From c004469e0f80c65b603f583999ad4db344057c4f Mon Sep 17 00:00:00 2001 From: Dirk Date: Thu, 8 Feb 2018 14:16:36 +0100 Subject: [PATCH] backport of #982 fixes #981 --- testssl.sh | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/testssl.sh b/testssl.sh index dd3f19c..b24dfeb 100755 --- a/testssl.sh +++ b/testssl.sh @@ -5546,26 +5546,27 @@ compare_server_name_to_cert() # Check whether any of the DNS names in the certificate match the servername dns_sans="$(get_san_dns_from_cert "$cert")" - for san in $dns_sans; do - [[ $(toupper "$san") == "$servername" ]] && ret=1 && break - done + while read san; do + [[ -n "$san" ]] && [[ $(toupper "$san") == "$servername" ]] && ret=1 && break + done <<< "$dns_sans" if [[ $ret -eq 0 ]]; then # Check whether any of the IP addresses in the certificate match the servername ip_sans=$($OPENSSL x509 -in "$cert" -noout -text 2>>$ERRFILE | grep -A2 "Subject Alternative Name" | \ tr ',' '\n' | grep "IP Address:" | sed -e 's/IP Address://g' -e 's/ //g') - for san in $ip_sans; do - [[ "$san" == "$servername" ]] && ret=1 && break - done + while read san; do + [[ -n "$san" ]] && [[ "$san" == "$servername" ]] && ret=1 && break + done <<< "$ip_sans" fi # Check whether any of the DNS names in the certificate are wildcard names # that match the servername if [[ $ret -eq 0 ]]; then - for san in $dns_sans; do + while read san; do + [[ -n "$san" ]] || continue wildcard_match "$servername" "$san" [[ $? -eq 0 ]] && ret=2 && break - done + done <<< "$dns_sans" fi cn="$(get_cn_from_cert "$cert")" @@ -6435,9 +6436,9 @@ run_server_defaults() { if [[ "$sans_nosni" == "$sans_sni" ]]; then success[n]=0 else - for san in $sans_nosni; do - [[ " $sans_sni " =~ " $san " ]] && success[n]=0 && break - done + while read san; do + [[ -n "$san" ]] && [[ " $sans_sni " =~ " $san " ]] && success[n]=0 && break + done <<< "$sans_nosni" fi fi fi @@ -6596,7 +6597,7 @@ get_session_ticket_lifetime_from_serverhello() { get_san_dns_from_cert() { echo "$($OPENSSL x509 -in "$1" -noout -text 2>>$ERRFILE | \ grep -A2 "Subject Alternative Name" | tr ',' '\n' | grep "DNS:" | \ - sed -e 's/DNS://g' -e 's/ //g' | tr '\n' ' ')" + sed -e 's/DNS://g' -e 's/ //g')" }