Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 21:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #975 from dcooper16/determine_trust_ossl111

Browse Source 
Fix determine_trust() for OpenSSL 1.1.1
This commit is contained in:
Dirk Wetter
2018-02-02 12:43:22 +01:00
committed by GitHub
parent 7585ab60e5 f839aab044
commit e4d3ccc725
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
testssl.sh
View File

@@ -5779,13 +5779,13 @@ determine_trust() {
fi fi
debugme printf -- " %-12s" "${certificate_file[i]}" debugme printf -- " %-12s" "${certificate_file[i]}"
# set SSL_CERT_DIR to /dev/null so that $OPENSSL verify will only use certificates in $bundle_fname # set SSL_CERT_DIR to /dev/null so that $OPENSSL verify will only use certificates in $bundle_fname
(export SSL_CERT_DIR="/dev/null; export SSL_CERT_FILE=/dev/null" (export SSL_CERT_DIR="/dev/null"; export SSL_CERT_FILE="/dev/null"
if [[ $certificates_provided -ge 2 ]]; then if [[ $certificates_provided -ge 2 ]]; then
$OPENSSL verify -purpose sslserver -CAfile "$bundle_fname" -untrusted $TEMPDIR/intermediatecerts.pem $HOSTCERT >$TEMPDIR/${certificate_file[i]}.1 2>$TEMPDIR/${certificate_file[i]}.2 $OPENSSL verify -purpose sslserver -CAfile "$bundle_fname" -untrusted $TEMPDIR/intermediatecerts.pem $HOSTCERT >$TEMPDIR/${certificate_file[i]}.1 2>$TEMPDIR/${certificate_file[i]}.2
else else
$OPENSSL verify -purpose sslserver -CAfile "$bundle_fname" $HOSTCERT >$TEMPDIR/${certificate_file[i]}.1 2>$TEMPDIR/${certificate_file[i]}.2 $OPENSSL verify -purpose sslserver -CAfile "$bundle_fname" $HOSTCERT >$TEMPDIR/${certificate_file[i]}.1 2>$TEMPDIR/${certificate_file[i]}.2
fi) fi)
verify_retcode[i]=$(awk '/error [1-9][0-9]? at [0-9]+ depth lookup:/ { if (!found) {print $2; found=1} }' $TEMPDIR/${certificate_file[i]}.1) verify_retcode[i]=$(awk '/error [1-9][0-9]? at [0-9]+ depth lookup:/ { if (!found) {print $2; found=1} }' $TEMPDIR/${certificate_file[i]}.1 $TEMPDIR/${certificate_file[i]}.2)
[[ -z "${verify_retcode[i]}" ]] && verify_retcode[i]=0 [[ -z "${verify_retcode[i]}" ]] && verify_retcode[i]=0
if [[ ${verify_retcode[i]} -eq 0 ]]; then if [[ ${verify_retcode[i]} -eq 0 ]]; then
trust[i]=true trust[i]=true