diff --git a/testssl.sh b/testssl.sh
index 9c3feba..59c72fe 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -174,10 +174,10 @@ DEBUG=${DEBUG:-0} # 1: normal putput the files in /tmp/ ar
# 6: whole 9 yards
FAST=${FAST:-false} # preference: show only first cipher, run_allciphers with openssl instead of sockets
WIDE=${WIDE:-false} # whether to display for some options just ciphers or a table w hexcode/KX,Enc,strength etc.
-LOGFILE=${LOGFILE:-""} # logfile if used
-JSONFILE=${JSONFILE:-""} # jsonfile if used
-CSVFILE=${CSVFILE:-""} # csvfile if used
-HTMLFILE=${HTMLFILE:-""} # HTML if used
+LOGFILE="${LOGFILE:-""}" # logfile if used
+JSONFILE="${JSONFILE:-""}" # jsonfile if used
+CSVFILE="${CSVFILE:-""}" # csvfile if used
+HTMLFILE="${HTMLFILE:-""}" # HTML if used
FIRST_FINDING=true # Is this the first finding we are outputting to file?
JSONHEADER=true # include JSON headers and footers in HTML file, if one is being created
CSVHEADER=true # same for CSV
@@ -437,7 +437,7 @@ prln_done_good() { pr_done_good "$1"; outln; }
tm_done_best() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && tm_out "\033[1;34m$1" || tm_out "\033[1;32m$1" ) || tm_out "$1"; tm_off; } # green (blue), This is the best
tmln_done_best() { tm_done_best "$1"; tmln_out; }
pr_done_best() { tm_done_best "$1"; [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && html_out "$(html_reserved "$1")" || html_out "$(html_reserved "$1")" ) || html_out "$(html_reserved "$1")"; }
-prln_done_best() { pr_done_best "$1"; outln; }
+prln_done_best() { pr_done_best "$1"; outln; }
tm_svrty_low() { [[ "$COLOR" -eq 2 ]] && tm_out "\033[1;33m$1" || tm_out "$1"; tm_off; } # yellow brown | academic or minor problem
tmln_svrty_low() { tm_svrty_low "$1"; tmln_out; }
@@ -793,9 +793,9 @@ json_header() {
fname_prefix="${NODE}"_p"${PORT}"
fi
if [[ -z "$JSONFILE" ]]; then
- JSONFILE=$fname_prefix-$(date +"%Y%m%d-%H%M".json)
+ JSONFILE="$fname_prefix-$(date +"%Y%m%d-%H%M".json)"
elif [[ -d "$JSONFILE" ]]; then
- JSONFILE=$JSONFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".json)
+ JSONFILE="$JSONFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".json)"
fi
if "$APPEND"; then
JSONHEADER=false
@@ -833,9 +833,9 @@ csv_header() {
fi
if [[ -z "$CSVFILE" ]]; then
- CSVFILE=$fname_prefix-$(date +"%Y%m%d-%H%M".csv)
+ CSVFILE="$fname_prefix-$(date +"%Y%m%d-%H%M".csv)"
elif [[ -d "$CSVFILE" ]]; then
- CSVFILE=$CSVFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".csv)
+ CSVFILE="$CSVFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".csv)"
fi
if "$APPEND"; then
CSVHEADER=false
@@ -876,9 +876,9 @@ html_header() {
fi
if [[ -z "$HTMLFILE" ]]; then
- HTMLFILE=$fname_prefix-$(date +"%Y%m%d-%H%M".html)
+ HTMLFILE="$fname_prefix-$(date +"%Y%m%d-%H%M".html)"
elif [[ -d "$HTMLFILE" ]]; then
- HTMLFILE=$HTMLFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".html)
+ HTMLFILE="$HTMLFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".html)"
fi
if "$APPEND"; then
HTMLHEADER=false
@@ -11017,10 +11017,10 @@ prepare_logging() {
[[ -z "$fname_prefix" ]] && fname_prefix="${NODE}"_p"${PORT}"
if [[ -z "$LOGFILE" ]]; then
- LOGFILE=$fname_prefix-$(date +"%Y%m%d-%H%M".log)
+ LOGFILE="$fname_prefix-$(date +"%Y%m%d-%H%M".log)"
elif [[ -d "$LOGFILE" ]]; then
# actually we were instructed to place all files in a DIR instead of the current working dir
- LOGFILE=$LOGFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".log)
+ LOGFILE="$LOGFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".log)"
else
: # just for clarity: a log file was specified, no need to do anything else
fi
@@ -11356,13 +11356,16 @@ check_proxy() {
fatal "Your $OPENSSL is too old to support the \"-proxy\" option" -5
fi
if [[ "$PROXY" == "auto" ]]; then
- # get $ENV
- PROXY=${https_proxy#*\/\/}
- [[ -z "$PROXY" ]] && PROXY=${http_proxy#*\/\/}
+ # get $ENV (https_proxy is the one we care about)
+ PROXY="${https_proxy#*\/\/}"
+ [[ -z "$PROXY" ]] && PROXY="${http_proxy#*\/\/}"
[[ -z "$PROXY" ]] && fatal "you specified \"--proxy=auto\" but \"\$http(s)_proxy\" is empty" 2
fi
- PROXYNODE=${PROXY%:*}
- PROXYPORT=${PROXY#*:}
+ # strip off http/https part if supplied:
+ PROXY="${PROXY/http\:\/\//}"
+ PROXY="${PROXY/https\:\/\//}"
+ PROXYNODE="${PROXY%:*}"
+ PROXYPORT="${PROXY#*:}"
is_number "$PROXYPORT" || fatal "Proxy port cannot be determined from \"$PROXY\"" 2
#if is_ipv4addr "$PROXYNODE" || is_ipv6addr "$PROXYNODE" ; then
@@ -11371,7 +11374,7 @@ check_proxy() {
if is_ipv4addr "$PROXYNODE"; then
PROXYIP="$PROXYNODE"
else
- PROXYIP=$(get_a_record "$PROXYNODE" 2>/dev/null | grep -v alias | sed 's/^.*address //')
+ PROXYIP="$(get_a_record "$PROXYNODE" 2>/dev/null | grep -v alias | sed 's/^.*address //')"
[[ -z "$PROXYIP" ]] && fatal "Proxy IP cannot be determined from \"$PROXYNODE\"" "2"
fi
PROXY="-proxy $PROXYIP:$PROXYPORT"
@@ -11547,7 +11550,6 @@ display_rdns_etc() {
local ip further_ip_addrs=""
local nodeip="$(tr -d '[]' <<< $NODEIP)" # for displaying IPv6 addresses we don't need []
-
if [[ -n "$PROXY" ]]; then
out " Via Proxy: $CORRECT_SPACES"
outln "$PROXYIP:$PROXYPORT "
@@ -11649,7 +11651,7 @@ run_mass_testing() {
pr_reverse "====== Running in file batch mode with file=\"$FNAME\" ======"; outln "\n"
while read cmdline; do
- cmdline=$(filter_input "$cmdline")
+ cmdline="$(filter_input "$cmdline")"
[[ -z "$cmdline" ]] && continue
[[ "$cmdline" == "EOF" ]] && break
cmdline="$0 $global_cmdline --warnings=batch $cmdline"
@@ -11674,7 +11676,7 @@ modify_global_cmd_line() {
while [[ $# -gt 0 ]]; do
case "$1" in
--jsonfile|--jsonfile=*)
- filename=$(parse_opt_equal_sign "$1" "$2")
+ filename="$(parse_opt_equal_sign "$1" "$2")"
ret=$?
# If is a file, then have provide a different
# file name to each child process. If is a
@@ -11686,7 +11688,7 @@ modify_global_cmd_line() {
[[ $ret -eq 0 ]] && global_cmdline+="$2 "
fi
[[ $ret -eq 0 ]] && shift
- ;;
+ ;;
--jsonfile-pretty|--jsonfile-pretty=*)
filename=$(parse_opt_equal_sign "$1" "$2")
ret=$?
@@ -11698,9 +11700,9 @@ modify_global_cmd_line() {
[[ $ret -eq 0 ]] && global_cmdline+="$2 "
fi
[[ $ret -eq 0 ]] && shift
- ;;
+ ;;
--csvfile|--csvfile=*)
- filename=$(parse_opt_equal_sign "$1" "$2")
+ filename="$(parse_opt_equal_sign "$1" "$2")"
ret=$?
# Same as for --jsonfile
if "$CSVHEADER"; then
@@ -11712,7 +11714,7 @@ modify_global_cmd_line() {
[[ $ret -eq 0 ]] && shift
;;
--htmlfile|--htmlfile=*)
- filename=$(parse_opt_equal_sign "$1" "$2")
+ filename="$(parse_opt_equal_sign "$1" "$2")"
ret=$?
# Same as for --jsonfile
if "$HTMLHEADER"; then
@@ -11757,10 +11759,10 @@ run_mass_testing_parallel() {
fi
global_cmdline="$(modify_global_cmd_line $global_cmdline)"
[[ "$global_cmdline" =~ jsonfile_XXXXXXXX ]] && one_jsonfile=true
-
+
pr_reverse "====== Running in parallel file batch mode with file=\"$FNAME\" ======"; outln "\n"
while read cmdline; do
- cmdline=$(filter_input "$cmdline")
+ cmdline="$(filter_input "$cmdline")"
[[ -z "$cmdline" ]] && continue
[[ "$cmdline" == "EOF" ]] && break
cmdline="$0 $global_cmdline --warnings=batch $cmdline"
@@ -11953,7 +11955,7 @@ parse_cmd_line() {
PORT=587
;;
--ip|--ip=*)
- CMDLINE_IP=$(parse_opt_equal_sign "$1" "$2")
+ CMDLINE_IP="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift
;;
-n|--nodns)
@@ -11976,7 +11978,7 @@ parse_cmd_line() {
;;
-t|-t=*|--starttls|--starttls=*)
do_starttls=true
- STARTTLS_PROTOCOL=$(parse_opt_equal_sign "$1" "$2")
+ STARTTLS_PROTOCOL="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift
case $STARTTLS_PROTOCOL in
ftp|smtp|pop3|imap|xmpp|telnet|ldap|nntp|postgres) ;;
@@ -12129,7 +12131,7 @@ parse_cmd_line() {
;;
--file|--file=*)
# no shift here as otherwise URI is empty and it bails out
- FNAME=$(parse_opt_equal_sign "$1" "$2")
+ FNAME="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift
IKNOW_FNAME=true
WARNINGS=batch # set this implicitly!
@@ -12163,7 +12165,7 @@ parse_cmd_line() {
esac
;;
--color|--color=*)
- COLOR=$(parse_opt_equal_sign "$1" "$2")
+ COLOR="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift
case $COLOR in
[0-2]) ;;
@@ -12180,7 +12182,7 @@ parse_cmd_line() {
;; # DEFINITION of LOGFILE if no arg specified: automagically in parse_hn_port()
# following does the same but we can specify a log location additionally
--logfile|--logfile=*)
- LOGFILE=$(parse_opt_equal_sign "$1" "$2")
+ LOGFILE="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift
do_logging=true
;;
@@ -12189,7 +12191,7 @@ parse_cmd_line() {
;; # DEFINITION of JSONFILE is not arg specified: automagically in parse_hn_port()
# following does the same but we can specify a log location additionally
--jsonfile|--jsonfile=*)
- JSONFILE=$(parse_opt_equal_sign "$1" "$2")
+ JSONFILE="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift
do_json=true
;;
@@ -12197,7 +12199,7 @@ parse_cmd_line() {
do_pretty_json=true
;;
--jsonfile-pretty|--jsonfile-pretty=*)
- JSONFILE=$(parse_opt_equal_sign "$1" "$2")
+ JSONFILE="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift
do_pretty_json=true
;;
@@ -12213,7 +12215,7 @@ parse_cmd_line() {
;; # DEFINITION of CSVFILE is not arg specified: automagically in parse_hn_port()
# following does the same but we can specify a log location additionally
--csvfile|--csvfile=*)
- CSVFILE=$(parse_opt_equal_sign "$1" "$2")
+ CSVFILE="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift
do_csv=true
;;
@@ -12222,7 +12224,7 @@ parse_cmd_line() {
;; # DEFINITION of HTMLFILE is not arg specified: automagically in parse_hn_port()
# following does the same but we can specify a file location additionally
--htmlfile|--htmlfile=*)
- HTMLFILE=$(parse_opt_equal_sign "$1" "$2")
+ HTMLFILE="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift
do_html=true
;;
@@ -12230,16 +12232,16 @@ parse_cmd_line() {
APPEND=true
;;
--openssl|--openssl=*)
- OPENSSL=$(parse_opt_equal_sign "$1" "$2")
+ OPENSSL="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift
;;
--openssl-timeout|--openssl-timeout=*)
- OPENSSL_TIMEOUT=$(parse_opt_equal_sign "$1" "$2")
+ OPENSSL_TIMEOUT="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift
;;
--mapping|--mapping=*)
local cipher_mapping
- cipher_mapping=$(parse_opt_equal_sign "$1" "$2")
+ cipher_mapping="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift
case "$cipher_mapping" in
no-openssl) DISPLAY_CIPHERNAMES="rfc-only" ;;
@@ -12251,7 +12253,7 @@ parse_cmd_line() {
esac
;;
--proxy|--proxy=*)
- PROXY=$(parse_opt_equal_sign "$1" "$2")
+ PROXY="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift
;;
-6) # doesn't work automagically. My versions have -DOPENSSL_USE_IPV6, CentOS/RHEL/FC do not