Dirk Wetter
10b3e7db55
Merge pull request #471 from nachtgeist/issue-467
...
quote argument for s_client's -nextprotoneg parameter
2016-09-14 07:24:29 +02:00
Daniel Reichelt
2a926609ca
quote argument for s_client's -nextprotoneg parameter
...
The argument to -nextprotoneg is provided in sometimes empty an unquoted
variables. Because of the missing quotes, the next word on the line "-status"
gets parsed as "-nextprotoneg"'s argument instead of enabling the OCSP status
check.
This fixes #467 .
2016-09-13 21:22:35 +02:00
Dirk
cca1b49890
- fixing wrong cipher order for URL=ipaddress
2016-09-12 21:54:51 +02:00
Dirk Wetter
4158372ab7
Merge pull request #468 from knweiss/referenced_but_not_assigned
...
compare_server_name_to_cert(): Fix unassigned vars.
2016-09-12 16:51:34 +02:00
Dirk Wetter
93c240278a
Merge pull request #469 from knweiss/referenced_but_not_assigned2
...
certificate_info(): Fix unassigned variable.
2016-09-12 16:49:33 +02:00
Karsten Weiss
b9d9a909b1
certificate_info(): Fix unassigned variable.
...
Fix referenced but not assigned variable 'sign_algo'.
In testssl.sh line 4309:
fileout "${json_prefix}algorithm" "DEBUG" "Signature Algorithm: $sign_algo"
^-- SC2154: sign_algo is referenced but not assigned.
Found by ShellCheck.
2016-09-12 16:20:05 +02:00
Karsten Weiss
7dbbe42ea0
compare_server_name_to_cert(): Fix unassigned vars.
...
Two instances of referenced but not assigned variables ('req' instead of
'ret').
In testssl.sh line 4130:
if [[ $req -eq 0 ]]; then
^-- SC2154: req is referenced but not assigned.
Found by ShellCheck.
2016-09-12 16:12:18 +02:00
Dirk
f0132dcb7f
stringer usabiliy warning for SHA1 + HTTP
2016-09-07 21:34:27 +02:00
David Cooper
7932d34fda
Updates to cipher suite table
...
Changed `Enc=CHACHA20/POLY1305(256)` to `Enc=ChaCha20(256)` and `Enc=GOST-28178-89-CNT(256)` to `Enc=GOST(256)` in order to shorten the names that are printed, so that they fit in the allocated column.
Added the four experimental post-quantum cipher suites mentioned in #462 .
2016-09-06 14:47:20 -04:00
David Cooper
3b3d16849d
Merge branch 'master' into remove_sockread
...
Conflicts:
testssl.sh
2016-09-06 11:38:54 -04:00
David Cooper
950b39122e
Merge branch 'master' into openss2rfc_rfc2openssl
2016-09-06 10:34:53 -04:00
Dirk
d1cc7b3755
FIX #426
2016-09-06 08:32:05 +02:00
Dirk
c00c98caa2
warning for SHA1 sig algo and web servers
2016-09-05 10:01:46 +02:00
David Cooper
44c37e3177
Merge branch 'master' into remove_sockread
2016-09-02 10:50:28 -04:00
David Cooper
f17a09e1d9
Merge branch 'master' into openss2rfc_rfc2openssl
2016-09-02 10:47:36 -04:00
Dirk Wetter
228296e175
Merge pull request #290 from andreild/issue-289-domain-resolution-etc-hosts
...
Fix #289 - the grep that decides whether a domain is a local address …
2016-09-02 15:38:28 +02:00
Dirk Wetter
fdcdad3faa
Merge pull request #345 from dcooper16/more_sslv2_sslv3_fixes
...
More SSLv2 (and SSLv3) related fixes
2016-09-02 09:06:52 +02:00
Dirk Wetter
caec8029f2
Merge pull request #461 from dcooper16/tls_sockets_and_no_SNI
...
Fix tls_sockets() when SNI empty
2016-09-02 08:50:35 +02:00
David Cooper
a9002ba6e6
Fix tls_sockets() when SNI empty
...
`socksend_tls_clienthello()` always includes a server name extension in the ClientHello (for TLS 1.0 and above), even if `$SNI` is empty. If `$NODE` is an IP address, then the IP address is placed in the extension, even though RFC 6066 says that only DNS names are supported in the extension.
This PR changes `socksend_tls_clienthello()` so that the server name extension is only included in the ClientHello is `$SNI` is not empty.
2016-09-01 13:22:39 -04:00
Dirk
2313aee22d
fix for previously borken HPKP_MIN value
2016-09-01 19:09:12 +02:00
Dirk
1c53160348
ups ;-)
2016-09-01 19:04:47 +02:00
David Cooper
305c8c0063
Merge branch 'master' into remove_sockread
2016-09-01 10:57:43 -04:00
David Cooper
59d4acec11
Merge branch 'master' into more_sslv2_sslv3_fixes
2016-09-01 10:56:57 -04:00
David Cooper
e10d256ae6
Merge branch 'master' into openss2rfc_rfc2openssl
2016-09-01 10:55:29 -04:00
Dirk
d665f69c72
fix #436
2016-09-01 12:42:56 +02:00
David Cooper
9ef0d1f4ea
20 lines is 320 bytes, not 160
2016-08-31 17:07:53 -04:00
David Cooper
a2f968d4ad
Undo changed behavior for CCS
2016-08-31 17:03:50 -04:00
David Cooper
d9578bb975
Merge branch 'master' into remove_sockread
2016-08-31 17:02:18 -04:00
Dirk Wetter
2613d20375
Merge pull request #460 from dcooper16/certificate_info
...
Display SNI information in "Server Certificate" line
2016-08-31 18:26:45 +02:00
David Cooper
e79e980336
Display SNI information in "Server Certificate" line
...
This PR is an attempt to address issue #447 . If more than one certificate is being displayed, then a parenthetical saying "(in response to request w/o SNI)" is added for any certificate that was obtained using `$SNI=""`.
In addition, if the certificate was obtained without SNI, then `certificate_info()` doesn't call `$OPENSSL s_client` in order to obtain the non-SNI host certificate and it does not display a separate "Trust (hostname)" finding for the non-SNI certificate.
2016-08-30 15:22:46 -04:00
David Cooper
1b548cee10
Follow https://github.com/Tripwire/OpenSSL-CCS-Inject-Test
...
Attempt to rewrite `run_ccs_injection()` to follow the logic from https://github.com/Tripwire/OpenSSL-CCS-Inject-Test .
2016-08-30 11:38:43 -04:00
David Cooper
f88ad58e72
Merge branch 'master' into openss2rfc_rfc2openssl
2016-08-29 15:03:35 -04:00
David Cooper
6e6fdf6410
Merge branch 'master' into more_sslv2_sslv3_fixes
2016-08-29 15:02:40 -04:00
David Cooper
9bcf232f0f
Check for empty byte6
2016-08-29 14:10:16 -04:00
David Cooper
3dc8754a0e
Merge branch 'master' into remove_sockread
2016-08-29 14:07:43 -04:00
Dirk Wetter
ba1ea6dcba
Merge pull request #455 from dcooper16/unsupported_purpose
...
Output correct error for unsupported certificate purpose
2016-08-29 17:39:00 +02:00
David Cooper
957225595f
Merge branch 'master' into unsupported_purpose
2016-08-29 10:17:27 -04:00
David Cooper
2abf6fc7c7
Fix merge
2016-08-29 10:14:21 -04:00
David Cooper
dea2b1a761
Merge branch 'master' into remove_sockread
...
Conflicts:
testssl.sh
2016-08-29 10:05:01 -04:00
David Cooper
01391e318a
Merge branch 'master' into openss2rfc_rfc2openssl
2016-08-29 10:00:18 -04:00
David Cooper
97b8dd1959
Merge branch 'master' into more_sslv2_sslv3_fixes
...
Conflicts:
testssl.sh
2016-08-29 09:57:36 -04:00
Dirk
f5792a1e8d
1st important fixes ;-)
2016-08-28 21:43:48 +02:00
Dirk
54a66b9d88
- minor output fixes
...
- removed "experimental" from TLS_FALLBACK_SCSV + DROWN
- bumped up version to rc2
2016-08-28 21:41:30 +02:00
Dirk Wetter
1e5b619a19
Merge pull request #427 from dcooper16/server_preference_sslv2_fixes
...
SSLv2 fixes for server preference
2016-08-28 19:15:22 +02:00
Dirk Wetter
dbb7d6f4be
Merge pull request #444 from dcooper16/sslv2_sockets
...
Move printing of results out of sslv2_sockets()
2016-08-28 18:27:29 +02:00
Dirk Wetter
f4d9a638ba
Merge pull request #449 from dcooper16/poodle_no_ssl3
...
Warning on Poodle test when no local SSLv3 support
2016-08-28 18:10:50 +02:00
Dirk Wetter
a76e67cbbe
Merge pull request #450 from dcooper16/determine_optimal_proto_fix
...
Fix SSLv2-only test in determine_optimal_proto()
2016-08-28 18:08:01 +02:00
Dirk Wetter
1d83e220bf
Merge pull request #456 from dcooper16/dh_keys
...
Support DH server keys
2016-08-28 18:04:22 +02:00
Dirk Wetter
8da00a8025
Merge pull request #445 from dcooper16/devel_option
...
Fix "--devel" with SSLv2
2016-08-28 18:03:17 +02:00
Dirk Wetter
dfa0cfd0b4
Merge pull request #453 from dcooper16/no_ssl2
...
OpenSSL 1.1.0 doesn't have "-no_ssl2" option
2016-08-28 17:58:56 +02:00