Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

handle better missing ca_hashes.txt

Browse Source
This commit is contained in:
Dirk 2016-11-04 08:35:27 +01:00
parent cc6da260f8
commit e8d7e16a9d
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
testssl.sh
View File

@ -1335,7 +1335,7 @@ run_hpkp() {
# we compare now against a precompiled list of SPKIs against the ROOT CAs we have in $ca_hashes # we compare now against a precompiled list of SPKIs against the ROOT CAs we have in $ca_hashes
if ! "$certificate_found"; then if ! "$certificate_found"; then
hpkp_matches=$(grep -h "$hpkp_spki" $ca_hashes | sort -u) hpkp_matches=$(grep -h "$hpkp_spki" $ca_hashes 2>/dev/null | sort -u)
if [[ -n $hpkp_matches ]]; then if [[ -n $hpkp_matches ]]; then
certificate_found=true # root CA found certificate_found=true # root CA found
spki_match=true spki_match=true
@ -1397,6 +1397,11 @@ run_hpkp() {
outln "$spaces_indented ${backup_spki[i]}" outln "$spaces_indented ${backup_spki[i]}"
fi fi
done done
if [[ ! -f "$ca_hashes" ]] && "$spki_match"; then
out "$spaces "
pr_warningln "Attribution of further hashes couldn't be done as $ca_hashes could not be found"
fileout "hpkp_spkimatch" "WARN" "Attribution of further hashes couldn't be done as $ca_hashes could not be found"
fi
# If all else fails... # If all else fails...
if ! "$spki_match"; then if ! "$spki_match"; then