Commit Graph

866 Commits

Author SHA1 Message Date
Thomas Jensen c48b27a9a9 fix typo in b93fc824 2016-02-07 03:07:30 +01:00
Dirk b93fc82489 slightly better output for OCSP stapling 2016-02-06 22:31:32 +01:00
Dirk Wetter c60a39282c typo 2016-02-06 16:18:46 +01:00
Dirk Wetter 0f4eb221fb additions, naming of sources 2016-02-06 16:17:01 +01:00
Dirk Wetter 1fe9c95dc0 checkin (for future work) 2016-02-06 15:42:55 +01:00
Dirk Wetter 5491333693 Merge pull request #285 from dcooper16/mapping-rfc
Fix typo in etc/mapping-rfc.txt
2016-02-06 10:30:54 +01:00
David Cooper 77379903ed Fix typo in etc/mapping-rfc.txt
Change value for SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA from xFEFE to xFEFF in accordance with http://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html.
2016-02-05 14:53:19 -05:00
Dirk 39226e05d2 openssl 1.1.0 2016-02-03 17:56:56 +01:00
Dirk a676742256 Remaining issues solved for OpenSSL 1.1.0 compliance, output corrections, CN/SNI improvements 2016-02-03 17:55:53 +01:00
Dirk 9cf3e21c3d - swapped sig_algo and server key size
- output improvements for unknown sig algos like GOST
2016-02-03 09:55:47 +01:00
Dirk ea18d2f02c - fix: discovering the CN for the default host (without SNI)
- CN parsing of certificate improved
- CN / subject can be also cyrillic now -- supposed the terminal supports the charset
2016-02-03 00:05:57 +01:00
Dirk Wetter 40d4cbb57f Update Readme.md 2016-02-01 22:42:49 +01:00
Dirk Wetter aff08b1ff2 Update CREDITS.md 2016-02-01 22:41:36 +01:00
Dirk dd65050ee1 - "secret" env switch shows during -e/-E the signature algorithm (see also #276)
- exp. date check corrected esp. for openssl 1.1.0
- warning relaxed for chain of trust
2016-02-01 22:06:27 +01:00
Thomas Martens b99c5ac30c Merge branch 'master' of https://github.com/drwetter/testssl.sh 2016-02-01 21:09:31 +01:00
Thomas Martens 52f7de1a4a Revert "fixed output in ciphertest with --color=1"
This reverts commit 7f7b1edd50.
This is already fixed with c62abaf215 in
upstream.
2016-02-01 21:03:22 +01:00
Dirk Wetter ff714a673f Merge pull request #280 from dcooper16/number_of_cert_bundles
Number of trusted certificate files in $INSTALL_DIR/etc/*.pem
2016-02-01 21:02:14 +01:00
dcooper16 9f998d8c53 Number of trusted certificate files in $INSTALL_DIR/etc/*.pem
The number of .pem files in $INSTALL_DIR/etc is currently hard-coded into determine_trust. This modifies the code so that the number of files can be changed without having to change the code.
2016-02-01 14:11:50 -05:00
Dirk Wetter f7853f36a0 - added SSL_CERT_FILE=/dev/null
- output cleanups in determine_trust()
2016-02-01 17:33:59 +01:00
Dirk Wetter 386234f794 Merge pull request #279 from dcooper16/chain_of_trust_fix
Fix chain of trust problem
2016-02-01 17:23:03 +01:00
dcooper16 abffd1b81e Fix chain of trust problem
This should fix issue #278. I'm not sure whether openssl verify will ever print out more than one error, so to be safe, I wrote the code to handle the possibility that it might; if there is more than one error, it just takes the first and ignores the rest.
2016-02-01 11:17:13 -05:00
Dirk Wetter 2f4e549dab - missing root certs 2016-02-01 16:27:20 +01:00
Dirk Wetter 8f9b38f7d4 - LF and other corrections for HPKP
- output corrections for 2 x HPKP (e.g. scotthelme)
2016-02-01 13:23:28 +01:00
Dirk 0bfe12742e correct signature keysizes, FIX #249 2016-02-01 10:19:23 +01:00
Dirk c62abaf215 fix colored output in wide mode (FIX #277) 2016-01-31 23:53:13 +01:00
Thomas Martens 7f7b1edd50 fixed output in ciphertest with --color=1
With --color=1 the output in the ciphertest missed some spaces between the
KeyExch. and Encryption columns. This is a result of the pr_off() function.
This commit add an additional check in neat_list() and insert the missing
spaces.
2016-01-31 22:40:39 +01:00
Dirk 5ae9bb8c13 - typo in IPv4 header
- fixed recognition of XML,HTML to separate header
- fixed -V <pattern
2016-01-31 21:02:18 +01:00
Dirk 1726d3b41c minor change of color 2016-01-31 11:04:59 +01:00
Dirk 5e051c351a credit the cleanups of dcooper16 also 2016-01-31 10:55:45 +01:00
Dirk 49bc6592b8 multiple certs 2016-01-31 10:55:21 +01:00
Dirk f7baa560c2 - typos, etc 2016-01-31 10:54:45 +01:00
Dirk c564e305a7 - FIX #273 2016-01-31 01:55:23 +01:00
Dirk fc346a35fe - indentation reverted to old value if in only one certificate
- minor cleanups in the output
2016-01-30 23:59:29 +01:00
Dirk 5178e0db37 dcooper16 for the multiple certs thing 2016-01-30 23:57:00 +01:00
Dirk Wetter 8437bce546 Merge pull request #275 from dcooper16/multiplecerts
Detect multiple server certificates
2016-01-30 23:49:10 +01:00
dcooper16 2bf9c5d81e Detect multiple certificates
Modifies --server-defaults to handle cases in which the server has more than one certificate (e.g., one with an RSA key and one with an ECC key).
2016-01-28 17:06:34 -05:00
Dirk 495b9cda9b - several fixes/improvements for new JSON/CSV file feature #268
* no color code in files
  * rc4 ciphers were missing
  * NODE was missing
  * calling of NODEIP/PORT was not neccessary
  * default naming of files similar to $LOGFILE
2016-01-23 23:33:17 +01:00
Dirk Wetter 447b6f6012 Update Readme.md 2016-01-23 21:28:37 +01:00
Dirk 8a2fe5915a - /usr/bin/printf --> printf 2016-01-23 20:33:46 +01:00
Dirk a8d08bbf92 update 2016-01-23 19:25:45 +01:00
Dirk 1a8ed3d70a - JSON/CSV from #268, labeled it experimental
- fixes partly #31
- several fixes to it (backticks, single sq brackets, renaming funcs, removed lf in JSON, ...)
2016-01-23 19:18:33 +01:00
Dirk 51e197c549 Merge branch 'master' of github.com:drwetter/testssl.sh 2016-01-23 13:34:04 +01:00
Dirk Wetter 477f6eb053 Merge pull request #270 from thecky/master
added colorblind option
2016-01-23 09:35:52 +01:00
Thomas Martens b16ab6a021 added colorblind option
if colorblind option is set swap green and blue in the output
2016-01-22 20:40:08 +01:00
Dirk 9880bd6a49 - added 0xc072-0xc079, 0xc033-0xc03B 2016-01-20 15:04:12 +01:00
Dirk a1ef935903 20 CCM cipher added 2016-01-20 14:17:38 +01:00
Dirk Wetter 3579cf2953 Merge pull request #267 from thecky/master
added --mapping=no-rfc
2016-01-20 12:32:19 +01:00
Thomas Martens 8bae1bc1ed added --mapping=no-rfc
don't display the RFC ciphername in the cipher checks.
2016-01-19 21:55:06 +01:00
Dirk b97788ba73 typo fixed 2016-01-15 17:30:47 +01:00
Dirk 0d767dad8f - mentioning where the client data comes from 2016-01-15 17:05:43 +01:00