mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-10 18:50:58 +01:00
parent
af6ca18933
commit
c004469e0f
25
testssl.sh
25
testssl.sh
@ -5546,26 +5546,27 @@ compare_server_name_to_cert()
|
||||
|
||||
# Check whether any of the DNS names in the certificate match the servername
|
||||
dns_sans="$(get_san_dns_from_cert "$cert")"
|
||||
for san in $dns_sans; do
|
||||
[[ $(toupper "$san") == "$servername" ]] && ret=1 && break
|
||||
done
|
||||
while read san; do
|
||||
[[ -n "$san" ]] && [[ $(toupper "$san") == "$servername" ]] && ret=1 && break
|
||||
done <<< "$dns_sans"
|
||||
|
||||
if [[ $ret -eq 0 ]]; then
|
||||
# Check whether any of the IP addresses in the certificate match the servername
|
||||
ip_sans=$($OPENSSL x509 -in "$cert" -noout -text 2>>$ERRFILE | grep -A2 "Subject Alternative Name" | \
|
||||
tr ',' '\n' | grep "IP Address:" | sed -e 's/IP Address://g' -e 's/ //g')
|
||||
for san in $ip_sans; do
|
||||
[[ "$san" == "$servername" ]] && ret=1 && break
|
||||
done
|
||||
while read san; do
|
||||
[[ -n "$san" ]] && [[ "$san" == "$servername" ]] && ret=1 && break
|
||||
done <<< "$ip_sans"
|
||||
fi
|
||||
|
||||
# Check whether any of the DNS names in the certificate are wildcard names
|
||||
# that match the servername
|
||||
if [[ $ret -eq 0 ]]; then
|
||||
for san in $dns_sans; do
|
||||
while read san; do
|
||||
[[ -n "$san" ]] || continue
|
||||
wildcard_match "$servername" "$san"
|
||||
[[ $? -eq 0 ]] && ret=2 && break
|
||||
done
|
||||
done <<< "$dns_sans"
|
||||
fi
|
||||
|
||||
cn="$(get_cn_from_cert "$cert")"
|
||||
@ -6435,9 +6436,9 @@ run_server_defaults() {
|
||||
if [[ "$sans_nosni" == "$sans_sni" ]]; then
|
||||
success[n]=0
|
||||
else
|
||||
for san in $sans_nosni; do
|
||||
[[ " $sans_sni " =~ " $san " ]] && success[n]=0 && break
|
||||
done
|
||||
while read san; do
|
||||
[[ -n "$san" ]] && [[ " $sans_sni " =~ " $san " ]] && success[n]=0 && break
|
||||
done <<< "$sans_nosni"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
@ -6596,7 +6597,7 @@ get_session_ticket_lifetime_from_serverhello() {
|
||||
get_san_dns_from_cert() {
|
||||
echo "$($OPENSSL x509 -in "$1" -noout -text 2>>$ERRFILE | \
|
||||
grep -A2 "Subject Alternative Name" | tr ',' '\n' | grep "DNS:" | \
|
||||
sed -e 's/DNS://g' -e 's/ //g' | tr '\n' ' ')"
|
||||
sed -e 's/DNS://g' -e 's/ //g')"
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user