Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-01 06:19:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Enable more tests, change to newer JSON scheme

Browse Source
This commit is contained in:
Dirk 2019-07-09 22:49:12 +02:00
parent eef63b1726
commit c335ded6d3
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
utils/00_unittest_baseline.sh
View File

@ -53,10 +53,10 @@ pid=$!
rm $FILE 2>/dev/null rm $FILE 2>/dev/null
echo "Running testssl.sh SSLv2 protocol check against localhost for SSLv2: " echo "Running testssl.sh SSLv2 protocol check against localhost for SSLv2: "
./testssl.sh -p -q --warnings=off --jsonfile=$FILE localhost:4433 ./testssl.sh -p -q --warnings=off --jsonfile=$FILE localhost:4433
check_result sslv2 CRITICAL "SSLv2 offered" check_result SSLv2 CRITICAL "vulnerable with 9 ciphers"
[[ $? -eq 0 ]] && echo "SSLv2: PASSED" || echo "FAILED" [[ $? -eq 0 ]] && echo "SSLv2: PASSED" || echo "FAILED"
echo echo
kill $pid kill -9 $pid
wait $pid 2>/dev/null wait $pid 2>/dev/null
### 2) test NPN + ALPN ### 2) test NPN + ALPN
@ -65,33 +65,32 @@ pid=$!
rm $FILE rm $FILE
echo "Running testssl.sh HTTP/2 protocol checks against localhost: " echo "Running testssl.sh HTTP/2 protocol checks against localhost: "
./testssl.sh -q --jsonfile=$FILE --protocols localhost:4433 ./testssl.sh -q --jsonfile=$FILE --protocols localhost:4433
if check_result spdy_npn "spdy/3, http/1.1"; then if check_result NPN "spdy/3, http/1.1"; then
echo "SPDY/NPN: PASSED" echo "SPDY/NPN: PASSED"
else else
echo "SPDY/NPN: FAILED" echo "SPDY/NPN: FAILED"
fi fi
if check_result https_alpn "h2"; then if check_result ALPN "h2"; then
echo "HTTP2/ALPN: PASSED" echo "HTTP2/ALPN: PASSED"
else else
echo "HTTP2/ALPN: FAILED" echo "HTTP2/ALPN: FAILED"
fi fi
kill $pid kill -9 $pid
wait $pid 2>/dev/null wait $pid 2>/dev/null
rm $FILE rm $FILE
exit 0
### 3) test almost all other stuff ### 3) test almost all other stuff
$OPENSSL s_server -cipher 'ALL:COMPLEMENTOFALL' -www -key /tmp/server.pem -cert /tmp/server.crt &>/dev/null & $OPENSSL s_server -cipher 'ALL:COMPLEMENTOFALL' -www -key /tmp/server.pem -cert /tmp/server.crt &>/dev/null &
pid=$! pid=$!
rm $FILE rm $FILE
echo "Running basline check with testssl.sh against localhost" echo "Running baseline check with testssl.sh against localhost"
./testssl.sh -q --jsonfile=$FILE --protocols --standard --pfs --vulnerable --each-cipher --client-simulation localhost:4433 ./testssl.sh -q --jsonfile=$FILE localhost:4433
#check_result sslv2 CRITICAL "is offered" #check_result sslv2 CRITICAL "is offered"
kill -9 $pid kill -9 $pid
wait $pid 2>/dev/null wait $pid 2>/dev/null
rm $FILE
### test server defaults ### test server defaults