Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2026-06-02 22:48:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve PR #3041

Browse Source 
* move message when scanning IP address to the very beginning, inside parse_cmd_line()
* improve message
* just check whether there are no chars a-zA-Z

* move [[ $caa_node =~ '.'$ ]] || caa_node+="." into the while loop
This commit is contained in:
Dirk Wetter
2026-05-27 16:53:06 +02:00
parent d4f1b31f0d
commit f8af511952
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
testssl.sh
+10 -5
View File
@@ -10273,9 +10273,9 @@ certificate_info() {
fileout "${jsonID}${json_postfix}" "INFO" "not checked (IP address scan)" fileout "${jsonID}${json_postfix}" "INFO" "not checked (IP address scan)"
else else
caa_node="$NODE" caa_node="$NODE"
[[ $caa_node =~ '.'$ ]] || caa_node+="." # force FQDN to prevent dig search-domain expansion
caa="" caa=""
while [[ -z "$caa" ]] && [[ -n "$caa_node" ]]; do while [[ -z "$caa" ]] && [[ -n "$caa_node" ]]; do
[[ $caa_node =~ '.'$ ]] || caa_node+="." # force FQDN to prevent dig search-domain expansion
caa="$(get_caa_rr_record $caa_node)" caa="$(get_caa_rr_record $caa_node)"
tmp=${PIPESTATUS[@]} tmp=${PIPESTATUS[@]}
[[ $DEBUG -ge 4 ]] && echo "get_caa_rr_record: $tmp" [[ $DEBUG -ge 4 ]] && echo "get_caa_rr_record: $tmp"
@@ -23611,10 +23611,6 @@ display_rdns_etc() {
outln " A record via: $CORRECT_SPACES supplied IP \"$CMDLINE_IP\"" outln " A record via: $CORRECT_SPACES supplied IP \"$CMDLINE_IP\""
fi fi
fi fi
if is_ipv4addr "$NODE" || is_ipv6addr "$NODE"; then
prln_warning " Warning: IP scan -- Trust, CAA and SNI-dependent checks may be unreliable. Rescan with hostname for accurate results."
fileout "ip_scan_warning" "WARN" "Scanning by IP address: Trust, CAA and SNI-dependent checks may be unreliable"
fi
if [[ "$rDNS" =~ instructed ]]; then if [[ "$rDNS" =~ instructed ]]; then
out "$(printf " %-23s " "rDNS ($nodeip):")" out "$(printf " %-23s " "rDNS ($nodeip):")"
out "$rDNS" out "$rDNS"
@@ -24682,6 +24678,7 @@ parse_cmd_line() {
local outfile_arg="" local outfile_arg=""
local cipher_mapping local cipher_mapping
local -i subret=0 local -i subret=0
local tmp=""
CMDLINE="$(create_cmd_line_string "${CMDLINE_ARRAY[@]}")" CMDLINE="$(create_cmd_line_string "${CMDLINE_ARRAY[@]}")"
CMDLINE_PARSED=false CMDLINE_PARSED=false
@@ -25361,6 +25358,14 @@ parse_cmd_line() {
set_rating_state set_rating_state
fi fi
tmp=${URI#*//} # remove https://
if [[ ! $tmp =~ [a-zA-Z] ]]; then
# No letters indicate it's not a name
outln
pr_warning " Warning: Target is not a server name: results may be completely wrong, at minimum trust may show false results."
fileout "ip_scan_warning" "WARN" "Target is not a server name: results may be completely wrong, at minimum trust may show false results."
fi
CMDLINE_PARSED=true CMDLINE_PARSED=true
} }