Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-06 00:39:44 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,505 Commits 15 Branches 30 Tags 211 MiB
06821e31ff
Commit Graph

3505 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk Wetter
f6a9044315 Display time as suggested in utc (3.0) 
This fixes #1895
 2021-06-03 19:29:26 +02:00
Dirk Wetter
c0d9427988
Merge pull request #1889 from dcooper16/send_to_stderr_30 
Print errors to stderr
 2021-05-15 12:22:43 +02:00
David Cooper
7d5e24c62f
Print errors to stderr 
Same as #1888, but for the 3.0 branch.
 2021-05-13 11:21:48 -04:00
Dirk Wetter
931d0095d6
Merge pull request #1887 from ghen2/3.0-uname 
`hostname` is not defined by POSIX, use portable `uname -n` instead.
 2021-05-13 16:11:11 +02:00
Geert Hendrickx
388f3aea19
hostname is not defined by POSIX, use portable uname -n instead. 2021-05-13 13:58:07 +02:00
Dirk Wetter
6829996197
Merge pull request #1886 from drwetter/3.0.5 
Bump version
 2021-05-10 13:50:07 +02:00
Dirk Wetter
f5fde2a93b Bump version 2021-05-10 12:16:12 +02:00
Dirk Wetter
4976da43b0
Merge pull request #1883 from drwetter/epoch_180hsts_1879.branch_3.0 
Fix "off by one" error in HSTS
 2021-05-10 11:18:53 +02:00
Dirk Wetter
5758c397da
Merge pull request #1885 from definity/3.0 
fixed minor bug with json output for TLS1.1
 2021-05-09 20:37:07 +02:00
Chad Brigance
ca4a0b23f7 fixed minor bug with json output for TLS1.1 #1884 2021-05-09 09:46:57 +00:00
Dirk Wetter
68cbdf8dc8 Fix "off by one" error in HSTS 
There was by mistake a 179 days threshold and also the error message
was wrong when HSTS was exactly set to 179 days, see #1879.

This commit sets it to 180 days and corrects the error messages on
screen.
 2021-05-08 14:55:30 +02:00
Dirk Wetter
835abd6acb
Merge pull request #1870 from dcooper16/fix_ossl30 
Improve compatibility with OpenSSL 3.0
 2021-04-09 10:44:12 +02:00
David Cooper
c0f29f6234
Improve compatibility with OpenSSL 3.0 
This commit makes the same changes to the 3.0 branch as #1868 makes to the 3.1dev branch.
 2021-04-08 12:10:29 -04:00
Dirk Wetter
52ed92ca87
Merge pull request #1866 from drwetter/fix1860_svSE_etc_charset_3.0 
Ensure certain regex patterns work as expected and aren't localized (3.0)
 2021-04-05 14:29:22 +02:00
Dirk
c461702112 Ensure certain regex patterns work as expected and aren't localized (3.0) 
Same as #1865.

This PR is trying to address an issue where probably newer bash versions treat
regexes differently in other locales. W is with a swedish locale just a variant
of V (#1860) see also e.g.

https://collation-charts.org/opensolaris/opensolaris.2008.05.sv_SE.UTF-8.html
https://www.sqlservercentral.com/forums/topic/order-by-name-not-works#post-1644177
 2021-04-05 11:38:17 +02:00
Dirk Wetter
7723a309b5
Merge pull request #1858 from jschauma/3.0 
add codepoints for RFC7905, ChaCha20-Poly1305
 2021-03-25 21:34:04 +01:00
Jan Schaumann
ac71be1040 whitespace alignment 2021-03-25 16:24:52 -04:00
Jan Schaumann
ddb324c81d add codepoints for RFC7905, ChaCha20-Poly1305 2021-03-25 16:21:45 -04:00
Dirk Wetter
acc9a82a07
Merge pull request #1848 from elfranne/ianaopenssl3.0 
IANA <-> Openssl mapping issue for 3.0
 2021-02-25 17:17:39 +01:00
Elfranne
fe6c866d4e
IANA <-> Openssl mapping issue 2021-02-25 13:56:54 +01:00
Dirk Wetter
bf966a9b2f
Merge pull request #1831 from drwetter/fix_heartbleed_json.1828_3.0 
Fix file output formatting for heartbleed (3.0)
 2021-01-20 10:11:51 +01:00
Dirk
a1777cdd0e Fix file output formatting for heartbleed 
Quotes were wrong for different results, which lead to some confusion
for finding, cve and cwe.

Fixes #1828
 2021-01-20 09:04:11 +01:00
Dirk Wetter
2627d9db13
Merge pull request #1825 from drwetter/fix_travis_3.0 
Travis CI didn't run. Trying to fix it (3.0)
 2021-01-18 09:15:14 +01:00
Dirk
4ee936dc52 Travis CI didn't run. Trying to fix it 2021-01-13 22:35:34 +01:00
Dirk Wetter
4b800b0ae5
Merge pull request #1822 from drwetter/fix_dot@NODE 
Fixes trailing dot error in URL handling (3.0)
 2021-01-13 21:56:48 +01:00
Dirk Wetter
b8e76a3861 Fixes trailing dot error in URL handling 
For DNS queries a trailing dot in the variable $NODE is always fine. For
HTTP queries it is not. and causes the https request to fail.

Backport from 4f1da9b192

Also: removal of ancient CVS_REL relict in $TEMPDIR/environment.txt
 2021-01-13 11:35:31 +01:00
Dirk Wetter
666a2c4edb
Merge pull request #1818 from drwetter/le_issuer_fix1816_3.0 
Fix issuer check for Let's Encrypt (3.0)
 2021-01-07 10:32:12 +01:00
Dirk Wetter
0de00f4322 Fix issuer check for Let's Encrypt (3.0) 
Fixes #1816 for 3.0 by a proper halving of the dates
 2021-01-07 10:29:08 +01:00
Dirk Wetter
cb94ffaa13
Merge pull request #1796 from drwetter/no_code_update3.0 
Trying to save resources for Travis/CI (3.0)
 2020-11-28 10:15:13 +01:00
Dirk
98d1bd64bc Trying to save resources for Travis/CI (3.0) 
See 3b38a5dea3
 2020-11-28 10:12:43 +01:00
Dirk Wetter
dc08a120ba
Merge pull request #1793 from drwetter/docker_docu_polish3.0 
Consolidate docker sections in Readme.md and Dockerfile.md (3.0)
 2020-11-27 16:54:26 +01:00
Dirk Wetter
7c835470be Consolidate docker sections in Readme.md and Dockerfile.md 
see #1791
 2020-11-27 16:53:28 +01:00
Dirk Wetter
7dac1a20f7
Merge pull request #1780 from drwetter/fix_1779 
Fix 1779
 2020-11-20 16:27:10 +01:00
Dirk
ca89328ed4 Change version number 
To avoid clashes with distributors it may be is smarter to stick
to three numbers and not intoducing another digit.

3.0.4 <-- 3.0.3.1
 2020-11-20 11:09:17 +01:00
Dirk
e441357efe Fix reading SSLv2 socket (3.0 branch) 
This fixes #1779. There was a problem introduced in
3c97412a61 which counted
the size of the file name rather than the size of the
socket reply.
 2020-11-20 11:06:22 +01:00
Dirk
b08b5d8b98 Bump version to 3.0.3 2020-11-19 09:41:12 +01:00
Dirk Wetter
0abaa6d2bf
Merge pull request #1774 from drwetter/ca-update_3.0 
Update certificate stores (3.0 branch)
 2020-11-14 11:11:03 +01:00
Dirk Wetter
2f18dcbd58 Update remaining stores: Apple / Java / Microsoft 
* also ca_hashes.txt

* Used Java SDK 15 instead of JRE 8
* Used Windows 10 20H2
* Java Keystore has added 5 certificates (90 --> 95)

Updated Readme and make instructions more reproducible

Fixes #1772
 2020-11-13 22:13:10 +01:00
Dirk Wetter
d536c07b72
Merge pull request #1776 from drwetter/fix_1762_3.0 
Stop labeling X-XSS-Protection as green (3.0 branch)
 2020-11-13 15:24:22 +01:00
Dirk Wetter
99a158d952 Stop labeling X-XSS-Protection as green (3.0 branch) 
* X-XSS-Protection is now labled as a neutral finding as suggested in #1762
* Also it adds colons to header values

This a quick fix for the stable version as opposed to #1764 ff.
It also changes the color from lite cyan to neutral
 2020-11-13 13:57:21 +01:00
Dirk Wetter
a180ec4f80 update Linux.pem + Mozilla.pem 2020-11-11 18:37:56 +01:00
Dirk Wetter
f3abf77ed8
Merge pull request #1761 from keisentraut/fix-1757-3.0 
fix #1757: manpage: --c has one dash to much (backport 3.0)
 2020-10-29 20:28:23 +01:00
Klaus Eisentraut
44fd73bfcd fix #1757: manpage: --c has one dash to much (backport 3.0) 2020-10-29 20:21:05 +01:00
Dirk Wetter
0cf5a49762
Merge pull request #1759 from drwetter/fix_1754_3.0 
Fix run_freak() when sslv2 server hello is empty (3.0 branch)
 2020-10-28 15:05:51 +01:00
Dirk Wetter
3c97412a61 Address complaint by Travis + RC4 SSLv2 ciphers shortcut 
Despite the fact google doesn't support RC4 ciphers, testssl.sh called
sslv2_sockets(). Google answered with a >= TLS alert. Building a sum then
failed then in sslv2_sockets().

This fixes sslv2_sockets() and introduces count_chars() as a helper function
(tested also under old FreeBSD to make sure it works under MacOSX).

Also it adds a shortcut: if we are sure we don't have sslv2 we don't need
to test any RC4 SSLv2 ciphers
 2020-10-28 11:45:41 +01:00
Dirk
4ddc90d98d Fix run_freak() when sslv2 server hello is empty (3.0 branch) 
This fixes #1754 by avoiding further string operations if the SSLv2 socket reply is empty as bash 5.1 seems to have a problem with that. The fix is done in sslv2_sockets() .

Also sslv2 is not being used in run_freak() if known not to be supported.
 2020-10-27 22:48:50 +01:00
Dirk Wetter
cd9b98ca70
Merge pull request #1727 from drwetter/fix_1725_SCIR_3.0 
Fix Secure Client-Initiated Renegotiation false positive (3.0 branch)
 2020-09-16 20:13:33 +02:00
Dirk
08feaf4a0c Fix Secure Client-Initiated Renegotiation false positive (3.0 branch) 
Server side closed the connection but openssl retrieved
a zero exit code. In addition now we look for "closed"
and if that was returned from the server we label it
as not vulnerable.

This fixes #1725.

Same fix as for 3.1dev, see #1726
 2020-09-16 18:13:47 +02:00
Dirk Wetter
c0581afeeb
Merge pull request #1712 from dcooper16/fix1699_3.0 
Fix #1699 in 3.0 branch
 2020-08-31 17:07:46 +02:00
David Cooper
b7dab55b6c Fix #1699 in 3.0 branch 
This commit makes the same change as #1711, but in the 3.0 branch.
 2020-08-31 10:42:11 -04:00