Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-11-03 23:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

- FIX #636

Browse Source 
- polish
This commit is contained in:
Dirk
2017-02-16 19:10:59 +01:00
parent a973386c0a
commit d2cbbaf0b1
1 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
testssl.sh
View File

@@ -6385,7 +6385,7 @@ certificate_info() {
out "$indent"; pr_bold " # of certificates provided"; outln " $certificates_provided" out "$indent"; pr_bold " # of certificates provided"; outln " $certificates_provided"
fileout "${json_prefix}certcount" "INFO" "# of certificates provided : $certificates_provided" fileout "${json_prefix}certcount" "INFO" "# of certificates provided : $certificates_provided"
# Get both CRL and OCSP URL upfront. If there's none, this is not good. And we need to penalize this in the output # Get both CRL and OCSP URI upfront. If there's none, this is not good. And we need to penalize this in the output
crl="$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | \ crl="$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | \
awk '/X509v3 CRL Distribution/{i=50} i&&i--' | awk '/^$/,/^ [a-zA-Z0-9]+|^ Signature Algorithm:/' | awk -F'URI:' '/URI/ { print $2 }')" awk '/X509v3 CRL Distribution/{i=50} i&&i--' | awk '/^$/,/^ [a-zA-Z0-9]+|^ Signature Algorithm:/' | awk -F'URI:' '/URI/ { print $2 }')"
ocsp_uri=$($OPENSSL x509 -in $HOSTCERT -noout -ocsp_uri 2>>$ERRFILE) ocsp_uri=$($OPENSSL x509 -in $HOSTCERT -noout -ocsp_uri 2>>$ERRFILE)
@@ -6396,10 +6396,11 @@ certificate_info() {
outln "--" outln "--"
fileout "${json_prefix}crl" "INFO" "No CRL provided" fileout "${json_prefix}crl" "INFO" "No CRL provided"
else else
pr_svrty_highln "-- (NOT ok)" pr_svrty_high "NOT ok --"
fileout "${json_prefix}crl" "HIGH" "Neither CRL nor OCSP URL provided" outln " neither CRL nor OCSP URI provided"
fileout "${json_prefix}crl" "HIGH" "Neither CRL nor OCSP URI provided"
fi fi
elif grep -q http <<< "$crl"; then else
if [[ $(count_lines "$crl") -eq 1 ]]; then if [[ $(count_lines "$crl") -eq 1 ]]; then
outln "$crl" outln "$crl"
fileout "${json_prefix}crl" "INFO" "Certificate Revocation List : $crl" fileout "${json_prefix}crl" "INFO" "Certificate Revocation List : $crl"
@@ -6407,9 +6408,6 @@ certificate_info() {
out_row_aligned "$crl" "$spaces" out_row_aligned "$crl" "$spaces"
fileout "${json_prefix}crl" "INFO" "Certificate Revocation List : $crl" fileout "${json_prefix}crl" "INFO" "Certificate Revocation List : $crl"
fi fi
else
pr_warningln "no parsable output \"$crl\", pls report"
fileout "${json_prefix}crl" "WARN" "Certificate Revocation List : no parsable output \"$crl\", pls report"
fi fi
out "$indent"; pr_bold " OCSP URI " out "$indent"; pr_bold " OCSP URI "
@@ -11443,12 +11441,16 @@ parse_hn_port() {
NODE=$(echo "$NODE" | sed -e 's/\/.*$//') NODE=$(echo "$NODE" | sed -e 's/\/.*$//')
# if there's a trailing ':' probably a starttls/application protocol was specified # if there's a trailing ':' probably a starttls/application protocol was specified
if grep -q ':$' <<< $NODE ; then if grep -q ':$' <<< $NODE; then
fatal "\"$1\" is not a valid URI" 1 if grep -wq http <<< $NODE; then
fatal "\"http\" is not what you meant probably" 1
else
fatal "\"$1\" is not a valid URI" 1
fi
fi fi
# was the address supplied like [AA:BB:CC::]:port ? # was the address supplied like [AA:BB:CC::]:port ?
if echo "$NODE" | grep -q ']' ; then if grep -q ']' <<< "$NODE"; then
tmp_port=$(printf "$NODE" | sed 's/\[.*\]//' | sed 's/://') tmp_port=$(printf "$NODE" | sed 's/\[.*\]//' | sed 's/://')
# determine v6 port, supposed it was supplied additionally # determine v6 port, supposed it was supplied additionally
if [[ -n "$tmp_port" ]]; then if [[ -n "$tmp_port" ]]; then