Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-03-14 13:46:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,386 Commits 16 Branches 31 Tags
Commit Graph

1622 Commits

Author SHA1 Message Date
Dirk Wetter
b5b158d5b2 - BREACH missed a LF 2016-03-19 18:15:38 +01:00
Dirk
ab7f66533c - FIX #323 
- add  MicrosoftSharePointTeamServices in header detection
 2016-03-19 17:20:36 +01:00
Dirk Wetter
942359c8c1 - FIX #318 
- minor code housekeeping
- increased amount of buffer read for sockets, real fix follows. #313
 2016-03-12 17:08:43 +01:00
Thomas Patzke
7cc41a1a92 logfile, jsonfile and csvfile parameters work without = (as documented in help) 2016-03-08 22:25:00 +01:00
Dirk
483139f0a4 - show censy link by default 2016-03-05 21:35:30 +01:00
Dirk Wetter
28a6199109 - several code housekeepings 
* SHOW_EACH_C has now the correct logic
  * pr_litemagenta ==> pr_warning
  * fileout WARN according to pr_warning then changed appropiately
  * some global vars in "" to avoid unneccessary shell expansion
  * HAS_SSL2/HAS_SSL3 now works more reliably
  * warning added in cipher order if ssl2/ssl3 is not supported by openssl
 2016-03-05 21:07:49 +01:00
Dave Cottlehuber
9e77f38318 fix certificate_info() test 2016-03-03 21:47:36 +01:00
Dirk Wetter
1ead2e65bc - experimental label for DROWN 2016-03-03 20:04:20 +01:00
Dirk Wetter
6367693ccf - first check for DROWN #305 2016-03-03 19:50:44 +01:00
Dirk Wetter
752e6cdf56 - one outstanding openssl CVE issue wrt SSLv2 
- first skeleton for DROWN #305
 2016-03-03 11:56:25 +01:00
Thomas Martens
38477b4383 renamed pr_brown to pr_svrty_medium 2016-03-01 20:42:34 +01:00
Thomas Martens
dbfa66e6c7 renamed pr_yellow to pr_svrty_minor 2016-03-01 20:41:03 +01:00
Thomas Martens
ff9f1632e4 renamed pr_green to pr_done_best 2016-03-01 20:39:30 +01:00
Thomas Martens
2686f8cdb4 renamed pr_litegreen to pr_done_good 2016-03-01 20:36:41 +01:00
Thomas Martens
207e4e5ce4 renamed pr_red to pr_svrty_critical 2016-03-01 20:31:26 +01:00
Thomas Martens
cad924e707 renamed pr_litered to pr_svrty_high 2016-03-01 20:25:41 +01:00
John Carver
87218b6b1a Merge branch 'master' into uppercase-severity-codes 2016-02-23 10:34:32 -06:00
Dirk
20cee1e788 - fix: relative redirect led to fp (https) 2016-02-22 10:44:43 +01:00
Dirk
c70a13d014 - fix #296 (no recent regression as assumed) 2016-02-20 21:46:17 +01:00
Dirk
583584e095 - FIX #297 
- FIX #243
- reformmated BEAST a bit (was screwed up in ! WIDE mode if too many ciphers
 2016-02-20 14:10:04 +01:00
Dirk
71b4c03202 - fix key problem hpkp 2016-02-20 11:07:47 +01:00
John Carver
4be1539a4d lowercase ok when used with NOT in (NOT ok) 2016-02-18 11:49:47 -06:00
John Carver
291edce0c3 uppercase server sets a cipher order (OK) 2016-02-18 11:41:17 -06:00
John Carver
6858026412 uppercase INFO when outputting status_code 2016-02-18 11:15:31 -06:00
b1gb1t
2ee021d337 Correction of line 3607: new line (\n) corrupted the json format 2016-02-16 09:54:01 +01:00
Dirk Wetter
61c1669687 Merge pull request #292 from dcooper16/multiple_certificates 
Detect multiple certificates cleanup
 2016-02-14 00:08:52 +01:00
Sietse van der Molen
394f186000 also remove carriage returns, fix for csv 2016-02-12 12:40:31 +01:00
Sietse van der Molen
b2e4df60ca fix json output 
use double quotes instead of single quotes
delete newlines from strings
 2016-02-12 11:05:36 +01:00
David Cooper
02239be295 Detect multiple certificates cleanup 
This corrects the indentation within determine_trust() when there are multiple certificates and the output for "Chain of trust (experim.)" takes up more than one lines.

In addition, it fixes the ID field of the JSON output for entries related to the certificate. At the moment, each ID string begins with a blank space. This changes it to remove the space if there is one certificate and to add "Server Certificate #X" at the beginning of each ID if there is more than one certificate.

Perhaps there's a better way than just using, for example, "Server Certificate #1 key_size" as a way to distinguish multiple "key_size" entries in the JSON file. This is just one idea, and it can certainly be changed if those who intend to use the JSON output prefer something else.
 2016-02-09 13:35:46 -05:00
AndreiD
8842aeb2b9 Fix #289 - the grep that decides whether a domain is a local address doesn't consider the case when the full domain name is in the hosts file, but followed by .some.other.stuff. This PR addresses this case. 2016-02-08 12:51:54 +01:00
Dirk Wetter
70cd658447 - FIX #283 (regression from 1a8ed3d70a4aa353f415442ec5732b25ea8ea338) 
- minor output fixes for BEAST
- >4096 bit RSA keys labled in litemangenta now as it could have compatibility probs
- -V 0x.. or -V 0X.. gives at least a warning
 2016-02-07 19:13:59 +01:00
Thomas Jensen
c48b27a9a9 fix typo in b93fc824 2016-02-07 03:07:30 +01:00
Dirk
b93fc82489 slightly better output for OCSP stapling 2016-02-06 22:31:32 +01:00
Dirk
a676742256 Remaining issues solved for OpenSSL 1.1.0 compliance, output corrections, CN/SNI improvements 2016-02-03 17:55:53 +01:00
Dirk
9cf3e21c3d - swapped sig_algo and server key size 
- output improvements for unknown sig algos like GOST
 2016-02-03 09:55:47 +01:00
Dirk
ea18d2f02c - fix: discovering the CN for the default host (without SNI) 
- CN parsing of certificate improved
- CN / subject can be also cyrillic now -- supposed the terminal supports the charset
 2016-02-03 00:05:57 +01:00
Dirk
dd65050ee1 - "secret" env switch shows during -e/-E the signature algorithm (see also #276) 
- exp. date check corrected esp. for openssl 1.1.0
- warning relaxed for chain of trust
 2016-02-01 22:06:27 +01:00
dcooper16
9f998d8c53 Number of trusted certificate files in $INSTALL_DIR/etc/*.pem 
The number of .pem files in $INSTALL_DIR/etc is currently hard-coded into determine_trust. This modifies the code so that the number of files can be changed without having to change the code.
 2016-02-01 14:11:50 -05:00
Dirk Wetter
f7853f36a0 - added SSL_CERT_FILE=/dev/null 
- output cleanups in determine_trust()
 2016-02-01 17:33:59 +01:00
dcooper16
abffd1b81e Fix chain of trust problem 
This should fix issue #278. I'm not sure whether openssl verify will ever print out more than one error, so to be safe, I wrote the code to handle the possibility that it might; if there is more than one error, it just takes the first and ignores the rest.
 2016-02-01 11:17:13 -05:00
Dirk Wetter
8f9b38f7d4 - LF and other corrections for HPKP 
- output corrections for 2 x HPKP (e.g. scotthelme)
 2016-02-01 13:23:28 +01:00
Dirk
0bfe12742e correct signature keysizes, FIX #249 2016-02-01 10:19:23 +01:00
Dirk
c62abaf215 fix colored output in wide mode (FIX #277) 2016-01-31 23:53:13 +01:00
Dirk
5ae9bb8c13 - typo in IPv4 header 
- fixed recognition of XML,HTML to separate header
- fixed -V <pattern
 2016-01-31 21:02:18 +01:00
Dirk
1726d3b41c minor change of color 2016-01-31 11:04:59 +01:00
Dirk
f7baa560c2 - typos, etc 2016-01-31 10:54:45 +01:00
Dirk
c564e305a7 - FIX #273 2016-01-31 01:55:23 +01:00
Dirk
fc346a35fe - indentation reverted to old value if in only one certificate 
- minor cleanups in the output
 2016-01-30 23:59:29 +01:00
dcooper16
2bf9c5d81e Detect multiple certificates 
Modifies --server-defaults to handle cases in which the server has more than one certificate (e.g., one with an RSA key and one with an ECC key).
 2016-01-28 17:06:34 -05:00
Dirk
495b9cda9b - several fixes/improvements for new JSON/CSV file feature #268 
* no color code in files
  * rc4 ciphers were missing
  * NODE was missing
  * calling of NODEIP/PORT was not neccessary
  * default naming of files similar to $LOGFILE
 2016-01-23 23:33:17 +01:00