Commit Graph

3835 Commits

Author SHA1 Message Date
Dirk
3f8c62dc41 Change debugme1 calls to include redirection from stderr back to stdout
The fact that debugme1() redirects to stderr and the calls to this functions
redo that is deliberately as in the future we might want to use debugme1
without redirection.
2021-08-07 15:26:51 +02:00
Dirk
4e01f86c99 Redirect debugme() outputs to stderr (3.1dev)
... to address #1956 and other places. Similar to #1957,
only for the 3.1dev rolling release branch.

Also it changes debugme1() back? to output debug
statements only when $DEBUG >= 1. Per default here
also stderr is used.
2021-08-07 15:20:09 +02:00
Dirk Wetter
1739ae1400
Merge pull request #1960 from dcooper16/certificate_compression
Check for RFC 8879 certificate compression
2021-08-05 16:51:03 +02:00
David Cooper
526d25bc1d Don't test for certificate compression if --ssl-native
This commit changes run_server_defaults() so that the test for certificate compression is not run in --ssl-native mode. This fixes an issue that was caught by 21_baseline_starttls.t.
2021-08-05 10:37:37 -04:00
David Cooper
fa1ccdb565 Check for RFC 8879 certificate compression
This commit adds a check for whether the server supports certificate compression (RFC 8879). If it does, then the list of supprted compression methods is output in the server's preference order.
2021-08-04 14:39:12 -04:00
Dirk Wetter
b603d57146
Merge pull request #1952 from drwetter/fix_1717
Look-ahead trick for -U --ids-friendly
2021-08-01 17:47:11 +02:00
Dirk Wetter
a3ab6cd887
Merge pull request #1950 from drwetter/digrc
Ignore $HOME/.digrc
2021-07-31 18:49:57 +02:00
Dirk
6cf7521184 Look-ahead trick for -U --ids-friendly
If the order of the cmdline is '-U --ids-friendly' then we need to make sure we catch --ids-friendly. Normally we do not,
 see #1717. The following statement makes sure. In the do-while + case-esac loop  the check for --ids-friendly will be
executed again, but it does not hurt
2021-07-31 18:27:03 +02:00
Dirk
439aad1f22 Ignore $HOME/.digrc
Newer dig versions have an option to ignore $HOME/.digrc, older don't.

This commit adds a patch checking for the availability of such an option and
uses it by default. See #1894 .

If this option doesn't exist then still dig is used and can still lead to
wrong output. Unfortunately Debian-based distros are not very
good at this. Debian 10, Ubuntu 18.04 still use dig 9.11, whereas
Opensuse 15.2 has 9.16. Debian 11 and Ubuntu 20.04 use that too.
2021-07-31 15:14:22 +02:00
Dirk Wetter
c40a3a7d02
Merge pull request #1946 from drwetter/noitalics4screen
Disable ANSI codes for italic when TERM == screen
2021-07-31 13:57:11 +02:00
Dirk
525a40a653 Disable ANSI codes for italic when TERM == screen
... otherwise it is being printed in reverse, see #1928.
2021-07-31 13:17:55 +02:00
Dirk Wetter
46862ecc84
Merge pull request #1945 from drwetter/alpine
Upgrade to alpine 3.13
2021-07-30 18:01:25 +02:00
Dirk Wetter
68c5acb556
Upgrade to alpine 3.13 2021-07-30 18:01:12 +02:00
Dirk Wetter
820b728bc4
Merge pull request #1943 from drwetter/email-contrib
E-Mail as a contribution possibility
2021-07-30 15:02:19 +02:00
Dirk Wetter
2b74e9f55d
E-Mail as a contribution possibility
As some people may have a problem with the owner of github.
2021-07-30 15:01:39 +02:00
Dirk Wetter
2935ecc2e1
Merge pull request #1938 from drwetter/nmap_portdetection_1931
Improved SSL/TLS portdetection in nmap greppable files
2021-07-30 09:48:50 +02:00
Dirk Wetter
70d40b416b
Merge pull request #1940 from dcooper16/print_spaces_faster
Print consecutive spaces faster
2021-07-30 09:21:50 +02:00
David Cooper
fc310301f1 Print consecutive spaces faster
This commit adds a new function, print_n_spaces(), which prints a sequence of (up to 80) space characters.

This new function is used to replace a few places in testssl.sh in which a sequence of space characters is printed by calling 'out " "' in a loop. The new function is much faster than the current code, so it will make testssl.sh run slightly faster.
2021-07-29 15:12:27 -04:00
Dirk
59c0b38140 see previous commit 2021-07-25 17:14:12 +02:00
Dirk
defed8705b Extend TLS/SSL port detection
As mentioned in #1931 the port detection for nmap greppable files
leaves space for improvements.

Ths PR adds a pattern detection of ssl and https in the forth or fifth
parameter of an open port, so those ports will be added to a scan when
a nmap greppable output file is as input to testssl.sh .

Also it does minor code adjustments to utils/gmap2testssl.sh .
2021-07-25 17:09:30 +02:00
Dirk Wetter
18dfa26e48
Merge pull request #1936 from drwetter/fix_1935
Fix problem when nmap file has .txt extension
2021-07-25 16:34:58 +02:00
Dirk
b1c1d250cf Redo utils/gmap2testssl.sh
.. mainly copied from testssl.sh. Also it adds a detection for the
strings ssl and https. If those run at non-stanadard ports but nmap
detected it, it'll show up in the output file.

That will be backported to the main program, see #1931 .
2021-07-25 16:28:50 +02:00
Dirk
5a7b7d8b8e Fix problem when nmap file has .txt extension
This addresses a bug filed in #1935 in 3.1dev when the supplied file
has a .txt extension. In this scenario the input file was nulled
as from the input file in nmap format an internal input file was
generated which has a .txt extension, in the same directory.
The idea was to persist the file for the user.

Now, this internal input file is ephemeral and only written to $TEMPDIR.
2021-07-25 13:05:40 +02:00
Dirk Wetter
05d087a564
Merge pull request #1933 from drwetter/drwetter-patch-1
Update bug_report.md
2021-07-21 09:22:38 +02:00
Dirk Wetter
8203049154
Update bug_report.md 2021-07-21 09:22:01 +02:00
Dirk Wetter
56dcbcdc15
Merge pull request #1924 from drwetter/fix_1915
Fix redundant message (BREACH) when client certificate required
2021-06-22 08:25:29 +02:00
Dirk Wetter
f4bb1a20e2
Merge pull request #1925 from PeterDaveHello/Add.dockerignore
Ignore FreeBSD & macOS OpenSSL binary in Dockerfile
2021-06-19 18:17:51 +02:00
Peter Dave Hello
f0970aff90 Ignore FreeBSD & macOS OpenSSL binary in Dockerfile
There is no need to add non-Linux binary in the Dockerfile here.
2021-06-19 22:22:59 +08:00
Dirk
28d9bc483d Fix redundant message (BREACH) when client certificate required
same as #1916.

Fixes #1915
2021-06-19 15:27:03 +02:00
Dirk Wetter
9f0d0c0062
Merge pull request #1921 from drwetter/gha_denylist
Github actions modifications
2021-06-19 12:30:00 +02:00
Dirk
2af7860a3c Remove mac osx
... apt is probably not the right thing ;-)
2021-06-19 11:17:52 +02:00
Dirk
247d08882e GHA: Fix push + PR
see https://github.community/t/how-to-factor-paths-in-common-for-push-and-pull-request/115967/2

TL;DR:  There is no way to specify the common paths for two events
2021-06-19 11:12:00 +02:00
Dirk
5cd97ddcb9 Correct YAML error in GHA + add macOS
- yamllint to the rescue. Still shows an error though:
  4:3       error    syntax error: expected <block end>, but found '<block mapping start>' (syntax)

- added macos, see https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners
2021-06-19 10:45:08 +02:00
Dirk
b8a9b9c6db Github actions modifications
- define deny list of files when modified not to run GHA
- specRitfy OS to be ubuntu-20.04 (is there a debian at all?)
- only use perl 5.26

While researching I stumbled over mac.osx as an OS one can specify. If anybody
knows whether this is really macosx (license?) please let me know. That
would be a great addition for CI. (Couldn't find BSD yet...)

See #1920
2021-06-19 09:20:48 +02:00
Dirk Wetter
2d3bd724fc
Merge pull request #1912 from PeterDaveHello/MakeShellScriptShebangConsistent
Make Shell Scripts' Shebang more consistent
2021-06-18 08:59:22 +02:00
Dirk Wetter
cb844557f8
Merge pull request #1913 from PeterDaveHello/CorrectExitUsage
Correct `exit` using, the exit status should be 0~255
2021-06-18 08:55:22 +02:00
Dirk Wetter
35c43719dd
Merge pull request #1919 from drwetter/rm_travisCIhook
Remove travis CI hook
2021-06-18 08:47:52 +02:00
Dirk Wetter
f91c0251be Rmeove travis CI hook
.. as we're using GHA now
2021-06-18 08:44:36 +02:00
Peter Dave Hello
ce634f7deb Correct exit using, the exit status should be 0~255
According to the POSIX Programmer's Manual, the exit status specified by
the unsigned decimal integer. If n is specified, but its value is not
between 0 and 255 inclusively, the exit status is undefined.

By cross reference the usage between different scripts in this project,
it looks like we could simply remove the `-` before the number.
2021-06-15 16:04:23 +08:00
Peter Dave Hello
4de952a4dd Make Shell Scripts' Shebang more consistent
Consider most of the scripts use bash in the project, should maybe just
use it, instead of /bin/sh in all the scripts.
2021-06-15 15:52:49 +08:00
Dirk Wetter
17b172229d
Merge pull request #1909 from mikelolasagasti/gha
Add GitHub Actions testing
2021-06-07 09:16:31 +02:00
Mikel Olasagasti Uranga
ebcd3105c8 Add GitHub Actions testing 2021-06-06 21:06:58 +02:00
Dirk Wetter
7da45a81f8
Merge pull request #1905 from drwetter/tz_fix+
Display time as suggested in utc (3.1dev)
2021-06-03 20:19:29 +02:00
Dirk Wetter
e1be4eabd2 Display time as suggested in utc (3.1dev)
See #1895
2021-06-03 19:24:50 +02:00
Dirk Wetter
0da8ce02cd
Merge pull request #1904 from PeterDaveHello/AddBasicEditorConfig
Add a basic .editorconfig into project
2021-06-01 14:26:47 +02:00
Dirk Wetter
83909dec0c
Merge pull request #1903 from PeterDaveHello/MakeVimModelineConsistent
Add missing vim modeline config in sh & perl files
2021-06-01 11:20:33 +02:00
Peter Dave Hello
f447ca466b Add a basic .editorconfig into project, close #1901 2021-06-01 14:51:06 +08:00
Peter Dave Hello
cbae32e5a4 Add missing vim modeline config in sh & perl files, cc #1901 2021-06-01 14:40:24 +08:00
Dirk Wetter
737ea1e7e5
Merge pull request #1902 from PeterDaveHello/MakeVimModelineConsistent
Make vim modeline config consistent
2021-06-01 08:34:23 +02:00
Peter Dave Hello
9e61b8ba13 Make vim modeline config consistent, cc #1901 2021-06-01 14:31:31 +08:00