1
0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-07-17 19:21:57 +02:00
Commit Graph

3944 Commits

Author SHA1 Message Date
d720720150 Merge pull request from drwetter/fix_1992_certificateIssuerName
Fix invalid JSON when certificate issuer contains non-ASCII chars
2021-10-03 19:52:35 +02:00
a5aa3a4bbf Fix invalid JSON when certificate issuer contains non-ASCII chars
Changed printf %s to printf %b which cause now to output
UTF-8 correctly.

See 
2021-10-03 18:19:24 +02:00
b6b5a67b92 Save # of connects / WSL uses 127.0.0.1:0 by default
In order to save time and to spare WSL users lame DNS lookups
I removed a couple of connect calls from 14 to 4:

$OPENSSL s_client -ssl2 -connect invalid.
-->
OPENSSL s_client -ssl2

NXCONNECT to localhost IP and port 0 is now the default when WSL
is detected. Not sure whether this is working under all circumstances,
so this needs some testing.
2021-10-02 15:25:42 +02:00
068e07c52c Merge pull request from mig5/fix-letsencrypt-remove-dst-root-x3-ca-cert
Remove the expired DST Root CA X3 cert from all trust stores, and ensure Mozilla's is up to date (fixes ISRG X1 alternate path)
2021-10-02 08:38:34 +02:00
bab14124c1 Merge pull request from drwetter/revert-1998-1995-trusted-first
Revert "In determine_trust(), use the OpenSSL '-trusted_first' flag to ignore the now-expired DST Root CA X3 root certificate"
2021-10-02 08:34:07 +02:00
e874c1013b Revert "In determine_trust(), use the OpenSSL '-trusted_first' flag to ignore the now-expired DST Root CA X3 root certificate" 2021-10-02 08:33:39 +02:00
624e934f77 Merge pull request from smokris/1995-trusted-first
In determine_trust(), use the OpenSSL '-trusted_first' flag to ignore the now-expired DST Root CA X3 root certificate
2021-10-02 08:33:03 +02:00
905f801309 Remove the expired DST Root CA X3 cert from all trust stores, and ensure Mozilla's is up to date (fixes ISRG X1 alternate path)
Remove changes to Dockerfiles

Update hashes for CA trust stores
2021-10-02 08:05:56 +10:00
b0754ce0f1 In determine_trust(), use the OpenSSL '-trusted_first' flag to ignore the now-expired DST Root CA X3 root certificate. Fixes . 2021-10-01 16:24:04 -04:00
667c6e698c Merge pull request from dcooper16/fix_md_formatting
Update testssl.1.md
2021-10-01 18:02:03 +02:00
8b129577a7 Update testssl.1.md
testssl.1.md included '.SS "SINGLE CHECK OPTIONS"', which belongs in testssl.1, but not in testssl.1.md. This commit removes this extra line.
2021-09-30 14:09:17 -04:00
b8bff805f7 Merge pull request from klaernie/contenttype
fix html output content type header
2021-09-24 14:21:04 +02:00
4f72f2fa8e fix html output content type header 2021-09-24 11:36:29 +02:00
ae21ef7eab Merge pull request from drwetter/fix_1982_kali.cnf
Fix : Newer openssl.cnf break openssl detection
2021-09-15 11:19:05 +02:00
fe6c22f7fd Addressing lame DNS responses on WSL (WIP)
This commit provides a global variable to the RFC 6761 use of "invalid."
which WSL clients doen't seem to handle very well, see , .

With this commit it e.g. is possible to use

     NXCONNECT=localhost:0 ./testssl.sh <TARGET>

to save some time.

This commit will be amended later.
2021-09-15 09:53:20 +02:00
2405176a26 Fix : Newer openssl.cnf break openssl detection
Newer configuration files from openssl may include statements
which aren't compatible with our supplied old openssl version.
This commit adds an autodetection of such a file and uses a
openssl.cnf provided by this project then.
2021-09-15 09:31:03 +02:00
3207357e8c Merge pull request from DimitriPapadopoulos/codespell
Typos found by codespell
2021-09-14 13:37:59 +02:00
fcb282e3c3 Typos found by codespell
Run codespell in CI
2021-09-14 13:33:39 +02:00
3dddcbf445 Merge pull request from drwetter/drwetter-patch-1
Update bug_report.md
2021-09-10 18:37:43 +02:00
611754165f Merge pull request from drwetter/drwetter-patch-2
Update feature_request.md
2021-09-10 18:37:17 +02:00
5fc23932ac Update feature_request.md 2021-09-10 18:37:02 +02:00
2f173de7e0 Update bug_report.md 2021-09-10 18:33:39 +02:00
1d4acd9027 Merge pull request from drwetter/fix_1978
Fix minor inconsistency in description of cipher categories
2021-09-10 08:09:21 +02:00
529e9da823 Fix GHA (starttls nntp)
using another IP
2021-09-09 23:17:09 +02:00
15cfd849fe Replace --standard by --categories 2021-09-09 22:07:44 +02:00
739f45015f Fix minor inconsistency in description of cipher categories
A longer while back the section ~ "Testing standard ciphers" was
renamed to "Testing cipher categories". However the internal help
didn't reflect that.

This fixes that, including an addtion to the documentation.

Note: the help still lists "-s --std, --standard" as a cmd line
switch.
2021-09-08 08:46:47 +02:00
8f20d11830 Merge pull request from ap-wtioit/3.1dev-fix_dig_r_check
Fix dig -r check to only run if dig is available
2021-09-06 10:19:41 +02:00
5ec1f83434 Fix dig -r check to only run if dig is available 2021-09-06 08:35:00 +02:00
15e6fb4c9c Merge pull request from a1346054/fixes
WIP: Minor cleanup
2021-09-05 15:50:11 +02:00
b1f5c6c9af Trim excess whitespace 2021-09-04 13:28:30 +00:00
6782e2a3b9 Fix spelling 2021-09-04 12:39:03 +00:00
1b17a2c67d Fix shellcheck warnings 2021-09-03 22:19:39 +00:00
54dcecd184 Make text file not executable 2021-09-03 22:19:39 +00:00
945747c210 Use license file from gnu.org
Downloaded from:
https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
2021-09-03 22:19:39 +00:00
05ef9f91b6 Merge pull request from drwetter/fix_dig-r
Fix cases where dig -r wasn't working
2021-09-01 19:50:15 +02:00
bc742e0ea4 Amend previous commit
* add -q in grep statement to make sure the console stays clean
* redo check for noidnout by also using the help function of dig
2021-09-01 18:44:28 +02:00
f8a87315cf Fix cases where dig -r wasn't working
* the ignore ~/.digrc option from dig is now parsed from the builtin help
* there was a potential DNS call which is now avoided
* for +noidnout check however there's a call to invalid. added
* the OPENSSL_CONF="" in check_resolver_bins() was moved a few lines
  higher to avoid other errors in the terminal

Tested on (EOL) Ubuntu 14.04 which only has dig in an older version

See also 
2021-09-01 18:28:12 +02:00
ad3f7c3438 Merge pull request from drwetter/dependabot/github_actions/docker/build-push-action-2.7.0
Bump docker/build-push-action from 2.6.1 to 2.7.0
2021-08-30 10:19:39 +02:00
c39edaaa1d Bump docker/build-push-action from 2.6.1 to 2.7.0
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.6.1 to 2.7.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2.6.1...v2.7.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-30 01:03:28 +00:00
9eaccee776 Merge pull request from dcooper16/fix1961
Fix 
2021-08-27 09:35:04 +02:00
be22ae2cf9 Merge pull request from jauderho/3.1dev
Add GH Action to build Docker images
2021-08-27 09:32:01 +02:00
667de371cd Fix
This commit fixes  in the 3.1dev branch by leaving NODEIP set to the server's IP address rather than changing it to the DNS name in the case of STARTTLS XMPP.

In order to address the problem of $OPENSSL s_client not working with STARTTLS XMPP if an IP address is provided to -connect, the -xmpphost option is used to provide the DNS name.
2021-08-09 13:22:31 -04:00
c7a9b74e16 Update docker-3.1dev.yml 2021-08-09 11:58:03 +00:00
e58ceb7b10 Removed docker-3.0.yml from 3.1dev branch 2021-08-09 11:18:20 +00:00
4dc984df2e Revert ref test 2021-08-09 11:14:07 +00:00
ca271c5d8b Test out GITHUB_REF 2021-08-09 11:09:11 +00:00
b1aeeb47e0 Testing context 2021-08-09 10:36:17 +00:00
4df60052af Use GH Action to build new container images upon push 2021-08-09 10:21:10 +00:00
f15da8d15d Merge pull request from drwetter/no_starttls
Add CVEs for No-STARTTLS vulnerability
2021-08-08 21:33:14 +02:00
aaf6409581 Add CVEs for No-STARTTLS vulnerability
In text output only the original one from Wietse Venema.
The other known so far in JSON/CSV
2021-08-08 21:30:35 +02:00