Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 13:55:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,320 Commits 17 Branches 35 Tags
035996cc4450b21ba4fb978eed7bd12fd1d766cf
Commit Graph

4320 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Odinmylord
035996cc44 updated default_testssl.csvfile with new RSA-PSS 2023-03-23 00:14:15 +01:00
Odinmylord
cf0c1c1f5f Added more details to the SignatureAlgorithms 2023-03-22 23:14:56 +01:00
Dirk Wetter
cb451777d2 Merge pull request #2338 from drwetter/CAstores_update 
CA astores update
 2023-03-18 20:19:03 +01:00
Dirk Wetter
aac696b0a0 Updated root CA stores 2023-03-17 18:06:57 +01:00
Dirk Wetter
6106887fdd Update DST CA 2023-03-17 18:06:03 +01:00
Dirk Wetter
419aae3c98 updates docu to reflekt actual status 2023-03-17 18:05:24 +01:00
Dirk Wetter
2659a13086 Merge pull request #2336 from drwetter/drwetter-patch-4 
Update codespell.yml
 2023-03-12 18:12:29 +01:00
Dirk Wetter
6cea273a68 Update codespell.yml 
add exception for aNULL which should work now
 2023-03-12 17:55:10 +01:00
Dirk Wetter
b84e182ca2 Merge pull request #2332 from drwetter/sanitize_fileout 
Make sure control chars from HTTP header don't end up in html,csv,json
 2023-03-12 16:18:20 +01:00
Dirk Wetter
83f67b4fb7 Merge pull request #2333 from drwetter/drwetter-patch-4 
Update .gitignore
 2023-03-12 16:00:11 +01:00
Dirk Wetter
8643ed4c72 Update .gitignore 2023-03-12 15:57:01 +01:00
Dirk Wetter
cacd8c57b1 Add variable htmlfile + filter GOST message 
... which is needed for newer LibreSSL/OpenSSL versions
 2023-03-12 15:09:24 +01:00
Dirk Wetter
2e33c483dd remove comma in tr as it was interpreted as such 2023-03-12 14:52:11 +01:00
Dirk Wetter
fab67d0cca Remove CR in server banner 
... which caused a problem in t/32_isHTML_valid.t.

Also the test for an empty server banner was simplified
 2023-03-12 14:00:55 +01:00
Dirk Wetter
d298b41d2c add aNULL exception to codespell 2023-03-11 14:06:47 +01:00
Dirk Wetter
06506b371e Make sure control chars from HTTP header don't end up in html,csv,json 
This addresses the bug #2330 by implementing a function which removes
control characters from the file output format html,csv,json at the
output.

In every instance called there's a check before whether the string
contains control chars, hoping it'll save a few milli seconds.

A tr function is used, omitting LF.

It doesn't filter the terminal output and the log file output.
 2023-03-11 13:38:28 +01:00
Dirk Wetter
88763f47a8 Merge pull request #2326 from drwetter/fix_mime-type 
Fix Accept Header
 2023-02-20 20:29:14 +01:00
Dirk
a14fc5bdcf Fix Accept header 
see #2325.

"whenever HTTP/1.1 is used then the Accept header uses "text/*" as a MIME type.
This causes some minor issues with some of the checks we are doing"
 2023-02-20 15:01:40 +01:00
Dirk Wetter
e57527f3ec Merge pull request #2321 from drwetter/align_json+terminal@run_cipherlists 
Rename 3 jsonIDs in run_cipherlists(): breaking change
 2023-02-08 17:07:42 +01:00
Dirk Wetter
8260ca16e2 Merge pull request #2309 from polarathene/chore/dockerfile-improved-copy 
chore: Use a single `COPY` by better leveraging `.dockerignore` patterns
 2023-02-07 12:23:04 +01:00
Dirk Wetter
363c0d0a69 Merge pull request #2323 from drwetter/drwetter-patch-4 
Remove mkdir in Dockerfile
 2023-02-07 10:29:08 +01:00
Dirk Wetter
f914423978 Remove mkdir in Dockerfile 
see https://github.com/drwetter/testssl.sh/pull/2312#pullrequestreview-1286620850
 2023-02-07 10:28:26 +01:00
Brennan Kinney
81634ce13d chore: Bring back group value for COPY --chown 2023-02-07 21:36:47 +13:00
Dirk Wetter
1ee21b7f22 Merge pull request #2312 from polarathene/chore/dockerfile-simplify-user 
chore(Dockerfile): Simplify `testssl` user creation
 2023-02-07 09:03:23 +01:00
Dirk Wetter
64ae161218 Merge branch '3.1dev' into chore/dockerfile-simplify-user 2023-02-07 09:03:15 +01:00
Dirk Wetter
66ebfb2f58 Add changes to CSV baseline 2023-02-06 21:56:54 +01:00
Dirk Wetter
6f881dc70b Rename 3 jsonIDs in run_cipherlists(): breaking change 
see #2316 / #2320

AVERAGE --> OBSOLETED
GOOD    --> STRONG_NOFS
STRONG  --> STRONG_FS
 2023-02-05 19:32:08 +01:00
Dirk Wetter
e87b745c93 Merge pull request #2316 from dcooper16/cipherlists_doc 
Update documentation for cipherlists tests
 2023-02-05 19:25:02 +01:00
Dirk Wetter
05b4cdcc0d Merge pull request #2317 from dcooper16/fix_html 
Fix HTML output in Bash 5.2 and newer
 2023-02-04 09:22:03 +01:00
David Cooper
3d82f7cb21 Fix HTML output in Bash 5.2 and newer 
As noted in #2304, the way that the '&' character is treated in the string part of a pattern substitution changed in Bash 5.2. As a result, the change that was made in #1481 to accommodate older versions of Bash (e.g., on MacOS) now causes testssl.sh to produce incorrect HTML output when run on Bash 5.2.

This commit encodes the '&' characters in the substitution strings in a way that produces correct results on multiple versions of Bash (3.2 on MacOS, 5.2 on Ubuntu 23.10, 5.0 on Ubuntu 20.04).
 2023-02-03 14:18:02 -08:00
David Cooper
b661f7b8d3 Update documentation for cipherlists tests 
The sets of cipher lists checked by `run_cipherslists()` changed in 3.1dev, but the documentation was not updated.
 2023-02-03 11:24:04 -08:00
Dirk Wetter
70237b2328 Merge pull request #2313 from polarathene/chore/dockerfile-remove-mkdir 
chore: Remove redundant `mkdir`
 2023-02-03 19:54:51 +01:00
Dirk Wetter
6c2663aeb6 Merge pull request #2311 from SSLbrain/3.1dev 
Feature Trustcor certificates being removed/disabled from root stores #2293
 2023-02-02 13:55:07 +01:00
Brennan Kinney
76b8f0c981 chore: Remove redundant mkdir 
- If local folder ownership is for example `644` it will fail to handle the `COPY` regardless (while `744` would work).
- Creating the directory with higher permissions in the container does not appear to help.
 2023-02-02 14:26:16 +13:00
Sole
3670c1e4ad Removed non-relevant CA's that no longer have active certificates. 2023-02-02 01:13:00 +00:00
Brennan Kinney
dc7d13b853 chore(Dockerfile): Simplify testssl user creation 
Create `testssl` user (_and group_) with no password (`-D`) and default their shell to bash (`-s`):
- A group will implicitly be created with the same value as the user. `addgroup testssl` and `-G testssl` are not needed.
- Gecos data (`-g "testssl user"`) doesn't appear relevant to the project to be required? The default gecos value (`Linux User,,,`) should be fine.
 2023-02-02 14:07:51 +13:00
Sole
9fc8c33704 Change exception for removed root certificates into easy edit multi-value regular expression for Organization name and making it clear that CA's are actively removed from 1+ root stores. 2023-02-02 00:42:15 +00:00
Brennan Kinney
74892e45c5 chore: Use a single COPY by better leveraging .dockerignore patterns 2023-02-02 12:49:30 +13:00
Dirk Wetter
e02e8be19f Merge pull request #2306 from drwetter/upgrade_alpine_perf-fix 
Upgrade Alpine version for both Dockerfiles
 2023-02-01 19:45:57 +01:00
Dirk Wetter
beb94d9efc Upgrade Alpine version for both Dockerfiles 
... to improve/mitigate performance problems, see #2299.
(musl libc vs. glibc)
 2023-02-01 19:40:40 +01:00
Dirk Wetter
5a1a114adc Merge pull request #2300 from drwetter/dependabot/github_actions/docker/build-push-action-4.0.0 
Bump docker/build-push-action from 3.3.0 to 4.0.0
 2023-01-31 09:37:28 +01:00
Dirk Wetter
0b5c414970 Merge pull request #2303 from drwetter/nntp_ci_remove 
Remove NNTP from CI tests
 2023-01-31 09:37:06 +01:00
Dirk Wetter
2e0898c9ef Remove NNTP from CI tests 
Maybe for the future we should check whether host is available and
if so then run the test
 2023-01-31 09:34:18 +01:00
dependabot[bot]
8ae8a6fc44 Bump docker/build-push-action from 3.3.0 to 4.0.0 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3.3.0 to 4.0.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v3.3.0...v4.0.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-31 00:03:02 +00:00
Dirk Wetter
8099dc0106 Merge pull request #2297 from drwetter/ldap_starttls_improvements 
Add logic for STARTTLS enabled AD servers
 2023-01-17 14:27:01 +01:00
Dirk Wetter
fdd72d2785 Cleanup code, clarfy comments for AD/LDAP + STARTTLS 2023-01-17 14:23:53 +01:00
Dirk Wetter
fc2a020294 Add logic for STARTTLS enabled AD servers 
There are two different scenarios. x0C is the buffsize reply from openldap-like servers
whereas AD servers probably have x84 and return also the OID. The following is kind of
hackish as ldap_ExtendedResponse_parse() in apps/s_client.c of openssl is kind of hard
to understand. It was deducted from a number of hosts.
Bottom line: We'll look at the 9th byte or at the 17th when retrieving the result code

AD:
30 84 00 00 00 7d 02 01 01 78 84 00 00 00 74 0a 01 34 04 00 04 55 30 30 30 30 30 30 30 30 3a 20 [ failed AD .. LdapErr + OID..]
30 84 00 00 00 28 02 01 01 78 84 00 00 00 1F 0A 01 00 04 00 04 00 8A 16 [.. OID ..]
   ^^ bufflen                                      ^^ resultcode

30 0C 02 01 01 78 07 0A 01 00 04 00 04 00
   ^^ bufflen              ^^ result code
 2023-01-17 11:16:05 +01:00
Dirk Wetter
ce3bd4764f Merge pull request #2296 from drwetter/dependabot/github_actions/docker/build-push-action-3.3.0 
Bump docker/build-push-action from 3.2.0 to 3.3.0
 2023-01-16 10:20:13 +01:00
dependabot[bot]
1b2f58d739 Bump docker/build-push-action from 3.2.0 to 3.3.0 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v3.2.0...v3.3.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-16 01:05:58 +00:00
Dirk Wetter
7670275e59 Merge pull request #2292 from drwetter/ldap_starttls_improvements 
make starttls_ldap_dialog() more readable...
 2022-12-27 22:06:12 +01:00