(Backport of 2.9.5 branch)
This commit fixes#1123 where a security header containing an asterix lead
to a local filename expansion which was included in the CSV file output.
A new function fileout_csv_finding() addresses this.
Also if "$GIVE_HINTS" isn't true the headline and each line in the CSV file doesn't include
anymore the word hint -- which is more consistent with the JSON output.
This addresses a bug where openssl s_client connects hiccuped
because of newer config files which our openssl 1.0.2 couldn't
swallow.
It appeared first on Debian.
FIX#1117FIX#1098
This PR fixes#1100 where those cmdline options were supplied
and also the IPv4 address was tested.
It also lables supplied IPv6 addresses as AAAA records
instead of A records.
Still, determine_ip_addresses() has space for improvements.
Some comparisons fixed strings popped up during debugging were polished
to avoid internal quoting
[[ $VAR == "teststr" ]]
will be otherwise expanded to
[[ $VAR == \t\e\s\t\s\t\r ]]
Backport of b6cc01a558:
-----
This commit is a FIX for #1069, thus when running in
wide mode it corrects an additional line feed which
happened sometimes.
As @dcooper16 pointed out it also cleans up the needless
if-statements in run_rc4(), run_lucky13() and run_beast().
It also inserts for wide mode lines a blank so the alignment
is not at the left border anymore (check for leftovers
needed).
This is a backport of #1039 to 2.9.5. Log from David Cooper:
There is currently a problem if mass testing is being performed, JSON and/or CSV output is to be produced, the parent process calls `fileout()`, and each child process have its own output file for the JSON and/or CSV output. The can be seen, for example, with the following:
```
testssl.sh --openssl=openssl_1.1.1 --file test_servers.txt --csvfile output_dir --jsonfile output_dir
```
A call will be made in the parent process to report that openssl_1.1.1 has "No engine or GOST support via engine." `fileout()` will try to write to output_dir, which will result in an error.
This PR fixes the problem by checking that the file to be written to is not a directory (as is already done in `html_out()` for HTML output).
NOTE: At some point, a change should be made so that all of these checks are performed once (probably in `html_header()`,`csv_header()`, and `json_header()`), with the results being stored in a variable, so that these file operations do not need to be performed each time output is to be written to one of these files.
This is a backport of 8149c2d5cf.
In certain situations while testting for CCS injection it could have happened
that an error code was sent which was not interpreted properly by testssl.sh.
(https://tools.ietf.org/html/rfc5246#section-7.2)
This has now been fixed and thus addresses #906. Also it has been made sure
that other error codes are reported appropiately.
The case where this test failed before was a non-patched Ubuntu 12.04
with openssl/postfix on port 25.
For enddate conversion there's no need to tell ``date``
to convert the time including the TZ. MacOS X' date hiccups
when this will be done (strangely, FreeBSDs are fine).
bash 3.2 is now a minium requirement and it is being tested.
It refuses to run if anything lower is detected/
Rollback of d5c86a8df2, see #999
Backport (f812403292) for OpenBSD date.
Also adding LibreSSL not to warn bceause of trust reliability
POP3 STARTTLS handshakes were often unsuccessful as
a regex wasn't properly escaped.
Furthermore if a STARTTLS handshake doesn't succeed, there's
a warning now.
See #908 and f61b701f5a
In order to have better debugging info the TLS alert message is printed
in clear. Messages code and text assignements was moveed to a separate
function.
SWURL contained for historical reasons trailing blanks
for released versions.
This caused an error in pr_boldurl --> html_out which
didn't write the trailing style info and didn't close
the href tag (travis complained.)
This patch removes the trailing blank but it doesn't
fix the error
