Commit Graph

1716 Commits

Author SHA1 Message Date
Dirk Wetter 939b6f0cb9 Merge pull request #652 from dcooper16/html_headers_and_footers
Fix HTML headers and footers
2017-03-02 09:38:35 +01:00
David Cooper a3794d1f74 Merge branch '2.9dev_html' into html_headers_and_footers 2017-03-01 08:47:25 -05:00
Dirk Wetter 20f29fd780 Merge pull request #651 from dcooper16/html_reserved
Handle HTML reserved characters in headers
2017-03-01 09:40:42 +01:00
David Cooper 3c22511806 Fix HTML headers and footers
This PR ensures that each HTML file produced by testssl.sh only includes a single header, at the top, and a single footer, at the end. It also tries to ensure that the short-version banner is only placed at the top of the HTML file if (1) mass testing is being performed and (2) the results of each test is being placed in a separate file.

It also moves some of the logic out of main and into `html_header()`.
2017-02-28 13:31:06 -05:00
David Cooper 68cf590366 Merge branch '2.9dev_html' of https://github.com/drwetter/testssl.sh into 2.9dev_html 2017-02-28 12:47:45 -05:00
Dirk ca6cb0bf81 updated from #632 from dcooper16/negotiated_cipher 2017-02-28 18:33:17 +01:00
David Cooper b793e5f83d Merge branch '2.9dev_html' into html_reserved 2017-02-27 13:27:16 -05:00
Dirk 79a8a02328 adding spring boot header detection 2017-02-27 19:16:29 +01:00
David Cooper 0ada7b100c Handle HTML reserved characters in headers
So far I haven't seen any HTML reserved characters (&, <, >, ", ') in the strings processed by `emphasize_stuff_in_headers()`, so this PR may be unnecessary. However, this PR will ensure that any such characters will be properly escaped in the HTML output.
2017-02-27 11:49:51 -05:00
Dirk Wetter 84d142a6cf Merge pull request #650 from dcooper16/emphasize_stuff_in_headers
Redo emphasize_stuff_in_headers()
2017-02-27 17:33:46 +01:00
David Cooper f53afdc149 Redo emphasize_stuff_in_headers()
This PR re-implements `emphasize_stuff_in_headers()` in the HTML branch to more closely match the version in 2.9dev.
2017-02-27 11:17:19 -05:00
Dirk Wetter 854e55e15b Merge pull request #649 from dcooper16/PR_646
Merge PR #646 into 2.9dev_html
2017-02-27 16:38:59 +01:00
David Cooper 915cadd20d Merge PR #646 into 2.9dev_html
This PR just brings 2.9dev_html up to date with 2.9dev.
2017-02-27 10:34:04 -05:00
Dirk 4727a69a62 fixed segfaults 2017-02-25 17:15:18 +01:00
Dirk 8d66786e42 Just saving my workJust saving my work ...
This branch is for getting the HTML patch from @dcooper16 into 2.9dev

Change to David's PR:
* removed HTMLHEADER. We always want that (in fact for flat JSON this is missing and needs to be added)
* not sure what this change does to --file
* changing of names  They were redundant sometimes (pr_*_term )
* some formatting for readbility

Open points:
* there's a loop and a segfault --> tm_done_best
* HTMLHEADER: --file
* the former sed statement aroung L1900 for the header was way more readable. The combined
  html+terminal version is just too much. Maybe a switch whether HTML is requested
  is better so that this can be separated.
  * Then e.g. "<span style=\"color:olive;font-weight:bold" can be kept in a variable
  * any reason we need the text length here?
* what went into main here is too much. Actuallly what I put already in there bothered
  me as too much logic and not obvious dependencies are in here. Now it's worse :-)
  Can't this be just similar to JSON or CSV -- a seperate function with hooks
  not in main()?
* minor thing: TERM_WIDTH is for HTML is maybe not the best. But that can be
  tackled later
2017-02-25 16:31:30 +01:00
Dirk b10942a92e Merge branch 'generate_html' of https://github.com/dcooper16/testssl.sh into dcooper16-generate_html 2017-02-25 12:21:33 +01:00
Dirk Wetter 1072e41b0b Merge pull request #647 from gniltaws/2.9dev
Add missing herestring redirect (<<<) in find_openssl_binary function
2017-02-24 23:06:20 +01:00
Todd Swatling 12c3de7039 added missing herestring redirect (<<<) in find_openssl_binary function 2017-02-24 15:59:34 -05:00
Todd Swatling 783b909804 removed trailing spaces 2017-02-24 15:56:26 -05:00
Dirk Wetter ca18433959 Update README.md 2017-02-24 17:55:20 +01:00
Dirk Wetter 3f0a98b635 Generated from utils/update_client_sim_data.pl and manually massaged ;-)
Note that the internal data from testssl.sh will disappear
2017-02-24 17:45:23 +01:00
David Cooper 51fb93908b Merge branch '2.9dev' into generate_html
Conflicts:
	testssl.sh
2017-02-24 11:07:00 -05:00
Dirk Wetter e7e9a3ed66 addressing #645 before #554 has been addressed 2017-02-24 16:26:22 +01:00
Dirk Wetter 4361bb7cce housekeeping/ cleanup 2017-02-24 16:22:59 +01:00
David Cooper 59330a93e5 Merge branch '2.9dev' into generate_html 2017-02-23 11:31:35 -05:00
Dirk b4f59e91be FIX #621 2017-02-23 17:19:52 +01:00
David Cooper 5ffd01ed9a Merge branch '2.9dev' into generate_html
Conflicts:
	testssl.sh
2017-02-21 16:59:33 -05:00
Dirk Wetter 8919b419e5 Merge pull request #642 from dcooper16/wrap_long_lines
Wrap long lines in display_rdns_etc()
2017-02-21 22:51:24 +01:00
Dirk Wetter 6457775b5f Merge pull request #644 from dcooper16/fix643
Fix issue #643
2017-02-21 22:46:34 +01:00
David Cooper 191d19be32 Use egrep -v to remove unwanted lines 2017-02-21 15:47:59 -05:00
David Cooper 5aaf78cff6 Fix issue #643
It seems that the head command on OS X does not accept a negative number as a value for the "-n" parameter. This PR provides an alternative method for removing the "generator:  " line without using "head."
2017-02-21 15:22:47 -05:00
David Cooper c3d59b655f Add $CORRECT_SPACES to indentation 2017-02-21 13:46:59 -05:00
David Cooper 62db2ae6bf Wrap long lines in display_rdns_etc()
Some sites have a long list of IP addresses and some IP addresses have a long list of DNS names that map to them.

This PR changes `display_rdns_etc()` to use `out_row_aligned_max_width()` to print the other IP addresses in `$IP46ADDRs` and to print `$rDNS`.
2017-02-21 13:36:23 -05:00
David Cooper 4f73d74ee3 Merge branch '2.9dev' into generate_html
Conflicts:
	testssl.sh
2017-02-21 09:27:25 -05:00
Dirk be079acb5e - collect more TLS extensions 2017-02-21 11:16:14 +01:00
Dirk 34053e27cd Merge branch '2.9dev' of github.com:drwetter/testssl.sh into 2.9dev 2017-02-21 08:50:46 +01:00
Dirk 0ce7a3b7d2 see diff ;-) 2017-02-21 08:50:09 +01:00
Dirk Wetter 6b90152f52 Merge pull request #639 from dcooper16/must_staple
OCSP must staple
2017-02-20 12:31:16 +01:00
Dirk Wetter 52a0d44b90 Merge pull request #637 from dcooper16/print_negotiaed_cipher
Printing Negotiated cipher
2017-02-20 11:46:24 +01:00
Dirk bfbaba4ea7 - trying to address #640 . Better a bit pessimistic here... 2017-02-20 09:44:52 +01:00
Dirk c284185c56 - try to address #638 2017-02-18 13:22:17 +01:00
David Cooper 4b1435f958 Make link from redirect URL
If the HTTP Status Code includes a redirect URL, then make the URL a hyper link in the HTTP output.
2017-02-17 16:40:50 -05:00
David Cooper 8c607d425e OCSP must staple
RFC 7633 introduces the TLS Features certificate extension, which contains "Features:
> The object member "Features" is a sequence of TLS extension identifiers (features, in this specification's terminology) as specified in the IANA Transport Layer Security (TLS) Extensions registry.  If these features are requested by the client in its ClientHello message, then the server MUST return a ServerHello message that satisfies this request.

The main purpose of this certificate extension is to implement "must staple." If the extension is present in a TLS server's certificate and it includes status_request, then the server MUST include a stapled OCSP response if the client requests one. (The same applies for the status_request_v2 extension.)

This PR adds a check to `certificate_info()` of whether the server supports must staple (i.e., whether its certificate includes a TLS Features extension with "status_request"). It also changes the output for "OCSP stapling" in the case that the server did not staple an OCSP response. It indicates that:
* it is a critical issue if the certificate specifies "must staple"
* it is a low severity issue if the certificate does not specify "must staple," but the certificate does include an OCSP URI.
* it is not an issue at all if the certificate does not specify "must staple" and certificate does not include an OCSP URI.
2017-02-17 15:20:37 -05:00
David Cooper a26425af71 Printing Negotiated cipher
`run_server_preference()` prints out the server's Negotiated cipher in a different color depending on the quality of the cipher. However, there is a "FIXME" since CBC ciphers are supposed to be flagged, but it is not easy to identity all CBC ciphers from their OpenSSL names.

This PR partially addresses this. It creates a separate function for printing a cipher based on its quality. Whenever possible it determines the quality of the cipher based on the RFC name. However, if it is provided an OpenSSL name and no cipher-mapping.txt file is available, it will follow the current (imperfect) logic for determining the cipher's quality.

The function also returns a value that indicates the quality of the cipher provided, with higher numbers indicating better ciphers. This return value is used by `run_server_preference()` to determine how to populate the "severity" field when calling `fileout()`.
2017-02-17 11:20:11 -05:00
David Cooper 677a06d3aa Merge branch '2.9dev' into generate_html 2017-02-16 13:19:58 -05:00
Dirk d2cbbaf0b1 - FIX #636
- polish
2017-02-16 19:10:59 +01:00
David Cooper 2eeeff6618 Merge branch '2.9dev' into generate_html
Conflicts:
	testssl.sh
2017-02-15 15:43:21 -05:00
Dirk Wetter a973386c0a Merge pull request #635 from dcooper16/run_protocols_bugfix
run_protocols() bug fix
2017-02-15 19:44:53 +01:00
Dirk c204a0b942 --proxy=auto takes now the value from https_proxy
- made DNS lookups safe (CNAME) and awk'd them almost completely ;-)
- invocation of just testssl.sh shows help again
2017-02-15 19:40:06 +01:00
David Cooper 2456c80821 Fix early newline
In the case that `tls_sockets()` is being used and the server incorrectly fails the connection rather than downgrading, testssl.sh is printing "not offered" on one line and then the error message on the next line, but all the text should appear on one line (as it does when testing TLS 1 and TLS 1.1).
2017-02-15 11:47:11 -05:00