Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-23 08:59:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
810 Commits 17 Branches 30 Tags 220 MiB
4d059f7106
Commit Graph

445 Commits

Author SHA1 Message Date
Sietse van der Molen
394f186000 also remove carriage returns, fix for csv 2016-02-12 12:40:31 +01:00
Sietse van der Molen
b2e4df60ca fix json output 
use double quotes instead of single quotes
delete newlines from strings
 2016-02-12 11:05:36 +01:00
David Cooper
02239be295 Detect multiple certificates cleanup 
This corrects the indentation within determine_trust() when there are multiple certificates and the output for "Chain of trust (experim.)" takes up more than one lines.

In addition, it fixes the ID field of the JSON output for entries related to the certificate. At the moment, each ID string begins with a blank space. This changes it to remove the space if there is one certificate and to add "Server Certificate #X" at the beginning of each ID if there is more than one certificate.

Perhaps there's a better way than just using, for example, "Server Certificate #1 key_size" as a way to distinguish multiple "key_size" entries in the JSON file. This is just one idea, and it can certainly be changed if those who intend to use the JSON output prefer something else.
 2016-02-09 13:35:46 -05:00
Dirk Wetter
70cd658447 - FIX #283 (regression from 1a8ed3d70a) 
- minor output fixes for BEAST
- >4096 bit RSA keys labled in litemangenta now as it could have compatibility probs
- -V 0x.. or -V 0X.. gives at least a warning
 2016-02-07 19:13:59 +01:00
Thomas Jensen
c48b27a9a9 fix typo in b93fc824 2016-02-07 03:07:30 +01:00
Dirk
b93fc82489 slightly better output for OCSP stapling 2016-02-06 22:31:32 +01:00
Dirk
a676742256 Remaining issues solved for OpenSSL 1.1.0 compliance, output corrections, CN/SNI improvements 2016-02-03 17:55:53 +01:00
Dirk
9cf3e21c3d - swapped sig_algo and server key size 
- output improvements for unknown sig algos like GOST
 2016-02-03 09:55:47 +01:00
Dirk
ea18d2f02c - fix: discovering the CN for the default host (without SNI) 
- CN parsing of certificate improved
- CN / subject can be also cyrillic now -- supposed the terminal supports the charset
 2016-02-03 00:05:57 +01:00
Dirk
dd65050ee1 - "secret" env switch shows during -e/-E the signature algorithm (see also #276) 
- exp. date check corrected esp. for openssl 1.1.0
- warning relaxed for chain of trust
 2016-02-01 22:06:27 +01:00
dcooper16
9f998d8c53 Number of trusted certificate files in $INSTALL_DIR/etc/*.pem 
The number of .pem files in $INSTALL_DIR/etc is currently hard-coded into determine_trust. This modifies the code so that the number of files can be changed without having to change the code.
 2016-02-01 14:11:50 -05:00
Dirk Wetter
f7853f36a0 - added SSL_CERT_FILE=/dev/null 
- output cleanups in determine_trust()
 2016-02-01 17:33:59 +01:00
dcooper16
abffd1b81e Fix chain of trust problem 
This should fix issue #278. I'm not sure whether openssl verify will ever print out more than one error, so to be safe, I wrote the code to handle the possibility that it might; if there is more than one error, it just takes the first and ignores the rest.
 2016-02-01 11:17:13 -05:00
Dirk Wetter
8f9b38f7d4 - LF and other corrections for HPKP 
- output corrections for 2 x HPKP (e.g. scotthelme)
 2016-02-01 13:23:28 +01:00
Dirk
0bfe12742e correct signature keysizes, FIX #249 2016-02-01 10:19:23 +01:00
Dirk
c62abaf215 fix colored output in wide mode (FIX #277) 2016-01-31 23:53:13 +01:00
Dirk
5ae9bb8c13 - typo in IPv4 header 
- fixed recognition of XML,HTML to separate header
- fixed -V <pattern
 2016-01-31 21:02:18 +01:00
Dirk
1726d3b41c minor change of color 2016-01-31 11:04:59 +01:00
Dirk
f7baa560c2 - typos, etc 2016-01-31 10:54:45 +01:00
Dirk
c564e305a7 - FIX #273 2016-01-31 01:55:23 +01:00
Dirk
fc346a35fe - indentation reverted to old value if in only one certificate 
- minor cleanups in the output
 2016-01-30 23:59:29 +01:00
dcooper16
2bf9c5d81e Detect multiple certificates 
Modifies --server-defaults to handle cases in which the server has more than one certificate (e.g., one with an RSA key and one with an ECC key).
 2016-01-28 17:06:34 -05:00
Dirk
495b9cda9b - several fixes/improvements for new JSON/CSV file feature #268 
* no color code in files
  * rc4 ciphers were missing
  * NODE was missing
  * calling of NODEIP/PORT was not neccessary
  * default naming of files similar to $LOGFILE
 2016-01-23 23:33:17 +01:00
Dirk
8a2fe5915a - /usr/bin/printf --> printf 2016-01-23 20:33:46 +01:00
Dirk
1a8ed3d70a - JSON/CSV from #268, labeled it experimental 
- fixes partly #31
- several fixes to it (backticks, single sq brackets, renaming funcs, removed lf in JSON, ...)
 2016-01-23 19:18:33 +01:00
Thomas Martens
b16ab6a021 added colorblind option 
if colorblind option is set swap green and blue in the output
 2016-01-22 20:40:08 +01:00
Thomas Martens
8bae1bc1ed added --mapping=no-rfc 
don't display the RFC ciphername in the cipher checks.
 2016-01-19 21:55:06 +01:00
Dirk
b97788ba73 typo fixed 2016-01-15 17:30:47 +01:00
Dirk
5257c2f38a - inline license clarifications 
(separate file needed later)
 2016-01-15 17:04:16 +01:00
Dirk
a9643b6d1e - hooks for rfc/non-rfc 
- FIX for beast: no CBC cipher at all is  now displayed
- minor cosmetic stuff
 2016-01-15 16:37:47 +01:00
Dirk
2871aaaee3 - optical cleanups for #265 
- don't do browser tests for non-HTTP services
 2016-01-15 15:53:03 +01:00
Frank Breedijk
55c0b24278 Don't forget to add help message 2016-01-13 10:26:12 +01:00
Frank Breedijk
ab47f8ada9 Added client simulations based on @ivanr s list on ssllabs 2016-01-13 10:21:01 +01:00
Dirk
dc4f90ac48 missing linefeed 2015-12-29 17:07:03 +01:00
Dirk
b962ccde53 FIX #262 2015-12-29 10:05:20 +01:00
Dirk
3b17c9e321 cosmetic corrections to help 2015-12-27 14:51:18 +01:00
Dirk
914e364d1e - fix headline for non-socket support 2015-12-27 13:33:53 +01:00
Dirk
e10da3a78a - minor adjustmentents to program style 2015-12-24 23:00:23 +01:00
Dirk
5c19bf5892 - fix for web sites having leading spaces b4 html/xml content starts 2015-12-22 21:08:52 +01:00
Dirk
c3269f1927 - Fixes for #260 2015-12-22 20:31:52 +01:00
Dirk Wetter
f65fa69c3c Merge pull request #248 from lainegholson/master 
Add HTTP2/ALPN support
 2015-12-22 12:05:53 +01:00
Frank Breedijk
826ac43504 Redirect test that doesn't depend om JSON/CSV output 2015-12-21 20:59:40 +01:00
Laine Gholson
d2df8b8590 Fix unrelated typos 2015-12-21 10:37:23 -06:00
Laine Gholson
d0122698ed Fix ALPN when testing multiple IPs 2015-12-13 13:16:37 -06:00
Laine Gholson
d43351e2cb Undo commit f56fdd4 2015-12-13 13:13:51 -06:00
Laine Gholson
f56fdd43da Don't output reason not testing spdy when testing server prefs 2015-12-12 23:09:42 -06:00
Laine Gholson
1bd08f34bd Remove redundant newlines 2015-12-12 22:58:52 -06:00
Laine Gholson
e8b04c77d3 Consider h2 a valid NPN protocol 2015-12-12 20:07:24 -06:00
Laine Gholson
3d28f44e56 Change flag order 2015-12-12 18:41:13 -06:00
Laine Gholson
33bda6408a Add HTTP2/ALPN support 2015-12-12 18:20:57 -06:00
Dirk
bac7cde3bd - re-adjusted preference for rfc/iana mapping file 2015-12-11 13:13:22 +01:00
Dirk
867d698a16 - days left until expiration 2015-12-08 17:51:46 +01:00
Dirk
1f39ab8241 - fix timestamp in log file 2015-12-08 16:37:35 +01:00
Dirk
041b77c5ed - sanity check whether URL/URI is last arg 
- typo fix while logging (fall back CVS tags weren't written
 2015-12-08 13:31:52 +01:00
Dirk
2e0e7b83d5 reverse non-typo 
drill comes later
 2015-11-28 17:33:10 +01:00
Dirk Wetter
ad8f82f190 Merge pull request #240 from k0ste/master 
Add drill support (ldns lib), fix mistype
 2015-11-28 17:14:18 +01:00
Laine Gholson
7fee2fe29b Show SHA384 certificates as secure 2015-11-26 13:53:35 -06:00
Konstantin Shalygin
30d046a6a5 fix PWD mistype 2015-11-23 20:02:06 +06:00
Konstantin Shalygin
43cb1d8763 add drill support 2015-11-23 19:54:41 +06:00
Dirk
f76d07d43e - logging now the cmd line, FIX #238 
- internal improvements of stdout banner
 2015-11-21 13:39:37 +01:00
Laine Gholson
c5a4eafed7 Fix filename typo 
CREDITS.md was called CREDIT.md
 2015-11-14 17:19:13 -06:00
Armin F. Gnosa
7e08d3d4da fixed typo in parameter descriptions 2015-11-12 23:47:43 +01:00
Dirk
5749051839 - fix vertical distances after PFS && wide 
- fix misleading "--ip=v4only" in help
 2015-11-11 17:49:36 +01:00
Dirk
756a6ab41d - NEW: logging of stdout! 
- rearragments in global var declaration for better readability
 2015-11-11 11:56:32 +01:00
Dirk
87592aafd9 - line space for some single vuln. adjusted 2015-11-08 22:14:28 +01:00
Laine Gholson
e122d65f52 Only use local rDNS with .local domain 2015-11-06 19:16:21 -06:00
Laine Gholson
457fcacf3f Fix error 2015-11-05 19:39:26 -06:00
Laine Gholson
d9dfe438e5 Prefer 'avahi-resolve' over 'dig' for mDNS 2015-11-05 19:04:04 -06:00
Laine Gholson
a9a4326038 Support rDNS with mDNS and Bonjour mDNS (mac) 2015-11-05 15:54:29 -06:00
Dirk Wetter
50c5f0b93d add '-bugs' so that buggy F5s can be better tested 2015-11-03 23:29:53 +01:00
Dirk
e390345629 typo 2015-11-03 19:51:45 +01:00
Dirk
c272878c73 - warning session tickets -> PFS 2015-11-03 19:51:05 +01:00
Dirk
8ff39c5028 - client based authentication, FIX #215 
- SSL Session ID support test
 2015-11-03 13:13:10 +01:00
Dirk
0463471c40 - fixing side effect from #225 
- other minor output corrections
 2015-11-03 10:30:59 +01:00
Dirk
84e6be3547 - revert part of #225 
- clarify name of bool var for type of tput
 2015-11-02 10:49:40 +01:00
Dirk Wetter
8b54609c3d Merge pull request #225 from Harinus/master 
Fix: tput: No value for $TERM and no -T specified
 2015-11-02 10:40:59 +01:00
Laine Gholson
8c173764bd Use 'awk' instead of 'sed -E' 2015-11-01 10:40:44 -06:00
Laine Gholson
686dd511a6 Add support for .local domains with avahi 2015-10-31 20:01:52 -05:00
Martin Hoffmann
6a8d4870ab Missing space ;) 
Whoops... edited this from the github webpage..
 2015-10-30 09:56:48 +01:00
Martin Hoffmann
9bfeac19bc Fix: tput: No value for $TERM and no -T specified 
Avoid "tput: No value for $TERM and no -T specified" when running from CGI or similar by checking for interactive shell
 2015-10-30 09:46:35 +01:00
Peter Mosmans
62af7be5a1 Added check for availability oftput (Fixes #222) 
Slight change due to drwetter's comment
 2015-10-25 22:31:44 +10:00
William Lovins
4095dc53be Changed wording for easier readability. 2015-10-16 14:40:06 +01:00
Dirk
7bf1319c93 - FIX #218 for exim and friends 2015-10-15 15:14:37 +02:00
Dirk
eb49132682 - changed headline for each sub test from blue to underline+bold 
- save determine_service log
 2015-10-15 14:15:07 +02:00
Dirk
78fab8addb - FIX #213, wording 2015-10-13 22:25:01 +02:00
Dirk
d4dbf1138c - FIX #214 2015-10-13 08:31:54 +02:00
Dirk
1a1f007ef9 - banner f'up reversed 2015-10-11 23:34:53 +02:00
Dirk
8c0786d147 - switched on clientauth functionality (missed b4) 2015-10-11 23:23:35 +02:00
Dirk
b9bfd48871 - client based auth (see sclient_connect_successful() works now, see #206) 
- careful regression tests for this, point open: speed
- test for more TLS extensions
- heartbleed() does now before a check whether heartbeat is available to save time
- breach simplyfied (and doesn't have to be killed in seldom cases)
- tmpfiles are only being erased after exit not after each function
- user agent is testssl -- unless --sneaky is chosen
- global host vars are now being resetted to prevent side effects
- tls version in record layer is now always 1
- used ERRFILE wherever possible
- smaller code cleanups
 2015-10-11 23:07:16 +02:00
Dirk Wetter
0600e39b45 - fix screw up of rDNS display for those few folks having only IPv4 ;-) 2015-10-06 12:30:29 +02:00
Dirk
f8d6a2fb6d - IPv6 formatting fixed, see #11 (points 3,4,5) 
5 cannot be done automagically, see issue
 2015-10-05 09:56:21 +02:00
Dirk
a0d634f94a - ouput corrections for BEAST 2015-10-04 12:32:29 +02:00
Dirk
41bc2fb70c - regression wrt what_dh 2015-10-03 00:14:52 +02:00
Dirk Wetter
f3cef41053 - some speed improvements (sed, tr --> bash internal s'n'r) 
- revamped BEAST a bit: availablity of higher protocols lead now to yellow color, see #208
- Fixed error in BEAST (no higher protos led to no message)
- made BEAST it faster: one check for protocol ssl3+tls1 upfront, see #208
 2015-10-01 13:27:14 +02:00
typingArtist
2ca6c2b0dc improved variable naming, scope and worked around length limitation of cipher list, as suggested by @drwetter 2015-09-30 14:54:39 +02:00
typingArtist
449aada392 fix CBC cipher selection 
CBC cipher selection is not so easy using the openssl tool alone. Selecting the cipher based on the string CBC occuring in it would be right if it’s
about the RFC name of the cipher but not so with the openssl naming. Since CBC ciphers are not going to be continued anyway, I think it’s safe to take
a static list. However, it’s easy to extract it from the cipher list in openssl-rfc.mapping.html, but we certainly don’t want to require that file to
be shipped all the time.
 2015-09-30 12:44:27 +02:00
Dirk
1c1eaa53d8 - fix for renamed http_header function 2015-09-29 18:47:49 +02:00
Dirk
cac49cb1f1 - "--file" implicitly does "--warnings=batch" 
- "--file" works now fine with equal sign
- fixed load balancer issue where header request stalled and testssl.sh consequently too
- http_date needed to be changed too because of that
- needed to estimate then the http_date when request was killed (HAD_SLEPT)
  will Mr. Spock like this??
- fixed load balancer issue where header request for breach test stalled and thus an error was displayed
- code improvements
 2015-09-28 22:54:00 +02:00
Dirk
feaef680aa - IPv6 #11 is 80% working (whohoo!). Needed is an openssl capable IPv6 and HAS_IPv6=true in the environment 
- FIX #191
 2015-09-26 22:44:33 +02:00
Dirk Wetter
cc81642ee3 - #FIX 202 (EV detection from TERENA/Digicert) 2015-09-25 14:35:42 +02:00