Commit Graph

3650 Commits

Author SHA1 Message Date
Dirk Wetter
4809c763cc Fix misleading phrasing in run of standard ciphers
see #1571. Bit size doesn't matter. It only matters to the
user which ciphers they are.
2020-04-21 18:46:57 +02:00
Dirk Wetter
af86cce011 Better version naming
bugfix releases for 3.0 are    3.0.x instead of 3.0-1
2020-04-15 12:35:51 +02:00
Dirk Wetter
27948d80a8
Merge pull request #1564 from drwetter/release.3.0-1
Preparing bugfix release for 3.0
2020-04-15 09:28:41 +02:00
Dirk Wetter
3f5735a1a0 make the sneaky user agent sneaky again 2020-04-14 14:14:45 +02:00
Dirk
8b1b9f9f27 Preparing bugfix release for 3.0
* Bump version
* Removed ancient CVS tag detection code
* ~ backported code doc changes (http --> https and more) from @multiflexi
  see 7eba0fbb41
2020-04-14 13:18:52 +02:00
Dirk Wetter
e51a90d7e1
Merge pull request #1557 from dcooper16/fix1551_30
Fix #1551 in 3.0
2020-04-01 22:28:47 +02:00
David Cooper
267ce87733 Fix #1551 in 3.0
This commit fixes #1551 in the 3.0 branch by changing get_cipher() to recognize RFC names that begin with SSL_*. It also modifies run_beast() so that it does not get stuck in an infinite loop if get_cipher() doesn't return a valid cipher name.
2020-04-01 13:36:39 -04:00
Dirk Wetter
ec6b724433
Merge pull request #1547 from dcooper16/display_ciphernames_bug_3.0
Fix bug in setting DISPLAY_CIPHERNAMES in 3.0
2020-03-25 18:28:30 +01:00
David Cooper
e1c27d61a6 Fix bug in setting DISPLAY_CIPHERNAMES in 3.0
This commit fixes the same bug as #1546, but in the 3.0 branch.
2020-03-25 12:59:54 -04:00
Dirk Wetter
b2252002f4
Merge pull request #1539 from mkauschi/http-basic-auth-backport-patch
backport patch for the http basic auth bug from PR 1538
2020-03-18 14:51:36 +01:00
manuel
3d60151028 backport patch for the http basic auth bug from PR 1538 2020-03-18 14:08:50 +01:00
Dirk Wetter
4601670bac
Merge pull request #1534 from drwetter/breach_output3
Fix output for BEAST when no SSL3 or TLS
2020-03-07 12:15:55 +01:00
Dirk
3f5aa1b7df Fix output for BEAST when no SSL3 or TLS
LF added
2020-03-06 22:09:00 +01:00
Dirk Wetter
1f6ebae401
Merge pull request #1532 from dcooper16/fix_typo_emphasize_stuff_in_headers_3.0
Fix typo in emphasize_stuff_in_headers()
2020-03-06 21:28:55 +01:00
David Cooper
dca5a3b860 Fix typo in emphasize_stuff_in_headers()
This commit fixes the same typo as #1531, but in the 3.0 branch.
2020-03-06 14:32:43 -05:00
Dirk Wetter
c4d2c2de48
Merge pull request #1529 from dcooper16/percent_printing_3.0
Fix printing percent characters
2020-03-06 20:04:45 +01:00
David Cooper
ed5bdffc84
Fix printing percent characters
This commit makes the same change as #1499, but in the 3.0 branch.
2020-03-06 12:21:18 -05:00
Dirk Wetter
069baa0b6e
Merge pull request #1522 from drwetter/pwdfix3
avoid external pwd
2020-03-06 15:04:18 +01:00
Dirk Wetter
488009d0cd
Merge pull request #1528 from dcooper16/fix_html_3.0
Fix HTML generation in 3.0
2020-03-06 14:55:27 +01:00
David Cooper
53f0bec0ba
Fix HTML generation in 3.0
This commit applies the same changes as #1481, but to the 3.0 branch.
2020-03-06 08:48:07 -05:00
Dirk Wetter
8e06fcc644 Avoid external "/bin/pwd"
.. as it may not be available everywhere, see #1521 (NixOS).

This commit replaces all instances from pwd or /bin/pwd by $PWD.
It is a bash internal and the fastest. Also it added some quotes
to PWD a it may contain white spaces in the future (currently
there's a check for it that it won't)
2020-03-06 13:31:48 +01:00
Dirk Wetter
4fcfb5d8f8 avoid external pwd
.. as it may not be everywhere available, see #1521 (NixOS).

This commit replaces it by `pwd -P` (-P -> no symbolic link)
2020-03-03 12:30:12 +01:00
Dirk Wetter
4dbd9a98ba
Merge pull request #1511 from drwetter/rDNS_fixes3
Fix for non compliant DNS PTR records (backport)
2020-02-15 15:23:07 +01:00
Dirk
bc9cf9f428 Fix for non compliant DNS PTR records
This commit addresses two bugs: #1506 and #1508.

First, the variable rDNS can contain multiple lines due to multiple PTR DNS
records, though this is not recommended.  In those cases the multiple PTR DNS
were concatenated on the screen, without any blank.

Secondly - depending on the name server entries and on the output of the DNS
binaries used it can contain non-printable characters or characters which are
printable but later on interpreted on the output device (\032 was mentioned
in #1506) which on the screen was interpreted as octal 32 (decimal 26 = ▒,
try echo "\032"), so basically a terminal escape sequence was smuggled
from the DNS server to the screen of the users. In JSON pretty output we
had also this escape sequence which was fine for jsonlint but caused jq
to hiccup.

Fix: we use a loop to check for each FQDN returned. There we remove chars which
under those circumstances can show up. The blacklist is taken from RFC 1912
("Allowable characters in a label for a host name are only ASCII, letters, digits,
and the `-' character").
2020-02-15 13:56:25 +01:00
Dirk Wetter
7d38f3c365
Merge pull request #1494 from dcooper16/fix_typos_3.0
Fix typos
2020-02-04 17:56:58 +01:00
David Cooper
8c29891ec8
Fix typos
Same as #1492, but for 3.0.
2020-02-04 11:35:14 -05:00
Dirk Wetter
20daaa667c
Merge pull request #1493 from drwetter/dotasurl_fix_3.0
Fix URL when hostname with trailing dot supplied
2020-02-04 17:17:57 +01:00
Dirk Wetter
f11b9023d6 Fix URL when hostname with trailing dot supplied
Hostnames can contain a trailing dot (and sometimes they should).
If they are supplied to testssl.sh however they will be also interpreted
as a URL PATH when the servive is HTTP.

This commit fixes that.

See also #1490
2020-02-04 16:32:34 +01:00
Dirk Wetter
0252316637
Merge pull request #1485 from drwetter/fix_ids_friendly
Fix --ids-friendly
2020-01-31 08:46:37 +01:00
Dirk Wetter
c4920f61e4 rename query_globals() --> count_do_variables()
.. and fix one problem instroduced with last patch (testssl.sh
din't work correclty if only an URI was supplied)
2020-01-30 22:25:10 +01:00
Dirk Wetter
073d383f76 Fix switch --ids-friendly
This switch had no effect. There was probably a regression
problem as it worked before.

Besides fixing that the large case statement in parse_cmd_line()
was simplified, in a sense that banner and help functions were
moved to a separate case statement.
2020-01-30 21:49:56 +01:00
Dirk Wetter
b0b084dcda
Merge pull request #1442 from drwetter/bump_version
bump version to final
2020-01-23 18:08:23 +01:00
Dirk Wetter
a11a060acb
Merge pull request #1456 from drwetter/changes_etc
Update attributions and changes for release
2020-01-23 18:05:50 +01:00
Dirk Wetter
a9e5bcc30c
Merge pull request #1470 from drwetter/1xmsg_squash
Squash the last futile -msg for $OPENSSL
2020-01-23 11:03:46 +01:00
Dirk
ace4098693 Squash the last futile -msg for $OPENSSL
... see also https://github.com/drwetter/testssl.sh/pull/1468#discussion_r369786007
2020-01-23 09:46:33 +01:00
Dirk Wetter
631755ceb1
Merge pull request #1464 from drwetter/further_handshakes
Further handshakes / minor changes
2020-01-22 22:30:16 +01:00
Dirk Wetter
fa4f1e4366
Merge pull request #1468 from nosnilmot/fix-xmpp-starttls
Fix XMPP starttls
2020-01-22 21:09:51 +01:00
Dirk
5083e950d2 Move debugging remainders detection to t/00_testssl_help.t 2020-01-22 21:04:23 +01:00
Dirk Wetter
ec722e0e9c
Merge pull request #1469 from dcooper16/simplify_draft_tls13_version_determination
Simplify code to determine draft TLS 1.3 version
2020-01-22 20:39:10 +01:00
Dirk Wetter
f7ab5a0821
Move quotes...
as David suggested.
2020-01-22 20:34:00 +01:00
David Cooper
43d83b27d4
Simplify code to determine draft TLS 1.3 version
This PR simplifies the code for determining which draft version of TLS 1.3 a server is offering by making use of a simple regular expression and $BASH_REMATCH rather than looping through every possible draft version.
2020-01-22 13:48:27 -05:00
Stu Tomlinson
0deea8000c Fix XMPP starttls
'-xmpphost' option required in combination with '-starttls xmpp' was missing
in determine_optimal_proto()

Also tweaked a couple of log messages
2020-01-22 18:10:58 +00:00
Dirk Wetter
7619e430f2
Merge pull request #1466 from dcooper16/fix_run_ssl_poodle
Fix run_ssl_poodle()
2020-01-22 18:05:08 +01:00
Dirk Wetter
2602e14191
Merge pull request #1465 from dcooper16/undo_copy_paste_error
Undo copy and paste error
2020-01-22 17:25:33 +01:00
David Cooper
cce57c4613
Fix run_ssl_poodle()
PR #1463 changed run_ssl_poodle() to only run the test if it is known that the server supports SSLv3. However, support for SSLv3 may be unknown at the time run_ssl_poodle() is run (e.g., if the server supports TLS 1 and SSLv3, and run_ssl_poodle() is the first test performed). So, run_ssl_poodle() should perform testing unless it is known that SSLv3 is not supported.
2020-01-22 11:20:34 -05:00
David Cooper
d49d96ae40
Undo copy and paste error
This PR removes what appears to be a copy and paste error introduced by #1463.
2020-01-22 11:14:55 -05:00
Dirk Wetter
2181061c6e
Merge pull request #1463 from drwetter/shortcurt_vulns
Shortcuts for vulnerability tests for TLS 1.3 only servers
2020-01-22 15:37:11 +01:00
Dirk Wetter
eeb1acd749 Android 9 still has 2 signature hash algos: x0201 + x0203 2020-01-22 11:41:42 +01:00
Dirk
d4d5a61a0b Hopefully make Travis shut up now
picked a TLS 1.2 host
2020-01-22 11:30:21 +01:00
Dirk
cae052cfab Address some HTML check failures in travis
(shouldn't work too late)
2020-01-22 11:29:04 +01:00