Git
/
testssl.sh
mirror of https://github.com/drwetter/testssl.sh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,876 Commits 14 Branches 30 Tags 204 MiB
Commit Graph

3876 Commits

Author SHA1 Message Date
b1gb1t 2ee021d337 Correction of line 3607: new line (\n) corrupted the json format 2016-02-16 09:54:01 +01:00
Thomas Martens baff869850 Merge branch 'master' of https://github.com/drwetter/testssl.sh into severity 2016-02-14 12:10:07 +01:00
Dirk Wetter 61c1669687 Merge pull request #292 from dcooper16/multiple_certificates 
Detect multiple certificates cleanup
 2016-02-14 00:08:52 +01:00
Dirk Wetter 79445ebe5b Merge pull request #293 from SietsevanderMolen/fix-json 
fix json output
 2016-02-12 15:11:45 +01:00
Sietse van der Molen 394f186000 also remove carriage returns, fix for csv 2016-02-12 12:40:31 +01:00
Sietse van der Molen b2e4df60ca fix json output 
use double quotes instead of single quotes
delete newlines from strings
 2016-02-12 11:05:36 +01:00
David Cooper 02239be295 Detect multiple certificates cleanup 
This corrects the indentation within determine_trust() when there are multiple certificates and the output for "Chain of trust (experim.)" takes up more than one lines.

In addition, it fixes the ID field of the JSON output for entries related to the certificate. At the moment, each ID string begins with a blank space. This changes it to remove the space if there is one certificate and to add "Server Certificate #X" at the beginning of each ID if there is more than one certificate.

Perhaps there's a better way than just using, for example, "Server Certificate #1 key_size" as a way to distinguish multiple "key_size" entries in the JSON file. This is just one idea, and it can certainly be changed if those who intend to use the JSON output prefer something else.
 2016-02-09 13:35:46 -05:00
AndreiD 8842aeb2b9 Fix #289 - the grep that decides whether a domain is a local address doesn't consider the case when the full domain name is in the hosts file, but followed by .some.other.stuff. This PR addresses this case. 2016-02-08 12:51:54 +01:00
Dirk Wetter 70cd658447 - FIX #283 (regression from 1a8ed3d70a) 
- minor output fixes for BEAST
- >4096 bit RSA keys labled in litemangenta now as it could have compatibility probs
- -V 0x.. or -V 0X.. gives at least a warning
 2016-02-07 19:13:59 +01:00
Dirk Wetter b8f2540541 Merge pull request #286 from tjconcept/master 
fix typo in b93fc824
 2016-02-07 08:49:20 +01:00
Thomas Jensen c48b27a9a9 fix typo in b93fc824 2016-02-07 03:07:30 +01:00
Dirk b93fc82489 slightly better output for OCSP stapling 2016-02-06 22:31:32 +01:00
Dirk Wetter c60a39282c typo 2016-02-06 16:18:46 +01:00
Dirk Wetter 0f4eb221fb additions, naming of sources 2016-02-06 16:17:01 +01:00
Dirk Wetter 1fe9c95dc0 checkin (for future work) 2016-02-06 15:42:55 +01:00
Dirk Wetter 5491333693 Merge pull request #285 from dcooper16/mapping-rfc 
Fix typo in etc/mapping-rfc.txt
 2016-02-06 10:30:54 +01:00
David Cooper 77379903ed Fix typo in etc/mapping-rfc.txt 
Change value for SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA from xFEFE to xFEFF in accordance with http://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html.
 2016-02-05 14:53:19 -05:00
Dirk 39226e05d2 openssl 1.1.0 2016-02-03 17:56:56 +01:00
Dirk a676742256 Remaining issues solved for OpenSSL 1.1.0 compliance, output corrections, CN/SNI improvements 2016-02-03 17:55:53 +01:00
Dirk 9cf3e21c3d - swapped sig_algo and server key size 
- output improvements for unknown sig algos like GOST
 2016-02-03 09:55:47 +01:00
Dirk ea18d2f02c - fix: discovering the CN for the default host (without SNI) 
- CN parsing of certificate improved
- CN / subject can be also cyrillic now -- supposed the terminal supports the charset
 2016-02-03 00:05:57 +01:00
Dirk Wetter 40d4cbb57f Update Readme.md 2016-02-01 22:42:49 +01:00
Dirk Wetter aff08b1ff2 Update CREDITS.md 2016-02-01 22:41:36 +01:00
Dirk dd65050ee1 - "secret" env switch shows during -e/-E the signature algorithm (see also #276) 
- exp. date check corrected esp. for openssl 1.1.0
- warning relaxed for chain of trust
 2016-02-01 22:06:27 +01:00
Thomas Martens b99c5ac30c Merge branch 'master' of https://github.com/drwetter/testssl.sh 2016-02-01 21:09:31 +01:00
Thomas Martens 52f7de1a4a Revert "fixed output in ciphertest with --color=1" 
This reverts commit 7f7b1edd50.
This is already fixed with c62abaf215 in
upstream.
 2016-02-01 21:03:22 +01:00
Dirk Wetter ff714a673f Merge pull request #280 from dcooper16/number_of_cert_bundles 
Number of trusted certificate files in $INSTALL_DIR/etc/*.pem
 2016-02-01 21:02:14 +01:00
dcooper16 9f998d8c53 Number of trusted certificate files in $INSTALL_DIR/etc/*.pem 
The number of .pem files in $INSTALL_DIR/etc is currently hard-coded into determine_trust. This modifies the code so that the number of files can be changed without having to change the code.
 2016-02-01 14:11:50 -05:00
Dirk Wetter f7853f36a0 - added SSL_CERT_FILE=/dev/null 
- output cleanups in determine_trust()
 2016-02-01 17:33:59 +01:00
Dirk Wetter 386234f794 Merge pull request #279 from dcooper16/chain_of_trust_fix 
Fix chain of trust problem
 2016-02-01 17:23:03 +01:00
dcooper16 abffd1b81e Fix chain of trust problem 
This should fix issue #278. I'm not sure whether openssl verify will ever print out more than one error, so to be safe, I wrote the code to handle the possibility that it might; if there is more than one error, it just takes the first and ignores the rest.
 2016-02-01 11:17:13 -05:00
Dirk Wetter 2f4e549dab - missing root certs 2016-02-01 16:27:20 +01:00
Dirk Wetter 8f9b38f7d4 - LF and other corrections for HPKP 
- output corrections for 2 x HPKP (e.g. scotthelme)
 2016-02-01 13:23:28 +01:00
Dirk 0bfe12742e correct signature keysizes, FIX #249 2016-02-01 10:19:23 +01:00
Dirk c62abaf215 fix colored output in wide mode (FIX #277) 2016-01-31 23:53:13 +01:00
Thomas Martens 7f7b1edd50 fixed output in ciphertest with --color=1 
With --color=1 the output in the ciphertest missed some spaces between the
KeyExch. and Encryption columns. This is a result of the pr_off() function.
This commit add an additional check in neat_list() and insert the missing
spaces.
 2016-01-31 22:40:39 +01:00
Dirk 5ae9bb8c13 - typo in IPv4 header 
- fixed recognition of XML,HTML to separate header
- fixed -V <pattern
 2016-01-31 21:02:18 +01:00
Dirk 1726d3b41c minor change of color 2016-01-31 11:04:59 +01:00
Dirk 5e051c351a credit the cleanups of dcooper16 also 2016-01-31 10:55:45 +01:00
Dirk 49bc6592b8 multiple certs 2016-01-31 10:55:21 +01:00
Dirk f7baa560c2 - typos, etc 2016-01-31 10:54:45 +01:00
Dirk c564e305a7 - FIX #273 2016-01-31 01:55:23 +01:00
Dirk fc346a35fe - indentation reverted to old value if in only one certificate 
- minor cleanups in the output
 2016-01-30 23:59:29 +01:00
Dirk 5178e0db37 dcooper16 for the multiple certs thing 2016-01-30 23:57:00 +01:00
Dirk Wetter 8437bce546 Merge pull request #275 from dcooper16/multiplecerts 
Detect multiple server certificates
 2016-01-30 23:49:10 +01:00
dcooper16 2bf9c5d81e Detect multiple certificates 
Modifies --server-defaults to handle cases in which the server has more than one certificate (e.g., one with an RSA key and one with an ECC key).
 2016-01-28 17:06:34 -05:00
Dirk 495b9cda9b - several fixes/improvements for new JSON/CSV file feature #268 
* no color code in files
  * rc4 ciphers were missing
  * NODE was missing
  * calling of NODEIP/PORT was not neccessary
  * default naming of files similar to $LOGFILE
 2016-01-23 23:33:17 +01:00
Dirk Wetter 447b6f6012 Update Readme.md 2016-01-23 21:28:37 +01:00
Dirk 8a2fe5915a - /usr/bin/printf --> printf 2016-01-23 20:33:46 +01:00
Dirk a8d08bbf92 update 2016-01-23 19:25:45 +01:00