Commit Graph

4320 Commits

Author SHA1 Message Date
Odinmylord
035996cc44 updated default_testssl.csvfile with new RSA-PSS 2023-03-23 00:14:15 +01:00
Odinmylord
cf0c1c1f5f Added more details to the SignatureAlgorithms 2023-03-22 23:14:56 +01:00
Dirk Wetter
cb451777d2
Merge pull request #2338 from drwetter/CAstores_update
CA astores update
2023-03-18 20:19:03 +01:00
Dirk Wetter
aac696b0a0 Updated root CA stores 2023-03-17 18:06:57 +01:00
Dirk Wetter
6106887fdd Update DST CA 2023-03-17 18:06:03 +01:00
Dirk Wetter
419aae3c98 updates docu to reflekt actual status 2023-03-17 18:05:24 +01:00
Dirk Wetter
2659a13086
Merge pull request #2336 from drwetter/drwetter-patch-4
Update codespell.yml
2023-03-12 18:12:29 +01:00
Dirk Wetter
6cea273a68
Update codespell.yml
add exception for aNULL which should work now
2023-03-12 17:55:10 +01:00
Dirk Wetter
b84e182ca2
Merge pull request #2332 from drwetter/sanitize_fileout
Make sure control chars from HTTP header don't end up in html,csv,json
2023-03-12 16:18:20 +01:00
Dirk Wetter
83f67b4fb7
Merge pull request #2333 from drwetter/drwetter-patch-4
Update .gitignore
2023-03-12 16:00:11 +01:00
Dirk Wetter
8643ed4c72
Update .gitignore 2023-03-12 15:57:01 +01:00
Dirk Wetter
cacd8c57b1 Add variable htmlfile + filter GOST message
... which is needed for newer LibreSSL/OpenSSL versions
2023-03-12 15:09:24 +01:00
Dirk Wetter
2e33c483dd remove comma in tr as it was interpreted as such 2023-03-12 14:52:11 +01:00
Dirk Wetter
fab67d0cca Remove CR in server banner
... which caused a problem in t/32_isHTML_valid.t.

Also the test for an empty server banner was simplified
2023-03-12 14:00:55 +01:00
Dirk Wetter
d298b41d2c add aNULL exception to codespell 2023-03-11 14:06:47 +01:00
Dirk Wetter
06506b371e Make sure control chars from HTTP header don't end up in html,csv,json
This addresses the bug #2330 by implementing a function which removes
control characters from the file output format html,csv,json at the
output.

In every instance called there's a check before whether the string
contains control chars, hoping it'll save a few milli seconds.

A tr function is used, omitting LF.

It doesn't filter the terminal output and the log file output.
2023-03-11 13:38:28 +01:00
Dirk Wetter
88763f47a8
Merge pull request #2326 from drwetter/fix_mime-type
Fix Accept Header
2023-02-20 20:29:14 +01:00
Dirk
a14fc5bdcf Fix Accept header
see #2325.

"whenever HTTP/1.1 is used then the Accept header uses "text/*" as a MIME type.
This causes some minor issues with some of the checks we are doing"
2023-02-20 15:01:40 +01:00
Dirk Wetter
e57527f3ec
Merge pull request #2321 from drwetter/align_json+terminal@run_cipherlists
Rename 3 jsonIDs in run_cipherlists(): breaking change
2023-02-08 17:07:42 +01:00
Dirk Wetter
8260ca16e2
Merge pull request #2309 from polarathene/chore/dockerfile-improved-copy
chore: Use a single `COPY` by better leveraging `.dockerignore` patterns
2023-02-07 12:23:04 +01:00
Dirk Wetter
363c0d0a69
Merge pull request #2323 from drwetter/drwetter-patch-4
Remove mkdir in Dockerfile
2023-02-07 10:29:08 +01:00
Dirk Wetter
f914423978
Remove mkdir in Dockerfile
see https://github.com/drwetter/testssl.sh/pull/2312#pullrequestreview-1286620850
2023-02-07 10:28:26 +01:00
Brennan Kinney
81634ce13d
chore: Bring back group value for COPY --chown 2023-02-07 21:36:47 +13:00
Dirk Wetter
1ee21b7f22
Merge pull request #2312 from polarathene/chore/dockerfile-simplify-user
chore(Dockerfile): Simplify `testssl` user creation
2023-02-07 09:03:23 +01:00
Dirk Wetter
64ae161218
Merge branch '3.1dev' into chore/dockerfile-simplify-user 2023-02-07 09:03:15 +01:00
Dirk Wetter
66ebfb2f58 Add changes to CSV baseline 2023-02-06 21:56:54 +01:00
Dirk Wetter
6f881dc70b Rename 3 jsonIDs in run_cipherlists(): breaking change
see #2316 / #2320

AVERAGE --> OBSOLETED
GOOD    --> STRONG_NOFS
STRONG  --> STRONG_FS
2023-02-05 19:32:08 +01:00
Dirk Wetter
e87b745c93
Merge pull request #2316 from dcooper16/cipherlists_doc
Update documentation for cipherlists tests
2023-02-05 19:25:02 +01:00
Dirk Wetter
05b4cdcc0d
Merge pull request #2317 from dcooper16/fix_html
Fix HTML output in Bash 5.2 and newer
2023-02-04 09:22:03 +01:00
David Cooper
3d82f7cb21 Fix HTML output in Bash 5.2 and newer
As noted in #2304, the way that the '&' character is treated in the string part of a pattern substitution changed in Bash 5.2. As a result, the change that was made in #1481 to accommodate older versions of Bash (e.g., on MacOS) now causes testssl.sh to produce incorrect HTML output when run on Bash 5.2.

This commit encodes the '&' characters in the substitution strings in a way that produces correct results on multiple versions of Bash (3.2 on MacOS, 5.2 on Ubuntu 23.10, 5.0 on Ubuntu 20.04).
2023-02-03 14:18:02 -08:00
David Cooper
b661f7b8d3 Update documentation for cipherlists tests
The sets of cipher lists checked by `run_cipherslists()` changed in 3.1dev, but the documentation was not updated.
2023-02-03 11:24:04 -08:00
Dirk Wetter
70237b2328
Merge pull request #2313 from polarathene/chore/dockerfile-remove-mkdir
chore: Remove redundant `mkdir`
2023-02-03 19:54:51 +01:00
Dirk Wetter
6c2663aeb6
Merge pull request #2311 from SSLbrain/3.1dev
Feature Trustcor certificates being removed/disabled from root stores #2293
2023-02-02 13:55:07 +01:00
Brennan Kinney
76b8f0c981 chore: Remove redundant mkdir
- If local folder ownership is for example `644` it will fail to handle the `COPY` regardless (while `744` would work).
- Creating the directory with higher permissions in the container does not appear to help.
2023-02-02 14:26:16 +13:00
Sole
3670c1e4ad Removed non-relevant CA's that no longer have active certificates. 2023-02-02 01:13:00 +00:00
Brennan Kinney
dc7d13b853 chore(Dockerfile): Simplify testssl user creation
Create `testssl` user (_and group_) with no password (`-D`) and default their shell to bash (`-s`):
- A group will implicitly be created with the same value as the user. `addgroup testssl` and `-G testssl` are not needed.
- Gecos data (`-g "testssl user"`) doesn't appear relevant to the project to be required? The default gecos value (`Linux User,,,`) should be fine.
2023-02-02 14:07:51 +13:00
Sole
9fc8c33704 Change exception for removed root certificates into easy edit multi-value regular expression for Organization name and making it clear that CA's are actively removed from 1+ root stores. 2023-02-02 00:42:15 +00:00
Brennan Kinney
74892e45c5 chore: Use a single COPY by better leveraging .dockerignore patterns 2023-02-02 12:49:30 +13:00
Dirk Wetter
e02e8be19f
Merge pull request #2306 from drwetter/upgrade_alpine_perf-fix
Upgrade Alpine version for both Dockerfiles
2023-02-01 19:45:57 +01:00
Dirk Wetter
beb94d9efc Upgrade Alpine version for both Dockerfiles
... to improve/mitigate performance problems, see #2299.
(musl libc vs. glibc)
2023-02-01 19:40:40 +01:00
Dirk Wetter
5a1a114adc
Merge pull request #2300 from drwetter/dependabot/github_actions/docker/build-push-action-4.0.0
Bump docker/build-push-action from 3.3.0 to 4.0.0
2023-01-31 09:37:28 +01:00
Dirk Wetter
0b5c414970
Merge pull request #2303 from drwetter/nntp_ci_remove
Remove NNTP from CI tests
2023-01-31 09:37:06 +01:00
Dirk Wetter
2e0898c9ef Remove NNTP from CI tests
Maybe for the future we should check whether host is available and
if so then run the test
2023-01-31 09:34:18 +01:00
dependabot[bot]
8ae8a6fc44
Bump docker/build-push-action from 3.3.0 to 4.0.0
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3.3.0 to 4.0.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v3.3.0...v4.0.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-31 00:03:02 +00:00
Dirk Wetter
8099dc0106
Merge pull request #2297 from drwetter/ldap_starttls_improvements
Add logic for STARTTLS enabled AD servers
2023-01-17 14:27:01 +01:00
Dirk Wetter
fdd72d2785 Cleanup code, clarfy comments for AD/LDAP + STARTTLS 2023-01-17 14:23:53 +01:00
Dirk Wetter
fc2a020294 Add logic for STARTTLS enabled AD servers
There are two different scenarios. x0C is the buffsize reply from openldap-like servers
whereas AD servers probably have x84 and return also the OID. The following is kind of
hackish as ldap_ExtendedResponse_parse() in apps/s_client.c of openssl is kind of hard
to understand. It was deducted from a number of hosts.
Bottom line: We'll look at the 9th byte or at the 17th when retrieving the result code

AD:
30 84 00 00 00 7d 02 01 01 78 84 00 00 00 74 0a 01 34 04 00 04 55 30 30 30 30 30 30 30 30 3a 20 [ failed AD .. LdapErr + OID..]
30 84 00 00 00 28 02 01 01 78 84 00 00 00 1F 0A 01 00 04 00 04 00 8A 16 [.. OID ..]
   ^^ bufflen                                      ^^ resultcode

30 0C 02 01 01 78 07 0A 01 00 04 00 04 00
   ^^ bufflen              ^^ result code
2023-01-17 11:16:05 +01:00
Dirk Wetter
ce3bd4764f
Merge pull request #2296 from drwetter/dependabot/github_actions/docker/build-push-action-3.3.0
Bump docker/build-push-action from 3.2.0 to 3.3.0
2023-01-16 10:20:13 +01:00
dependabot[bot]
1b2f58d739
Bump docker/build-push-action from 3.2.0 to 3.3.0
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v3.2.0...v3.3.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-16 01:05:58 +00:00
Dirk Wetter
7670275e59
Merge pull request #2292 from drwetter/ldap_starttls_improvements
make starttls_ldap_dialog() more readable...
2022-12-27 22:06:12 +01:00