Steve Mokris
b0754ce0f1
In determine_trust(), use the OpenSSL '-trusted_first' flag to ignore the now-expired DST Root CA X3 root certificate. Fixes #1995 .
2021-10-01 16:24:04 -04:00
Dirk Wetter
667c6e698c
Merge pull request #1996 from dcooper16/fix_md_formatting
...
Update testssl.1.md
2021-10-01 18:02:03 +02:00
David Cooper
8b129577a7
Update testssl.1.md
...
testssl.1.md included '.SS "SINGLE CHECK OPTIONS"', which belongs in testssl.1, but not in testssl.1.md. This commit removes this extra line.
2021-09-30 14:09:17 -04:00
Dirk Wetter
b8bff805f7
Merge pull request #1991 from klaernie/contenttype
...
fix html output content type header
2021-09-24 14:21:04 +02:00
Andre Klaerner
4f72f2fa8e
fix html output content type header
2021-09-24 11:36:29 +02:00
Dirk Wetter
ae21ef7eab
Merge pull request #1987 from drwetter/fix_1982_kali.cnf
...
Fix #1982 : Newer openssl.cnf break openssl detection
2021-09-15 11:19:05 +02:00
Dirk Wetter
2405176a26
Fix #1982 : Newer openssl.cnf break openssl detection
...
Newer configuration files from openssl may include statements
which aren't compatible with our supplied old openssl version.
This commit adds an autodetection of such a file and uses a
openssl.cnf provided by this project then.
2021-09-15 09:31:03 +02:00
Dirk Wetter
3207357e8c
Merge pull request #1985 from DimitriPapadopoulos/codespell
...
Typos found by codespell
2021-09-14 13:37:59 +02:00
Dimitri Papadopoulos
fcb282e3c3
Typos found by codespell
...
Run codespell in CI
2021-09-14 13:33:39 +02:00
Dirk Wetter
3dddcbf445
Merge pull request #1983 from drwetter/drwetter-patch-1
...
Update bug_report.md
2021-09-10 18:37:43 +02:00
Dirk Wetter
611754165f
Merge pull request #1984 from drwetter/drwetter-patch-2
...
Update feature_request.md
2021-09-10 18:37:17 +02:00
Dirk Wetter
5fc23932ac
Update feature_request.md
2021-09-10 18:37:02 +02:00
Dirk Wetter
2f173de7e0
Update bug_report.md
2021-09-10 18:33:39 +02:00
Dirk Wetter
1d4acd9027
Merge pull request #1981 from drwetter/fix_1978
...
Fix minor inconsistency in description of cipher categories
2021-09-10 08:09:21 +02:00
Dirk
529e9da823
Fix GHA (starttls nntp)
...
using another IP
2021-09-09 23:17:09 +02:00
Dirk
15cfd849fe
Replace --standard by --categories
2021-09-09 22:07:44 +02:00
Dirk
739f45015f
Fix minor inconsistency in description of cipher categories
...
A longer while back the section ~ "Testing standard ciphers" was
renamed to "Testing cipher categories". However the internal help
didn't reflect that.
This fixes that, including an addtion to the documentation.
Note: the help still lists "-s --std, --standard" as a cmd line
switch.
2021-09-08 08:46:47 +02:00
Dirk Wetter
8f20d11830
Merge pull request #1976 from ap-wtioit/3.1dev-fix_dig_r_check
...
Fix dig -r check to only run if dig is available
2021-09-06 10:19:41 +02:00
Andreas Perhab
5ec1f83434
Fix dig -r check to only run if dig is available
2021-09-06 08:35:00 +02:00
Dirk Wetter
15e6fb4c9c
Merge pull request #1975 from a1346054/fixes
...
WIP: Minor cleanup
2021-09-05 15:50:11 +02:00
a1346054
b1f5c6c9af
Trim excess whitespace
2021-09-04 13:28:30 +00:00
a1346054
6782e2a3b9
Fix spelling
2021-09-04 12:39:03 +00:00
a1346054
1b17a2c67d
Fix shellcheck warnings
2021-09-03 22:19:39 +00:00
a1346054
54dcecd184
Make text file not executable
2021-09-03 22:19:39 +00:00
a1346054
945747c210
Use license file from gnu.org
...
Downloaded from:
https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
2021-09-03 22:19:39 +00:00
Dirk Wetter
05ef9f91b6
Merge pull request #1972 from drwetter/fix_dig-r
...
Fix cases where dig -r wasn't working
2021-09-01 19:50:15 +02:00
Dirk
bc742e0ea4
Amend previous commit
...
* add -q in grep statement to make sure the console stays clean
* redo check for noidnout by also using the help function of dig
2021-09-01 18:44:28 +02:00
Dirk
f8a87315cf
Fix cases where dig -r wasn't working
...
* the ignore ~/.digrc option from dig is now parsed from the builtin help
* there was a potential DNS call which is now avoided
* for +noidnout check however there's a call to invalid. added
* the OPENSSL_CONF="" in check_resolver_bins() was moved a few lines
higher to avoid other errors in the terminal
Tested on (EOL) Ubuntu 14.04 which only has dig in an older version
See also #1950
2021-09-01 18:28:12 +02:00
Dirk Wetter
ad3f7c3438
Merge pull request #1970 from drwetter/dependabot/github_actions/docker/build-push-action-2.7.0
...
Bump docker/build-push-action from 2.6.1 to 2.7.0
2021-08-30 10:19:39 +02:00
dependabot[bot]
c39edaaa1d
Bump docker/build-push-action from 2.6.1 to 2.7.0
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 2.6.1 to 2.7.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v2.6.1...v2.7.0 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-08-30 01:03:28 +00:00
Dirk Wetter
9eaccee776
Merge pull request #1962 from dcooper16/fix1961
...
Fix #1961
2021-08-27 09:35:04 +02:00
Dirk Wetter
be22ae2cf9
Merge pull request #1968 from jauderho/3.1dev
...
Add GH Action to build Docker images
2021-08-27 09:32:01 +02:00
David Cooper
667de371cd
Fix #1961
...
This commit fixes #1961 in the 3.1dev branch by leaving NODEIP set to the server's IP address rather than changing it to the DNS name in the case of STARTTLS XMPP.
In order to address the problem of $OPENSSL s_client not working with STARTTLS XMPP if an IP address is provided to -connect, the -xmpphost option is used to provide the DNS name.
2021-08-09 13:22:31 -04:00
Jauder Ho
c7a9b74e16
Update docker-3.1dev.yml
2021-08-09 11:58:03 +00:00
Jauder Ho
e58ceb7b10
Removed docker-3.0.yml from 3.1dev branch
2021-08-09 11:18:20 +00:00
Jauder Ho
4dc984df2e
Revert ref test
2021-08-09 11:14:07 +00:00
Jauder Ho
ca271c5d8b
Test out GITHUB_REF
2021-08-09 11:09:11 +00:00
Jauder Ho
b1aeeb47e0
Testing context
2021-08-09 10:36:17 +00:00
Jauder Ho
4df60052af
Use GH Action to build new container images upon push
2021-08-09 10:21:10 +00:00
Dirk Wetter
f15da8d15d
Merge pull request #1966 from drwetter/no_starttls
...
Add CVEs for No-STARTTLS vulnerability
2021-08-08 21:33:14 +02:00
Dirk
aaf6409581
Add CVEs for No-STARTTLS vulnerability
...
In text output only the original one from Wietse Venema.
The other known so far in JSON/CSV
2021-08-08 21:30:35 +02:00
Dirk Wetter
89de30c867
Merge pull request #1965 from jauderho/gha_build_status
...
Update build status to reflect use of GHA
2021-08-08 14:00:14 +02:00
Jauder Ho
6daa2956b9
Update Readme.md
2021-08-08 04:07:33 +00:00
Jauder Ho
fd9fac67aa
Update Readme.md
2021-08-08 03:51:34 +00:00
Dirk Wetter
77e47cadff
Merge pull request #1963 from drwetter/fix_1956_3.1dev
...
Redirect debugme() outputs to stderr (3.1dev)
2021-08-07 16:18:43 +02:00
Dirk Wetter
c1253f2cd0
Merge pull request #1953 from jauderho/3.1dev
...
Add Dependenbot checking for GitHub Actions
2021-08-07 16:17:33 +02:00
Dirk Wetter
7b0947c290
Merge pull request #1958 from dcooper16/use_all+
...
Use all+ in calls to tls_sockets()
2021-08-07 16:04:07 +02:00
Dirk
3f8c62dc41
Change debugme1 calls to include redirection from stderr back to stdout
...
The fact that debugme1() redirects to stderr and the calls to this functions
redo that is deliberately as in the future we might want to use debugme1
without redirection.
2021-08-07 15:26:51 +02:00
Dirk
4e01f86c99
Redirect debugme() outputs to stderr (3.1dev)
...
... to address #1956 and other places. Similar to #1957 ,
only for the 3.1dev rolling release branch.
Also it changes debugme1() back? to output debug
statements only when $DEBUG >= 1. Per default here
also stderr is used.
2021-08-07 15:20:09 +02:00
David Cooper
b4d11459a8
Use all+ in calls to tls_sockets()
...
get_server_certificate() includes a few calls to tls_sockets() in which the response will be TLS 1.3 and in which the response will be useless if it cannot be decrypted (since the goal is to obtain the server's certificate). So, these calls to tls_sockets() should specify "all+" rather than "all".
2021-08-05 11:36:32 -04:00