Test/More.html) is a good start. You are encouraged to write own checks. You can use e.g. `t/20_baseline_ipv4_http.t` as an example.
* If it's an OpenSSL feature you want to use and it could be not available for older OpenSSL versions testssl.sh needs to find out whether OpenSSL has that feature. Best do this with OpenSSL itself and not by checking the version as some vendors do backports. See the examples for `HAS_SSL2` or proxy option check of OpenSSL in `check_proxy()`.
* If a feature of OpenSSL is not available you need to tell this the user by using `pr_warning*()`. Or accordingly with `fatal()` if a continuation of the program doesn't make sense anymore.

4
Dockerfile
View File

@ -5,7 +5,7 @@ RUN apk update && \
apk add bash procps drill git coreutils libidn curl socat openssl xxd && \
rm -rf /var/cache/apk/* && \
addgroup testssl && \
adduser -G testssl -g "testssl user" -s /bin/bash -D testssl && \
adduser -G testssl -g "testssl user" -s /bin/bash -D testssl && \
ln -s /home/testssl/testssl.sh /usr/local/bin/ && \
mkdir -m 755 -p /home/testssl/etc /home/testssl/bin
@ -14,7 +14,7 @@ WORKDIR /home/testssl/
COPY --chown=testssl:testssl etc/. /home/testssl/etc/
COPY --chown=testssl:testssl bin/. /home/testssl/bin/
COPY --chown=testssl:testssl testssl.sh /home/testssl/
COPY --chown=testssl:testssl testssl.sh /home/testssl/
ENTRYPOINT ["testssl.sh"]

2
Dockerfile.git
View File

@ -11,7 +11,7 @@ ARG URL=https://github.com/drwetter/testssl.sh.git
RUN test -n "${BUILD_VERSION}" \
&& apk update \
&& apk add --no-cache bash procps drill git coreutils libidn curl socat openssl xxd \
&& git clone --depth 1 --branch ${BUILD_VERSION} $URL /home/testssl \
&& git clone --depth 1 --branch ${BUILD_VERSION} $URL /home/testssl \
&& addgroup testssl \
&& adduser -G testssl -g "testssl user" -s /bin/bash -D testssl \
&& ln -s /home/testssl/testssl.sh /usr/local/bin/ \

2
bin/Readme.md
View File

@ -130,5 +130,3 @@ Enjoy, Dirk
[1] https://en.wikipedia.org/wiki/GOST_%29block_cipher%29
[2] http://fossies.org/linux/openssl/engines/ccgost/README.gost

2
etc/README.md
View File

@ -14,7 +14,7 @@ The certificate trust stores were retrieved from
--> "Keychain Access" (2 click). In that window --> "Keychains" --> "System"
--> "Category" --> "All Items"
Select all CA certificates except for Developer ID Certification Authority, "File" --> "Export Items"
2. __Internet:__ Pick the latest subdir (=highest number) from https://opensource.apple.com/source/security_certificates/. They are in DER format despite their file extension. Download them with ``wget --level=1 --cut-dirs=5 --mirror --convert-links --adjust-extension --page-requisites --no-parent https://opensource.apple.com/source/security_certificates/security_certificates-*/certificates/roots/``
2. __Internet:__ Pick the latest subdir (=highest number) from https://opensource.apple.com/source/security_certificates/. They are in DER format despite their file extension. Download them with ``wget --level=1 --cut-dirs=5 --mirror --convert-links --adjust-extension --page-requisites --no-parent https://opensource.apple.com/source/security_certificates/security_certificates-*/certificates/roots/``
Google Chromium uses basically the trust stores above, see https://www.chromium.org/Home/chromium-security/root-ca-policy.

4
etc/client-simulation.wiresharked.md
View File

@ -22,7 +22,3 @@ The whole process is done manually.
* "ciphersutes" are TLS 1.3 ciphersuites. You can identify them as they currently are like 0x130?. Retrieve them from above see ``~/utils/hexstream2cipher.sh``
* Figure out the services by applying a good piece of human logic
* Before submitting a PR: test it yourself! You can also watch it again via wireshark

1
t/11_baseline_ipv6_http.t.DISABLED
View File

@ -59,4 +59,3 @@ sub json($) {
unlink $file;
return from_json($file);
}