Dirk Wetter
cb451777d2
Merge pull request #2338 from drwetter/CAstores_update
...
CA astores update
2023-03-18 20:19:03 +01:00
Dirk Wetter
aac696b0a0
Updated root CA stores
2023-03-17 18:06:57 +01:00
Dirk Wetter
6106887fdd
Update DST CA
2023-03-17 18:06:03 +01:00
Dirk Wetter
419aae3c98
updates docu to reflekt actual status
2023-03-17 18:05:24 +01:00
Dirk Wetter
2659a13086
Merge pull request #2336 from drwetter/drwetter-patch-4
...
Update codespell.yml
2023-03-12 18:12:29 +01:00
Dirk Wetter
6cea273a68
Update codespell.yml
...
add exception for aNULL which should work now
2023-03-12 17:55:10 +01:00
Dirk Wetter
b84e182ca2
Merge pull request #2332 from drwetter/sanitize_fileout
...
Make sure control chars from HTTP header don't end up in html,csv,json
2023-03-12 16:18:20 +01:00
Dirk Wetter
83f67b4fb7
Merge pull request #2333 from drwetter/drwetter-patch-4
...
Update .gitignore
2023-03-12 16:00:11 +01:00
Dirk Wetter
8643ed4c72
Update .gitignore
2023-03-12 15:57:01 +01:00
Dirk Wetter
cacd8c57b1
Add variable htmlfile + filter GOST message
...
... which is needed for newer LibreSSL/OpenSSL versions
2023-03-12 15:09:24 +01:00
Dirk Wetter
2e33c483dd
remove comma in tr as it was interpreted as such
2023-03-12 14:52:11 +01:00
Dirk Wetter
fab67d0cca
Remove CR in server banner
...
... which caused a problem in t/32_isHTML_valid.t.
Also the test for an empty server banner was simplified
2023-03-12 14:00:55 +01:00
Dirk Wetter
d298b41d2c
add aNULL exception to codespell
2023-03-11 14:06:47 +01:00
Dirk Wetter
06506b371e
Make sure control chars from HTTP header don't end up in html,csv,json
...
This addresses the bug #2330 by implementing a function which removes
control characters from the file output format html,csv,json at the
output.
In every instance called there's a check before whether the string
contains control chars, hoping it'll save a few milli seconds.
A tr function is used, omitting LF.
It doesn't filter the terminal output and the log file output.
2023-03-11 13:38:28 +01:00
Dirk Wetter
88763f47a8
Merge pull request #2326 from drwetter/fix_mime-type
...
Fix Accept Header
2023-02-20 20:29:14 +01:00
Dirk
a14fc5bdcf
Fix Accept header
...
see #2325 .
"whenever HTTP/1.1 is used then the Accept header uses "text/*" as a MIME type.
This causes some minor issues with some of the checks we are doing"
2023-02-20 15:01:40 +01:00
Dirk Wetter
e57527f3ec
Merge pull request #2321 from drwetter/align_json+terminal@run_cipherlists
...
Rename 3 jsonIDs in run_cipherlists(): breaking change
2023-02-08 17:07:42 +01:00
Dirk Wetter
8260ca16e2
Merge pull request #2309 from polarathene/chore/dockerfile-improved-copy
...
chore: Use a single `COPY` by better leveraging `.dockerignore` patterns
2023-02-07 12:23:04 +01:00
Dirk Wetter
363c0d0a69
Merge pull request #2323 from drwetter/drwetter-patch-4
...
Remove mkdir in Dockerfile
2023-02-07 10:29:08 +01:00
Dirk Wetter
f914423978
Remove mkdir in Dockerfile
...
see https://github.com/drwetter/testssl.sh/pull/2312#pullrequestreview-1286620850
2023-02-07 10:28:26 +01:00
Brennan Kinney
81634ce13d
chore: Bring back group value for COPY --chown
2023-02-07 21:36:47 +13:00
Dirk Wetter
1ee21b7f22
Merge pull request #2312 from polarathene/chore/dockerfile-simplify-user
...
chore(Dockerfile): Simplify `testssl` user creation
2023-02-07 09:03:23 +01:00
Dirk Wetter
64ae161218
Merge branch '3.1dev' into chore/dockerfile-simplify-user
2023-02-07 09:03:15 +01:00
Dirk Wetter
66ebfb2f58
Add changes to CSV baseline
2023-02-06 21:56:54 +01:00
Dirk Wetter
6f881dc70b
Rename 3 jsonIDs in run_cipherlists(): breaking change
...
see #2316 / #2320
AVERAGE --> OBSOLETED
GOOD --> STRONG_NOFS
STRONG --> STRONG_FS
2023-02-05 19:32:08 +01:00
Dirk Wetter
e87b745c93
Merge pull request #2316 from dcooper16/cipherlists_doc
...
Update documentation for cipherlists tests
2023-02-05 19:25:02 +01:00
Dirk Wetter
05b4cdcc0d
Merge pull request #2317 from dcooper16/fix_html
...
Fix HTML output in Bash 5.2 and newer
2023-02-04 09:22:03 +01:00
David Cooper
3d82f7cb21
Fix HTML output in Bash 5.2 and newer
...
As noted in #2304 , the way that the '&' character is treated in the string part of a pattern substitution changed in Bash 5.2. As a result, the change that was made in #1481 to accommodate older versions of Bash (e.g., on MacOS) now causes testssl.sh to produce incorrect HTML output when run on Bash 5.2.
This commit encodes the '&' characters in the substitution strings in a way that produces correct results on multiple versions of Bash (3.2 on MacOS, 5.2 on Ubuntu 23.10, 5.0 on Ubuntu 20.04).
2023-02-03 14:18:02 -08:00
David Cooper
b661f7b8d3
Update documentation for cipherlists tests
...
The sets of cipher lists checked by `run_cipherslists()` changed in 3.1dev, but the documentation was not updated.
2023-02-03 11:24:04 -08:00
Dirk Wetter
70237b2328
Merge pull request #2313 from polarathene/chore/dockerfile-remove-mkdir
...
chore: Remove redundant `mkdir`
2023-02-03 19:54:51 +01:00
Dirk Wetter
6c2663aeb6
Merge pull request #2311 from SSLbrain/3.1dev
...
Feature Trustcor certificates being removed/disabled from root stores #2293
2023-02-02 13:55:07 +01:00
Brennan Kinney
76b8f0c981
chore: Remove redundant mkdir
...
- If local folder ownership is for example `644` it will fail to handle the `COPY` regardless (while `744` would work).
- Creating the directory with higher permissions in the container does not appear to help.
2023-02-02 14:26:16 +13:00
Sole
3670c1e4ad
Removed non-relevant CA's that no longer have active certificates.
2023-02-02 01:13:00 +00:00
Brennan Kinney
dc7d13b853
chore(Dockerfile): Simplify testssl
user creation
...
Create `testssl` user (_and group_) with no password (`-D`) and default their shell to bash (`-s`):
- A group will implicitly be created with the same value as the user. `addgroup testssl` and `-G testssl` are not needed.
- Gecos data (`-g "testssl user"`) doesn't appear relevant to the project to be required? The default gecos value (`Linux User,,,`) should be fine.
2023-02-02 14:07:51 +13:00
Sole
9fc8c33704
Change exception for removed root certificates into easy edit multi-value regular expression for Organization name and making it clear that CA's are actively removed from 1+ root stores.
2023-02-02 00:42:15 +00:00
Brennan Kinney
74892e45c5
chore: Use a single COPY
by better leveraging .dockerignore
patterns
2023-02-02 12:49:30 +13:00
Dirk Wetter
e02e8be19f
Merge pull request #2306 from drwetter/upgrade_alpine_perf-fix
...
Upgrade Alpine version for both Dockerfiles
2023-02-01 19:45:57 +01:00
Dirk Wetter
beb94d9efc
Upgrade Alpine version for both Dockerfiles
...
... to improve/mitigate performance problems, see #2299 .
(musl libc vs. glibc)
2023-02-01 19:40:40 +01:00
Dirk Wetter
5a1a114adc
Merge pull request #2300 from drwetter/dependabot/github_actions/docker/build-push-action-4.0.0
...
Bump docker/build-push-action from 3.3.0 to 4.0.0
2023-01-31 09:37:28 +01:00
Dirk Wetter
0b5c414970
Merge pull request #2303 from drwetter/nntp_ci_remove
...
Remove NNTP from CI tests
2023-01-31 09:37:06 +01:00
Dirk Wetter
2e0898c9ef
Remove NNTP from CI tests
...
Maybe for the future we should check whether host is available and
if so then run the test
2023-01-31 09:34:18 +01:00
dependabot[bot]
8ae8a6fc44
Bump docker/build-push-action from 3.3.0 to 4.0.0
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3.3.0 to 4.0.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v3.3.0...v4.0.0 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-31 00:03:02 +00:00
Dirk Wetter
8099dc0106
Merge pull request #2297 from drwetter/ldap_starttls_improvements
...
Add logic for STARTTLS enabled AD servers
2023-01-17 14:27:01 +01:00
Dirk Wetter
fdd72d2785
Cleanup code, clarfy comments for AD/LDAP + STARTTLS
2023-01-17 14:23:53 +01:00
Dirk Wetter
fc2a020294
Add logic for STARTTLS enabled AD servers
...
There are two different scenarios. x0C is the buffsize reply from openldap-like servers
whereas AD servers probably have x84 and return also the OID. The following is kind of
hackish as ldap_ExtendedResponse_parse() in apps/s_client.c of openssl is kind of hard
to understand. It was deducted from a number of hosts.
Bottom line: We'll look at the 9th byte or at the 17th when retrieving the result code
AD:
30 84 00 00 00 7d 02 01 01 78 84 00 00 00 74 0a 01 34 04 00 04 55 30 30 30 30 30 30 30 30 3a 20 [ failed AD .. LdapErr + OID..]
30 84 00 00 00 28 02 01 01 78 84 00 00 00 1F 0A 01 00 04 00 04 00 8A 16 [.. OID ..]
^^ bufflen ^^ resultcode
30 0C 02 01 01 78 07 0A 01 00 04 00 04 00
^^ bufflen ^^ result code
2023-01-17 11:16:05 +01:00
Dirk Wetter
ce3bd4764f
Merge pull request #2296 from drwetter/dependabot/github_actions/docker/build-push-action-3.3.0
...
Bump docker/build-push-action from 3.2.0 to 3.3.0
2023-01-16 10:20:13 +01:00
dependabot[bot]
1b2f58d739
Bump docker/build-push-action from 3.2.0 to 3.3.0
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v3.2.0...v3.3.0 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-16 01:05:58 +00:00
Dirk Wetter
7670275e59
Merge pull request #2292 from drwetter/ldap_starttls_improvements
...
make starttls_ldap_dialog() more readable...
2022-12-27 22:06:12 +01:00
Dirk Wetter
c67cefaf8e
add info about error handling
2022-12-26 19:15:49 +01:00
Dirk Wetter
336d3c947a
better use safe_echo()
2022-12-26 16:14:26 +01:00