Commit Graph

1420 Commits

Author SHA1 Message Date
Dirk a5adb2f3ec fixing last T CI run 2016-09-29 21:20:13 +02:00
Dirk 68697b822e fixing last run, hopfully 2016-09-29 21:19:09 +02:00
Dirk c785087d15 - save 1x sed in count_lines/words 2016-09-29 21:03:48 +02:00
Dirk 05a0e555a7 - save 1x sed in count_lines/words 2016-09-29 20:59:13 +02:00
Dirk Wetter 83e6bf6760 Merge pull request #486 from dcooper16/no_mapping_file
Don't use mapping-rfc.txt
2016-09-29 20:34:19 +02:00
David Cooper 0676866e91 Add option for extract data from SSLv2 ServerHello
This PR adds the option for `parse_sslv2_serverhello()` to extract information from the ServerHello (server key size and cipher suites supported) and write the information to `$TMPFILE` as well as to write the server's certificate to `$HOSTCERT`.
2016-09-28 17:15:37 -04:00
David Cooper 1dddad20c9 Don't use mapping-rfc.txt
The mapping file is now only used in `show_rfc_style()`. This PR changes `show_rfc_style()` to use the `$TLS_CIPHER_HEXCODE` and `$TLS_CIPHER_RFC_NAME` arrays.

Note that `get_install_dir()` still searches for the mapping-rfc.txt in order to determine `$INSTALL_DIR`. `$INSTALL_DIR` is only used to determine the location of the CA bundles in `determine_trust()`:
```
     local ca_bundles="$INSTALL_DIR/etc/*.pem"
```
2016-09-28 15:36:49 -04:00
Dirk Wetter dfe1c09a9d Merge pull request #485 from dcooper16/sslv2_sockets
Allow cipher list to be passed to sslv2_sockets()
2016-09-28 20:34:33 +02:00
Dirk d786a94a8c output + code polishing, phrasing. lf still has space for improvements 2016-09-28 20:32:01 +02:00
David Cooper 4751a58d56 Allow cipher list to be passed to sslv2_sockets()
This PR changes `sslv2_sockets()` so that a list of ciphers may optionally be passed as an argument. This will support the use of `sslv2_sockets()` in some places where `$OPENSSL s_client` is currently used.
2016-09-28 13:46:43 -04:00
Dirk a54df8a55b fix if statement 2016-09-28 08:00:56 +02:00
Dirk 9f313f15ea added --openssl-timeout in help 2016-09-27 23:38:47 +02:00
Dirk 4d1303f5b9 TLS 1.2 sockets not anymore experimental 2016-09-27 23:33:38 +02:00
Dirk e1f9209c23 corrected version 2016-09-27 23:32:24 +02:00
Dirk aab0487a96 Merge branch 'dcooper16-openss2rfc_rfc2openssl' into 2.9dev 2016-09-27 22:55:54 +02:00
Dirk 15843c6475 Merge branch 'openss2rfc_rfc2openssl' of https://github.com/dcooper16/testssl.sh into dcooper16-openss2rfc_rfc2openssl 2016-09-27 22:50:05 +02:00
Dirk Wetter b238fab3c1 Merge pull request #443 from dcooper16/remove_sockread
Replace sockread() with sockread_serverhello()
2016-09-27 22:34:17 +02:00
Dirk c028ec4ed6 Merge branch 'dcooper16-remove_sockread' into 2.9dev 2016-09-27 22:33:53 +02:00
Dirk 7eeb9876d0 Merge branch 'remove_sockread' of https://github.com/dcooper16/testssl.sh into dcooper16-remove_sockread 2016-09-27 22:33:24 +02:00
Dirk 2036e1e9e0 #414 polish: filename fix for windows, handling of existence and type of timeout 2016-09-27 22:15:57 +02:00
Dirk c6da054418 Merge branch 'TKCERT-master' into 2.9dev 2016-09-27 21:48:59 +02:00
Dirk bf4dd76995 Merge branch 'master' of https://github.com/TKCERT/testssl.sh into TKCERT-master 2016-09-27 21:48:43 +02:00
Dirk Wetter 144e2c20cf Update Readme.md 2016-09-27 00:08:01 +02:00
Dirk Wetter 092badc55a Update Readme.md 2016-09-27 00:01:13 +02:00
Dirk Wetter e59efb0313 Merge branch 'master' of github.com:drwetter/testssl.sh 2016-09-26 23:48:08 +02:00
Dirk Wetter 556d637069 updated 2016-09-26 23:47:39 +02:00
Dirk Wetter 76e9a58223 Delete openssl.Linux.armv7l 2016-09-26 23:31:21 +02:00
Dirk Wetter 9a4211e867 Delete openssl.Darwin.i386 2016-09-26 23:30:55 +02:00
David Cooper 6ded937b14 Merge branch 'master' into remove_sockread 2016-09-26 17:02:53 -04:00
David Cooper ee0279edd7 Merge branch 'master' into openss2rfc_rfc2openssl 2016-09-26 17:01:46 -04:00
Dirk Wetter 7e729d26cd Darwin 64bit binary, see https://gist.github.com/jpluimers/9257ba6e27afea1b98376d9d4411c88c 2016-09-26 22:52:26 +02:00
Dirk Wetter 2201c59ba3 FIX #477: check also for ALPN as TLS extension 2016-09-26 21:47:57 +02:00
David Cooper 98663b4c72 Merge branch 'master' into remove_sockread 2016-09-26 09:46:27 -04:00
David Cooper 1c3bf3e592 Merge branch 'master' into openss2rfc_rfc2openssl 2016-09-26 09:45:28 -04:00
Dirk Wetter fcdc15b24b no STARTTLS for NPN, preparing #477 2016-09-24 16:59:28 +02:00
Dirk Wetter 0cadeefb05 cleanup #473 2016-09-24 16:07:23 +02:00
Dirk Wetter 679d1b9c1f Merge pull request #473 from nachtgeist/issue-467
Fix handling of empty argument to "-nextprotoneg" parameter
2016-09-24 16:01:47 +02:00
Dirk Wetter f24770f6f4 Merge pull request #478 from wdhongtw/master
Remove duplicated do_rc4 in debug_globals()
2016-09-24 13:13:15 +02:00
Weida Hong 566623c4a9 Remove duplicated do_rc4 in debug_globals() 2016-09-24 15:10:10 +08:00
Daniel Reichelt 4f04820c76 Fix handling of empty argument to "-nextprotoneg" parameter
s_client's manpage states for -nextprotoneg:

"Empty list of protocols is treated specially and will cause the client
to advertise support for the TLS extension but disconnect just after
reciving ServerHello with a list of server supported protocols."

Consequently, the previous workaround of just quoting an empty variable
is insufficient and the "-nextprotoneg" parameter has to be removed
entirely from the command-line in case of an empty argument.

In other locations where "-nextprotoneg" is used
- its argument cannot be empty ($NPN_PROTOs is initialized to a non-
  empty value and set read-only) or
- its argument is intended to be empty (line 3724) or
- the command will not be invoked at all (for-loop parameter, line 3725)

This fixes #467 - again.

Additionally this patch prefers usage of -alpn over -nextprotoneg if the
openssl binary used supports it.
2016-09-22 16:53:54 +02:00
David Cooper b01f9c8132 Merge branch 'master' into remove_sockread 2016-09-21 16:12:39 -04:00
David Cooper 73d535ebb4 Merge branch 'master' into openss2rfc_rfc2openssl
Conflicts:
	testssl.sh
2016-09-21 16:11:55 -04:00
Dirk Wetter ddbf4caa46 FIX #476 2016-09-21 21:59:50 +02:00
Dirk Wetter 802a6da92c - centralized some HAS_* vars from s_client 2016-09-21 21:42:45 +02:00
Dirk Wetter 9afbba1e04 - 3DES removed from \'MEDIUM\'
- preparation to show cipher string in std_cipherlists
- global var for HTTP_STATUS_CODE, allowing a hint for web application wrt to e.g. cookies
2016-09-21 20:32:04 +02:00
David Cooper b7fbd13f1a Merge branch 'master' into remove_sockread 2016-09-14 14:37:14 -04:00
David Cooper 63fec45f3f Merge branch 'master' into openss2rfc_rfc2openssl 2016-09-14 14:36:15 -04:00
Dirk Wetter 05fe064763 Merge pull request #472 from knweiss/referenced_but_not_assigned3
run_rp_banner(), run_application_banner(): Three issues
2016-09-14 16:33:47 +02:00
Karsten Weiss 42e9406ee1 run_rp_banner(): Fix indentation. 2016-09-14 12:24:54 +02:00
Karsten Weiss 6a6d4880d6 run_application_banner(): Fix modified in subshell bug.
Refactor the while loop so it doesn't use a subshell anymore. Also use
"read -r" to prevent backslash escaping.

```
In testssl.sh line 1193:
               app_banners="$app_bannersline"
               ^-- SC2030: Modification of app_banners is local (to subshell caused by pipeline).

In testssl.sh line 1195:
          fileout "app_banner" "WARN" "Application Banners found: $app_banners"
                                                                  ^-- SC2031: app_banners was modified in a subshell. That change might be lost.
```

Found by ShellCheck.
2016-09-14 12:24:44 +02:00