Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-06 03:52:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
5,071 Commits 16 Branches 34 Tags
1f9aa8008dc41532b2cd08a98f354d4847cb8275
Commit Graph

5071 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk
1f9aa8008d For Mac: use homebrew's openssl 
... so that we have a comparison between OpenSSL and LibreSSL. Otherwise this test would be completely futile for MacOS.
Also change the displayed text.

See #2832 (which was for 3.2)
 2025-07-10 13:19:46 +02:00
Dirk Wetter
84bfb306a2 Merge pull request #2835 from testssl/drwetter-patch-1 
Update CHANGELOG.md
 2025-07-10 09:38:29 +02:00
Dirk Wetter
bdb07d9cbe Update CHANGELOG.md 
SSLlabs rating bump
 2025-07-10 09:37:57 +02:00
Dirk Wetter
fc3e7eca84 Merge pull request #2830 from magnuslarsen/3.1dev 
feat: bump ssllabs rating guide to 2009r
 2025-07-09 23:21:33 +02:00
Magnus Larsen
198a5f0c30 fix(rating): HSTS not offered does not give a warning 2025-07-09 09:41:11 +02:00
Dirk Wetter
2fd80e7454 Merge pull request #2828 from digininja/3.3dev 
Removed rogue space on QUIC output
 2025-07-08 23:21:24 +02:00
Robin Wood
f5fd7cb2c7 One more space 2025-07-08 21:16:26 +01:00
Magnus Larsen
3e465bafe2 feat: bump ssllabs rating guide to 2009r 2025-07-08 14:20:46 +02:00
Robin Wood
ec5443438f Removed rogue space on QUIC output 
Before:

```
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): final
 QUIC        not offered or timed out
 NPN/SPDY   not offered                                                                                      
 ALPN/HTTP2 h2, http/1.1 (offered)                                                                           
```

After:

```
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): final
 QUIC       not offered or timed out
 NPN/SPDY   not offered
 ALPN/HTTP2 h2, http/1.1 (offered)
```
 2025-07-08 08:32:47 +01:00
Dirk Wetter
cc5ab00548 Merge pull request #2827 from testssl/fix_2825_dev 
Fix not working --disable-rating switch (3.3dev)
 2025-07-07 14:02:06 +02:00
Dirk Wetter
85805ba8db Fix not working --disable-rating switch (3.3dev) 
The logic was wrong when calling set_rating_state() in parse_cmd_line() as do_rating was set before to true through set_scanning_defaults().

This PR fixes #2825 by querying ${SKIP_TESTS[@]} instead and then calling set_rating_state() when no --disable-rating was supplied .
 2025-07-07 12:07:53 +02:00
Dirk Wetter
a4d6f9ad55 Merge pull request #2822 from testssl/quic 
First try for QUIC (OpenSSL only and only checking the protocol)
 2025-07-05 13:24:25 +02:00
Dirk
89bd3c753d Add QUIC protocol check in help() 2025-07-04 14:55:48 +02:00
Dirk
4c65d678fb except man page n roff format for codespell 2025-07-04 14:50:49 +02:00
Dirk
3e0a1605b9 Update protocol section for QUIC to be included 2025-07-04 14:48:23 +02:00
Dirk
6e2bd0123c Build instruction for n00bs 2025-07-04 14:24:41 +02:00
Dirk
488de491a1 be more precise: only protocol 2025-07-04 14:21:48 +02:00
Dirk Wetter
48c0a89b98 add QUIC 2025-07-03 23:03:13 +02:00
Dirk Wetter
d85c65e3b2 output missing proxy support if connect fails 2025-07-03 23:01:59 +02:00
Dirk Wetter
38a44ab89a 3.2 --> 3.3dev 2025-07-03 22:38:27 +02:00
Dirk Wetter
d74c1bbaee add QUIC line for testssl.sh server 2025-07-03 22:34:43 +02:00
Dirk Wetter
6047f21a80 Merge pull request #2823 from testssl/fix_revocation_unittest 
Fix 52_ocsp_revoked (OCSP --> CRL)
 2025-07-03 18:14:17 +02:00
Dirk Wetter
8a665e9dce Fix 52_ocsp_revoked (OCSP --> CRL) 2025-07-03 16:56:28 +02:00
Dirk
c4c89dbd40 Fix 52_ocsp_revoked (OCSP --> CRL) 2025-07-03 16:54:26 +02:00
Dirk Wetter
c942283b34 Re-add correct version \# 2025-07-03 15:01:04 +02:00
Dirk
49dcd5b854 First try for QUIC (OpenSSL only) 
This is an implementation for QUIC (RFC 9000, RFC 9114). It's purely
OpenSSL based for now. As some distros support newer (>= 3.2) versions
this works on some distros now and will work on more as time goes by.

It has been tested with MacOS and Linux. If there's an OpenSSL version
in /usr/bin/ it will automagically use that version.

A new short sub function named sub_quic() was introduced for handling this as
run_protocols() is already "full".

It appears below TLS 1.3. A check against HTTPS RR #2484 is planned but
not implemented yet. PR #2484 has to be worked on and merged before.

New variables were introduces (HAS_QUIC/ +HAS2_QUIC). Also there's
QUIC_WAIT as we run the connect in the background and we need a wait time.

HAS_UDS2 was renamed to HAS2_UDS as HAS2 should signal this is for OPENSSL2
and UDS2 doesn't make sense.

To clarify:
- check for a proxy and then don't do the check?
- short unit test (t/31_isJSON_valid.t cjecks cloudflare but ...)
 2025-07-03 14:36:55 +02:00
Dirk Wetter
6173d80ca2 Merge branch '3.2' into 3.3dev 2025-07-03 09:00:16 +02:00
Dirk Wetter
4b5409122c Merge pull request #2820 from testssl/performance_hint 
Performance hint for openssl
 2025-07-02 17:37:21 +02:00
Dirk Wetter
6de18d3a22 was 2x first 2025-07-02 17:36:33 +02:00
Dirk Wetter
6083938a47 Performance hint for openssl 2025-07-02 17:34:29 +02:00
Dirk Wetter
2829827cc2 Merge pull request #2817 from testssl/errormsg_2807 
Improve error message for sockets fail and Alpine
 2025-06-29 17:06:01 +02:00
Dirk
3792bceeda Improve error message for sockets fail and Alpine 
See $2807 .

Also some prln_magenta were modified (see #2816) to pr_warning.
 2025-06-29 15:24:44 +02:00
Dirk Wetter
9b1a7ae1f8 Merge pull request #2814 from testssl/revert-2813-revert_2772_for_testing 
Revert "Revert lowercase conversion for repo"
 2025-06-24 12:07:08 +02:00
Dirk
78a613dae3 Remove the scheudule part as it will not work anymore 2025-06-24 12:06:00 +02:00
Dirk Wetter
b56302518b Revert "Revert lowercase conversion for repo" 2025-06-23 23:12:59 +02:00
Dirk Wetter
6dc26b09fe Merge pull request #2813 from testssl/revert_2772_for_testing 
Revert lowercase conversion for repo
 2025-06-23 21:38:32 +02:00
Dirk
d44692331b Revert lowercase conversion for repo 
... which was done in #2772 . This is done for testing as building the container doesn't
work anymore, see #2810 .

Action logs say it was build but it's unclear why it is still based on 3.2rc4 .
Hence this test.

The schedule was commented out as it would not apply either here as 3.3dev is
 now the default version.
 2025-06-23 21:17:49 +02:00
Dirk Wetter
bed43df2df Merge pull request #2812 from testssl/ghcr_workflow_no_unittest 
YAML file doesn't need the unit tests
 2025-06-23 21:04:43 +02:00
Dirk Wetter
58719e4492 YAML file doesn't need the unit tests 2025-06-23 21:00:33 +02:00
Dirk Wetter
4b71d0e2ce Merge pull request #2811 from testssl/docker_action_rename 
Change action docker file to 3.3dev
 2025-06-23 20:54:24 +02:00
Dirk Wetter
d2eaae79cb rename docker ghcr.io action 2025-06-23 20:52:14 +02:00
Dirk Wetter
5e571b4463 no unit test for yml file changes 2025-06-23 20:51:03 +02:00
Dirk Wetter
f1621600f4 Change file to 3.3dev 2025-06-23 20:40:54 +02:00
Dirk Wetter
da6ec2f695 Merge branch '3.2' into 3.3dev 2025-06-23 20:31:40 +02:00
Dirk Wetter
5fe854b830 Merge pull request #2809 from testssl/improve_2798 
Minor improvements to #2798
 2025-06-23 20:29:27 +02:00
Dirk Wetter
4d75527a4b Merge pull request #2808 from testssl/fix_sectigo_x46.forLinux 
Add sectigo CA E46 and R46 for Linux.pem
 2025-06-23 20:29:07 +02:00
Dirk Wetter
c9a11a9fb0 Minor improvements to #2798 
see https://github.com/testssl/testssl.sh/pull/2798#issuecomment-2972834180
 2025-06-23 18:43:34 +02:00
Dirk Wetter
71f0f32cf5 Merge pull request #2798 from secinto/3.2 
Modify grading for incomplete chain. 

suggested corrections will be done after merge
 2025-06-23 18:41:00 +02:00
Dirk Wetter
b4f9e51865 Add lf so that gh action doesn't complain 2025-06-23 18:21:44 +02:00
Dirk Wetter
1403503077 Add Sectigo x46 CAs from recent Debian update 2025-06-23 18:20:14 +02:00