Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-11-22 16:45:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,209 Commits 16 Branches 35 Tags
76824b57620c23b239151e2cba984bc7b169d4ee
Commit Graph

5209 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk
76824b5762 Fix and improve Opossum 
Under some circumstances the opossum vulnerability check got stuck
because the cat commdn was waiting for reading from the descriptor.
In some case like #2950 this happened when the HTTP head command
was incorrectly send in the first place.

This PR makes sure that the HTTP head is correct and it replaces
cat by read in a loop so that the HTTP response is read without
being blocked.

Also for http_head_printf() the argumensats passed were cleaned up.
 2025-11-19 20:55:20 +01:00
Dirk Wetter
ae48b680fa Merge pull request #2945 from magnuslarsen/3.3dev 
feat: --rating-only flag to only test checks required for rating
 2025-11-13 08:00:15 +01:00
Magnus Larsen
640444e1fc feat: --rating-only flag to only test checks required for rating 2025-11-12 11:14:16 +01:00
Dirk Wetter
932c91f67c Merge pull request #2941 from testssl/dependabot/github_actions/actions/checkout-5 
Bump actions/checkout from 4 to 5
 2025-11-11 16:46:21 +01:00
dependabot[bot]
bdf62198a8 Bump actions/checkout from 4 to 5 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-11 00:10:32 +00:00
Dirk Wetter
4ba3500b0b Merge pull request #2940 from testssl/shellcheck_cherrypicked_2428 
Shellcheck cherrypicked from PR #2428
 2025-11-10 14:37:35 +01:00
Dirk Wetter
d4cc41405f Skipping push as it seems expensive and may cause delays 
... no bypasses for direct commit for those changes anyway
 2025-11-10 12:29:05 +01:00
Dirk Wetter
2fcd01c693 fix FP 2025-11-10 12:15:58 +01:00
Dirk Wetter
0347f2ffee 24.04 Ubuntu's instead of latest 2025-11-10 12:05:42 +01:00
meisam
191b1e791d add shellcheck to ci 2025-11-10 12:01:06 +01:00
Dirk Wetter
f219fd6ca3 Merge pull request #2938 from testssl/fix_2937 
Fix pattern for matching /etc/hosts entries
 2025-11-03 23:39:04 +01:00
Dirk
da8a6f2f34 Fix pattern for matching /etc/hosts entries 
`grep -w` matches also `string1-whatsoever` so that entries like

```
192.168.0.10 anystring anystring-apache
192.168.0.11 anystring-tomcat
```

matched 3 entries over 2 lines.

This PR fixes #2937 by improving the match pattern, so that
`string1` needs a trailing whitespace or a EOL -- besides a
leaing whitespace.
 2025-11-03 22:30:26 +01:00
Dirk Wetter
c19d3fff0c Merge pull request #2935 from testssl/fix_2933 
Add new Sectigo R46 cert, update Java/Mozilla.pem
 2025-11-01 18:00:27 +01:00
Dirk
3e495f456a Add new Sectigo R46 certs + update Java/Mozilla.pem 
Fixes #2933 .
 2025-11-01 14:15:36 +01:00
Dirk Wetter
a0c99d855e Merge pull request #2934 from testssl/shorten_badssl 
Shorten badssl GHA as they fail too often
 2025-10-30 20:41:46 +01:00
Dirk
1ce514d95f Shorten badssl GHA as they fail too often 
* Remove checks which aren't needed in t/51_badssl.com.t t/33_isJSON_severitylevel_valid.t
* tryying to make some files more readable
 2025-10-30 18:35:43 +01:00
Dirk Wetter
0b9715c239 Merge pull request #2930 from testssl/fix_2929 
Fix date parsing bc of locale problem
 2025-10-30 15:54:23 +01:00
Dirk
da436e7d87 Fix date parsing bc of locale problem 
The new block making sure that rust coreutils work properly (PR #2913)
introduced a new check in order to determine which date functions
to use.

The function however parsed only for English error messages ("No such file").
This PR fixes that by setting LC_ALL to C.

Fixes #2929 .
 2025-10-30 13:30:08 +01:00
Dirk Wetter
d3a96d9382 Merge pull request #2927 from testssl/fix_2926_ua_sneaky 
Update "sneaky" user agent
 2025-10-28 15:16:04 +01:00
Dirk Wetter
ce820cdaf5 Update "sneaky" user agent 
fixes #2926 for 3.3dev.
 2025-10-28 10:26:06 +01:00
Dirk Wetter
08ed5521a9 Merge pull request #2922 from testssl/shellcheck1 
Squash some shellcheck *errors*
 2025-10-13 22:10:44 +02:00
Dirk Wetter
c53e7a3955 Fix more shellcheck complaints (high severity) 
... and fine tune some comments in the beginning
 2025-10-13 21:06:02 +02:00
Dirk Wetter
8bc2185a72 Merge pull request #2923 from testssl/drwetter-patch-1 
Minor fine tuning
 2025-10-12 11:49:26 +02:00
Dirk Wetter
2cfa23e7f7 Minor fine tuning 
* version 3.2 was removed from links
* badges updated
* minor language improvements
 2025-10-12 11:34:56 +02:00
Dirk Wetter
672493ebe7 Fix check for /bin/sh 2025-10-11 18:59:51 +02:00
Dirk Wetter
7090d5fbdd Saving everything before commit/push is supposed to be better ;-) 2025-10-11 18:00:48 +02:00
Dirk Wetter
8392a4aed5 Squash some shellcheck *errors* 
and some warnings.

Five errors of type [SC2145](https://www.shellcheck.net/wiki/SC2145) are left as I am not sure whether
it'll be safe to follow the recommendation
 2025-10-11 13:19:28 +02:00
Dirk Wetter
ae69789ecb Merge pull request #2916 from testssl/update_Linux_CA_store 
Update Linux CA store
 2025-10-09 22:12:09 +02:00
Dirk Wetter
07a0aa4bef Merge pull request #2919 from testssl/update_GHAs 
Update GHAs
 2025-10-09 21:27:38 +02:00
Dirk
9ff79c472f Remove workflows/docker-3.2.yml for 3.3dev 2025-10-09 21:25:30 +02:00
Dirk
d732088923 Roff pages won't trigger a unit test anymore 2025-10-09 21:24:45 +02:00
Dirk Wetter
0a7810ea47 Update Linux CA store 
from Debian 13. Fixes #2915
 2025-10-09 20:42:21 +02:00
Dirk Wetter
df100d986b Merge pull request #2913 from testssl/fix_2909 
Fix date for Ubuntu >= 25.10
 2025-10-09 20:30:15 +02:00
Dirk Wetter
80d05c0831 Merge pull request #2912 from testssl/early_data 
TLS 1.3 early data / 0-RTT
 2025-10-09 18:55:14 +02:00
Dirk Wetter
aacde5dadb Merge branch '3.3dev' into early_data 2025-10-09 15:50:12 +02:00
Dirk
3353627373 Fix unit test for Mac and Ubuntu Linux 2025-10-09 15:44:53 +02:00
Dirk Wetter
32defa1864 Ignore MLKEMs for TLS 1.3 2025-10-09 15:44:53 +02:00
Dirk Wetter
eb915110c9 Update baseline 2025-10-09 15:44:53 +02:00
Dirk
e226a56486 Update basline scan for unit test 
This PR updates the baseline after switching to the new server.
 2025-10-09 15:44:53 +02:00
Dirk Wetter
8534e72dc3 Merge pull request #2914 from testssl/unittest_new_baseline 
Update baseline scan for unit test
 2025-10-09 15:38:37 +02:00
Dirk
6201627298 Fix unit test for Mac and Ubuntu Linux 2025-10-09 13:29:36 +02:00
Dirk Wetter
accd1f20cd Rearrange order of date checks 
works for all "older" Linux systems, MacOS, OpenBSD and according to #teki69
also Ubuntu 25.10 .
 2025-10-08 23:26:48 +02:00
Dirk Wetter
6af5377507 Ignore MLKEMs for TLS 1.3 2025-10-08 23:15:49 +02:00
Dirk Wetter
f081db83e1 Update baseline 2025-10-08 23:14:54 +02:00
Dirk Wetter
da7c713b08 Add 0-RTT 
also:
* fine tuning protocol section
* reference RFC 8470 (well..) and FIPS 203
* add a general linkto TLS related  RFCs
 2025-10-08 10:31:48 +02:00
Dirk Wetter
d637daefeb Add 0-RTT 2025-10-08 10:15:14 +02:00
Dirk
a4b6ded123 Update basline scan for unit test 
This PR updates the baseline after switching to the new server.
 2025-10-08 10:03:19 +02:00
Dirk Wetter
36bc08ce18 Fix date for Ubuntu >= 25.10 
works for
- ubuntu 24.04
- Debian 13
- openbsd 6.6 / 7.x
- macos 15.7.1

Fixes #2909
 2025-10-07 23:23:09 +02:00
Dirk Wetter
e0401b6207 TLS 1.3 early data / 0-RTT 
This PR implements a check for TLS early data. It needs a compatible OpenSSL or
LibreSSL version. For modern OS versionis it should automagically pick the right,
modern binary for the check.

Mitigations like Defer processing or HTTP 425 are not yet tested.

To clarify is
* whether to penalize SSLlabs rating (@magnuslarsen). testssl.net has it
   enabled but the Web UI claims it's not a/v, see
  https://www.ssllabs.com/ssltest/analyze.html?d=testssl.net&s=172.67.205.231&hideResults=on&latest
* Man pages

To be in line with other HAS2_* global vars (HAS2_QUIC, HAS2_UDS), the following
vars were renamed from their OPENSSL2_HAS_* counter parts:

- HAS2_TLS13
- HAS2_CHACHA20=false
- HAS2_AES128_GCM=false
- HAS2_AES256_GCM=false
 2025-10-06 17:03:56 +02:00
Dirk Wetter
3ece1e4b11 Merge pull request #2911 from testssl/early_data_preparation 
Define vars for early data
 2025-10-05 21:34:53 +02:00