Dirk Wetter
21bf1ff19f
Merge pull request #3089 from testssl/03_mini_syntax_check
...
Small check for semantic unit tests
2026-07-11 22:47:16 +02:00
Dirk Wetter
f6a59dc083
Properly premature exit for MacOS
2026-07-11 19:03:05 +02:00
Dirk
ed07c763e1
Check on MacOS returned not ok
2026-07-11 17:12:50 +02:00
Dirk Wetter
20a632844b
Now fix the existing non-compliant issues
...
18422: if [[ $tmp_result -eq 1 ]] && [[ loop_reneg -eq 1 ]]; then
19633: [[ aaa == bbb ]] # provoke return code=1
450:TRUSTED1ST="" # Contains the `-trusted_first` flag, if this version of openssl supports it
The latter check be amended/corrected later, so that backticks in comments are allowed.
2026-07-11 15:35:21 +02:00
Dirk Wetter
cf17bd7629
Merge pull request #3086 from ericcgu/ericcgu-bugfix
...
bugfix: aesgcm_used --> enc_aesgcm_used
2026-07-11 13:37:12 +02:00
Dirk Wetter
49c26b7e36
perl-style grep for mac
...
so skip the while thing
2026-07-10 22:25:49 +02:00
Dirk
27c432e95d
Add more checks
...
recommended by Claude Sonnet 5
The backtick pattern will fail in a comment. To be fixed later
2026-07-10 20:20:38 +02:00
Dirk
0c16ebd6b9
Small check for semantic check
...
Staring with a simple pattern for checking for non-variables at left hand
side like [[ LHS == $value ]]. The file is supposed be amended in the future.
This fixes #3074 .
Upon commit it fails first as there are two instances which will be detected
(one is deliberate but will be changed too) .
2026-07-10 19:33:08 +02:00
Dirk Wetter
1be2f7472a
Merge pull request #3088 from testssl/patch-1
...
Update pull_request_template.md
2026-07-10 16:48:58 +02:00
Dirk Wetter
b7fb813edf
Update pull_request_template.md
2026-07-10 16:47:43 +02:00
Dirk Wetter
a46c8baad5
Merge pull request #3084 from testssl/fix_tls13_only_hosts
...
Fix confusion when scanning TLS-1.3-only hosts
2026-07-10 16:41:40 +02:00
Dirk Wetter
0ddba7301e
Fix double mistake 🙁
2026-07-10 15:22:34 +02:00
Dirk Wetter
d1da2c1dea
fix spelling
2026-07-10 13:55:33 +02:00
Dirk Wetter
cbd2b4da1e
Add HAS_LDAP to global vars
...
... and bail out if it is not supported.
2026-07-10 13:51:39 +02:00
Dirk Wetter
d7f5095042
Exempt MacOS with LibreSSL to run STARTTLS via LDAP
2026-07-10 13:40:03 +02:00
Eric Gu (@ericguuu)
5a69b1c344
bugfix: aesgcm_used --> enc_aesgcm_used
2026-07-09 08:45:38 -04:00
Dirk Wetter
8dce14187d
Fix confusion when scanning TLS-1.3-only hosts
...
When scanning hosts which offer only TLS 1.3 under some circumstances (e.g. using
MacOS) the scan stopped and prompted the user . It happened always when $OPENSSL
supported TLS 1.3. It did not when this was not the case.
This fixes that (see #3083 ) for 3.3dev by just skipping the rest in determine_optimal_proto()
when TLS13_ONLY is true.
Also it fixes missing line feeds for servoce detecttion and order in which DNS HTTPS
RR are displayed.
2026-07-09 13:13:15 +02:00
Dirk Wetter
deda4c7627
Merge pull request #3080 from ericcgu/ericcgu-patch-1
...
fix: inverted return check in sym-encrypt() at testssl.sh:14741 makes …
2026-07-08 20:45:06 +02:00
Dirk Wetter
044cfee81b
Merge pull request #3078 from testssl/fix_empty_httpsrr
...
Fix empty result for HTTPS_RR for Mac and friends
2026-07-08 18:24:45 +02:00
Dirk Wetter
62ca07cc33
Merge pull request #3059 from TheraNinjaCat/fix-cert-trust-wildcard-identifier-3051
...
Fixed 'cert_trust_wildcard' identifier when multiple certificates are…
2026-07-08 18:24:14 +02:00
Eric Gu (@ericguuu)
09a17c0cc1
fix: nverted return check in sym-encrypt() at testssl.sh:14741 makes the function return error 7 on every success.
...
[BUG / possible BUG] Inverted return check in sym-encrypt() at testssl.sh:14741 makes the function return error 7 on every success. The tm_out line at testssl.sh:14743 is unreachable.
#3079
2026-07-08 08:28:33 -04:00
Dirk
2dba5fea1b
fix typo
2026-07-06 11:41:18 +02:00
Dirk
44d6b7adbf
Fix empty result for HTTPS_RR for Mac and friends
...
... also improve error handling by adding return values in
*https_rr functions.
The error for ~Macs occured because for interpretation of
raw TYPE65 DNS data it was just 1 returned instead of 0
--for empty records.
2026-07-06 11:36:15 +02:00
TheraNinjaCat
36e5d3df3f
Fixed 'cert_trust_wildcard' identifier when multiple certificates are present.
2026-06-28 21:07:10 +12:00
Dirk Wetter
9fdf8028ba
Merge pull request #3076 from SteveVaneeckhout/fix-ipv4-only-flag-ignored
...
Fix -4/-6 flag being ignored when no specific test is selected
2026-06-25 22:34:27 +02:00
Dirk Wetter
df6cd77195
Merge pull request #3075 from lapo-luchini/3.3dev_fix_escaping
...
Fix escaping.
2026-06-23 23:15:43 +02:00
Lapo Luchini
0db7ab0d49
Fix escaping.
2026-06-23 09:43:55 +02:00
Dirk Wetter
56ba1ab229
Merge pull request #3047 from testssl/https_rr
...
Provide DNS HTTPS RR functionality
2026-06-22 18:16:35 +02:00
github-actions[bot]
f284366aee
Auto-generate docs from testssl.1.md [skip ci]
2026-06-22 14:38:35 +00:00
Dirk Wetter
859d24df20
HTTPS DNS RR in manual
2026-06-22 16:37:32 +02:00
Dirk Wetter
50966dc1d6
Merge branch '3.3dev' into https_rr
2026-06-22 16:26:38 +02:00
Dirk Wetter
dca6434604
Compare QUIC section with DNS HTTPS RR
...
Also: make "A(AAA) record via:" bold, to be in line with the other keys
2026-06-22 16:20:13 +02:00
Dirk Wetter
7e97b243d1
Introduce global HTTPS_RR variable
...
... which is initialized with "initt" to distinguish between not being tested yet and no value.
We only display the value once per $NODE for the first IP address being tested.
HTTPS_RR doesn't have to be reset in reset_hostdepended_vars()
Few comments were added / indentation fixed (not relevant to this PR)
2026-06-22 14:59:13 +02:00
Dirk Wetter
689516c378
Merge pull request #3073 from testssl/my-patch-2
...
clarify what a breaking change is
2026-06-22 13:06:55 +02:00
Dirk Wetter
492882577d
clarify what a braking change is
2026-06-22 13:01:56 +02:00
Dirk Wetter
8b653d0abf
Merge pull request #3072 from testssl/my-patch-1
...
AI section + minor improvements
2026-06-22 12:56:35 +02:00
Dirk Wetter
a75e25a958
Minor changes
2026-06-22 12:55:45 +02:00
Dirk Wetter
74ba0c4f1e
Add links
2026-06-22 12:47:24 +02:00
Dirk Wetter
efab5f9165
AI section + minor improvements
...
- AI generated code becomes more important, so we add a new section (albeit bash support is not really as good as for other languages).
- streamlined comment, which is a comment
2026-06-22 12:33:11 +02:00
Dirk Wetter
a55fc6d5d4
Merge pull request #3071 from testssl/potato-20-revive-hsts-preload
...
Potato 20 revive hsts preload
2026-06-20 18:34:54 +02:00
Dirk Wetter
bfdfaf49a6
Merge branch 'potato-20-revive-hsts-preload' of github.com:testssl/testssl.sh into potato-20-revive-hsts-preload
2026-06-20 17:19:38 +02:00
Dirk Wetter
bb408fd7d5
reflect renaming the variable
...
and u+x the script
2026-06-20 17:17:36 +02:00
github-actions[bot]
050a141a71
Auto-generate docs from testssl.1.md [skip ci]
2026-06-20 14:59:08 +00:00
Dirk Wetter
a13eb751ec
Credit where credits is due
...
Amend manyak
2026-06-20 16:54:30 +02:00
Dirk Wetter
083f0148ca
Move --phone-out to 3.3dev
2026-06-20 16:53:36 +02:00
Dirk Wetter
fda8d34edd
Minor changes to #3060 (HSTS preload)
...
- readability: case statements!
- we query the API, not the list
- safe_echo makes echo safer
2026-06-20 16:46:32 +02:00
Dirk Wetter
2b00b984f9
Merge branch 'revive-hsts-preload' of https://github.com/potato-20/testssl.sh into potato-20-revive-hsts-preload
2026-06-20 16:10:52 +02:00
Dirk Wetter
2a30ddc35e
Merge pull request #3069 from testssl/dependabot/github_actions/actions/checkout-7
...
Bump actions/checkout from 6 to 7
2026-06-20 15:56:44 +02:00
dependabot[bot]
c93ad06489
Bump actions/checkout from 6 to 7
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6 to 7.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v6...v7 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-19 00:22:25 +00:00
Dirk Wetter
8d0f86eada
Merge pull request #3066 from logopk/fix/issuer-cn-linecount
...
[Bug] FIXME: issuer_CN error with more than 5 lines in Issuer #3065
2026-06-18 11:29:47 +02:00