21875952c9
Merge pull request #2803 from testssl/bump_version_3.0
...
Get ready for last release (3.0.10)
2025-06-14 19:54:51 +02:00
3bf31e2f87
Merge pull request #2802 from testssl/update_clientsim_3.0
...
Update client simulation 3.0
2025-06-14 17:35:35 +02:00
9213a54222
Get ready for last release
2025-06-14 16:55:44 +02:00
5e23dae8c7
Update client simulation
...
from 3.2 .
2025-06-14 16:43:49 +02:00
cdbeb91765
Merge pull request #2800 from testssl/update_CAstores_3.0
...
Update CA hashes for 3.0
2025-06-14 16:09:06 +02:00
adb611ca2c
Update certificate store for 3.0
2025-06-14 15:15:12 +02:00
7bdc26cdd5
Merge pull request #2791 from testssl/FixServerHeaderParser_3.0
...
Fix parser for server header (3.0)
2025-06-10 23:18:50 +02:00
e9b06335e1
Fix parser for server header (3.0)
...
Do word matching and exclude minus sign
This fixes #2787 for 3.0.
2025-06-10 22:05:29 +02:00
f5da039c86
Merge pull request #2781 from testssl/ccsInjectionFix_3.0
...
Fix CCS injection
2025-05-21 15:08:45 +02:00
04e174b3af
Fix CCS injection
...
The rhs of the pattern was off by one byte and it worked in practise until recent PR #2658 .
This fixes #2691 for 3.0 .
2025-05-21 13:58:13 +02:00
4beed531be
Merge pull request #2741 from testssl/update_CAs_3.0
...
Update CA stores (3.0)
2025-04-18 13:29:48 +02:00
4a9cee0717
Update CA stores (3.0)
...
This is tha same update as #2740 (for 3.2).
Despite using ``./utils/create_ca_hashes.sh`` git claims ``ca_hashes.txt`` hasn't changed here too.
This fixes #2739 .
2025-04-18 13:25:46 +02:00
84c1cdca1b
Clarify GHCR
2025-04-06 20:31:21 +02:00
56908d3a94
Merge pull request #2730 from testssl/ghcr.io-doc-3.0
...
Add minimal doc for GHCR
2025-04-06 18:38:13 +02:00
ab15338dfc
Add minimal doc for GHCR
2025-04-06 18:37:04 +02:00
e101be3ff2
Merge pull request #2717 from dcooper16/has_sigalgs
...
Check for -sigalgs support
2025-03-24 11:52:21 +01:00
741a5e49d1
Check for -sigalgs support
...
This commit adds a check for -sigalgs support, and only uses this option if it is supported.
2025-03-21 08:11:54 -07:00
6a4a96c342
Merge pull request #2715 from testssl/sanitze_better_http_header.3.0
...
Remove inherited double line
2025-03-20 14:23:00 +01:00
8063982891
fix typo
2025-03-20 13:28:31 +01:00
c825a70eeb
Remove inherited double line
...
.. and update the comment
2025-03-20 13:22:55 +01:00
cbe896d685
Merge pull request #2713 from testssl/sanitze_better_http_header.3.0
...
Sanitze HTTP header early and better
2025-03-20 12:10:15 +01:00
5a320df081
Merge pull request #2711 from testssl/fix_2708_TLS_FALLBACK_SCSV_3.0
...
Set POODLE var when exiting run_ssl_poodle()
2025-03-20 12:09:19 +01:00
520604df2e
Sanitze HTTP header early and better
...
On MacOS run_http_header() hiccuped when in any place of the web site unprintable chars were
returned, see https://github.com/testssl/testssl.sh/issues/2708#issuecomment-2738347784 .
This PR fixes that by moving the sanitization to a separate function and run it earlier before
any processing of the returned content (header plus body) takes place.
Output was:
``
'HTTP Status Code awk: towc: multibyte conversion failure on: '� disabilitato");
input record number 36, file /tmp/testssl.FHu8E0/AAA.BBB.CCC.DDD.http_header.txt
source line number 1
'wk: towc: multibyte conversion failure on: '� disabilitato");
input record number 36, file /tmp/testssl.FHu8E0/AAA.BBB.CCC.DDD.http_header.txt
source line number 1
200 OK
``
2025-03-20 11:19:29 +01:00
95d39fdeab
Set POODLE var when exiting run_ssl_poodle()
...
... so that run_tls_fallback_scsv() doesn't exit with a warning.
This fixes #2708 .
This is for 3.0 . For 3.2 see #2710
2025-03-19 23:45:28 +01:00
8e555768fb
Merge pull request #2704 from dcooper16/ocsp_check_rev_ossl_ver_30
...
OpenSSL version check in check_revocation_ocsp()
2025-03-18 17:40:12 +01:00
c58d6cfb2a
OpenSSL version check in check_revocation_ocsp()
...
The current code for setting $host_header in check_revocation_ocsp() will not work for LibreSSL 3.*. In addition, the code uses $OPENSSL2, which is not defined. This commit fixes these issues.
2025-03-17 11:12:55 -07:00
dd188c1daf
Merge pull request #2699 from testssl/fixDockerOcspCall_3.0
...
Fix --phone-out + ocsp, also in docker container (3.0)
2025-03-15 21:39:24 +01:00
3485606bc0
Fix --phone-out + ocsp, also in docker container (3.0)
...
Previously in 4f1a91f92e
2025-03-15 17:20:14 +01:00
7937c0b845
Merge pull request #2696 from testssl/fix_segfault_error4-3.0
...
Fix segfault with error 4 in check_revocation_ocsp() when using --phone-out (3.0)
2025-03-14 19:19:16 +01:00
8d019855a3
Fix segfault with error 4 in check_revocation_ocsp() when using --phone-out (3.0)
...
As `--phone-out` sometimes doesn't work with our binary we switch transparently/automagically
to the vendor support openssl binary -- if available. This is the PR for 3.0, for 3.2 see #2695 .
This fixes at least #2516 where the issue has been explained/debugged in detail.
See also #2667 and #1275 .
2025-03-14 17:15:40 +01:00
ab0b829d36
Merge pull request #2668 from krufab/fix/fix-typo-in-help-message
...
Corrected typo in help message
2025-02-23 14:29:45 +01:00
57554a9743
Corrected typo in help message
...
Signed-off-by: Fabio Kruger <10956489+krufab@users.noreply.github.com >
2025-02-23 00:28:15 +01:00
d2550395a7
Merge pull request #2663 from dcooper16/fix_ossl_supported_curve_check_30
...
Fix check for OpenSSL supported curves
2025-02-20 11:31:45 +01:00
95d7acf994
Fix check for OpenSSL supported curves
...
OpenSSL 3.X outputs a different error message than previous versions when $OPENSSL s_client -curves X ... is called with an unsupported curve. This was resulting in the check within find_openssl_binary() adding every curve to $OPENSSL_SUPPORTED_CURVES, even ones that were not supported. This commit changes to check in order to detect the new error message.
2025-02-19 12:49:17 -08:00
94b590f0af
Merge pull request #2658 from dcooper16/fix_pattern_match_30
...
Fix pattern matches
2025-02-15 14:15:32 +01:00
6bc771e80d
Fix pattern matches
...
This commit fixes three lines of code that use Bash substring matching. In each case, a list of strings to match was enclosed in brackets. This resulted in a match if the string to test contained any character from any of the strings to match. This commit fixes the issue by removing the brackets.
(The bugs were introduced in https://github.com/testssl/testssl.sh/commit/b8e9b09ca78832b1608dbce48305e65762368a0d and https://github.com/testssl/testssl.sh/commit/8149c2d5cf56d9874c91923e236b9feb5264b88b )
2025-02-13 14:33:13 -08:00
c49d9f67fa
Merge pull request #2654 from testssl/drwetter-patch-1
...
Update workflows to Ubuntu 24.04
2025-02-12 16:22:28 +01:00
65200f4a7e
Update test.yml
2025-02-12 16:21:33 +01:00
bd88c844db
Update docker-3.0.yml
2025-02-12 16:21:04 +01:00
7174521b3d
Update test.yml to Ububutu 22.04
...
Warning from Github that this will be out of service in April 1st.
2025-02-12 16:17:23 +01:00
01dd7a4bd4
Merge pull request #2651 from testssl/readme_update_3.0
...
Update Readme drwetter --> testssl
2025-02-07 12:29:36 +01:00
5d2d9f2c00
Merge pull request #2652 from testssl/address_addCA_issue_3.0
...
Address CA file parsing problem
2025-02-07 12:28:47 +01:00
b0c026ecc3
Address CA file parsing problem
...
.... by forbidding spaces in supplied CA files/directories
Also now we're sanitizing the cmd line parameter better `using safe_echo()`
See also #2647 .
2025-02-07 11:23:13 +01:00
305ce18931
Update Readme drwetter --> testssl
...
and some links in testssl.sh
2025-02-07 10:58:41 +01:00
e69a29ca0c
Merge pull request #2637 from testssl/fix_2633_3.0
...
Fix bug when legacy NPN is tested against a TLS 1.3 host
2025-01-24 20:40:05 +01:00
7597360775
fix typo
2025-01-24 19:38:44 +01:00
f321bcf1ed
Fix bug when legacy NPN is tested against a TLS 1.3 host (3.0)
...
When testing a TLS 1.3 host s_client_options used TLS 1.3 ciphers to test for NPN. As that is not implemented we nee dto make sure any other version is used.
This PR ensures that --after testing whether it's a TLS 1.3-only host where this test doesn't make any sense in the first place.
Fix for #2633
2025-01-24 19:38:02 +01:00
439937feb9
Merge pull request #2630 from testssl/fix_roundbracket_in_header
...
Fix place for round bracket for header and remove obsolete comment
2025-01-23 12:43:55 +01:00
7a6efd9483
Remove +-sign from c&p'ed diff
2025-01-23 11:32:53 +01:00
c482df82bd
Fix place for round bracket and remove obsolete header
...
This was done in 3.2 previously, see commit 4efe324ef7
2025-01-23 10:51:55 +01:00
Dirk Wetter