Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-02 01:58:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow dir with PEM files for --add-CA

Browse Source 
Idea which popped up while following #1700
This commit is contained in:
Dirk Wetter
2020-08-18 21:52:59 +02:00
parent 565c93e53b
commit ecc6cd8160
5 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
doc/testssl.1.md
View File

@ -145,8 +145,9 @@ in `/etc/hosts`. The use of the switch is only useful if you either can't or ar
`--phone-out` Checking for revoked certificates via CRL and OCSP is not done per default. This switch instructs testssl.sh to query external -- in a sense of the current run -- URIs. By using this switch you acknowledge that the check might have privacy issues, a download of several megabytes (CRL file) may happen and there may be network connectivity problems while contacting the endpoint which testssl.sh doesn't handle. PHONE_OUT is the environment variable for this which needs to be set to true if you want this.
`--add-ca <cafile>` enables you to add your own CA(s) for trust chain checks. `cafile` can be a single path or multiple paths as a comma separated list of root CA files. Internally they will be added during runtime to all CA stores. This is (only) useful for internal hosts whose certificates is issued by internal CAs. Alternatively ADDTL_CA_FILES is the environment variable for this.
`--add-ca <CAfile>` enables you to add your own CA(s) in PEM format for trust chain checks. `CAfile` can be a directory containing files with a \.pem extension, a single file or multiple files as a comma separated list of root CAs. Internally they will be added during runtime to all CA stores. This is (only) useful for internal hosts whose certificates are issued by internal CAs. Alternatively ADDTL_CA_FILES is the environment variable for this.
.
.SS "SINGLE CHECK OPTIONS"
### SINGLE CHECK OPTIONS