testssl.sh

mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-17 17:32:54 +02:00

Author	SHA1	Message	Date
Dirk Wetter	1504961a8e	Bump version (3.2)	2025-09-16 12:58:58 +02:00
Dirk Wetter	559c089c39	Merge pull request #2887 from testssl/fix_http_age_3.2 Fix garbled screen when HTTP Age is not a non-negative int (branch 3.2)	2025-09-16 09:58:40 +02:00
Dirk	7aa9d30a72	Typos fixed which led to wrong file name ... which was catched in unit tests t/{baseline_ipv4_http.t,23_client_simulation}	2025-09-15 22:43:07 +02:00
Dirk Wetter	a11ad9448a	Merge pull request #2888 from testssl/update_faq_3.2 Additions to FAQ (branch 3.2)	2025-09-15 22:40:11 +02:00
Dirk Wetter	e30565cf76	Additions to FAQ (branch 3.2) - STARTTLS + rating - amend paragraphs - and try to avoid the word "crypto"	2025-09-15 19:18:09 +02:00
Dirk	7bb7ac8f08	Fix garbled screen when HTTP Age is not a non-negative int (3.2) As suggested in #2885 parsing of the server determined HTTP age var wasn't strict enough, this is a backport for 3.2. https://www.rfc-editor.org/rfc/rfc7234#section-1.2.1 requires the variable to be a non-negative integer but testssl.sh assumed it was like that but did't check whether that really was the case. This was labled as a (potential) security problem. Potential as it didn't look exploitable after review -- the header as a whole was already sanitized. This PR fixes the typs confusion and the garbled screen by checking the variable early in run_http_header() and reset it to NaN. That will be used later in run_http_date() to raise a low severity finding. Kudos to @Tristanhx for catching this and for the suggested PR. Also, only when running in debug mode, this PR fixes that during service_detection() parts of the not-yet-sanitized header ended up on the screen. The fix just calls sanitze_http_header() for the temporary variable $TMPFILE. For 3.2 sanitze_http_header() had to be modified to accept an argument and the callers needed to be changed.	2025-09-15 18:57:59 +02:00
Dirk Wetter	5d275e5370	Merge pull request #2881 from testssl/faq_3.2 FAQ for 3.2	2025-09-02 15:58:13 +02:00
Dirk Wetter	af84055e7d	Backport FAQ from 3.3dev	2025-09-02 15:53:21 +02:00
Dirk Wetter	c52e5549ed	Merge pull request #2864 from testssl/drwetter-patch-1 Modify OS bullet point + badge param	2025-07-29 12:41:59 +02:00
Dirk Wetter	c8044ab7aa	Modify OS point + badge param	2025-07-29 12:37:38 +02:00
Dirk Wetter	878513e140	Merge pull request #2845 from testssl/fix_misleading_ipv4_msg_3.2 Fix displayed message when IPv6 needs to be tested too (3.2)	2025-07-15 23:30:00 +02:00
Dirk Wetter	853cea8530	Fix displayed message when IPv6 needs to be tested too (3.2) message: "Testing all IPv4 addresses" related to #2843.	2025-07-15 20:49:07 +02:00
Dirk Wetter	0191098432	Merge pull request #2841 from testssl/rollup_improvements Rollup improvements (3.2)	2025-07-13 08:57:27 +02:00
Dirk Wetter	8d905054f3	fix typos	2025-07-12 18:51:24 +02:00
Dirk Wetter	3812554987	Backport readability and more improvements from 3.3dev The opossum patch improved http_get() , http_get_header/http_head() in terms of readability. This was backported to improve maintainability. Also in pwned keys if not pwned appear now in green/OK and not just info level. HAS_UDS2 was renamed to HAS2_UDS.	2025-07-12 18:45:45 +02:00
Dirk Wetter	9b795df17e	Merge pull request #2839 from testssl/no_fulloutput@32_isHTML_valid do not output the whole output	2025-07-12 14:50:48 +02:00
Dirk	c6062a2254	do not output the whole output text + html , comp_ok --> ok	2025-07-11 14:42:05 +02:00
Dirk Wetter	137c7e2fbb	Merge pull request #2832 from testssl/12_diff_homebrew_(3.2) For Mac: use homebrew's openssl (3.2)	2025-07-10 11:19:41 +02:00
Dirk Wetter	9290f819af	Merge pull request #2836 from testssl/drwetter-patch-1 rating bump to 2009r	2025-07-10 09:41:52 +02:00
Dirk Wetter	28514d3a88	rating bump to 2009r	2025-07-10 09:41:19 +02:00
Dirk Wetter	f674cde6de	Merge pull request #2834 from magnuslarsen/3.2 feat: bump ssllabs rating guide to 2009r	2025-07-10 09:36:33 +02:00
Dirk Wetter	d63617c0f6	make it compatible when run locally	2025-07-10 09:14:08 +02:00
Magnus Larsen	826adbd6d7	feat: bump ssllabs rating guide to 2009r	2025-07-10 08:20:01 +02:00
Dirk Wetter	815e737bfe	Check the correct file	2025-07-09 18:10:30 +02:00
Dirk Wetter	1f589565c7	we changed above the ECDH bit length already	2025-07-09 16:17:28 +02:00
Dirk Wetter	822c6b31d7	fix stnax errors	2025-07-09 15:22:48 +02:00
Dirk Wetter	4f52cbbedf	Copy LibreSSL change of naming scheme from t/61_diff_testsslsh.t ... also if NOW only ciphers seem affected.	2025-07-09 13:31:18 +02:00
Dirk Wetter	b8aadef737	For Mac: use homebrew's openssl (3.2) ... so that we have a comparison between OpenSSL and LibreSSL. Otherwise this test would be completely futile for MacOS. Also change the displayed text.	2025-07-08 23:47:19 +02:00
Dirk Wetter	b783fbc660	Merge pull request #2826 from testssl/fix_2825 Fix not working --disable-rating switch	2025-07-07 14:01:50 +02:00
Dirk Wetter	0b79356357	Fix not working --disable-rating switch The logic was wrong when calling set_rating_state() in parse_cmd_line() as do_rating was set before to true through set_scanning_defaults(). This PR fixes that by querying ${SKIP_TESTS[@]} instead and then calling set_rating_state() when no --disable-rating was supplied .	2025-07-07 12:01:43 +02:00
Dirk Wetter	8cb32a3db9	Merge pull request #2819 from testssl/perf_improvements Make code2network() faster by using bash instead of tr	2025-07-03 18:14:54 +02:00
Dirk Wetter	9511f3b9db	Fix 52_ocsp_revoked (OCSP --> CRL)	2025-07-03 16:59:54 +02:00
Dirk Wetter	4b5409122c	Merge pull request #2820 from testssl/performance_hint Performance hint for openssl	2025-07-02 17:37:21 +02:00
Dirk Wetter	6de18d3a22	was 2x first	2025-07-02 17:36:33 +02:00
Dirk Wetter	6083938a47	Performance hint for openssl	2025-07-02 17:34:29 +02:00
Dirk Wetter	2829827cc2	Merge pull request #2817 from testssl/errormsg_2807 Improve error message for sockets fail and Alpine	2025-06-29 17:06:01 +02:00
Dirk	3792bceeda	Improve error message for sockets fail and Alpine See $2807 . Also some prln_magenta were modified (see #2816) to pr_warning.	2025-06-29 15:24:44 +02:00
Dirk Wetter	d80e0e9f95	Make code2network() faster by using bash only	2025-06-27 19:09:01 +02:00
Dirk Wetter	9b1a7ae1f8	Merge pull request #2814 from testssl/revert-2813-revert_2772_for_testing Revert "Revert lowercase conversion for repo"	2025-06-24 12:07:08 +02:00
Dirk	78a613dae3	Remove the scheudule part as it will not work anymore	2025-06-24 12:06:00 +02:00
Dirk Wetter	b56302518b	Revert "Revert lowercase conversion for repo"	2025-06-23 23:12:59 +02:00
Dirk Wetter	6dc26b09fe	Merge pull request #2813 from testssl/revert_2772_for_testing Revert lowercase conversion for repo	2025-06-23 21:38:32 +02:00
Dirk	d44692331b	Revert lowercase conversion for repo ... which was done in #2772 . This is done for testing as building the container doesn't work anymore, see #2810 . Action logs say it was build but it's unclear why it is still based on 3.2rc4 . Hence this test. The schedule was commented out as it would not apply either here as 3.3dev is now the default version.	2025-06-23 21:17:49 +02:00
Dirk Wetter	bed43df2df	Merge pull request #2812 from testssl/ghcr_workflow_no_unittest YAML file doesn't need the unit tests	2025-06-23 21:04:43 +02:00
Dirk Wetter	58719e4492	YAML file doesn't need the unit tests	2025-06-23 21:00:33 +02:00
Dirk Wetter	5fe854b830	Merge pull request #2809 from testssl/improve_2798 Minor improvements to #2798	2025-06-23 20:29:27 +02:00
Dirk Wetter	4d75527a4b	Merge pull request #2808 from testssl/fix_sectigo_x46.forLinux Add sectigo CA E46 and R46 for Linux.pem	2025-06-23 20:29:07 +02:00
Dirk Wetter	c9a11a9fb0	Minor improvements to #2798 see https://github.com/testssl/testssl.sh/pull/2798#issuecomment-2972834180	2025-06-23 18:43:34 +02:00
Dirk Wetter	71f0f32cf5	Merge pull request #2798 from secinto/3.2 Modify grading for incomplete chain. suggested corrections will be done after merge	2025-06-23 18:41:00 +02:00
Dirk Wetter	b4f9e51865	Add lf so that gh action doesn't complain	2025-06-23 18:21:44 +02:00

1 2 3 4 5 ...

5069 Commits