This commit adds a first PoC implementation of MTA-STS (RFC 8461), see also
issue #1646.
What works:
- test a hostname which is equal to a MX record and a domainname and has
a MTS-STS setup (dev.testssl.sh)
- check _mta-sts TXT record + https://mta-sts.$NODE/.well-known/mta-sts.txt
- check also _smtp._tls TXT record
- screen output
What doesn't work
- test a hostname which is not equal to domainname
- test a hostname which has not mx record
- fileout put
- any parsing of TXT record + .well-known/mta-sts.txt
- when no TXT records or .well-known/mta-sts.txt are there
- fileoutput
- colored screen output
There's a stub function for DANE.
There are also two stub functions splitting HTTP body from HTTP header
which I couldn't get to work and will be removed later.
Besides to avoid confusion it changes from all GET requests over HTTPS tm_out
to safe_echo. It's actually exactly the same only the name is different.
Workaround for bug see #1717. In addition: Bring the test closer to a cleaner style,
as the others
Should --ids-firednly could be as well be removed when travis runs faster.
As there is `apk upgrade` and `apk update`, the apk index will already
be existed. `--no-cache` is for `apk` when there is no `apk update`
behavior and it's expected to be no local cache left, not suitable for
the use case here, which wants to upgrade all the package to the latest
when packaging the image.
... in order to be consistent with run_server_preference().
The wide formatting of other tests need some inspection and
off the top off my head are not as perfectly formatted so that
they should not run per default in wide mode.
Often in the past travis was hitting a limit (50min?).
This is a try to make reasonable cuts to the unit tests:
- For STARTTLS some checks with OPenSSL are skipped
- For JSON and HTML outputs --ids-friendly was added assumming we
don't change the output of ticketbleed, CCSI, HeartBleed and ROBOT any more.
- There's also not point to run those checks against badssl
- for the diff check we switch to 'or diag' to display a dfifference
This fixes#1779. There was a problem introduced in
3cd1273439 which counted
the size of the file name rather than the size of the
socket reply.
The helper function count_chars() is now not used anymore.
It maybe useful in the future though.
