Commit Graph

5161 Commits

Author SHA1 Message Date
36bc08ce18 Fix date for Ubuntu >= 25.10
works for
- ubuntu 24.04
- Debian 13
- openbsd 6.6 / 7.x
- macos 15.7.1

Fixes #2909
2025-10-07 23:23:09 +02:00
3ece1e4b11 Merge pull request #2911 from testssl/early_data_preparation
Define vars for early data
2025-10-05 21:34:53 +02:00
ffa1ffdbb3 fix syntax 2025-10-05 20:16:39 +02:00
5b0b771c52 Define vars for early data
It seems needed to introduce two variables for upcoming early data tests,
see #1186. This is not needed for OpenSSL as it introduced that
together with TLS 1.3. For LibreSSL it is though.
2025-10-05 18:19:41 +02:00
637ad03a36 Merge pull request #2904 from testssl/jdvorak001-fix_file_naming
Jdvorak001 fix file naming
2025-09-30 17:31:33 +02:00
d6decc7f79 Merge pull request #2905 from testssl/fix_2884
Consistency for function ciphers_by_strength()
2025-09-30 15:53:34 +02:00
78ecf53b67 Consistency for function ciphers_by_strength()
* keys now always with v, like supportedciphers_TLSv1_2 and also
  ciphers (e.g. TLSv1.2   x35     AES256-SHA)
* add word "server" to file output so that it reads "NOT a server cipher order configured"

Fixes #2884
2025-09-30 14:30:52 +02:00
123684f554 make spellchecker and myself happy ;-) 2025-09-30 13:58:28 +02:00
e8ab2c74e6 straighten global definitions in the very bottom 2025-09-30 13:56:25 +02:00
1d6ddfb352 rename datetime_started
.. to fname_date as it's more consitent with fname_prefix
2025-09-30 13:35:08 +02:00
e0009cf0cb Adapt variable naming (datetime_started now) 2025-09-26 12:18:44 +02:00
67aba03a41 Use common datetime part when naming output files across all formats
- the datetime is fetched just once
- it is then passed to the functions that start the output files, always as arg1
2025-09-25 23:26:33 +02:00
d66b67befe Merge pull request #2897 from dcooper16/fix2896
Fix #2896
2025-09-21 23:49:10 +02:00
41db430c46 Fix #2896
This commit fixes #2896. This commit avoids modifying the ADDTL_CA_FILES environment variable, and instead substitutes spaces for commas whenever the variable is used.
2025-09-21 13:23:55 -07:00
97faadf425 Merge pull request #2894 from testssl/faq_update
Restructure, load balancer issue, STARTTLS SMTP better explained
2025-09-18 10:59:25 +02:00
8dec13ba62 Update FAQ.md 2025-09-18 10:57:35 +02:00
94f03a1f1f Merge pull request #2891 from testssl/fix_indentation_3.3dev
Fix indentation @ Intermediate cert validity
2025-09-16 19:52:42 +02:00
75feb05a0c Fix indentation @ Intermediate cert validity
... when there were two server and >1 intermediate CA certificates.
2025-09-16 13:03:48 +02:00
a90b2cfd4e Merge pull request #2886 from testssl/fix_http_age
Fix garbled screen when HTTP Age is not a non-negative int
2025-09-15 17:37:20 +02:00
d08b54b5e1 Merge pull request #2882 from testssl/update_faq
Additions to FAQ
2025-09-15 17:37:07 +02:00
52d24925e0 > was a problem
trying to get it right in GiHub MD and retext
2025-09-15 17:35:37 +02:00
f36462b14a fix spell checking 2025-09-15 17:26:06 +02:00
0b47f24bbd Add STARTTLS + rating amend paragraphs
... and try to avoid "crypto"
2025-09-15 17:20:54 +02:00
ef82cd37be fix typo 2025-09-15 16:00:53 +02:00
15ebceca84 Fix garbled screen when HTTP Age is not a non-negative int
As suggested in https://github.com/testssl/testssl.sh/pull/2885 parsing
of the server determined HTTP age var wasn't strict enough.

https://www.rfc-editor.org/rfc/rfc7234#section-1.2.1 requires the
variable to be a non-negative integer but testssl.sh assumed it was
like that but did't check whether that really was the case. This was
labled as a (potential) security problem. Potential as it didn't
look exploitable after review -- the header as a whole was already
sanitized.

This PR fixes the typs confusion and the garbled screen by checking
the variable early in run_http_header() and reset it to NaN. That
will be used later in run_http_date() to raise a low severity finding.

Kudos to @Tristanhx for catching this and for the suggested PR.

Also, only when running in debug mode, this PR fixes that during
service_detection() parts of the not-yet-sanitized header ended
up on the screen. The fix just calls sanitze_http_header() for the
temporary variable $TMPFILE.
2025-09-15 15:41:43 +02:00
89a0d8d2c4 Micro additions 2025-09-03 10:51:55 +02:00
e75ef95547 Merge pull request #2879 from testssl/newfaq
Provide an FAQ
2025-09-02 15:46:11 +02:00
0d8150e088 add faq to changes 2025-09-02 15:43:28 +02:00
b1a7c287e8 Include the FAQ 2025-09-02 15:40:54 +02:00
08e6e4f1b5 typo / omitting few words 2025-09-02 15:31:38 +02:00
d367575511 Start over with FAQ
... see #2685
2025-09-02 15:29:06 +02:00
5d959c1860 Merge pull request #2877 from testssl/drwetter-patch-1
Keep  feature_request.md up to date
2025-09-01 16:38:40 +02:00
1fd86b1854 Update feature_request.md 2025-09-01 16:36:59 +02:00
b366d30b9e Merge pull request #2872 from testssl/dependabot/github_actions/actions/checkout-5
Bump actions/checkout from 4 to 5
2025-08-18 17:10:55 +02:00
cce6124a92 Bump actions/checkout from 4 to 5
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-08-12 11:44:32 +00:00
de222f1241 Merge pull request #2870 from testssl/fraction_sleep
wait_kill() is now 0.1 seconds
2025-07-30 22:29:04 +02:00
881ce7723e wait_kill() is now 0.1 seconds
... which leads to a performance gain., most noteably on Macs.

All times when calling were re-adjusted.

Also:
* PROXY_WAIT was decrease to 10 seconds. 20 seemed just too much
* passed var to `starttls_just_read()` was simplyfied
2025-07-30 18:34:37 +02:00
8f036729ba Merge pull request #2868 from testssl/fix_MAX_SOCKET_FAIL
Fix additional parameter in shouldwedo_ipv6()
2025-07-30 15:14:53 +02:00
bd2312ec0d Merge pull request #2869 from testssl/drwetter-patch-1
Try badge for correct branch
2025-07-30 12:58:14 +02:00
ca8fdcca0e Try badge for correct branch 2025-07-30 12:57:19 +02:00
279bc4ad91 Fix additional parameter in shouldwedo_ipv6()
.... for connectivity_problem() which may block testssl.sh
2025-07-30 12:53:13 +02:00
f14e24533b Merge pull request #2867 from testssl/check_ipv6_in_background
Exec IPv6 check in background
2025-07-29 22:54:01 +02:00
2ce0110eee Exec IPv6 check in background
... as it can get stuck.

Also reduce MAX_WAITSOCK to 5 instead of 10.
2025-07-29 15:36:23 +02:00
8c1ade5e38 Merge pull request #2865 from testssl/drwetter-patch-3
Modify OS bullet point + badge param
2025-07-29 12:43:25 +02:00
f64cef8871 typo 2025-07-29 12:43:00 +02:00
8ff61c4898 Modify OS bullet point + badge param 2025-07-29 12:40:29 +02:00
9e09d2cd58 Merge pull request #2863 from testssl/reliability_quic
More reliability for QUIC test
2025-07-28 19:03:04 +02:00
31804ac424 Merge pull request #2857 from testssl/reliable_ut_host
Pick another host for unit tests
2025-07-28 16:37:16 +02:00
0225bc3604 typo fix 2025-07-28 15:44:58 +02:00
9166fc7174 Fix typo in comment 2025-07-28 15:43:01 +02:00