According to the POSIX Programmer's Manual, the exit status specified by
the unsigned decimal integer. If n is specified, but its value is not
between 0 and 255 inclusively, the exit status is undefined.
By cross reference the usage between different scripts in this project,
it looks like we could simply remove the `-` before the number.
In parse_cmd_line() error messages are usually printed to stderr, but in three places the messages are printed to stdout. This commit modifies those three lines so that they also print to stderr.
The commit also replaces a call to a non-existant function, tmln_magenta_term, with a call to tmln_magenta.
Respect changed HSTS epoch time of 180 days.
(DROWN output is changed too as the certificated changed but doesn't matter
as the travis check filters that)
There was by mistake a 179 days threshold and also the error message
was wrong when HSTS was exactly set to 179 days.
This commit sets it to 180 days and corrects the error messages on
both screen and JSON.
This commit addresses a few issued related to the use of testssl.sh with OpenSSL 3.0.0-alpha14.
First, when pkey is used to print a DH key that uses an unknown group, OpenSSL 3.0.0-alpha14 labels the prime and generator using "P:" and "G:" rather than "prime:" and "generator:". (In PR #1586 it was noted that OpenSSL 3.0.0-alpha1 used "prime P:" and "generator G:". The x509 command in OpenSSL 3.0.0-alpha14 still uses "prime P:" and "generator G:" when printing a DH public key in a certificate, but the pkey command just uses "P:" and "G:").
Second, when the pkey command is used to print a DH key that uses certain common primes (e.g., groups from RFC 3526 or RFC 7919), OpenSSL 3.0.0-alpha14 simply prints "GROUP: " followed by a short name for the group rather than printing the value of the prime and generator.
Finally, the "-text" option no longer works if the input is a public key. Fortunately, the "-text_pub" option provides the expected results with all versions of OpenSSL and LibreSSL.
xxd is not a strict requirement and a fallback logic exists to handle its absence. However it is in general more performant and helpful in debugging as well which is desirable in many situations like ci/cd pipelines. See commit 3756cdc for details
Dirk Wetter
Peter Dave Hello
Mikel Olasagasti Uranga
David Cooper
Chad Brigance
vin01
Jan Schaumann