* Upgrade both GHCR and Docker hub foile to alpine 3.2
* uses openssl version 3.3 as a alternative to option (default is still "ours"
* docker 3.0 yml hast now ubuntu-22.04 (not EOL) + "latest" omitted
... for readablity and bugs to be filed (see #2506)
This PR defines a short string for the OpenSSL banner as some suppliers have
makde them (unnecessarily) long so that it won't fit in the banner.
The banner also now omits the built line nad bash version when scanning
as for the user it is normally not important.
Same as #2528, only for the 3.0 branch.
- Mozilla: 2024-7-02
- Debian 12, ca-certificates from 20230311
- JDK 21.04
- Apple via https://github.com/apple-oss-distributions/security_certificates (according to git log latest change Fri Dec 15 00:44:35 2023)
- Microsoft via CertUtil (date of this PR)
Modified Readme to reflect that the Apple CA certificates are better to retrieve from GH and clarified minor things.
This also fixes#2525 (for 3.0), where >=2 certificates were missing.
Local and ULA and other IPv6 adresses were incorrectly filtered by ``awk '/^[0-9]/ { print $1 }'`` which searches in the first term for numeric values only.
This PR adds a-f and fixes#2529 for the 3.0 branch.
This commit fixes drwetter#2502 in the 3.0 branch by checking that the key_share extension is at least 4 bytes long (8 in ASCII-HEX). These 4 bytes encode the group value (2 bytes) and the length of the key (2 bytes).
The actual code grep for "MongoDB" keyword in the head of the HTTP
session.
In case of "compressed" HTML, a big page is on one line.
On a IT page, we could encounter the "MongoDB" keyword and
miss-identify the application protocol.
Fixed by matching on a longuer string taken from a live MogoDB
server.
Implemnation for 3.0, 3.2 see #2450
If a user chose a broken umask testssl.sh will start but emits subsequent errors.
This patch adds two sanity checks whether it is allowed to create and read files in the temp directory.
Fixes#2449
What was problematic was the error message when the certificate stores were missing. This fixes it by redirecting the error message to /dev/null so that if the sub function detects the missing file it returns with an error by the program and not by executing "basename"
As for 3.2 this is for the 3.0 branch.
This PR includes two tweaks:
* it helps avoiding the bug querying OCSP responder #2329 by adding
openssl. The openssl supplied has a mimor DNS lookup problem due
to glibc / musl libc compatibilty issues
* by adding openssl also it helps a bit for some performance problems
related to other projects, see #2314
Also the git binary is removed (#2315).
Thanks to @polarathene for the discussions
