Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

- for colors: double square brackets (might save a fork to "[ or "test"

Browse Source 
- in terms of debugging cleaned up listciphers/std_cipherlists
- in other terms too
This commit is contained in:
Dirk 2014-11-25 13:12:24 +01:00
parent 5228986b25
commit c034cd8a95
1 changed files with 51 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
testssl.sh
View File

@ -55,7 +55,7 @@ COLOR=${COLOR:-2} # 2: Full color, 1: b/w+positioning, 0: no ESC at all
SHOW_LCIPHERS=no # determines whether the client side ciphers are displayed at all (makes no sense normally) SHOW_LCIPHERS=no # determines whether the client side ciphers are displayed at all (makes no sense normally)
VERBERR=${VERBERR:-1} # 0 means to be more verbose (some like the errors to be dispayed so that one can tell better VERBERR=${VERBERR:-1} # 0 means to be more verbose (some like the errors to be dispayed so that one can tell better
# whether the handshake succeeded or not. For errors with individual ciphers you also need to have SHOW_EACH_C=1 # whether the handshake succeeded or not. For errors with individual ciphers you also need to have SHOW_EACH_C=1
LOCERR=${LOCERR:-1} # Same as before, just displays am error if local cipher isn't support LOCERR=${LOCERR:-0} # displays the local error
SHOW_EACH_C=${SHOW_EACH_C:-0} # where individual ciphers are tested show just the positively ones tested SHOW_EACH_C=${SHOW_EACH_C:-0} # where individual ciphers are tested show just the positively ones tested
SNEAKY=${SNEAKY:-1} # if zero: the referer and useragent we leave while checking the http header is just usual SNEAKY=${SNEAKY:-1} # if zero: the referer and useragent we leave while checking the http header is just usual
#FIXME: consequently we should mute the initial netcat and openssl s_client -connect as they cause a 400 (nginx, apache) #FIXME: consequently we should mute the initial netcat and openssl s_client -connect as they cause a 400 (nginx, apache)
@ -105,17 +105,17 @@ outln() {
# some functions for text (i know we could do this with tput, but what about systems having no terminfo? # some functions for text (i know we could do this with tput, but what about systems having no terminfo?
# http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x329.html # http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x329.html
off() { off() {
[ "$COLOR" != 0 ] && out "\033[m\c" [[ "$COLOR" != 0 ]] && out "\033[m\c"
} }
liteblue() { liteblue() {
[ "$COLOR" = 2 ] && out "\033[0;34m$1 " || out "$1 " [[ "$COLOR" = 2 ]] && out "\033[0;34m$1 " || out "$1 "
off off
} }
liteblueln() { liteblue "$1"; outln; } liteblueln() { liteblue "$1"; outln; }
blue() { blue() {
[ "$COLOR" = 2 ] && out "\033[1;34m$1 " || out "$1 " [[ "$COLOR" = 2 ]] && out "\033[1;34m$1 " || out "$1 "
off off
} }
blueln() { blue "$1"; outln; } blueln() { blue "$1"; outln; }
@ -126,86 +126,86 @@ blueln() { blue "$1"; outln; }
# FIXME: What bout folks who don't want color at all # FIXME: What bout folks who don't want color at all
litered() { litered() {
[ "$COLOR" = 2 ] && out "\033[0;31m$1 " || bold "$1 " [[ "$COLOR" = 2 ]] && out "\033[0;31m$1 " || bold "$1 "
off off
} }
literedln() { litered "$1"; outln; } literedln() { litered "$1"; outln; }
red() { red() {
[ "$COLOR" = 2 ] && out "\033[1;31m$1 " || bold "$1 " [[ "$COLOR" = 2 ]] && out "\033[1;31m$1 " || bold "$1 "
off off
} }
redln() { red "$1"; outln; } redln() { red "$1"; outln; }
litemagenta() { litemagenta() {
[ "$COLOR" = 2 ] && out "\033[0;35m$1 " || underline "$1 " [[ "$COLOR" = 2 ]] && out "\033[0;35m$1 " || underline "$1 "
off off
} }
litemagentaln() { litemagenta "$1"; outln; } litemagentaln() { litemagenta "$1"; outln; }
magenta() { magenta() {
[ "$COLOR" = 2 ] && out "\033[1;35m$1 " || underline "$1 " [[ "$COLOR" = 2 ]] && out "\033[1;35m$1 " || underline "$1 "
off off
} }
magentaln() { magenta "$1"; outln; } magentaln() { magenta "$1"; outln; }
litecyan() { litecyan() {
[ "$COLOR" = 2 ] && out "\033[0;36m$1 " || out "$1 " [[ "$COLOR" = 2 ]] && out "\033[0;36m$1 " || out "$1 "
off off
} }
litecyanln() { litecyan "$1"; outln; } litecyanln() { litecyan "$1"; outln; }
cyan() { cyan() {
[ "$COLOR" = 2 ] && out "\033[1;36m$1 " || out "$1 " [[ "$COLOR" = 2 ]] && out "\033[1;36m$1 " || out "$1 "
off off
} }
cyanln() { cyan "$1"; outln; } cyanln() { cyan "$1"; outln; }
grey() { grey() {
[ "$COLOR" = 2 ] && out "\033[1;30m$1 " || out "$1 " [[ "$COLOR" = 2 ]] && out "\033[1;30m$1 " || out "$1 "
off off
} }
greyln() { grey "$1"; outln; } greyln() { grey "$1"; outln; }
litegrey() { litegrey() {
[ "$COLOR" = 2 ] && out "\033[0;37m$1 " || out "$1 " [[ "$COLOR" = 2 ]] && out "\033[0;37m$1 " || out "$1 "
off off
} }
litegreyln() { litegrey "$1"; outln; } litegreyln() { litegrey "$1"; outln; }
litegreen() { litegreen() {
[ "$COLOR" = 2 ] && out "\033[0;32m$1 " || out "$1 " [[ "$COLOR" = 2 ]] && out "\033[0;32m$1 " || out "$1 "
off off
} }
litegreenln() { litegreen "$1"; outln; } litegreenln() { litegreen "$1"; outln; }
green() { green() {
[ "$COLOR" = 2 ] && out "\033[1;32m$1 " || out "$1 " [[ "$COLOR" = 2 ]] && out "\033[1;32m$1 " || out "$1 "
off off
} }
greenln() { green "$1"; outln; } greenln() { green "$1"; outln; }
brown() { brown() {
[ "$COLOR" = 2 ] && out "\033[0;33m$1 " || out "$1 " [[ "$COLOR" = 2 ]] && out "\033[0;33m$1 " || out "$1 "
off off
} }
brownln() { brown "$1"; outln; } brownln() { brown "$1"; outln; }
yellow() { yellow() {
[ "$COLOR" = 2 ] && out "\033[1;33m$1 " || out "$1 " [[ "$COLOR" = 2 ]] && out "\033[1;33m$1 " || out "$1 "
off off
} }
yellowlnln() { yellowln "$1"; outln; } yellowlnln() { yellowln "$1"; outln; }
bold() { [ "$COLOR" != 0 ] && out "\033[1m$1" || out "$1" ; off; } bold() { [[ "$COLOR" != 0 ]] && out "\033[1m$1" || out "$1" ; off; }
boldln() { bold "$1" ; outln; } boldln() { bold "$1" ; outln; }
underline() { [ "$COLOR" != 0 ] && out "\033[4m$1" || out "$1" ; off; } underline() { [[ "$COLOR" != 0 ]] && out "\033[4m$1" || out "$1" ; off; }
boldandunder() { [ "$COLOR" != 0 ] && out "\033[1m\033[4m$1" || out "$1" ; off; } boldandunder() { [[ "$COLOR" != 0 ]] && out "\033[1m\033[4m$1" || out "$1" ; off; }
reverse() { [ "$COLOR" != 0 ] && out "\033[7m$1" || out "$1" ; off; } reverse() { [[ "$COLOR" != 0 ]] && out "\033[7m$1" || out "$1" ; off; }
# whether it is ok to offer/not to offer enc/cipher/version # whether it is ok to offer/not to offer enc/cipher/version
@ -476,12 +476,10 @@ prettyprint_local() {
# list ciphers (and makes sure you have them locally configured) # list ciphers (and makes sure you have them locally configured)
# arg[1]: cipher list (or anything else) # arg[1]: cipher list (or anything else)
listciphers() { listciphers() {
if [ $LOCERR = 0 ]; then $OPENSSL ciphers "$VERB_CLIST" $1 &>$TMPFILE
$OPENSSL ciphers "$VERB_CLIST" $1 2>&1 >$TMPFILE ret=$?
else [[ "$LOCERR" = 1 ]] && cat $TMPFILE
$OPENSSL ciphers "$VERB_CLIST" $1 &>$TMPFILE return $ret
fi
return $?
} }
@ -490,42 +488,40 @@ listciphers() {
# argv[3]: ok to offer? 0: yes, 1: no # argv[3]: ok to offer? 0: yes, 1: no
std_cipherlists() { std_cipherlists() {
out "$2 "; out "$2 ";
if listciphers $1; then if listciphers $1; then # is that locally available??
[ x$SHOW_LCIPHERS = "xyes" ] && out "local ciphers are: " && cat $TMPFILE | sed 's/:/, /g' [ x$SHOW_LCIPHERS = "xyes" ] && out "local ciphers are: " && cat $TMPFILE | sed 's/:/, /g'
$OPENSSL s_client -cipher "$1" $STARTTLS -connect $NODEIP:$PORT $SNI 2>$TMPFILE >/dev/null </dev/null $OPENSSL s_client -cipher "$1" $STARTTLS -connect $NODEIP:$PORT $SNI 2>$TMPFILE >/dev/null </dev/null
ret=$? ret=$?
if [ $VERBERR -eq 0 ]; then [[ $VERBOSE -eq 1 ]] && cat $TMPFILE
# echo | $OPENSSL s_client -cipher $1 -connect "$NODE:$PORT" >&1 >$TMPFILE case $3 in
head -2 $TMPFILE | egrep -v "depth|num=" 0) # ok to offer
fi if [[ $ret -eq 0 ]]; then # was offered
if [ $3 -eq 0 ]; then # ok to offer ok 1 0 # green
if [ $ret -eq 0 ]; then # was offered else
ok 1 0 # green ok 0 0 # black
else fi ;;
ok 0 0 # black 2) # not really bad
fi if [[ $ret -eq 0 ]]; then
elif [ $3 -eq 2 ]; then # not really bad ok 2 0 # offered in bold
if [ $ret -eq 0 ]; then else
ok 2 0 # offered in bold ok 0 0 # not offered also in bold
else fi;;
ok 0 0 # not offered also in bold *) # the ugly rest
fi if [[ $ret -eq 0 ]]; then
else ok 1 1 # was offered! --> red
if [ $ret -eq 0 ]; then else
ok 1 1 # was offered! --> red #ok 0 0 # was not offered, that's ok
else ok 0 1 # was not offered --> green
#ok 0 0 # was not offered, that's ok fi ;;
ok 0 1 # was not offered --> green esac
fi rm $TMPFILE
fi
rm $TMPFILE
else else
singlespaces=`echo "$2" | sed -e 's/ \+/ /g' -e 's/^ //' -e 's/ $//g' -e 's/ //g'` singlespaces=`echo "$2" | sed -e 's/ \+/ /g' -e 's/^ //' -e 's/ $//g' -e 's/ //g'`
magentaln "Local problem: No $singlespaces configured in $OPENSSL" magentaln "Local problem: No $singlespaces configured in $OPENSSL"
fi fi
# we need lf in those cases: # we need lf in those cases:
[ "$LOCERR" -eq 0 ] && echo [[ "$LOCERR" -eq 1 ]] && echo
[ "$VERBERR" -eq 0 ] && echo [[ "$VERBOSE" -eq 1 ]] && echo
} }
@ -1971,7 +1967,7 @@ case "$1" in
exit $ret ;; exit $ret ;;
esac esac
# $Id: testssl.sh,v 1.146 2014/11/20 09:46:54 dirkw Exp $ # $Id: testssl.sh,v 1.148 2014/11/25 12:11:34 dirkw Exp $
# vim:ts=5:sw=5 # vim:ts=5:sw=5