Merge branch 'drwetter/2.9dev' into 2.9dev

This commit is contained in:
AlGreed 2017-03-28 11:43:34 +02:00
commit ddf53e9ae5

View File

@ -79,16 +79,20 @@
# debugging help: # debugging help:
readonly PS4='|${LINENO}> \011${FUNCNAME[0]:+${FUNCNAME[0]}(): }' readonly PS4='|${LINENO}> \011${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
# see stackoverflow.com/questions/5014823/how-to-profile-a-bash-shell-script-slow-startup#20855353
# how to paste both in order to do performance analysis
DEBUGTIME=${DEBUGTIME:-false} DEBUGTIME=${DEBUGTIME:-false}
DEBUG_ALLINONE=${DEBUG_ALLINONE:-false} # true: do debugging in one sceen
if grep -q xtrace <<< "$SHELLOPTS"; then if grep -q xtrace <<< "$SHELLOPTS"; then
if "$DEBUGTIME" ; then if "$DEBUGTIME" ; then
# separate debugging, doesn't mess up the screen, $DEBUGTIME determines whether we also do performance analysis # separate debugging, doesn't mess up the screen, $DEBUGTIME determines whether we also do performance analysis
exec 42>&2 2> >(tee /tmp/testssl-$$.log | sed -u 's/^.*$/now/' | date -f - +%s.%N >/tmp/testssl-$$.time) exec 42>&2 2> >(tee /tmp/testssl-$$.log | sed -u 's/^.*$/now/' | date -f - +%s.%N >/tmp/testssl-$$.time)
# for pasting both togher see https://stackoverflow.com/questions/5014823/how-to-profile-a-bash-shell-script-slow-startup#20855353
else
exec 42>| /tmp/testssl-$$.log
BASH_XTRACEFD=42 BASH_XTRACEFD=42
else
if ! "$DEBUG_ALLINONE"; then
exec 42>| /tmp/testssl-$$.log
BASH_XTRACEFD=42
fi
fi fi
fi fi
@ -173,12 +177,15 @@ LOGFILE=${LOGFILE:-""} # logfile if used
JSONFILE=${JSONFILE:-""} # jsonfile if used JSONFILE=${JSONFILE:-""} # jsonfile if used
CSVFILE=${CSVFILE:-""} # csvfile if used CSVFILE=${CSVFILE:-""} # csvfile if used
HTMLFILE=${HTMLFILE:-""} # HTML if used HTMLFILE=${HTMLFILE:-""} # HTML if used
HTMLHEADER=true # include HTML headers and footers in HTML file, if one is being created FIRST_FINDING=true # Is this the first finding we are outputting to file?
JSONHEADER=true # include JSON headers and footers in HTML file, if one is being created
CSVHEADER=true # same for CSV
HTMLHEADER=true # same for HTML
APPEND=${APPEND:-false} # append to csv/json file instead of overwriting it APPEND=${APPEND:-false} # append to csv/json file instead of overwriting it
GIVE_HINTS=false # give an addtional info to findings GIVE_HINTS=false # give an addtional info to findings
HAS_IPv6=${HAS_IPv6:-false} # if you have OpenSSL with IPv6 support AND IPv6 networking set it to yes HAS_IPv6=${HAS_IPv6:-false} # if you have OpenSSL with IPv6 support AND IPv6 networking set it to yes
UNBRACKTD_IPV6=${UNBRACKTD_IPV6:-false} # some versions of OpenSSL (like Gentoo) don't support [bracketed] IPv6 addresses UNBRACKTD_IPV6=${UNBRACKTD_IPV6:-false} # some versions of OpenSSL (like Gentoo) don't support [bracketed] IPv6 addresses
SERVER_SIZE_LIMIT_BUG=false # Some servers have either a ClientHello total size limit or cipher limit of ~128 ciphers (e.g. old ASAs) SERVER_SIZE_LIMIT_BUG=false # Some servers have either a ClientHello total size limit or a 128 cipher limit (e.g. old ASAs)
# tuning vars, can not be set by a cmd line switch # tuning vars, can not be set by a cmd line switch
EXPERIMENTAL=${EXPERIMENTAL:-false} EXPERIMENTAL=${EXPERIMENTAL:-false}
@ -277,7 +284,6 @@ HTTP_TIME=""
GET_REQ11="" GET_REQ11=""
readonly UA_STD="TLS tester from $SWURL" readonly UA_STD="TLS tester from $SWURL"
readonly UA_SNEAKY="Mozilla/5.0 (X11; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0" readonly UA_SNEAKY="Mozilla/5.0 (X11; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0"
FIRST_FINDING=true # Is this the first finding we are outputting to file?
START_TIME=0 # time in epoch when the action started START_TIME=0 # time in epoch when the action started
END_TIME=0 # .. ended END_TIME=0 # .. ended
SCAN_TIME=0 # diff of both: total scan time SCAN_TIME=0 # diff of both: total scan time
@ -806,30 +812,12 @@ strip_quote() {
} }
#################### JSON FILE FORMATING #################### #################### JSON FILE FORMATING ####################
fileout_pretty_json_header() {
target="$NODE"
$do_mx_all_ips && target="$URI"
echo -e " \"Invocation\" : \"$PROG_NAME $CMDLINE\",
\"at\" : \"$HNAME:$OPENSSL_LOCATION\",
\"version\" : \"$VERSION ${GIT_REL_SHORT:-$CVS_REL_SHORT} from $REL_DATE\",
\"openssl\" : \"$OSSL_VER from $OSSL_BUILD_DATE\",
\"target host\" : \"$target\",
\"port\" : \"$PORT\",
\"startTime\" : \"$START_TIME\",
\"scanResult\" : ["
}
fileout_pretty_json_footer() { fileout_pretty_json_footer() {
echo -e " ], echo -e " ],
\"scanTime\" : \"$SCAN_TIME\"\n}" \"scanTime\" : \"$SCAN_TIME\"\n}"
} }
fileout_json_header() {
"$do_json" && printf "[\n" > "$JSONFILE"
"$do_pretty_json" && (printf "{\n%s\n" "$(fileout_pretty_json_header)") > "$JSONFILE"
}
fileout_json_footer() { fileout_json_footer() {
"$do_json" && printf "]\n" >> "$JSONFILE" "$do_json" && printf "]\n" >> "$JSONFILE"
"$do_pretty_json" && (printf "$(fileout_pretty_json_footer)") >> "$JSONFILE" "$do_pretty_json" && (printf "$(fileout_pretty_json_footer)") >> "$JSONFILE"
@ -850,15 +838,15 @@ fileout_json_section() {
esac esac
} }
fileout_section_header(){ fileout_section_header() {
local str="" local str=""
$2 && str="$(fileout_section_footer false)" "$2" && str="$(fileout_section_footer false)"
"$do_pretty_json" && FIRST_FINDING=true && (printf "%s%s\n" "$str" "$(fileout_json_section "$1")") >> "$JSONFILE" "$do_pretty_json" && FIRST_FINDING=true && (printf "%s%s\n" "$str" "$(fileout_json_section "$1")") >> "$JSONFILE"
} }
fileout_section_footer() { # IS_THE_LAST_ONE fileout_section_footer() {
"$do_pretty_json" && printf "\n ]" >> "$JSONFILE" "$do_pretty_json" && printf "\n ]" >> "$JSONFILE"
"$do_pretty_json" && $1 && echo -e "\n }" >> "$JSONFILE" "$do_pretty_json" && "$1" && echo -e "\n }" >> "$JSONFILE"
} }
fileout_json_print_parameter() { fileout_json_print_parameter() {
@ -866,34 +854,30 @@ fileout_json_print_parameter() {
local filler="$2" local filler="$2"
local value="$3" local value="$3"
local not_last="$4" local not_last="$4"
local spaces=""
local shift="" "$do_json" && \
spaces=" " || \
if "$do_json"; then spaces=" "
shift=" "
else
shift=" "
fi
if [[ ! -z "$value" ]]; then if [[ ! -z "$value" ]]; then
printf "%s%s%s%s" "$shift" "\"$parameter\"" "$filler" ": \"$value\"" >> "$JSONFILE" printf "%s%s%s%s" "$spaces" "\"$parameter\"" "$filler" ": \"$value\"" >> "$JSONFILE"
"$not_last" && printf ",\n" >> "$JSONFILE" "$not_last" && printf ",\n" >> "$JSONFILE"
fi fi
} }
fileout_json_finding() { fileout_json_finding() {
if "$do_json"; then if "$do_json"; then
"$FIRST_FINDING" || echo -n "," >> "$JSONFILE" "$FIRST_FINDING" || echo -n "," >> "$JSONFILE"
echo -e " {" >> "$JSONFILE" echo -e " {" >> "$JSONFILE"
fileout_json_print_parameter "id" " " "$1" true fileout_json_print_parameter "id" " " "$1" true
fileout_json_print_parameter "ip" " " "$NODE/$NODEIP" true fileout_json_print_parameter "ip" " " "$NODE/$NODEIP" true
fileout_json_print_parameter "port" " " "$PORT" true fileout_json_print_parameter "port" " " "$PORT" true
fileout_json_print_parameter "severity" " " "$2" true fileout_json_print_parameter "severity" " " "$2" true
fileout_json_print_parameter "cve" " " "$cve" true fileout_json_print_parameter "cve" " " "$cve" true
fileout_json_print_parameter "cwe" " " "$cwe" true fileout_json_print_parameter "cwe" " " "$cwe" true
"$GIVE_HINTS" && fileout_json_print_parameter "hint" " " "$hint" true "$GIVE_HINTS" && fileout_json_print_parameter "hint" " " "$hint" true
fileout_json_print_parameter "finding" " " "$finding" false fileout_json_print_parameter "finding" " " "$finding" false
echo -e "\n }" >> "$JSONFILE" echo -e "\n }" >> "$JSONFILE"
fi fi
if "$do_pretty_json"; then if "$do_pretty_json"; then
if [[ "$1" == "service" ]]; then if [[ "$1" == "service" ]]; then
@ -904,70 +888,144 @@ fileout_json_finding() {
\"service\" : \"$finding\", \"service\" : \"$finding\",
\"ip\" : \"$NODEIP\"," >> "$JSONFILE" \"ip\" : \"$NODEIP\"," >> "$JSONFILE"
$do_mx_all_ips && echo -e " \"hostname\" : \"$NODE\"," >> "$JSONFILE" $do_mx_all_ips && echo -e " \"hostname\" : \"$NODE\"," >> "$JSONFILE"
else else
("$FIRST_FINDING" && echo -n " {" >> "$JSONFILE") || echo -n ",{" >> "$JSONFILE" ("$FIRST_FINDING" && echo -n " {" >> "$JSONFILE") || echo -n ",{" >> "$JSONFILE"
echo -e -n "\n" >> "$JSONFILE" echo -e -n "\n" >> "$JSONFILE"
fileout_json_print_parameter "id" " " "$1" true fileout_json_print_parameter "id" " " "$1" true
fileout_json_print_parameter "severity" " " "$2" true fileout_json_print_parameter "severity" " " "$2" true
fileout_json_print_parameter "cve" " " "$cve" true fileout_json_print_parameter "cve" " " "$cve" true
fileout_json_print_parameter "cwe" " " "$cwe" true fileout_json_print_parameter "cwe" " " "$cwe" true
"$GIVE_HINTS" && fileout_json_print_parameter "hint" " " "$hint" true "$GIVE_HINTS" && fileout_json_print_parameter "hint" " " "$hint" true
fileout_json_print_parameter "finding" " " "$finding" false fileout_json_print_parameter "finding" " " "$finding" false
echo -e -n "\n }" >> "$JSONFILE" echo -e -n "\n }" >> "$JSONFILE"
fi fi
fi fi
} }
is_json_format() {
( [[ -f "$JSONFILE" ]] && ("$do_json" || "$do_pretty_json") )
}
##################### FILE FORMATING ######################### ##################### FILE FORMATING #########################
fileout_header() { fileout_pretty_json_banner() {
if "$APPEND"; then echo -e " \"Invocation\" : \"$PROG_NAME $CMDLINE\",
if [[ -f "$JSONFILE" ]]; then \"at\" : \"$HNAME:$OPENSSL_LOCATION\",
FIRST_FINDING=false # We need to insert a comma, because there is file content already \"version\" : \"$VERSION ${GIT_REL_SHORT:-$CVS_REL_SHORT} from $REL_DATE\",
else \"openssl\" : \"$OSSL_VER from $OSSL_BUILD_DATE\",
fileout_json_header \"target host\" : \"$target\",
\"port\" : \"$PORT\",
\"startTime\" : \"$START_TIME\",
\"scanResult\" : ["
}
fileout_banner() {
local target="$NODE"
$do_mx_all_ips && target="$URI"
#if ! "$APPEND"; then
# if "$CSVHEADER"; then
# :
# fi
if "$JSONHEADER"; then
# "$do_json" && # here we maybe should add a banner, too
"$do_pretty_json" && (printf "%s\n" "$(fileout_pretty_json_banner)") >> "$JSONFILE"
fi fi
if "$do_csv"; then #fi
if [[ -f "$CSVFILE" ]]; then
# add lf, just for overview
echo >> "$CSVFILE"
else
# create file, with headline
echo "\"id\",\"fqdn/ip\",\"port\",\"severity\",\"finding\",\"cve\",\"cwe\",\"hint\"" > "$CSVFILE"
fi
fi
else
fileout_json_header
"$do_csv" && echo "\"id\",\"fqdn/ip\",\"port\",\"severity\",\"finding\",\"cve\",\"cwe\",\"hint\"" > "$CSVFILE"
fi
} }
fileout_footer() { fileout_footer() {
is_json_format && fileout_json_footer if "$JSONHEADER"; then
fileout_json_footer
fi
# CSV: no footer
return 0
} }
fileout() { # ID, SEVERITY, FINDING, CVE, CWE, HINT # ID, SEVERITY, FINDING, CVE, CWE, HINT
fileout() {
local severity="$2" local severity="$2"
local cwe="$5" local cwe="$5"
local hint="$6" local hint="$6"
if ( "$do_pretty_json" && [[ "$1" == "service" ]] ) || show_finding "$severity"; then if ( "$do_pretty_json" && [[ "$1" == "service" ]] ) || show_finding "$severity"; then
local finding=$(strip_lf "$(newline_to_spaces "$(strip_quote "$3")")") local finding=$(strip_lf "$(newline_to_spaces "$(strip_quote "$3")")")
[[ -f "$JSONFILE" ]] && (fileout_json_finding "$1" "$severity" "$finding" "$cve" "$cwe" "$hint")
is_json_format && (fileout_json_finding "$1" "$severity" "$finding" "$cve" "$cwe" "$hint") "$do_csv" && \
# does the following do any sanitization?
if "$do_csv"; then
echo -e \""$1\"",\"$NODE/$NODEIP\",\"$PORT"\",\""$severity"\",\""$finding"\",\""$cve"\",\""$cwe"\",\""$hint"\"" >> "$CSVFILE" echo -e \""$1\"",\"$NODE/$NODEIP\",\"$PORT"\",\""$severity"\",\""$finding"\",\""$cve"\",\""$cwe"\",\""$hint"\"" >> "$CSVFILE"
fi "$FIRST_FINDING" && FIRST_FINDING=false
"$FIRST_FINDING" && FIRST_FINDING=false
fi fi
} }
json_header() {
local fname_prefix
# Similar to HTML: Don't create headers and footers in the following scenarios:
# * no JSON/CSV output is being created.
# * mass testing is being performed and each test will have its own file.
# * this is an individual test within a mass test and all output is being placed in a single file.
if ( ! "$do_json" && ! "$do_pretty_json" ) || \
( "$do_mass_testing" && ( [[ -z "$JSONFILE" ]] || [[ -d "$JSONFILE" ]] ) ) || \
( "$APPEND" && [[ -n "$JSONFILE" ]] && [[ ! -d "$JSONFILE" ]] ); then
JSONHEADER=false
return 0
fi
if "$do_display_only"; then
fname_prefix="local-ciphers"
elif "$do_mass_testing"; then
:
elif "$do_mx_all_ips"; then
fname_prefix="mx-$URI"
else
( [[ -z "$JSONFILE" ]] || [[ -d "$JSONFILE" ]] ) && parse_hn_port "${URI}"
# NODE, URL_PATH, PORT, IPADDR and IP46ADDR is set now --> wrong place
fname_prefix="${NODE}"_p"${PORT}"
fi
if [[ -n "$JSONFILE" ]] && [[ ! -d "$JSONFILE" ]]; then
rm -f "$JSONFILE"
elif [[ -z "$JSONFILE" ]]; then
JSONFILE=$fname_prefix-$(date +"%Y%m%d-%H%M".json)
else
JSONFILE=$JSONFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".json)
fi
"$do_json" && printf "[\n" > "$JSONFILE"
"$do_pretty_json" && printf "{\n" > "$JSONFILE"
#FIRST_FINDING=false
return 0
}
csv_header() {
local fname_prefix
# CSV similar:
if ! "$do_csv" || \
( "$do_mass_testing" && ( [[ -z "$CSVFILE" ]] || [[ -d "$CSVFILE" ]] ) ) || \
( "$APPEND" && [[ -n "$CSVFILE" ]] && [[ ! -d "$CSVFILE" ]] ); then
CSVHEADER=false
return 0
fi
if "$do_display_only"; then
fname_prefix="local-ciphers"
elif "$do_mass_testing"; then
:
elif "$do_mx_all_ips"; then
fname_prefix="mx-$URI"
else
( [[ -z "$CSVFILE" ]] || [[ -d "$CSVFILE" ]] ) && parse_hn_port "${URI}"
# NODE, URL_PATH, PORT, IPADDR and IP46ADDR is set now --> wrong place
fname_prefix="${NODE}"_p"${PORT}"
fi
if [[ -n "$CSVFILE" ]] && [[ ! -d "$CSVFILE" ]]; then
rm -f "$CSVFILE"
elif [[ -z "$CSVFILE" ]]; then
CSVFILE=$fname_prefix-$(date +"%Y%m%d-%H%M".csv)
else
CSVFILE=$CSVFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".csv)
fi
"$do_csv" && echo "\"id\",\"fqdn/ip\",\"port\",\"severity\",\"finding\",\"cve\",\"cwe\",\"hint\"" > "$CSVFILE"
return 0
}
################# JSON FILE FORMATING END. HTML START #################### ################# JSON FILE FORMATING END. HTML START ####################
html_header() { html_header() {
@ -980,8 +1038,8 @@ html_header() {
if ! "$do_html" || \ if ! "$do_html" || \
( "$do_mass_testing" && ( [[ -z "$HTMLFILE" ]] || [[ -d "$HTMLFILE" ]] ) ) || \ ( "$do_mass_testing" && ( [[ -z "$HTMLFILE" ]] || [[ -d "$HTMLFILE" ]] ) ) || \
( "$APPEND" && [[ -n "$HTMLFILE" ]] && [[ ! -d "$HTMLFILE" ]] ); then ( "$APPEND" && [[ -n "$HTMLFILE" ]] && [[ ! -d "$HTMLFILE" ]] ); then
HTMLHEADER=false HTMLHEADER=false
return 0 return 0
fi fi
if "$do_display_only"; then if "$do_display_only"; then
@ -991,7 +1049,8 @@ html_header() {
elif "$do_mx_all_ips"; then elif "$do_mx_all_ips"; then
fname_prefix="mx-$URI" fname_prefix="mx-$URI"
else else
( [[ -z "$HTMLFILE" ]] || [[ -d "$HTMLFILE" ]] ) && parse_hn_port "${URI}" # NODE, URL_PATH, PORT, IPADDR and IP46ADDR is set now ( [[ -z "$HTMLFILE" ]] || [[ -d "$HTMLFILE" ]] ) && parse_hn_port "${URI}"
# NODE, URL_PATH, PORT, IPADDR and IP46ADDR is set now --> wrong place
fname_prefix="${NODE}"_p"${PORT}" fname_prefix="${NODE}"_p"${PORT}"
fi fi
@ -3624,7 +3683,8 @@ run_client_simulation() {
what_dh=$(awk -F',' '{ print $1 }' <<< $temp) what_dh=$(awk -F',' '{ print $1 }' <<< $temp)
bits=$(awk -F',' '{ print $3 }' <<< $temp) bits=$(awk -F',' '{ print $3 }' <<< $temp)
grep -q bits <<< $bits || bits=$(awk -F',' '{ print $2 }' <<< $temp) grep -q bits <<< $bits || bits=$(awk -F',' '{ print $2 }' <<< $temp)
bits="${bits/ bits/}" bits="${bits/bits/}"
bits="${bits// /}"
if [[ "$what_dh" == "DH" ]]; then if [[ "$what_dh" == "DH" ]]; then
[[ ${minDhBits[i]} -ne -1 ]] && [[ $bits -lt ${minDhBits[i]} ]] && sclient_success=1 [[ ${minDhBits[i]} -ne -1 ]] && [[ $bits -lt ${minDhBits[i]} ]] && sclient_success=1
[[ ${maxDhBits[i]} -ne -1 ]] && [[ $bits -gt ${maxDhBits[i]} ]] && sclient_success=1 [[ ${maxDhBits[i]} -ne -1 ]] && [[ $bits -gt ${maxDhBits[i]} ]] && sclient_success=1
@ -4234,7 +4294,8 @@ read_dhbits_from_file() {
else else
bits=$(awk -F',' '{ print $2 }' <<< $temp) bits=$(awk -F',' '{ print $2 }' <<< $temp)
fi fi
bits="${bits/ bits/}" bits="${bits/bits/}"
bits="${bits// /}"
if [[ "$what_dh" == "X25519" ]] || [[ "$what_dh" == "X448" ]]; then if [[ "$what_dh" == "X25519" ]] || [[ "$what_dh" == "X448" ]]; then
curve="$what_dh" curve="$what_dh"
@ -10725,7 +10786,7 @@ file output options (can also be preset via environment variables):
--htmlfile <htmlfile> additional output as HTML to the specifed file --htmlfile <htmlfile> additional output as HTML to the specifed file
--hints additional hints to findings --hints additional hints to findings
--severity <severity> severities with lower level will be filtered for CSV+JSON, possible values <LOW|MEDIUM|HIGH|CRITICAL> --severity <severity> severities with lower level will be filtered for CSV+JSON, possible values <LOW|MEDIUM|HIGH|CRITICAL>
--append if <logfile>, <csvfile> or <jsonfile> exists rather append then overwrite --append if <logfile>, <csvfile>, <jsonfile> or <htmlfile> exists rather append then overwrite. Omits any header
Options requiring a value can also be called with '=' e.g. testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl <URI>. Options requiring a value can also be called with '=' e.g. testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl <URI>.
@ -10926,10 +10987,10 @@ cleanup () {
[[ -d "$TEMPDIR" ]] && rm -rf "$TEMPDIR"; [[ -d "$TEMPDIR" ]] && rm -rf "$TEMPDIR";
fi fi
outln outln
"$APPEND" || fileout_footer
html_footer html_footer
fileout_footer
# debugging off, see above # debugging off, see above
grep -q xtrace <<< "$SHELLOPTS" && exec 2>&42 42>&- grep -q xtrace <<< "$SHELLOPTS" && ! "$DEBUG_ALLINONE" && exec 2>&42 42>&-
} }
fatal() { fatal() {
@ -11064,35 +11125,18 @@ prepare_logging() {
else else
: # just for clarity: a log file was specified, no need to do anything else : # just for clarity: a log file was specified, no need to do anything else
fi fi
[[ -e $LOGFILE ]] && fatal "\"$LOGFILE\" exists. Either use \"--append\" or (re)move it" 1
>$LOGFILE if ! "$APPEND"; then
[[ -e $LOGFILE ]] && fatal "\"$LOGFILE\" exists. Either use \"--append\" or (re)move it" 1
else
>$LOGFILE
fi
tmln_out "## Scan started as: \"$PROG_NAME $CMDLINE\"" >>${LOGFILE} tmln_out "## Scan started as: \"$PROG_NAME $CMDLINE\"" >>${LOGFILE}
tmln_out "## at $HNAME:$OPENSSL_LOCATION" >>${LOGFILE} tmln_out "## at $HNAME:$OPENSSL_LOCATION" >>${LOGFILE}
tmln_out "## version testssl: $VERSION ${GIT_REL_SHORT:-$CVS_REL_SHORT} from $REL_DATE" >>${LOGFILE} tmln_out "## version testssl: $VERSION ${GIT_REL_SHORT:-$CVS_REL_SHORT} from $REL_DATE" >>${LOGFILE}
tmln_out "## version openssl: \"$OSSL_VER\" from \"$OSSL_BUILD_DATE\")\n" >>${LOGFILE} tmln_out "## version openssl: \"$OSSL_VER\" from \"$OSSL_BUILD_DATE\")\n" >>${LOGFILE}
exec > >(tee -a ${LOGFILE}) exec > >(tee -a ${LOGFILE})
# not decided yet. Maybe good to have a separate file or none at all
#exec 2> >(tee -a ${LOGFILE} >&2)
fi fi
if "$do_json" || "$do_pretty_json"; then
if [[ -z "$JSONFILE" ]]; then
JSONFILE=$fname_prefix-$(date +"%Y%m%d-%H%M".json)
elif [[ -d "$JSONFILE" ]]; then
# actually we were instructed to place all files in a DIR instead of the current working dir
JSONFILE=$JSONFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".json)
fi
fi
if "$do_csv"; then
if [[ -z "$CSVFILE" ]]; then
CSVFILE=$fname_prefix-$(date +"%Y%m%d-%H%M".csv)
elif [[ -d "$CSVFILE" ]]; then
# actually we were instructed to place all files in a DIR instead of the current working dir
CSVFILE=$CSVFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".csv)
fi
fi
fileout_header # write out any CSV/JSON header line
return 0
} }
@ -11744,7 +11788,6 @@ run_mass_testing() {
outln "$cmdline" outln "$cmdline"
$cmdline $cmdline
done < "${FNAME}" done < "${FNAME}"
fileout_footer
return $? return $?
} }
@ -12161,7 +12204,7 @@ parse_cmd_line() {
do_html=true do_html=true
;; # DEFINITION of HTMLFILE is not arg specified: automagically in parse_hn_port() ;; # DEFINITION of HTMLFILE is not arg specified: automagically in parse_hn_port()
# following does the same but we can specify a file location additionally # following does the same but we can specify a file location additionally
--htmlfile) --htmlfile|--htmlfile=*)
HTMLFILE=$(parse_opt_equal_sign "$1" "$2") HTMLFILE=$(parse_opt_equal_sign "$1" "$2")
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
do_html=true do_html=true
@ -12371,9 +12414,14 @@ lets_roll() {
################# main ################# ################# main #################
ret=0
ip=""
lets_roll init lets_roll init
initialize_globals initialize_globals
parse_cmd_line "$@" parse_cmd_line "$@"
json_header
csv_header
html_header html_header
get_install_dir get_install_dir
set_color_functions set_color_functions
@ -12386,10 +12434,6 @@ check_proxy
check4openssl_oldfarts check4openssl_oldfarts
check_bsd_mount check_bsd_mount
# TODO: it is ugly to have those two vars here --> main()
ret=0
ip=""
if $do_display_only; then if $do_display_only; then
prettyprint_local "$PATTERN2SHOW" prettyprint_local "$PATTERN2SHOW"
exit $? exit $?
@ -12402,41 +12446,44 @@ if $do_mass_testing; then
fi fi
html_banner html_banner
fileout_banner
#TODO: there shouldn't be the need for a special case for --mx, only the ip adresses we would need upfront and the do-parser #TODO: there shouldn't be the need for a special case for --mx, only the ip adresses we would need upfront and the do-parser
if $do_mx_all_ips; then if $do_mx_all_ips; then
query_globals # if we have just 1x "do_*" --> we do a standard run -- otherwise just the one specified query_globals # if we have just 1x "do_*" --> we do a standard run -- otherwise just the one specified
[[ $? -eq 1 ]] && set_scanning_defaults [[ $? -eq 1 ]] && set_scanning_defaults
run_mx_all_ips "${URI}" $PORT # we should reduce run_mx_all_ips to the stuff neccessary as ~15 lines later we have sililar code run_mx_all_ips "${URI}" $PORT # we should reduce run_mx_all_ips to the stuff neccessary as ~15 lines later we have sililar code
exit $?
fi
[[ -z "$NODE" ]] && parse_hn_port "${URI}" # NODE, URL_PATH, PORT, IPADDR and IP46ADDR is set now
prepare_logging
if ! determine_ip_addresses; then
fatal "No IP address could be determined" 2
fi
if [[ -n "$CMDLINE_IP" ]]; then
# we just test the one supplied
lets_roll "${STARTTLS_PROTOCOL}"
ret=$? ret=$?
else else # no --ip was supplied
[[ -z "$NODE" ]] && parse_hn_port "${URI}" # NODE, URL_PATH, PORT, IPADDR and IP46ADDR is set now if [[ $(count_words "$(echo -n "$IPADDRs")") -gt 1 ]]; then # we have more than one ipv4 address to check
prepare_logging pr_bold "Testing all IPv4 addresses (port $PORT): "; outln "$IPADDRs"
if ! determine_ip_addresses; then for ip in $IPADDRs; do
fatal "No IP address could be determined" 2
fi
if [[ -n "$CMDLINE_IP" ]]; then
# we just test the one supplied
lets_roll "${STARTTLS_PROTOCOL}"
ret=$?
else # no --ip was supplied
if [[ $(count_words "$(echo -n "$IPADDRs")") -gt 1 ]]; then # we have more than one ipv4 address to check
pr_bold "Testing all IPv4 addresses (port $PORT): "; outln "$IPADDRs"
for ip in $IPADDRs; do
draw_line "-" $((TERM_WIDTH * 2 / 3))
outln
NODEIP="$ip"
lets_roll "${STARTTLS_PROTOCOL}"
ret=$(($? + ret))
done
draw_line "-" $((TERM_WIDTH * 2 / 3)) draw_line "-" $((TERM_WIDTH * 2 / 3))
outln outln
pr_bold "Done testing now all IP addresses (on port $PORT): "; outln "$IPADDRs" NODEIP="$ip"
else # we need just one ip4v to check
NODEIP="$IPADDRs"
lets_roll "${STARTTLS_PROTOCOL}" lets_roll "${STARTTLS_PROTOCOL}"
ret=$? ret=$(($? + ret))
fi done
draw_line "-" $((TERM_WIDTH * 2 / 3))
outln
pr_bold "Done testing now all IP addresses (on port $PORT): "; outln "$IPADDRs"
else # we need just one ip4v to check
NODEIP="$IPADDRs"
lets_roll "${STARTTLS_PROTOCOL}"
ret=$?
fi fi
fi fi
exit $? exit $?