Commit Graph

4171 Commits

Author SHA1 Message Date
Dirk 6b601e22c7 adding Referrer-Policy header (FIX #604)
introduced get_san_dns_from_cert()

added two stub function get_session_ticket_lifetime_from_serverhello
2017-03-31 17:04:04 +02:00
David Cooper e03d89107b Merge branch '2.9dev' into openssl_location 2017-03-31 09:36:26 -04:00
Dirk Wetter 75c794546d Merge pull request #689 from dcooper16/run_server_defaults_cleanup
Cleanup variable definitions in run_server_defaults()
2017-03-31 12:53:46 +02:00
Dirk a480e5f699 count_ciphers is now un-sed'ed, minor improvements 2017-03-31 12:24:25 +02:00
Dirk Wetter 10ac0ffed4 Merge pull request #687 from dcooper16/child_mass_testing_env_variable
Child mass testing env variable
2017-03-31 08:44:15 +02:00
David Cooper 9f93d9d578 Move insertion of commas to a separate file
Create a separate function to insert the comma separators between findings for different tests within mass testing.
2017-03-30 12:48:25 -04:00
David Cooper d8a7037000 Add missing comma
I did some testing with http://jsonlint.com/ and discovered a missing comma when massing testing is being performed and a single JSON file is being created.
2017-03-30 12:37:41 -04:00
David Cooper 73a24cba27 Correct indentation in run_server_defaults()
This second commit doesn't make any changes to the code, it just corrects the indentation.
2017-03-30 10:27:08 -04:00
David Cooper ba2a75b093 Cleanup variable definitions in run_server_defaults()
In `run_server_defaults()` the variable `success` is defined twice, once an an ordinary variable and once as an array. The PR removes the incorrect definition. It also removes the definitions of some variables that are no longer used and reorganizes the definitions so that each line has only one variable type.

I also noticed a typo later in `run_server_defaults()` and corrected it.
2017-03-30 10:08:26 -04:00
Christian Dresen 2211a23bf0 Added Dockerfile.md, modified Dockerfile: pull with depth=1, default-cmd: --help 2017-03-30 14:41:46 +02:00
Christian Dresen c366f09043 Removed unused lines from Dockerfile for testssl.sh 2017-03-30 13:35:48 +02:00
Christian Dresen db32b1fbea Added Dockerfile for testssl.sh 2017-03-30 13:18:46 +02:00
David Cooper 603f03e79a Remove tmp.json files after use
Remove tmp.json files after use so that testssl.sh doesn't complain that they already exist.
2017-03-29 11:43:03 -04:00
David Cooper 1723374511 Remove tmp.file files after use
Remove tmp.json files are use so that testssl.sh doesn't complain that they already exist.
2017-03-29 11:42:09 -04:00
David Cooper e7c0ca13f6 Remove tmp.json files after use
Remove tmp.json files are use so that testssl.sh doesn't complain that they already exist.
2017-03-29 11:41:23 -04:00
David Cooper 04f86f9469 Fix indentation of JSON pretty banner 2017-03-29 11:22:29 -04:00
David Cooper 86c81f2276 Use CHILD_MASS_TESTING environment variable
This PR introduces the environment variable `CHILD_MASS_TESTING`, and uses it as an indicator that testssl.sh is running as a child within mass testing rather than using the `$APPEND` flag. It also makes a number of other changes to make the handling, of HTML, CSV, JSON, and log files consistent, and it fixes a number of bugs related to the generation of these files when mass testing is being performed.

Please let me know if you disagree with any of the changes in this PR, or if you would prefer that it be broken up into multiple smaller PRs.

Some of the changes are as follows:
- When the `$APPEND` flag is true, all of these files are appended to and headers and footers are omitted. (Perhaps this should be changed. Appending to a log file isn't an issue, but appending to a JSON or HTML file without including headers or footers seems to just create an improperly formatted file).
- Following the code in `prepare_logging()`, an error is printed and the program stops if the `$APPEND` flag is false and one of the files to be written to already exists.

Some of the bugs fixed:

Creating log files did not work with mass testing:
- If `--logfile <logfile>` is used, then the parent and each child try to write to "logfile".
- If `--logging` is used, then a log file is created for each child, but an oddly-named log file is also created for the parent. The one created by the parent contains the entire output.

Plain JSON files:
- When `--jsonfile <jsonfile>` is run, there is no comma separating the final finding for one child and the first finding for the next child.

Pretty JSON files:
- When `--jsonfile-pretty <jsonfile>` is called without mass testing, the "target host" line is empty, since `$NODE` has not yet been set.
- When `--jsonfile <jsonfile>` is run with mass testing, there is no comma separating the final finding for one child and the first finding for the next child. In addition, `fileout_pretty_json_banner()` is never called, and the entries for individual tests have insufficient information to determine what is being tested (it lists "service" and "ip", but not port number).

For the final issue, when mass testing is being performed and all output is being placed in a single file, I have the parent call `fileout_pretty_json_banner()`, but tell `fileout_pretty_json_banner()` to not include a "target host" or "port", but then have each child include a "target host" or "port" (when the "service" and "ip" are being printed).
2017-03-29 11:16:09 -04:00
David Cooper 312598837f Merge branch '2.9dev' into openssl_location 2017-03-29 09:01:38 -04:00
Dirk 7953bfda5e correct DEBUGTIME 2017-03-29 11:17:24 +02:00
Dirk 05ea5675b8 one line per variable type 2017-03-29 10:44:22 +02:00
Dirk Wetter 2f8bc2e77a Merge pull request #686 from dcooper16/out_row_aligned_max_width
out_row_aligned_max_width()
2017-03-29 10:39:04 +02:00
David Cooper 227a31b788 out_row_aligned_max_width()
This PR improves `out_row_aligned_max_width()` in a few ways:

* It makes better use of bash's string manipulation capabilities in order to simplify the function.

* It improves the function's performance. One of the most costly parts of `out_row_aligned_max_width()` was the while loop to print each entry in the text. Since there is only one place in the code where the the entries are not all printed the same ways (the list of supported curves printed by `run_pfs()`), the PR changes `out_row_aligned_max_width()` to just return a plain text string, which the calling function prints in the appropriate way. For the curves printed by `run_pfs()`, a new function, `out_row_aligned_max_width_by_entry()` takes care of getting the output from `out_row_aligned_max_width()` and then printing each entry appropriately.

* The PR also introduces a trick so that when the TLS extensions are printed, the text for an extension won't get split across two rows. It does this by replacing the space charters within the text for an extension with "}", formatting the result with `out_row_aligned_max_width()`, and then converting the "}" back to space characters.
2017-03-28 13:54:54 -04:00
David Cooper 572d081882 Merge branch '2.9dev' into openssl_location 2017-03-28 08:54:52 -04:00
Dirk 53de1dc7c4 clarified help() 2017-03-28 12:07:45 +02:00
David Cooper 6ca55014ed Merge branch '2.9dev' into openssl_location 2017-03-27 15:58:43 -04:00
Dirk e2d5dc7778 part 2/2: fix for #653 2017-03-27 21:31:54 +02:00
David Cooper eca636f284 Merge branch '2.9dev' into openssl_location 2017-03-27 15:22:18 -04:00
Dirk Wetter 7df453c7f3 Merge pull request #683 from dcooper16/missing_html_banner
Missing HTML banner
2017-03-27 21:12:35 +02:00
David Cooper 3b7264ff1f Populate OPENSSL_LOCATION in find_openssl_binary
`$OPENSSL_LOCATION` is used in `fileout_pretty_json_banner()`, `html_banner()`, `mybanner()`, and `prepare_logging()`, but the value of `$OPENSSL_LOCATION` is populated in `mybanner()`. This is usually okay, since `mybanner()` is always called before the other three functions are called. However, if `$QUIET` is `true`, then `mybanner()` returns immediately, without populating `$OPENSSL_LOCATION`, even though the value of `$OPENSSL_LOCATION` may be needed by one or more of the other functions.

This PR addresses this problem by populating `$OPENSSL_LOCATION` in `find_openssl_binary()` rather than `mybanner()`.
2017-03-27 14:54:47 -04:00
David Cooper 684c231dcd Merge branch '2.9dev' into missing_html_banner 2017-03-27 12:36:14 -04:00
Dirk 38cf16854d FIX #682 2017-03-27 17:35:45 +02:00
David Cooper d629cbcc28 Missing HTML banner
With the commit made on March 26, "partly (1/2) fixing #653," an HTML banner isn't added to the HTML files anymore.  A banner should be added to the top of the HTML file if mass testing is being performed and a separate HTML file is being created for each test.

The `$APPEND` flag being `true` is an indicator that mass testing is being performed and that this is one of the individual tests being run. Given that `$APPEND` is `true`, `$HTMLHEADER` being `true` indicates that testssl.sh is creating the file name for the HTML output. So, it is when both flags are `true` that the HTML banner should be created.
2017-03-27 10:52:24 -04:00
Dirk bcc597dbab clarify help #680 2017-03-27 11:37:18 +02:00
Dirk c0af8b113f FIX #680 2017-03-27 11:29:21 +02:00
Dirk 7543aa30fb make travis mute again / introduce DEBUG_ALLINONE to use script for debug output all in one file 2017-03-27 08:59:29 +02:00
Dirk 9f1877b192 save work (still double footer, see #653) 2017-03-27 00:54:38 +02:00
Dirk a8b2dfec40 allow '=' after --htmlfile 2017-03-27 00:34:42 +02:00
Dirk 13ba1ce966 partly (1/2) fixing #653 2017-03-27 00:30:42 +02:00
Dirk c281956f6e ifix xtrace 2017-03-26 19:34:02 +02:00
Dirk e268a1564a * include runtime per default in "Done" banner
* enable better performance analysis
* minor polish
2017-03-25 19:37:30 +01:00
Dirk 10bbbd9334 minor cleanups 2017-03-25 13:23:21 +01:00
Dirk Wetter 039b293790 Merge pull request #679 from dcooper16/std_cipherlists_debug
Fix std_cipherlists with debug
2017-03-25 12:36:46 +01:00
Dirk 4ae1597b2b FIX #543 2017-03-25 12:26:08 +01:00
David Cooper 8d60e87040 Fix std_cipherlists with debug
`std_cipherlists()` does not include line breaks between tests in the output to the terminal when `$DEBUG` is 1, and it does not include line break between tests in the HTML output whenever `$DEBUG` is greater than 0.
2017-03-24 16:45:39 -04:00
Dirk Wetter edaffc85ec Merge pull request #674 from dcooper16/fix_client_simulation
Fix client simulation
2017-03-24 18:45:40 +01:00
David Cooper 9a86825ec2 Fix client simulation
In `create_client_simulation_tls_clienthello()` the variable `sni_extension_found` should be set if the ClientHello includes an SNI extension. Instead it was being set if and only if the ClientHello included some extension other than SNI.

This bug wasn't detected before for two reasons:

* It is rare to have a ClientHello that includes an SNI extension, but no other extensions.

* The code still works correctly if `sni_extension_found` is set even if there is no SNI in the ClientHello.

So, the bug only creates a problem if the browser's ClientHello include an SNI extension and no other extensions (see "BingPreview Jun 2014" in the client_simulation branch).
2017-03-24 11:37:06 -04:00
Dirk Wetter 3514c9d98d Merge pull request #672 from dcooper16/minor_bugs
Fix two minor bugs
2017-03-24 08:00:33 +01:00
Dirk Wetter 3879338040 Merge pull request #670 from dcooper16/client_sim_name_printing
Use printf to print browser names
2017-03-24 07:52:54 +01:00
David Cooper 3a2dd3e6d1 Fixing a third minor bug
When HTML output is not being created, the print functions last step is to call `html_out()`, which responds to `return` rather than `return 0`. This causes problems for lines of code that rely on receiving a return value of 0. For example:
```
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for LUCKY13 vulnerability " && outln
```
2017-03-23 16:43:04 -04:00
David Cooper 7f64170402 Fix two minor bugs
This PR fixes two minor bugs:

* In `run_hpkp()`, the call to `$OPENSSL s_client` includes the option `-showcerts` twice. This PR removes one of them.

* In `get_server_certificate()`, the first call to `$OPENSSL s_client` includes `$addcmd`, but `$addcmd` has not yet been initialized. Instead, `$SNI` should be used.
2017-03-23 16:19:21 -04:00