Commit Graph

1801 Commits

Author SHA1 Message Date
Christian Dresen
c366f09043 Removed unused lines from Dockerfile for testssl.sh 2017-03-30 13:35:48 +02:00
Christian Dresen
db32b1fbea Added Dockerfile for testssl.sh 2017-03-30 13:18:46 +02:00
Dirk
7953bfda5e correct DEBUGTIME 2017-03-29 11:17:24 +02:00
Dirk
05ea5675b8 one line per variable type 2017-03-29 10:44:22 +02:00
Dirk Wetter
2f8bc2e77a Merge pull request #686 from dcooper16/out_row_aligned_max_width
out_row_aligned_max_width()
2017-03-29 10:39:04 +02:00
David Cooper
227a31b788 out_row_aligned_max_width()
This PR improves `out_row_aligned_max_width()` in a few ways:

* It makes better use of bash's string manipulation capabilities in order to simplify the function.

* It improves the function's performance. One of the most costly parts of `out_row_aligned_max_width()` was the while loop to print each entry in the text. Since there is only one place in the code where the the entries are not all printed the same ways (the list of supported curves printed by `run_pfs()`), the PR changes `out_row_aligned_max_width()` to just return a plain text string, which the calling function prints in the appropriate way. For the curves printed by `run_pfs()`, a new function, `out_row_aligned_max_width_by_entry()` takes care of getting the output from `out_row_aligned_max_width()` and then printing each entry appropriately.

* The PR also introduces a trick so that when the TLS extensions are printed, the text for an extension won't get split across two rows. It does this by replacing the space charters within the text for an extension with "}", formatting the result with `out_row_aligned_max_width()`, and then converting the "}" back to space characters.
2017-03-28 13:54:54 -04:00
Dirk
53de1dc7c4 clarified help() 2017-03-28 12:07:45 +02:00
Dirk
e2d5dc7778 part 2/2: fix for #653 2017-03-27 21:31:54 +02:00
Dirk Wetter
7df453c7f3 Merge pull request #683 from dcooper16/missing_html_banner
Missing HTML banner
2017-03-27 21:12:35 +02:00
David Cooper
684c231dcd Merge branch '2.9dev' into missing_html_banner 2017-03-27 12:36:14 -04:00
Dirk
38cf16854d FIX #682 2017-03-27 17:35:45 +02:00
David Cooper
d629cbcc28 Missing HTML banner
With the commit made on March 26, "partly (1/2) fixing #653," an HTML banner isn't added to the HTML files anymore.  A banner should be added to the top of the HTML file if mass testing is being performed and a separate HTML file is being created for each test.

The `$APPEND` flag being `true` is an indicator that mass testing is being performed and that this is one of the individual tests being run. Given that `$APPEND` is `true`, `$HTMLHEADER` being `true` indicates that testssl.sh is creating the file name for the HTML output. So, it is when both flags are `true` that the HTML banner should be created.
2017-03-27 10:52:24 -04:00
Dirk
bcc597dbab clarify help #680 2017-03-27 11:37:18 +02:00
Dirk
c0af8b113f FIX #680 2017-03-27 11:29:21 +02:00
Dirk
7543aa30fb make travis mute again / introduce DEBUG_ALLINONE to use script for debug output all in one file 2017-03-27 08:59:29 +02:00
Dirk
9f1877b192 save work (still double footer, see #653) 2017-03-27 00:54:38 +02:00
Dirk
a8b2dfec40 allow '=' after --htmlfile 2017-03-27 00:34:42 +02:00
Dirk
13ba1ce966 partly (1/2) fixing #653 2017-03-27 00:30:42 +02:00
Dirk
c281956f6e ifix xtrace 2017-03-26 19:34:02 +02:00
Dirk
e268a1564a * include runtime per default in "Done" banner
* enable better performance analysis
* minor polish
2017-03-25 19:37:30 +01:00
Dirk
10bbbd9334 minor cleanups 2017-03-25 13:23:21 +01:00
Dirk Wetter
039b293790 Merge pull request #679 from dcooper16/std_cipherlists_debug
Fix std_cipherlists with debug
2017-03-25 12:36:46 +01:00
Dirk
4ae1597b2b FIX #543 2017-03-25 12:26:08 +01:00
David Cooper
8d60e87040 Fix std_cipherlists with debug
`std_cipherlists()` does not include line breaks between tests in the output to the terminal when `$DEBUG` is 1, and it does not include line break between tests in the HTML output whenever `$DEBUG` is greater than 0.
2017-03-24 16:45:39 -04:00
Dirk Wetter
edaffc85ec Merge pull request #674 from dcooper16/fix_client_simulation
Fix client simulation
2017-03-24 18:45:40 +01:00
David Cooper
9a86825ec2 Fix client simulation
In `create_client_simulation_tls_clienthello()` the variable `sni_extension_found` should be set if the ClientHello includes an SNI extension. Instead it was being set if and only if the ClientHello included some extension other than SNI.

This bug wasn't detected before for two reasons:

* It is rare to have a ClientHello that includes an SNI extension, but no other extensions.

* The code still works correctly if `sni_extension_found` is set even if there is no SNI in the ClientHello.

So, the bug only creates a problem if the browser's ClientHello include an SNI extension and no other extensions (see "BingPreview Jun 2014" in the client_simulation branch).
2017-03-24 11:37:06 -04:00
Dirk Wetter
3514c9d98d Merge pull request #672 from dcooper16/minor_bugs
Fix two minor bugs
2017-03-24 08:00:33 +01:00
Dirk Wetter
3879338040 Merge pull request #670 from dcooper16/client_sim_name_printing
Use printf to print browser names
2017-03-24 07:52:54 +01:00
David Cooper
3a2dd3e6d1 Fixing a third minor bug
When HTML output is not being created, the print functions last step is to call `html_out()`, which responds to `return` rather than `return 0`. This causes problems for lines of code that rely on receiving a return value of 0. For example:
```
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for LUCKY13 vulnerability " && outln
```
2017-03-23 16:43:04 -04:00
David Cooper
7f64170402 Fix two minor bugs
This PR fixes two minor bugs:

* In `run_hpkp()`, the call to `$OPENSSL s_client` includes the option `-showcerts` twice. This PR removes one of them.

* In `get_server_certificate()`, the first call to `$OPENSSL s_client` includes `$addcmd`, but `$addcmd` has not yet been initialized. Instead, `$SNI` should be used.
2017-03-23 16:19:21 -04:00
David Cooper
005fe3f27e Remove unnecessary spaces 2017-03-23 14:15:26 -04:00
David Cooper
13f42774ae Use printf to print browser names 2017-03-23 14:13:47 -04:00
Dirk
d5bb4edd80 * FIX #654 (no logfile when -file is specified)
* filename has now instead of just the number p+#
* minor polishing
2017-03-23 16:36:29 +01:00
Dirk Wetter
0d511e40e4 Merge pull request #669 from dcooper16/extract_tls_extensions
Cleanup extraction of TLS extensions
2017-03-23 08:56:13 +01:00
David Cooper
63d02688bc Fix typo 2017-03-22 15:21:22 -04:00
David Cooper
9ad1492236 Cleanup extraction of TLS extensions
Currently there is code to extract TLS extensions in three places, in `get_server_certificate()` and two places in `determine_tls_extensions()`. This PR replaces them with one new function, `extract_new_tls_extensions()`.

In order for the new function to work correctly whether OpenSSL or `tls_sockets()` is being used, this PR also changes `parse_tls_serverhello()` so that extensions are formatted in the file it creates in the same way as they are formatted by OpenSSL.
2017-03-22 15:18:38 -04:00
Dirk
43463da4fc improvements for performance measurements (small solution)
- in gerneral better performance measurements , starts from the real beginning (almost)
- allows results to put into file (MEASURE_TIME_FILE=google.txt testssl.sh google.com)
2017-03-22 16:02:48 +01:00
Dirk
27d0570fb5 - changed performance debugging options (small solution) so that the last delta is being shown
- PS4 improved: has now a performance debugging options (big solution)
- PS4 with proper alignment
- SCAN_TIME is now global so that it can be used not only by JSON-PRETTY (small performance debugging options uses it)
- prepare_debug() has now debugging stuff only, rest went to prepare_arrays()
2017-03-21 12:44:03 +01:00
Dirk
8c0b0083d0 further separation of data / code 2017-03-21 09:15:30 +01:00
Dirk
273361fbb9 raw time assements via env var MEASURE_TIME=true 2017-03-20 22:53:18 +01:00
Dirk
60a8e0a190 monor resorting and cosmetic improvements 2017-03-19 09:47:49 +01:00
Dirk
bb5b778ee1 update/resort 2017-03-19 09:36:19 +01:00
Dirk
73a094fcc7 FIX #648 (retrieve cipher and protocol from ServerHello) --> saves ~1 second and makes code better to read
other readabilty improvements
2017-03-18 22:24:35 +01:00
Dirk
8be47e484b replace some "echo $x" by HERE statement "<<<" 2017-03-18 21:01:55 +01:00
Dirk
c618b9a954 fix CR for standard cipherlists with debug=1 2017-03-18 16:09:22 +01:00
Dirk
21a51b4ff0 Merge branch '2.9dev' of github.com:drwetter/testssl.sh into 2.9dev 2017-03-18 15:58:30 +01:00
Dirk
407c4383bf - externalized client simulation data
- fixed  *_fixme()
2017-03-18 15:57:16 +01:00
Dirk Wetter
4a6c7de3b7 native HTML support 2017-03-18 15:07:02 +01:00
Dirk Wetter
30e68311fc Merge pull request #658 from AlGreed/2.9dev
Fixed #657: Severity flag for JSON-PRETTY produces malformad JSON object
2017-03-18 13:12:40 +01:00
Dirk Wetter
9d06b1a0f5 Merge pull request #665 from drwetter/2.9dev_html
merge 2.9dev_html into 2.9dev
2017-03-18 13:04:42 +01:00