From 0b8409e13a09f356cffc27123a57a9db7a475c35 Mon Sep 17 00:00:00 2001
From: David Cooper <dcooper16@gmail.com>
Date: Thu, 26 Apr 2018 10:09:13 -0400
Subject: [PATCH] non-HTTP cRLDistributionPoints

At the moment the code for downloading a CRL seems to only work if URL is an HTTP or HTTP URL. It fails if the URL is an LDAP URL. The wget command does not support LDAP and when curl retrieves data from an LDAP URL it stores the result in LDIF format, which http_get() cannot currently convert into a PEM-encoded CRL.

This PR addresses the issue by skipping the revocation check for any URL that does not begin with "http".
---
 testssl.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/testssl.sh b/testssl.sh
index cedfbfb..0c44932 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -1431,6 +1431,8 @@ check_revocation_crl() {
      local tmpfile=""
 
      "$PHONE_OUT" || return 0
+     # The code for obtaining CRLs only supports HTTP and HTTPS URLs.
+     [[ "$(tolower "${crl:0:4}")" == "http" ]] || return 0
      tmpfile=$TEMPDIR/${NODE}-${NODEIP}.${crl##*\/} || exit $ERR_FCREATE
 
      http_get "$crl" "$tmpfile"