Commit Graph

3720 Commits

Author SHA1 Message Date
Dirk Wetter
c832e8b12a Screen output correction (quotes), logic error when MTA-STS record was missing fixed 2021-01-26 14:24:31 +01:00
Dirk Wetter
eee6e77201 https instead of http, also in the comment 2021-01-23 14:24:11 +01:00
Dirk Wetter
d3e592579e Better output formating for MTA-STS
* failreason_mtasts_rec additions is now adding not to the first array index only
* arrays for formatting error has now separators (but also at the last index)
  hint from https://web.archive.org/web/20101114051536/http://codesnippets.joyent.com/posts/show/1826
* replaced a couple of quoted double quotes by single quotes
* replaced a couple of quoted single quotes by single quotes

Unrelated to mta-sts:
* HAS_DIG_NOIDNOUT was moved to places where we need dig
* echo "$mx" --> safe_echo "$mx"

The latter two should be backported to 3.0
2021-01-21 22:46:46 +01:00
Dirk Wetter
911ac8380f Several minor updates to MTA-STA
* stripping quotes moved to get_txt_record()
* fixing concatenation of errors: strings though need proper formatting
* new count_char_occurence() function as a general helper func
* better parsing of blanks in pattern (removed also where rfc states it's not
  allowed)
2021-01-17 21:54:12 +01:00
Dirk Wetter
aa3b12a543 Save work, MTA-STS
* Imporved handling of quotes in TXT records. Previously we just
  stripped all quotes. Now get_txt_record includes ALL of them.
  sub_mta_sts() then removed the first and last double quote.
  (this need to be adjusted)

- get_txt_record() has been tested better for every binary so
  that it should return always the correct string
2021-01-17 11:02:47 +01:00
Dirk Wetter
429a8cf643 Fixed two more errors for MTA-STS and domain identification
* for sub.domain.tld $domain was empty
* typo for checking empty variable mta_sts_record led
  to a missing query for some type of domains
2021-01-14 14:30:13 +01:00
Dirk Wetter
4f1da9b192 Trying to address some of the domain issues for MTA-STS
There are checks now whether testssl.sh was started with --max and
whether we aim at a target which is an MX record. It has not been
thoutoughly tested but works for a couple of scenarios. There were
cases being identififed where this fails, see comments in the code.

Also this commit addresses an error in the URL handling: for
DNS queries a trailing dot is fine in the variable $NODE. For
HTTP queries it is not.
2021-01-13 11:23:36 +01:00
Dirk Wetter
d96cfddf9b Add better mta_sts_record / mts-sts policy validation
Fix temp diretoty for debugging
2021-01-12 17:44:12 +01:00
Dirk Wetter
43b05b082c Added fileout, raw good/bad/info checks 2021-01-06 14:12:12 +01:00
Dirk Wetter
b7cd397c98 Add MTA-STS as a PoC
This commit adds a first PoC implementation of MTA-STS (RFC 8461), see also
issue #1646.

What works:
- test a hostname which is equal to a MX record and a domainname and has
  a MTS-STS setup (dev.testssl.sh)
- check _mta-sts TXT record + https://mta-sts.$NODE/.well-known/mta-sts.txt
- check also _smtp._tls TXT record
- screen output

What doesn't work
- test a hostname which is not equal to domainname
- test a hostname which has not mx record
- fileout put
- any parsing of TXT record + .well-known/mta-sts.txt
- when no TXT records or .well-known/mta-sts.txt are there
- fileoutput
- colored screen output

There's a stub function for DANE.

There are also two stub functions splitting HTTP body from HTTP header
which I couldn't get to work and will be removed later.

Besides to avoid confusion it changes from all GET requests over HTTPS tm_out
to safe_echo. It's actually exactly the same only the name is different.
2021-01-05 22:05:54 +01:00
Dirk Wetter
a9f4bb5fb5
Merge pull request #1810 from drwetter/starttls_injection
STARTTLS injection
2020-12-29 14:40:58 +01:00
Dirk Wetter
e1a43e6e16
Merge branch '3.1dev' into starttls_injection 2020-12-29 13:46:18 +01:00
Dirk Wetter
7c66535628 resolve merge conflict 2020-12-29 13:44:04 +01:00
Dirk Wetter
ffe223f6e6
Merge pull request #1807 from tosticated/custom_http_headers
Custom HTTP request headers support added. Addresses #1770
2020-12-26 12:13:59 +01:00
tosticated
351f36c943 Changed parameter to --reqheader for custom HTTP headers. 2020-12-25 20:10:02 +01:00
tosticated
1473cdf02d
Update CHANGELOG.md 2020-12-24 22:00:42 +01:00
tosticated
c1a565fad8 Custom HTTP request headers support added. Addresses #1770 2020-12-22 22:33:25 +01:00
Dirk Wetter
2682d032b8
Merge pull request #1801 from drwetter/tmpfix_order_idsfriendly+U
Fix order for -U and --ids-friendly
2020-12-12 12:03:22 +01:00
Dirk Wetter
39132fe3d0 Fix order for -U and --ids-friendly
Workaround for bug see #1717. In addition: Bring  the test closer to a cleaner style,
as the others

Should --ids-firednly could be as well be removed when travis runs faster.
2020-12-11 20:49:15 +01:00
Dirk Wetter
4f375de26c
Merge pull request #1799 from PeterDaveHello/RefactorDockerfileApkUsage
Refactor `apk` usage in Dockerfile
2020-12-09 09:17:00 +01:00
Peter Dave Hello
abc5694408 Clean up apk cache in Dockerfile after packages installed
This will make the image smaller.
2020-12-09 15:52:04 +08:00
Peter Dave Hello
da84740000 Remove --no-cache for apk in Dockerfile
As there is `apk upgrade` and `apk update`, the apk index will already
be existed. `--no-cache` is for `apk` when there is no `apk update`
behavior and it's expected to be no local cache left, not suitable for
the use case here, which wants to upgrade all the package to the latest
when packaging the image.
2020-12-09 15:47:07 +08:00
Dirk Wetter
2cb96d4e9e
Merge pull request #1798 from drwetter/client_always_wide
Client simulation per default as wide
2020-12-08 23:23:55 +01:00
Dirk Wetter
d76829cd28 wide mode for client simulation 2020-12-08 19:52:42 +01:00
Dirk Wetter
e7fa4ff4ce Client simulation per default as wide
... in order to be consistent with run_server_preference().

The wide formatting of other tests need some inspection and
off the top off my head are not as perfectly formatted so that
they should not run per default in wide mode.
2020-12-08 19:43:07 +01:00
Dirk Wetter
f6e2a5c381
Merge pull request #1797 from atroost/hex2curves
Hex2curves
2020-12-03 12:44:21 +01:00
Alexander Troost
7029ada0ba fixing typo in md file 2020-11-28 14:06:26 +01:00
Alexander Troost
57ffe08dd4 Adding a hex2curves util. 2020-11-28 14:04:00 +01:00
Dirk Wetter
ea6d99fe93
Merge pull request #1795 from drwetter/no_code_update
Trying to save resources for poor Travis/CI ;-)
2020-11-28 10:08:53 +01:00
Dirk Wetter
a780ad6174
fix '|" 2020-11-27 20:24:46 +01:00
Dirk Wetter
1cd5510955 Trying to save resources for poor Travis/CI ;-)
See 3b38a5dea3
2020-11-27 18:10:43 +01:00
Dirk Wetter
19494a6d8b
Merge pull request #1794 from drwetter/drwetter-patch-1
Minor changes to Readme Dockerfile again
2020-11-27 17:05:22 +01:00
Dirk Wetter
c88d22a0f0
Update Dockerfile.md 2020-11-27 17:05:03 +01:00
Dirk Wetter
2655e91255
Update Readme.md 2020-11-27 17:00:34 +01:00
Dirk Wetter
20c57289d1
Merge pull request #1792 from drwetter/docker_docu_polish
Consolidate docker sections in Readme.md and Dockerfile.md
2020-11-27 16:35:03 +01:00
Dirk Wetter
1a7e4f1e92 consolidate docker sections in Readme.md and Dockerfile.md
see #1791
2020-11-27 16:33:23 +01:00
Dirk Wetter
849c031597
Merge pull request #1789 from drwetter/skip_sometunittests
Trying to reduced the runtime of travis
2020-11-27 15:24:06 +01:00
Dirk Wetter
96d4b4f08b Trying to reduced the runtime of travis
Often in the past travis was hitting a limit (50min?).

This is a try to make reasonable cuts to the unit tests:
- For STARTTLS some checks with OPenSSL are skipped
- For JSON and HTML outputs --ids-friendly was added assumming we
  don't change the output of ticketbleed, CCSI, HeartBleed and ROBOT any more.
- There's also not point to run those checks against badssl
- for  the diff check we switch to 'or diag' to display a dfifference
2020-11-27 13:19:52 +01:00
Dirk Wetter
a5d93486ad
Merge pull request #1788 from drwetter/diff_unittest
Diff unittest
2020-11-26 20:04:22 +01:00
Dirk
665209bf60 typos 2020-11-26 16:27:40 +01:00
Dirk
1b63760bc3 Add baseline master file for testssl.sh 2020-11-26 16:05:08 +01:00
Dirk Wetter
9aafc452d8
Merge pull request #1787 from drwetter/unittest_reorder
Unittest reorder
2020-11-26 16:04:02 +01:00
Dirk
a98ede0720 Finalize first diff check for travis 2020-11-26 15:58:13 +01:00
Dirk
49d321cfbb Add "command not found" 2020-11-26 13:41:44 +01:00
Dirk
191efddaee document changes from previous commits 2020-11-26 13:07:49 +01:00
Dirk
0c20b21fc2 Better order, "command not found added" 2020-11-26 13:02:10 +01:00
Dirk Wetter
9ea7446203 Add STARTTLS injection to Changelog 2020-11-26 10:48:32 +01:00
Dirk Wetter
5c5c4dcd58 Merge branch '3.1dev' into starttls_smtp_injection
Resolving conflicts because of do_winshock
2020-11-26 10:45:02 +01:00
Dirk Wetter
cc40d2f559
Merge pull request #1786 from drwetter/new-templates
Update issue templates
2020-11-25 21:19:48 +01:00
Dirk Wetter
b47bc9e871
Update bug_report.md 2020-11-25 21:19:26 +01:00