From b6143e1fb96d757a5a7a93d4d87fa58052692d65 Mon Sep 17 00:00:00 2001 From: Dirk Date: Mon, 31 Jul 2023 12:40:56 +0200 Subject: [PATCH 1/7] Change references from 3.1dev to 3.2 --- CHANGELOG.md | 2 +- Dockerfile.md | 2 +- Readme.md | 13 +++++++------ 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d21d7c7..0a5d3ab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ ## Change Log -### Features implemented / improvements in 3.1dev +### Features implemented / improvements in 3.2 * Extend Server (cipher) preference: always now in wide mode instead of running all ciphers in the end (per default) * Improved compatibility with OpenSSL 3.0 diff --git a/Dockerfile.md b/Dockerfile.md index 4c8b075..27ab6b0 100644 --- a/Dockerfile.md +++ b/Dockerfile.md @@ -36,7 +36,7 @@ You can pull the image from dockerhub and run: docker run --rm -t drwetter/testssl.sh --fs example.com ``` -Supported tags are: ``3.1dev`` and ``latest`, which are the same, i.e. the rolling release. ``3.0`` is the latest stable version from git which might have a few improvements (see git log) over the released version 3.0.X. +Supported tags are: ``3.2`` and ``latest`, which are the same, i.e. the rolling release. ``3.0`` is the latest stable version from git which might have a few improvements (see git log) over the released version 3.0.X. ``docker run --rm -t drwetter/testssl.sh:stable example.com``. diff --git a/Readme.md b/Readme.md index 87b8be8..6723cac 100644 --- a/Readme.md +++ b/Readme.md @@ -5,7 +5,7 @@ [![Build Status](https://github.com/drwetter/testssl.sh/actions/workflows/test.yml/badge.svg)](https://github.com/drwetter/testssl.sh/actions/workflows/test.yml) [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/drwetter/testssl.sh?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![License](https://img.shields.io/github/license/drwetter/testssl.sh)](https://github.com/drwetter/testssl.sh/LICENSE) -[![Docker](https://img.shields.io/docker/pulls/drwetter/testssl.sh)](https://github.com/drwetter/testssl.sh/blob/3.1dev/Dockerfile.md) +[![Docker](https://img.shields.io/docker/pulls/drwetter/testssl.sh)](https://github.com/drwetter/testssl.sh/blob/3.2/Dockerfile.md) `testssl.sh` is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some @@ -49,11 +49,12 @@ Update notification here or @ [mastodon](https://infosec.exchange/@testssl) (old ### Installation -You can download testssl.sh branch 3.1dev just by cloning this git repository: +You can download testssl.sh branch 3.2 just by cloning this git repository: git clone --depth 1 https://github.com/drwetter/testssl.sh.git -Think of 3.1dev like a rolling release, see below. For the stable version help yourself by downloading the [ZIP](https://codeload.github.com/drwetter/testssl.sh/zip/3.0.4) or [tar.gz](https://codeload.github.com/drwetter/testssl.sh/tar.gz/3.0.4) archive. Just ``cd`` to the directory created (=INSTALLDIR) and run it off there. +3.2 is now the latest branch which evolved from 3.1dev. It's in the release candidate phase. +For the former stable version help yourself by downloading the [ZIP](https://codeload.github.com/drwetter/testssl.sh/zip/v3.0.8) or [tar.gz](https://codeload.github.com/drwetter/testssl.sh/tar.gz/v3.0.8) archive. Just ``cd`` to the directory created (=INSTALLDIR) and run it off there. #### Docker @@ -68,12 +69,12 @@ Or if you have cloned this repo you also can just ``cd`` to the INSTALLDIR and r docker build . -t imagefoo && docker run --rm -t imagefoo example.com ``` -For more please consult [Dockerfile.md](https://github.com/drwetter/testssl.sh/blob/3.1dev/Dockerfile.md). +For more please consult [Dockerfile.md](https://github.com/drwetter/testssl.sh/blob/3.2/Dockerfile.md). ### Status -We're currently in the development phase, version 3.1dev. 3.1dev will eventually become 3.2. Bigger features are developed in a separate branch before merged into 3.1dev to avoid hiccups or inconsistencies. Albeit we try to keep 3.1dev as solid as possible things will certainly change in 3.1dev. Think of the 3.1dev branch like a rolling release. So if you need stability the 3.0 branch is better for you. +We're currently in the release candidate phase for version 3.2. Bigger features will be developed in a separate branch before merged into a 3.3dev to avoid hiccups or inconsistencies. Version 3.0.X receives bugfixes, labeled as 3.0.1, 3.0.2 and so on. This will happen until 3.2 is released. @@ -87,7 +88,7 @@ Support for 2.9.5 has been dropped. Supported is >= 3.0.x only. ### Contributing -Contributions are welcome! See [CONTRIBUTING.md](https://github.com/drwetter/testssl.sh/blob/3.1dev/CONTRIBUTING.md) for details. Please also have a look at the [Coding Convention](https://github.com/drwetter/testssl.sh/blob/3.1dev/Coding_Convention.md). +Contributions are welcome! See [CONTRIBUTING.md](https://github.com/drwetter/testssl.sh/blob/3.2/CONTRIBUTING.md) for details. Please also have a look at the [Coding Convention](https://github.com/drwetter/testssl.sh/blob/3.2/Coding_Convention.md). ### Bug reports From 5246194beead9569eed3b6c38deca88edc4e4ed8 Mon Sep 17 00:00:00 2001 From: Dirk Date: Mon, 31 Jul 2023 12:46:04 +0200 Subject: [PATCH 2/7] further files which contained 3.1dev --- .github/ISSUE_TEMPLATE/feature_request.md | 2 +- .../ISSUE_TEMPLATE/other-issues---question.md | 2 +- .github/workflows/docker-3.2.yml | 63 +++++++++++++++++++ 3 files changed, 65 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/docker-3.2.yml diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index 1add4ed..a7d15e3 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -11,7 +11,7 @@ Feel free to remove this line but please stick to the template. Not filling out --> **Which version are you referring to** -3.0.x or 3.1dev? We might close this right away otherwise. +3.0.x or 3.2? **Please check this repo whether this is a known feature request** diff --git a/.github/ISSUE_TEMPLATE/other-issues---question.md b/.github/ISSUE_TEMPLATE/other-issues---question.md index 4832b95..490a660 100644 --- a/.github/ISSUE_TEMPLATE/other-issues---question.md +++ b/.github/ISSUE_TEMPLATE/other-issues---question.md @@ -8,4 +8,4 @@ assignees: '' --- **Which version are you referring to** -3.0.x or 3.1dev? (please check also how old your version is compare to the ones here) +3.0.x or 3.2? (please check also how old your version is compare to the ones here) diff --git a/.github/workflows/docker-3.2.yml b/.github/workflows/docker-3.2.yml new file mode 100644 index 0000000..2649ccd --- /dev/null +++ b/.github/workflows/docker-3.2.yml @@ -0,0 +1,63 @@ +name: docker-3.1dev + +on: + push: + branches: + - 3.1dev + workflow_dispatch: + schedule: + - cron: "0 8 * * 1" + +env: + BUILD_VERSION: "3.1dev" + DOCKER_CLI_EXPERIMENTAL: enabled + +jobs: + + deploy: + runs-on: ubuntu-20.04 + + steps: + - name: Source checkout + uses: actions/checkout@v3 + + - name: Setup QEMU + id: qemu + uses: docker/setup-qemu-action@v2.2.0 + + - name: Setup Buildx + id: buildx + uses: docker/setup-buildx-action@v2 + + - name: Set Docker metadata + id: docker_meta + uses: docker/metadata-action@v4 + with: + images: ${{ github.repository }} + labels: | + org.opencontainers.image.version=${{ env.BUILD_VERSION }} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.title=${{ github.repository }} + + - name: GitHub login + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@v2.2.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push + uses: docker/build-push-action@v4.1.1 + with: + push: ${{ github.event_name != 'pull_request' }} + context: . + file: Dockerfile.git + platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7,linux/arm/v6,linux/ppc64le + build-args: BUILD_VERSION + cache-from: type=gha, scope=${{ github.workflow }} + cache-to: type=gha, scope=${{ github.workflow }} + labels: ${{ steps.docker_meta.outputs.labels }} + tags: | + ghcr.io/${{ github.repository }}:${{ env.BUILD_VERSION }} + ghcr.io/${{ github.repository }}:latest From 6669af2fc5fe502260be6fe49ddce57a65311772 Mon Sep 17 00:00:00 2001 From: Dirk Date: Mon, 31 Jul 2023 12:46:50 +0200 Subject: [PATCH 3/7] remove this one (3.2 see previous commit) --- .github/workflows/docker-3.1dev.yml | 63 ----------------------------- 1 file changed, 63 deletions(-) delete mode 100644 .github/workflows/docker-3.1dev.yml diff --git a/.github/workflows/docker-3.1dev.yml b/.github/workflows/docker-3.1dev.yml deleted file mode 100644 index 2649ccd..0000000 --- a/.github/workflows/docker-3.1dev.yml +++ /dev/null @@ -1,63 +0,0 @@ -name: docker-3.1dev - -on: - push: - branches: - - 3.1dev - workflow_dispatch: - schedule: - - cron: "0 8 * * 1" - -env: - BUILD_VERSION: "3.1dev" - DOCKER_CLI_EXPERIMENTAL: enabled - -jobs: - - deploy: - runs-on: ubuntu-20.04 - - steps: - - name: Source checkout - uses: actions/checkout@v3 - - - name: Setup QEMU - id: qemu - uses: docker/setup-qemu-action@v2.2.0 - - - name: Setup Buildx - id: buildx - uses: docker/setup-buildx-action@v2 - - - name: Set Docker metadata - id: docker_meta - uses: docker/metadata-action@v4 - with: - images: ${{ github.repository }} - labels: | - org.opencontainers.image.version=${{ env.BUILD_VERSION }} - org.opencontainers.image.revision=${{ github.sha }} - org.opencontainers.image.title=${{ github.repository }} - - - name: GitHub login - if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@v2.2.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and push - uses: docker/build-push-action@v4.1.1 - with: - push: ${{ github.event_name != 'pull_request' }} - context: . - file: Dockerfile.git - platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7,linux/arm/v6,linux/ppc64le - build-args: BUILD_VERSION - cache-from: type=gha, scope=${{ github.workflow }} - cache-to: type=gha, scope=${{ github.workflow }} - labels: ${{ steps.docker_meta.outputs.labels }} - tags: | - ghcr.io/${{ github.repository }}:${{ env.BUILD_VERSION }} - ghcr.io/${{ github.repository }}:latest From 9e76b1e9ceedbd462a776c3b387d548916298fb2 Mon Sep 17 00:00:00 2001 From: Dirk Date: Mon, 31 Jul 2023 12:51:29 +0200 Subject: [PATCH 4/7] Change content here too --- .github/workflows/docker-3.2.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker-3.2.yml b/.github/workflows/docker-3.2.yml index 2649ccd..6dd7f5c 100644 --- a/.github/workflows/docker-3.2.yml +++ b/.github/workflows/docker-3.2.yml @@ -1,21 +1,21 @@ -name: docker-3.1dev +name: docker-3.2 on: push: branches: - - 3.1dev + - 3.2 workflow_dispatch: schedule: - cron: "0 8 * * 1" env: - BUILD_VERSION: "3.1dev" + BUILD_VERSION: "3.2" DOCKER_CLI_EXPERIMENTAL: enabled jobs: deploy: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: Source checkout From fc14a020354342eeeca58bb17c477f416ded0e8b Mon Sep 17 00:00:00 2001 From: Dirk Date: Mon, 31 Jul 2023 13:44:35 +0200 Subject: [PATCH 5/7] Changed heise.de to example.com as sometimes we're blocked --- t/32_isHTML_valid.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/t/32_isHTML_valid.t b/t/32_isHTML_valid.t index 0524372..9e0c9b2 100755 --- a/t/32_isHTML_valid.t +++ b/t/32_isHTML_valid.t @@ -10,7 +10,7 @@ use Text::Diff; my $tests = 0; my $prg="./testssl.sh"; -my $uri="heise.de"; +my $uri="example.com"; my $out=""; my $html=""; my $debughtml=""; From 15b7f7b403ac2362554ae3a173330caf83a7e303 Mon Sep 17 00:00:00 2001 From: Dirk Date: Mon, 31 Jul 2023 14:03:57 +0200 Subject: [PATCH 6/7] Stop using deprecated OS --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f3f1ee4..10e6b9a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,7 +32,7 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - os: ['ubuntu-20.04'] + os: ['ubuntu-22.04'] perl: ['5.26'] name: Perl ${{ matrix.perl }} on ${{ matrix.os }} steps: From 2067ac81231f42b3d38b7504cfc02151be31dd04 Mon Sep 17 00:00:00 2001 From: Dirk Date: Mon, 31 Jul 2023 16:34:56 +0200 Subject: [PATCH 7/7] Fall back to heise.de .. to scan. It worked in a few examples locally. Other hosts I tried so far weren't available anymore (like scanme.nmap.org). In order to reduce the burden we scan now only during PRs. --- .github/workflows/test.yml | 11 ----------- t/32_isHTML_valid.t | 4 ++-- 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 10e6b9a..62a1762 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,17 +1,6 @@ name: testssl.sh CI on: - push: - paths-ignore: - - 'utils/**' - - 'doc/**' - - 'bin/**' - - '**.md' - - '**.pem' - - '**.pdf' - - '**.html' - - 'LICENSE' - - 'Dockerfile' pull_request: paths-ignore: - 'utils/**' diff --git a/t/32_isHTML_valid.t b/t/32_isHTML_valid.t index 9e0c9b2..c006329 100755 --- a/t/32_isHTML_valid.t +++ b/t/32_isHTML_valid.t @@ -10,13 +10,13 @@ use Text::Diff; my $tests = 0; my $prg="./testssl.sh"; -my $uri="example.com"; +my $uri="heise.de"; my $out=""; my $html=""; my $debughtml=""; my $edited_html=""; my $htmlfile="tmp.html"; -my $check2run="--ip=one --ids-friendly --color 0 --htmlfile $htmlfile"; +my $check2run="--ip=one --sneaky --ids-friendly --color 0 --htmlfile $htmlfile"; my $diff=""; die "Unable to open $prg" unless -f $prg;