Commit Graph

4284 Commits

Author SHA1 Message Date
David Cooper
526d25bc1d Don't test for certificate compression if --ssl-native
This commit changes run_server_defaults() so that the test for certificate compression is not run in --ssl-native mode. This fixes an issue that was caught by 21_baseline_starttls.t.
2021-08-05 10:37:37 -04:00
David Cooper
fa1ccdb565 Check for RFC 8879 certificate compression
This commit adds a check for whether the server supports certificate compression (RFC 8879). If it does, then the list of supprted compression methods is output in the server's preference order.
2021-08-04 14:39:12 -04:00
Dirk Wetter
b603d57146
Merge pull request #1952 from drwetter/fix_1717
Look-ahead trick for -U --ids-friendly
2021-08-01 17:47:11 +02:00
Jauder Ho
91970a2214
Merge branch 'drwetter:3.1dev' into 3.1dev 2021-07-31 14:28:57 -07:00
Dirk Wetter
a3ab6cd887
Merge pull request #1950 from drwetter/digrc
Ignore $HOME/.digrc
2021-07-31 18:49:57 +02:00
Dirk
6cf7521184 Look-ahead trick for -U --ids-friendly
If the order of the cmdline is '-U --ids-friendly' then we need to make sure we catch --ids-friendly. Normally we do not,
 see #1717. The following statement makes sure. In the do-while + case-esac loop  the check for --ids-friendly will be
executed again, but it does not hurt
2021-07-31 18:27:03 +02:00
Dirk
439aad1f22 Ignore $HOME/.digrc
Newer dig versions have an option to ignore $HOME/.digrc, older don't.

This commit adds a patch checking for the availability of such an option and
uses it by default. See #1894 .

If this option doesn't exist then still dig is used and can still lead to
wrong output. Unfortunately Debian-based distros are not very
good at this. Debian 10, Ubuntu 18.04 still use dig 9.11, whereas
Opensuse 15.2 has 9.16. Debian 11 and Ubuntu 20.04 use that too.
2021-07-31 15:14:22 +02:00
Dirk Wetter
c40a3a7d02
Merge pull request #1946 from drwetter/noitalics4screen
Disable ANSI codes for italic when TERM == screen
2021-07-31 13:57:11 +02:00
Dirk
525a40a653 Disable ANSI codes for italic when TERM == screen
... otherwise it is being printed in reverse, see #1928.
2021-07-31 13:17:55 +02:00
Dirk Wetter
46862ecc84
Merge pull request #1945 from drwetter/alpine
Upgrade to alpine 3.13
2021-07-30 18:01:25 +02:00
Dirk Wetter
68c5acb556
Upgrade to alpine 3.13 2021-07-30 18:01:12 +02:00
Dirk Wetter
820b728bc4
Merge pull request #1943 from drwetter/email-contrib
E-Mail as a contribution possibility
2021-07-30 15:02:19 +02:00
Dirk Wetter
2b74e9f55d
E-Mail as a contribution possibility
As some people may have a problem with the owner of github.
2021-07-30 15:01:39 +02:00
Dirk Wetter
2935ecc2e1
Merge pull request #1938 from drwetter/nmap_portdetection_1931
Improved SSL/TLS portdetection in nmap greppable files
2021-07-30 09:48:50 +02:00
Dirk Wetter
70d40b416b
Merge pull request #1940 from dcooper16/print_spaces_faster
Print consecutive spaces faster
2021-07-30 09:21:50 +02:00
David Cooper
fc310301f1 Print consecutive spaces faster
This commit adds a new function, print_n_spaces(), which prints a sequence of (up to 80) space characters.

This new function is used to replace a few places in testssl.sh in which a sequence of space characters is printed by calling 'out " "' in a loop. The new function is much faster than the current code, so it will make testssl.sh run slightly faster.
2021-07-29 15:12:27 -04:00
Dirk
59c0b38140 see previous commit 2021-07-25 17:14:12 +02:00
Dirk
defed8705b Extend TLS/SSL port detection
As mentioned in #1931 the port detection for nmap greppable files
leaves space for improvements.

Ths PR adds a pattern detection of ssl and https in the forth or fifth
parameter of an open port, so those ports will be added to a scan when
a nmap greppable output file is as input to testssl.sh .

Also it does minor code adjustments to utils/gmap2testssl.sh .
2021-07-25 17:09:30 +02:00
Dirk Wetter
18dfa26e48
Merge pull request #1936 from drwetter/fix_1935
Fix problem when nmap file has .txt extension
2021-07-25 16:34:58 +02:00
Dirk
b1c1d250cf Redo utils/gmap2testssl.sh
.. mainly copied from testssl.sh. Also it adds a detection for the
strings ssl and https. If those run at non-stanadard ports but nmap
detected it, it'll show up in the output file.

That will be backported to the main program, see #1931 .
2021-07-25 16:28:50 +02:00
Dirk
5a7b7d8b8e Fix problem when nmap file has .txt extension
This addresses a bug filed in #1935 in 3.1dev when the supplied file
has a .txt extension. In this scenario the input file was nulled
as from the input file in nmap format an internal input file was
generated which has a .txt extension, in the same directory.
The idea was to persist the file for the user.

Now, this internal input file is ephemeral and only written to $TEMPDIR.
2021-07-25 13:05:40 +02:00
Dirk Wetter
05d087a564
Merge pull request #1933 from drwetter/drwetter-patch-1
Update bug_report.md
2021-07-21 09:22:38 +02:00
Dirk Wetter
8203049154
Update bug_report.md 2021-07-21 09:22:01 +02:00
Jauder Ho
ea4d939f8f
Create dependabot.yml 2021-07-01 19:32:33 -07:00
Dirk Wetter
56dcbcdc15
Merge pull request #1924 from drwetter/fix_1915
Fix redundant message (BREACH) when client certificate required
2021-06-22 08:25:29 +02:00
Dirk Wetter
f4bb1a20e2
Merge pull request #1925 from PeterDaveHello/Add.dockerignore
Ignore FreeBSD & macOS OpenSSL binary in Dockerfile
2021-06-19 18:17:51 +02:00
Peter Dave Hello
f0970aff90 Ignore FreeBSD & macOS OpenSSL binary in Dockerfile
There is no need to add non-Linux binary in the Dockerfile here.
2021-06-19 22:22:59 +08:00
Dirk
28d9bc483d Fix redundant message (BREACH) when client certificate required
same as #1916.

Fixes #1915
2021-06-19 15:27:03 +02:00
Dirk Wetter
9f0d0c0062
Merge pull request #1921 from drwetter/gha_denylist
Github actions modifications
2021-06-19 12:30:00 +02:00
Dirk
2af7860a3c Remove mac osx
... apt is probably not the right thing ;-)
2021-06-19 11:17:52 +02:00
Dirk
247d08882e GHA: Fix push + PR
see https://github.community/t/how-to-factor-paths-in-common-for-push-and-pull-request/115967/2

TL;DR:  There is no way to specify the common paths for two events
2021-06-19 11:12:00 +02:00
Dirk
5cd97ddcb9 Correct YAML error in GHA + add macOS
- yamllint to the rescue. Still shows an error though:
  4:3       error    syntax error: expected <block end>, but found '<block mapping start>' (syntax)

- added macos, see https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners
2021-06-19 10:45:08 +02:00
Dirk
b8a9b9c6db Github actions modifications
- define deny list of files when modified not to run GHA
- specRitfy OS to be ubuntu-20.04 (is there a debian at all?)
- only use perl 5.26

While researching I stumbled over mac.osx as an OS one can specify. If anybody
knows whether this is really macosx (license?) please let me know. That
would be a great addition for CI. (Couldn't find BSD yet...)

See #1920
2021-06-19 09:20:48 +02:00
Dirk Wetter
2d3bd724fc
Merge pull request #1912 from PeterDaveHello/MakeShellScriptShebangConsistent
Make Shell Scripts' Shebang more consistent
2021-06-18 08:59:22 +02:00
Dirk Wetter
cb844557f8
Merge pull request #1913 from PeterDaveHello/CorrectExitUsage
Correct `exit` using, the exit status should be 0~255
2021-06-18 08:55:22 +02:00
Dirk Wetter
35c43719dd
Merge pull request #1919 from drwetter/rm_travisCIhook
Remove travis CI hook
2021-06-18 08:47:52 +02:00
Dirk Wetter
f91c0251be Rmeove travis CI hook
.. as we're using GHA now
2021-06-18 08:44:36 +02:00
Peter Dave Hello
ce634f7deb Correct exit using, the exit status should be 0~255
According to the POSIX Programmer's Manual, the exit status specified by
the unsigned decimal integer. If n is specified, but its value is not
between 0 and 255 inclusively, the exit status is undefined.

By cross reference the usage between different scripts in this project,
it looks like we could simply remove the `-` before the number.
2021-06-15 16:04:23 +08:00
Peter Dave Hello
4de952a4dd Make Shell Scripts' Shebang more consistent
Consider most of the scripts use bash in the project, should maybe just
use it, instead of /bin/sh in all the scripts.
2021-06-15 15:52:49 +08:00
Dirk Wetter
17b172229d
Merge pull request #1909 from mikelolasagasti/gha
Add GitHub Actions testing
2021-06-07 09:16:31 +02:00
Mikel Olasagasti Uranga
ebcd3105c8 Add GitHub Actions testing 2021-06-06 21:06:58 +02:00
Dirk Wetter
7da45a81f8
Merge pull request #1905 from drwetter/tz_fix+
Display time as suggested in utc (3.1dev)
2021-06-03 20:19:29 +02:00
Dirk Wetter
e1be4eabd2 Display time as suggested in utc (3.1dev)
See #1895
2021-06-03 19:24:50 +02:00
Dirk Wetter
0da8ce02cd
Merge pull request #1904 from PeterDaveHello/AddBasicEditorConfig
Add a basic .editorconfig into project
2021-06-01 14:26:47 +02:00
Dirk Wetter
83909dec0c
Merge pull request #1903 from PeterDaveHello/MakeVimModelineConsistent
Add missing vim modeline config in sh & perl files
2021-06-01 11:20:33 +02:00
Peter Dave Hello
f447ca466b Add a basic .editorconfig into project, close #1901 2021-06-01 14:51:06 +08:00
Peter Dave Hello
cbae32e5a4 Add missing vim modeline config in sh & perl files, cc #1901 2021-06-01 14:40:24 +08:00
Dirk Wetter
737ea1e7e5
Merge pull request #1902 from PeterDaveHello/MakeVimModelineConsistent
Make vim modeline config consistent
2021-06-01 08:34:23 +02:00
Peter Dave Hello
9e61b8ba13 Make vim modeline config consistent, cc #1901 2021-06-01 14:31:31 +08:00
Dirk Wetter
1d306db062
Merge pull request #1900 from PeterDaveHello/ShebangConsistency
Make Shell Scripts' Shebang more consistent and portable
2021-05-31 10:17:47 +02:00