From b0d394e93cf3d3ec849229fdd6a09edb026409f7 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Wed, 20 Jul 2016 17:28:09 +0200
Subject: [PATCH 1/2] merged #417

---
 testssl.sh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index e513d20..013699e 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -3839,7 +3839,8 @@ certificate_info() {
      local ocsp_response=$5
      local ocsp_response_status=$6
      local cert_sig_algo cert_sig_hash_algo cert_key_algo
-     local expire days2expire secs2warn ocsp_uri crl startdate enddate issuer_CN issuer_C issuer_O issuer sans san cn cn_nosni
+     local expire days2expire secs2warn ocsp_uri crl startdate enddate issuer_CN issuer_C issuer_O issuer sans san cn
+     local cn_nosni=""
      local cert_fingerprint_sha1 cert_fingerprint_sha2 cert_fingerprint_serial
      local policy_oid
      local spaces=""
@@ -4079,8 +4080,10 @@ certificate_info() {
 
      # no cipher suites specified here. We just want the default vhost subject
      $OPENSSL s_client $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $OPTIMAL_PROTO 2>>$ERRFILE </dev/null | awk '/-----BEGIN/,/-----END/ { print $0 }'  >$HOSTCERT.nosni
-     cn_nosni="$(get_cn_from_cert "$HOSTCERT.nosni")"
-     [[ -z "$cn_nosni" ]] && cn_nosni="no CN field in subject"
+     if grep -q "\-\-\-\-\-BEGIN" "$HOSTCERT.nosni"; then
+          cn_nosni="$(get_cn_from_cert "$HOSTCERT.nosni")"
+          [[ -z "$cn_nosni" ]] && cn_nosni="no CN field in subject"
+     fi
 
 #FIXME: check for SSLv3/v2 and look whether it goes to a different CN (probably not polite)
 

From 6e5c2a824e4ad705bd60a50ec97f338c5c7e6546 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Wed, 20 Jul 2016 17:38:55 +0200
Subject: [PATCH 2/2] merged #416

---
 testssl.sh | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index e513d20..86eff8a 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -3839,7 +3839,8 @@ certificate_info() {
      local ocsp_response=$5
      local ocsp_response_status=$6
      local cert_sig_algo cert_sig_hash_algo cert_key_algo
-     local expire days2expire secs2warn ocsp_uri crl startdate enddate issuer_CN issuer_C issuer_O issuer sans san cn cn_nosni
+     local expire days2expire secs2warn ocsp_uri crl startdate enddate issuer_CN issuer_C issuer_O issuer sans san cn
+     local cn_nosni=""
      local cert_fingerprint_sha1 cert_fingerprint_sha2 cert_fingerprint_serial
      local policy_oid
      local spaces=""
@@ -4079,8 +4080,10 @@ certificate_info() {
 
      # no cipher suites specified here. We just want the default vhost subject
      $OPENSSL s_client $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $OPTIMAL_PROTO 2>>$ERRFILE </dev/null | awk '/-----BEGIN/,/-----END/ { print $0 }'  >$HOSTCERT.nosni
-     cn_nosni="$(get_cn_from_cert "$HOSTCERT.nosni")"
-     [[ -z "$cn_nosni" ]] && cn_nosni="no CN field in subject"
+     if grep -q "\-\-\-\-\-BEGIN" "$HOSTCERT.nosni"; then
+          cn_nosni="$(get_cn_from_cert "$HOSTCERT.nosni")"
+          [[ -z "$cn_nosni" ]] && cn_nosni="no CN field in subject"
+     fi
 
 #FIXME: check for SSLv3/v2 and look whether it goes to a different CN (probably not polite)
 
@@ -8335,4 +8338,4 @@ fi
 exit $?
 
 
-#  $Id: testssl.sh,v 1.526 2016/07/16 18:48:55 dirkw Exp $
+#  $Id: testssl.sh,v 1.527 2016/07/20 15:36:50 dirkw Exp $