Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-06 00:39:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Workaround for missing date conversion in OpenBSD

Browse Source 
OpenBSD doesn't seem to be able to convert from $(date)
output to a more readable format as performed on notBefore
and notAfter from x509(1). Thus an exemption is made and
just display the format like x509(1) shows.

Also newer OpenBSD come with a newer LibreSSL version,
thus the pattern when to display a warning when the
"too unreliable to determine trust" warning is displayed.
This commit is contained in:
Dirk 2018-02-16 23:47:48 +01:00
parent 6f0a9aee11
commit f812403292
1 changed files with 35 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
testssl.sh
View File

@ -140,13 +140,23 @@ else
fi fi
readonly SYSTEM=$(uname -s) readonly SYSTEM=$(uname -s)
SYSTEM2="" # currently only being used for WSL = bash on windows SYSTEM2="" # currently only being used for WSL = bash on windows
date -d @735275209 >/dev/null 2>&1 && \
readonly HAS_GNUDATE=true || \ HAS_GNUDATE=false
readonly HAS_GNUDATE=false HAS_FREEBSDDATE=false
HAS_OPENBSDDATE=false
if date -d @735275209 >/dev/null 2>&1; then
if date -r @735275209 >/dev/null 2>&1; then
# it can't do any conversion from a plain date output
HAS_OPENBSDDATE=true
else
HAS_GNUDATE=true
fi
fi
# FreeBSD and OS X date(1) accept "-f inputformat" # FreeBSD and OS X date(1) accept "-f inputformat"
date -j -f '%s' 1234567 >/dev/null 2>&1 && \ date -j -f '%s' 1234567 >/dev/null 2>&1 && \
readonly HAS_FREEBSDDATE=true || \ HAS_FREEBSDDATE=true
readonly HAS_FREEBSDDATE=false
echo A | sed -E 's/A//' >/dev/null 2>&1 && \ echo A | sed -E 's/A//' >/dev/null 2>&1 && \
readonly HAS_SED_E=true || \ readonly HAS_SED_E=true || \
readonly HAS_SED_E=false readonly HAS_SED_E=false
@ -1348,6 +1358,11 @@ elif "$HAS_FREEBSDDATE"; then # FreeBSD and OS X
parse_date() { parse_date() {
LC_ALL=C date -j -f "$3" "$2" "$1" LC_ALL=C date -j -f "$3" "$2" "$1"
} }
elif "$HAS_OPENBSDDATE"; then
parse_date() {
# we just echo it as a conversion as we want it is not possible
echo "$1"
}
else else
parse_date() { parse_date() {
LC_ALL=C date -j "$2" "$1" LC_ALL=C date -j "$2" "$1"
@ -5810,7 +5825,7 @@ determine_trust() {
[[ -n $json_postfix ]] && spaces=" " [[ -n $json_postfix ]] && spaces=" "
case $OSSL_VER_MAJOR.$OSSL_VER_MINOR in case $OSSL_VER_MAJOR.$OSSL_VER_MINOR in
1.0.2|1.1.0|1.1.1|2.3.*|2.2.*|2.1.*) # 2.x is LibreSSL. 2.1.1 was tested to work, below is not sure 1.0.2|1.1.0|1.1.1|2.[1-9].*) # 2.x is LibreSSL. 2.1.1 was tested to work, below is not sure
: :
;; ;;
*) addtl_warning="Your $OPENSSL <= 1.0.2 might be too unreliable to determine trust" *) addtl_warning="Your $OPENSSL <= 1.0.2 might be too unreliable to determine trust"
@ -7051,15 +7066,18 @@ certificate_info() {
enddate="$(parse_date "$enddate" +"%F %H:%M" "%b %d %T %Y %Z")" enddate="$(parse_date "$enddate" +"%F %H:%M" "%b %d %T %Y %Z")"
startdate="$(parse_date "$startdate" +"%F %H:%M" "%b %d %T %Y %Z")" startdate="$(parse_date "$startdate" +"%F %H:%M" "%b %d %T %Y %Z")"
days2expire=$(( $(parse_date "$enddate" "+%s" $'%F %H:%M') - $(LC_ALL=C date "+%s") )) # first in seconds if "$HAS_OPENBSDDATE"; then
days2expire=$((days2expire / 3600 / 24 )) # best we are able to do under OpenBSD
days2expire=""
# we adjust the thresholds by %50 for LE certificates, relaxing those warnings else
if grep -q "^Let's Encrypt Authority" <<< "$issuer_CN"; then days2expire=$(( $(parse_date "$enddate" "+%s" $'%F %H:%M') - $(LC_ALL=C date "+%s") )) # first in seconds
days2warn2=$((days2warn2 / 2)) days2expire=$((days2expire / 3600 / 24 ))
days2warn1=$((days2warn1 / 2)) # we adjust the thresholds by %50 for LE certificates, relaxing those warnings
if grep -q "^Let's Encrypt Authority" <<< "$issuer_CN"; then
days2warn2=$((days2warn2 / 2))
days2warn1=$((days2warn1 / 2))
fi
fi fi
expire=$($OPENSSL x509 -in $HOSTCERT -checkend 1 2>>$ERRFILE) expire=$($OPENSSL x509 -in $HOSTCERT -checkend 1 2>>$ERRFILE)
if ! grep -qw not <<< "$expire" ; then if ! grep -qw not <<< "$expire" ; then
pr_svrty_critical "expired" pr_svrty_critical "expired"
@ -14780,6 +14798,7 @@ TERM_WIDTH: $TERM_WIDTH
INTERACTIVE: $INTERACTIVE INTERACTIVE: $INTERACTIVE
HAS_GNUDATE: $HAS_GNUDATE HAS_GNUDATE: $HAS_GNUDATE
HAS_FREEBSDDATE: $HAS_FREEBSDDATE HAS_FREEBSDDATE: $HAS_FREEBSDDATE
HAS_OPENBSDDATE: $HAS_OPENBSDDATE
HAS_SED_E: $HAS_SED_E HAS_SED_E: $HAS_SED_E
SHOW_EACH_C: $SHOW_EACH_C SHOW_EACH_C: $SHOW_EACH_C
@ -16810,7 +16829,7 @@ stopwatch() {
"$MEASURE_TIME" || return "$MEASURE_TIME" || return
new_delta=$(( $(date +%s) - LAST_TIME )) new_delta=$(( $(date +%s) - LAST_TIME ))
printf "%${column}s" "$new_delta" printf "%${column}s" "$1: $new_delta"
[[ -e "$MEASURE_TIME_FILE" ]] && echo "$1 : $new_delta " >> "$MEASURE_TIME_FILE" [[ -e "$MEASURE_TIME_FILE" ]] && echo "$1 : $new_delta " >> "$MEASURE_TIME_FILE"
LAST_TIME=$(( new_delta + LAST_TIME )) LAST_TIME=$(( new_delta + LAST_TIME ))
} }
@ -16922,7 +16941,7 @@ lets_roll() {
SCAN_TIME=$(( END_TIME - START_TIME )) SCAN_TIME=$(( END_TIME - START_TIME ))
datebanner " Done" datebanner " Done"
"$MEASURE_TIME" && printf "%${COLUMNS}s\n" "$SCAN_TIME" "$MEASURE_TIME" && printf "$1: %${COLUMNS}s\n" "$SCAN_TIME"
[[ -e "$MEASURE_TIME_FILE" ]] && echo "Total : $SCAN_TIME " >> "$MEASURE_TIME_FILE" [[ -e "$MEASURE_TIME_FILE" ]] && echo "Total : $SCAN_TIME " >> "$MEASURE_TIME_FILE"
return $ret return $ret