Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 21:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #611 from dcooper16/print_two_CRL_or_OCSP_URI

Browse Source 
Fix Two CRL and/or two OCSP URLs
This commit is contained in:
Dirk Wetter
2017-02-04 15:06:18 +01:00
committed by GitHub
parent 3a21097cc5 b2de5c4ac9
commit e95f9a8d0a
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
testssl.sh
View File

@@ -6209,7 +6209,8 @@ certificate_info() {
fileout "${json_prefix}certcount" "INFO" "# of certificates provided : $certificates_provided"
# Get both CRL and OCSP URL upfront. If there's none, this is not good. And we need to penalize this in the output
crl="$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | awk '/CRL Distribution/,/URI/ { print $0 }' | awk -F'URI:' '/URI/ { print $2 }')"
crl="$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | grep -A 50 "X509v3 CRL Distribution Points:" | \
tail -n +2 | awk '/^$/,/^ [a-zA-Z0-9]+|^ Signature Algorithm:/' | awk -F'URI:' '/URI/ { print $2 }')"
ocsp_uri=$($OPENSSL x509 -in $HOSTCERT -noout -ocsp_uri 2>>$ERRFILE)
out "$indent"; pr_bold " Certificate Revocation List "
@@ -6239,7 +6240,11 @@ certificate_info() {
outln "--"
fileout "${json_prefix}ocsp_uri" "INFO" "OCSP URI : --"
else
outln "$ocsp_uri"
if [[ $(count_lines "$ocsp_uri") -eq 1 ]]; then
outln "$ocsp_uri"
else
out_row_aligned "$ocsp_uri" "$spaces"
fi
fileout "${json_prefix}ocsp_uri" "INFO" "OCSP URI : $ocsp_uri"
fi