From f18a398ce3abe4ae047f2d0989ed0032bed6857b Mon Sep 17 00:00:00 2001 From: Dirk Date: Fri, 4 Nov 2016 08:39:14 +0100 Subject: [PATCH] handle better missing ca_hashes.txt --- testssl.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index 459bb56..f3af95e 100755 --- a/testssl.sh +++ b/testssl.sh @@ -1168,7 +1168,7 @@ run_hpkp() { # we compare now against a precompiled list of SPKIs against the ROOT CAs we have in $ca_hashes if ! "$certificate_found"; then - hpkp_matches=$(grep -h "$hpkp_spki" $ca_hashes | sort -u) + hpkp_matches=$(grep -h "$hpkp_spki" $ca_hashes 2>/dev/null | sort -u) if [[ -n $hpkp_matches ]]; then certificate_found=true # root CA found spki_match=true @@ -1230,6 +1230,11 @@ run_hpkp() { outln "$spaces_indented ${backup_spki[i]}" fi done + if [[ ! -f "$ca_hashes" ]] && "$spki_match"; then + out "$spaces " + pr_warningln "Attribution of further hashes couldn't be done as $ca_hashes could not be found" + fileout "hpkp_spkimatch" "WARN" "Attribution of further hashes couldn't be done as $ca_hashes could not be found" + fi # If all else fails... if ! "$spki_match"; then