This fixes#1779. There was a problem introduced in
3cd1273439 which counted
the size of the file name rather than the size of the
socket reply.
The helper function count_chars() is now not used anymore.
It maybe useful in the future though.
* also ca_hashes.txt
* Used Java SDK 15 instead of JRE 8
* Used Windows 20H2
* Java Keystore has added 5 certificates (90 --> 95)
Updated Readme and make it more reproducible
Sometimes it is needed to overwrite existing output files.
This has been requested in the past (#927). For safety reasons
it was not implemented.
However I realized that it could be useful. It requires some
responsible usage though.
Code added, help() and manpages added -- warnings added too.
While we are not sure yet how we deal with "other" colors and different
backgrounds users can have, I'll remove the light cyan here until we
settle on a standard. (other=not yellow,reds,brown,greens)
Despite the fact google doesn't support RC4 ciphers, testssl.sh called
sslv2_sockets(). Google answered with a >= TLS alert. Building a sum then
failed then in sslv2_sockets().
This fixes sslv2_sockets() and introduces count_chars() as a helper function
(tested also under old FreeBSD to make sure it works under MacOSX).
This fixes#1754 by avoiding further strings operations if the socket
reply is empty as bash 5.1 seems to have a problem with that. The fix
is done in sslv2_sockets() .
Also sslv2 is not being used in run_freak() if known not to be supported.
XMPP can be used with SNI in two contexts:
- Standard RFC 6120 STARTTLS-based connections; in that case, SNI
is most likely to be ignored, as XMPP uses another way to signal
the target domain name (via the @to attribute on the stream
header, which is already set correctly by testssl.sh). However,
setting SNI to a different value than the @to attribute may
lead to confusion.
- XEP-0368 (XMPP-over-TLS) connections which omit the STARTTLS
phase and go right for TLS (and inside that, XMPP). In that case,
SNI is obviously required to be correct. XEP-0368 specifies that
the SNI name MUST be the domain name of the service (not
necessarily the host name of the endpoint, thanks to SRV
records).
Hence, this patch forces the SNI name to be the --xmpphost value,
if --xmpphost is given. Note that it blatantly ignores whether
XMPP is used otherwise.
Travis failure was due to debug output in function which return a string.
The debug statement was removed, (stderr would have been choice \#2).
Issuer is heading now the intermediate certificate section, not
sure whethe this is redundant info.
Dirk Wetter
David Cooper
Klaus Eisentraut
tosticated
tosticated
Chad Brigance
Jonas Schäfer