Commit Graph

2484 Commits

Author SHA1 Message Date
Dirk 13ba1ce966 partly (1/2) fixing #653 2017-03-27 00:30:42 +02:00
Dirk c281956f6e ifix xtrace 2017-03-26 19:34:02 +02:00
Dirk e268a1564a * include runtime per default in "Done" banner
* enable better performance analysis
* minor polish
2017-03-25 19:37:30 +01:00
Dirk 10bbbd9334 minor cleanups 2017-03-25 13:23:21 +01:00
Dirk Wetter 039b293790 Merge pull request #679 from dcooper16/std_cipherlists_debug
Fix std_cipherlists with debug
2017-03-25 12:36:46 +01:00
Dirk 4ae1597b2b FIX #543 2017-03-25 12:26:08 +01:00
David Cooper 8d60e87040 Fix std_cipherlists with debug
`std_cipherlists()` does not include line breaks between tests in the output to the terminal when `$DEBUG` is 1, and it does not include line break between tests in the HTML output whenever `$DEBUG` is greater than 0.
2017-03-24 16:45:39 -04:00
Dirk Wetter edaffc85ec Merge pull request #674 from dcooper16/fix_client_simulation
Fix client simulation
2017-03-24 18:45:40 +01:00
David Cooper 9a86825ec2 Fix client simulation
In `create_client_simulation_tls_clienthello()` the variable `sni_extension_found` should be set if the ClientHello includes an SNI extension. Instead it was being set if and only if the ClientHello included some extension other than SNI.

This bug wasn't detected before for two reasons:

* It is rare to have a ClientHello that includes an SNI extension, but no other extensions.

* The code still works correctly if `sni_extension_found` is set even if there is no SNI in the ClientHello.

So, the bug only creates a problem if the browser's ClientHello include an SNI extension and no other extensions (see "BingPreview Jun 2014" in the client_simulation branch).
2017-03-24 11:37:06 -04:00
Dirk Wetter 3514c9d98d Merge pull request #672 from dcooper16/minor_bugs
Fix two minor bugs
2017-03-24 08:00:33 +01:00
Dirk Wetter 3879338040 Merge pull request #670 from dcooper16/client_sim_name_printing
Use printf to print browser names
2017-03-24 07:52:54 +01:00
David Cooper 3a2dd3e6d1 Fixing a third minor bug
When HTML output is not being created, the print functions last step is to call `html_out()`, which responds to `return` rather than `return 0`. This causes problems for lines of code that rely on receiving a return value of 0. For example:
```
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for LUCKY13 vulnerability " && outln
```
2017-03-23 16:43:04 -04:00
David Cooper 7f64170402 Fix two minor bugs
This PR fixes two minor bugs:

* In `run_hpkp()`, the call to `$OPENSSL s_client` includes the option `-showcerts` twice. This PR removes one of them.

* In `get_server_certificate()`, the first call to `$OPENSSL s_client` includes `$addcmd`, but `$addcmd` has not yet been initialized. Instead, `$SNI` should be used.
2017-03-23 16:19:21 -04:00
David Cooper 005fe3f27e Remove unnecessary spaces 2017-03-23 14:15:26 -04:00
David Cooper 13f42774ae Use printf to print browser names 2017-03-23 14:13:47 -04:00
Dirk d5bb4edd80 * FIX #654 (no logfile when -file is specified)
* filename has now instead of just the number p+#
* minor polishing
2017-03-23 16:36:29 +01:00
Dirk Wetter 0d511e40e4 Merge pull request #669 from dcooper16/extract_tls_extensions
Cleanup extraction of TLS extensions
2017-03-23 08:56:13 +01:00
David Cooper 63d02688bc Fix typo 2017-03-22 15:21:22 -04:00
David Cooper 9ad1492236 Cleanup extraction of TLS extensions
Currently there is code to extract TLS extensions in three places, in `get_server_certificate()` and two places in `determine_tls_extensions()`. This PR replaces them with one new function, `extract_new_tls_extensions()`.

In order for the new function to work correctly whether OpenSSL or `tls_sockets()` is being used, this PR also changes `parse_tls_serverhello()` so that extensions are formatted in the file it creates in the same way as they are formatted by OpenSSL.
2017-03-22 15:18:38 -04:00
Dirk 43463da4fc improvements for performance measurements (small solution)
- in gerneral better performance measurements , starts from the real beginning (almost)
- allows results to put into file (MEASURE_TIME_FILE=google.txt testssl.sh google.com)
2017-03-22 16:02:48 +01:00
Dirk 27d0570fb5 - changed performance debugging options (small solution) so that the last delta is being shown
- PS4 improved: has now a performance debugging options (big solution)
- PS4 with proper alignment
- SCAN_TIME is now global so that it can be used not only by JSON-PRETTY (small performance debugging options uses it)
- prepare_debug() has now debugging stuff only, rest went to prepare_arrays()
2017-03-21 12:44:03 +01:00
Dirk 8c0b0083d0 further separation of data / code 2017-03-21 09:15:30 +01:00
Dirk 273361fbb9 raw time assements via env var MEASURE_TIME=true 2017-03-20 22:53:18 +01:00
Dirk 60a8e0a190 monor resorting and cosmetic improvements 2017-03-19 09:47:49 +01:00
Dirk bb5b778ee1 update/resort 2017-03-19 09:36:19 +01:00
Dirk 73a094fcc7 FIX #648 (retrieve cipher and protocol from ServerHello) --> saves ~1 second and makes code better to read
other readabilty improvements
2017-03-18 22:24:35 +01:00
Dirk 8be47e484b replace some "echo $x" by HERE statement "<<<" 2017-03-18 21:01:55 +01:00
Dirk c618b9a954 fix CR for standard cipherlists with debug=1 2017-03-18 16:09:22 +01:00
Dirk 21a51b4ff0 Merge branch '2.9dev' of github.com:drwetter/testssl.sh into 2.9dev 2017-03-18 15:58:30 +01:00
Dirk 407c4383bf - externalized client simulation data
- fixed  *_fixme()
2017-03-18 15:57:16 +01:00
Dirk Wetter 4a6c7de3b7 native HTML support 2017-03-18 15:07:02 +01:00
Dirk Wetter 30e68311fc Merge pull request #658 from AlGreed/2.9dev
Fixed #657: Severity flag for JSON-PRETTY produces malformad JSON object
2017-03-18 13:12:40 +01:00
Dirk Wetter 9d06b1a0f5 Merge pull request #665 from drwetter/2.9dev_html
merge 2.9dev_html into 2.9dev
2017-03-18 13:04:42 +01:00
Dirk 84a4fafe1e fixed merge conflicts 2017-03-18 12:54:01 +01:00
AlGreed 3437f36f48 Merge branch 'drwetter/2.9dev' into 2.9dev 2017-03-18 09:41:50 +01:00
Dirk Wetter 71f446b170 Merge pull request #662 from dcooper16/normalize_ciphercode_html
Speedup normalize_ciphercode()
2017-03-17 21:20:12 +01:00
Dirk Wetter 1c9670857b Merge pull request #661 from dcooper16/normalize_ciphercode
Speedup normalize_ciphercode()
2017-03-17 21:19:23 +01:00
Dirk Wetter c148a93361 Merge pull request #656 from dcooper16/show_finding
Add spaces in show_finding()
2017-03-17 17:39:34 +01:00
David Cooper c791e5cc0e Speedup normalize_ciphercode()
This PR is the same as #661, except that it applies to the 2.9dev_html branch. It also fixes a bug in `prettyprint_local()` when a pattern to match is provided as input.
2017-03-15 10:32:29 -04:00
David Cooper 875cd43087 Speedup normalize_ciphercode()
While doing some performance testing I discovered that `normalize_ciphercode()` is very slow. This PR simplifies the function and speeds it up significantly. This PR also addresses the TODO item in `normalize_ciphercode()` by eliminating the global variable HEXC.
2017-03-15 10:22:04 -04:00
AlGreed 3122b3b7b3 Removed mistakenly commited code. 2017-03-09 19:10:51 +01:00
AlGreed 6b8de02072 Fixed broken JSON-PRETTY format. Added test to check severity levels 2017-03-09 18:55:04 +01:00
AlGreed 6201348827 Merge branch 'drwetter/2.9dev' into 2.9dev 2017-03-07 11:18:13 +01:00
David Cooper f02948e24a Add spaces in show_finding()
When I view testssl.sh in KDE's text editor (kate), the code after "INFO" line in `show_finding()` isn't highlighted correctly, and the highlighting doesn't correct again until `pr_liteblueln()`. This PR fixes the highlighting issue by adding spaces between "]]" and ")". To be "safe," I also added spaces between "(" and "[[", and similarly added spaces in `is_json_format()`.
2017-03-06 14:37:52 -05:00
Dirk Wetter 939b6f0cb9 Merge pull request #652 from dcooper16/html_headers_and_footers
Fix HTML headers and footers
2017-03-02 09:38:35 +01:00
David Cooper a3794d1f74 Merge branch '2.9dev_html' into html_headers_and_footers 2017-03-01 08:47:25 -05:00
Dirk Wetter 20f29fd780 Merge pull request #651 from dcooper16/html_reserved
Handle HTML reserved characters in headers
2017-03-01 09:40:42 +01:00
David Cooper 3c22511806 Fix HTML headers and footers
This PR ensures that each HTML file produced by testssl.sh only includes a single header, at the top, and a single footer, at the end. It also tries to ensure that the short-version banner is only placed at the top of the HTML file if (1) mass testing is being performed and (2) the results of each test is being placed in a separate file.

It also moves some of the logic out of main and into `html_header()`.
2017-02-28 13:31:06 -05:00
David Cooper 68cf590366 Merge branch '2.9dev_html' of https://github.com/drwetter/testssl.sh into 2.9dev_html 2017-02-28 12:47:45 -05:00
Dirk ca6cb0bf81 updated from #632 from dcooper16/negotiated_cipher 2017-02-28 18:33:17 +01:00