Rate RSA e=1 as CRITICAL

PR #1619 set the grade cap to 'F' is the server has a certificate with an RSA with e=1, however, it did not change the rating in the JSON/CSV output. This commit changes the cert_keySize rating to CRITICAL for an RSA key with e=1, regardless of the size of the modulus. It also uses pr_svrty_critical() to print the exponent in this case.
2025-10-31 13:55:25 +01:00 · 2020-05-08 08:23:14 -04:00
parent d16f8a20c5
commit cde2ecdc5d
1 changed files with 7 additions and 2 deletions
--- a/testssl.sh
+++ b/testssl.sh
@@ -8535,9 +8535,14 @@ certificate_info() {
                 cert_spki_info="$(strip_leading_space "$cert_spki_info")"
                 cert_spki_info="${cert_spki_info%%[[:space:]]*}"
                 if [[ -n "$cert_spki_info" ]]; then
-                      out " (exponent is $cert_spki_info)"
+                      if [[ $cert_spki_info -eq 1 ]]; then
+                           out " (exponent is "; pr_svrty_critical "$cert_spki_info"; out ")"
+                           json_rating="CRITICAL"
+                           set_grade_cap "F" "RSA certificate uses exponent of 1"
+                      else
+                           out " (exponent is $cert_spki_info)"
+                      fi
                      json_msg+=" (exponent is $cert_spki_info)"
-                      [[ $cert_spki_info -eq 1 ]] && set_grade_cap "F" "RSA certificate uses exponent of 1"
                 fi
                 ;;
          "EC")  cert_spki_info="${cert_txt##*Subject Public Key Info:}"