Commit Graph

3851 Commits

Author SHA1 Message Date
Jauder Ho e58ceb7b10 Removed docker-3.0.yml from 3.1dev branch 2021-08-09 11:18:20 +00:00
Jauder Ho 4dc984df2e Revert ref test 2021-08-09 11:14:07 +00:00
Jauder Ho ca271c5d8b Test out GITHUB_REF 2021-08-09 11:09:11 +00:00
Jauder Ho b1aeeb47e0 Testing context 2021-08-09 10:36:17 +00:00
Jauder Ho 4df60052af Use GH Action to build new container images upon push 2021-08-09 10:21:10 +00:00
Dirk Wetter f15da8d15d
Merge pull request #1966 from drwetter/no_starttls
Add CVEs for No-STARTTLS vulnerability
2021-08-08 21:33:14 +02:00
Dirk aaf6409581 Add CVEs for No-STARTTLS vulnerability
In text output only the original one from Wietse Venema.
The other known so far in JSON/CSV
2021-08-08 21:30:35 +02:00
Dirk Wetter 89de30c867
Merge pull request #1965 from jauderho/gha_build_status
Update build status to reflect use of GHA
2021-08-08 14:00:14 +02:00
Jauder Ho 6daa2956b9
Update Readme.md 2021-08-08 04:07:33 +00:00
Jauder Ho fd9fac67aa
Update Readme.md 2021-08-08 03:51:34 +00:00
Dirk Wetter 77e47cadff
Merge pull request #1963 from drwetter/fix_1956_3.1dev
Redirect debugme() outputs to stderr (3.1dev)
2021-08-07 16:18:43 +02:00
Dirk Wetter c1253f2cd0
Merge pull request #1953 from jauderho/3.1dev
Add Dependenbot checking for GitHub Actions
2021-08-07 16:17:33 +02:00
Dirk Wetter 7b0947c290
Merge pull request #1958 from dcooper16/use_all+
Use all+ in calls to tls_sockets()
2021-08-07 16:04:07 +02:00
Dirk 3f8c62dc41 Change debugme1 calls to include redirection from stderr back to stdout
The fact that debugme1() redirects to stderr and the calls to this functions
redo that is deliberately as in the future we might want to use debugme1
without redirection.
2021-08-07 15:26:51 +02:00
Dirk 4e01f86c99 Redirect debugme() outputs to stderr (3.1dev)
... to address #1956 and other places. Similar to #1957,
only for the 3.1dev rolling release branch.

Also it changes debugme1() back? to output debug
statements only when $DEBUG >= 1. Per default here
also stderr is used.
2021-08-07 15:20:09 +02:00
David Cooper b4d11459a8 Use all+ in calls to tls_sockets()
get_server_certificate() includes a few calls to tls_sockets() in which the response will be TLS 1.3 and in which the response will be useless if it cannot be decrypted (since the goal is to obtain the server's certificate). So, these calls to tls_sockets() should specify "all+" rather than "all".
2021-08-05 11:36:32 -04:00
Dirk Wetter 1739ae1400
Merge pull request #1960 from dcooper16/certificate_compression
Check for RFC 8879 certificate compression
2021-08-05 16:51:03 +02:00
David Cooper 526d25bc1d Don't test for certificate compression if --ssl-native
This commit changes run_server_defaults() so that the test for certificate compression is not run in --ssl-native mode. This fixes an issue that was caught by 21_baseline_starttls.t.
2021-08-05 10:37:37 -04:00
David Cooper fa1ccdb565 Check for RFC 8879 certificate compression
This commit adds a check for whether the server supports certificate compression (RFC 8879). If it does, then the list of supprted compression methods is output in the server's preference order.
2021-08-04 14:39:12 -04:00
Dirk Wetter b603d57146
Merge pull request #1952 from drwetter/fix_1717
Look-ahead trick for -U --ids-friendly
2021-08-01 17:47:11 +02:00
Jauder Ho 91970a2214
Merge branch 'drwetter:3.1dev' into 3.1dev 2021-07-31 14:28:57 -07:00
Dirk Wetter a3ab6cd887
Merge pull request #1950 from drwetter/digrc
Ignore $HOME/.digrc
2021-07-31 18:49:57 +02:00
Dirk 6cf7521184 Look-ahead trick for -U --ids-friendly
If the order of the cmdline is '-U --ids-friendly' then we need to make sure we catch --ids-friendly. Normally we do not,
 see #1717. The following statement makes sure. In the do-while + case-esac loop  the check for --ids-friendly will be
executed again, but it does not hurt
2021-07-31 18:27:03 +02:00
Dirk 439aad1f22 Ignore $HOME/.digrc
Newer dig versions have an option to ignore $HOME/.digrc, older don't.

This commit adds a patch checking for the availability of such an option and
uses it by default. See #1894 .

If this option doesn't exist then still dig is used and can still lead to
wrong output. Unfortunately Debian-based distros are not very
good at this. Debian 10, Ubuntu 18.04 still use dig 9.11, whereas
Opensuse 15.2 has 9.16. Debian 11 and Ubuntu 20.04 use that too.
2021-07-31 15:14:22 +02:00
Dirk Wetter c40a3a7d02
Merge pull request #1946 from drwetter/noitalics4screen
Disable ANSI codes for italic when TERM == screen
2021-07-31 13:57:11 +02:00
Dirk 525a40a653 Disable ANSI codes for italic when TERM == screen
... otherwise it is being printed in reverse, see #1928.
2021-07-31 13:17:55 +02:00
Dirk Wetter 46862ecc84
Merge pull request #1945 from drwetter/alpine
Upgrade to alpine 3.13
2021-07-30 18:01:25 +02:00
Dirk Wetter 68c5acb556
Upgrade to alpine 3.13 2021-07-30 18:01:12 +02:00
Dirk Wetter 820b728bc4
Merge pull request #1943 from drwetter/email-contrib
E-Mail as a contribution possibility
2021-07-30 15:02:19 +02:00
Dirk Wetter 2b74e9f55d
E-Mail as a contribution possibility
As some people may have a problem with the owner of github.
2021-07-30 15:01:39 +02:00
Dirk Wetter 2935ecc2e1
Merge pull request #1938 from drwetter/nmap_portdetection_1931
Improved SSL/TLS portdetection in nmap greppable files
2021-07-30 09:48:50 +02:00
Dirk Wetter 70d40b416b
Merge pull request #1940 from dcooper16/print_spaces_faster
Print consecutive spaces faster
2021-07-30 09:21:50 +02:00
David Cooper fc310301f1 Print consecutive spaces faster
This commit adds a new function, print_n_spaces(), which prints a sequence of (up to 80) space characters.

This new function is used to replace a few places in testssl.sh in which a sequence of space characters is printed by calling 'out " "' in a loop. The new function is much faster than the current code, so it will make testssl.sh run slightly faster.
2021-07-29 15:12:27 -04:00
Dirk 59c0b38140 see previous commit 2021-07-25 17:14:12 +02:00
Dirk defed8705b Extend TLS/SSL port detection
As mentioned in #1931 the port detection for nmap greppable files
leaves space for improvements.

Ths PR adds a pattern detection of ssl and https in the forth or fifth
parameter of an open port, so those ports will be added to a scan when
a nmap greppable output file is as input to testssl.sh .

Also it does minor code adjustments to utils/gmap2testssl.sh .
2021-07-25 17:09:30 +02:00
Dirk Wetter 18dfa26e48
Merge pull request #1936 from drwetter/fix_1935
Fix problem when nmap file has .txt extension
2021-07-25 16:34:58 +02:00
Dirk b1c1d250cf Redo utils/gmap2testssl.sh
.. mainly copied from testssl.sh. Also it adds a detection for the
strings ssl and https. If those run at non-stanadard ports but nmap
detected it, it'll show up in the output file.

That will be backported to the main program, see #1931 .
2021-07-25 16:28:50 +02:00
Dirk 5a7b7d8b8e Fix problem when nmap file has .txt extension
This addresses a bug filed in #1935 in 3.1dev when the supplied file
has a .txt extension. In this scenario the input file was nulled
as from the input file in nmap format an internal input file was
generated which has a .txt extension, in the same directory.
The idea was to persist the file for the user.

Now, this internal input file is ephemeral and only written to $TEMPDIR.
2021-07-25 13:05:40 +02:00
Dirk Wetter 05d087a564
Merge pull request #1933 from drwetter/drwetter-patch-1
Update bug_report.md
2021-07-21 09:22:38 +02:00
Dirk Wetter 8203049154
Update bug_report.md 2021-07-21 09:22:01 +02:00
Jauder Ho ea4d939f8f
Create dependabot.yml 2021-07-01 19:32:33 -07:00
Dirk Wetter 56dcbcdc15
Merge pull request #1924 from drwetter/fix_1915
Fix redundant message (BREACH) when client certificate required
2021-06-22 08:25:29 +02:00
Dirk Wetter f4bb1a20e2
Merge pull request #1925 from PeterDaveHello/Add.dockerignore
Ignore FreeBSD & macOS OpenSSL binary in Dockerfile
2021-06-19 18:17:51 +02:00
Peter Dave Hello f0970aff90 Ignore FreeBSD & macOS OpenSSL binary in Dockerfile
There is no need to add non-Linux binary in the Dockerfile here.
2021-06-19 22:22:59 +08:00
Dirk 28d9bc483d Fix redundant message (BREACH) when client certificate required
same as #1916.

Fixes #1915
2021-06-19 15:27:03 +02:00
Dirk Wetter 9f0d0c0062
Merge pull request #1921 from drwetter/gha_denylist
Github actions modifications
2021-06-19 12:30:00 +02:00
Dirk 2af7860a3c Remove mac osx
... apt is probably not the right thing ;-)
2021-06-19 11:17:52 +02:00
Dirk 247d08882e GHA: Fix push + PR
see https://github.community/t/how-to-factor-paths-in-common-for-push-and-pull-request/115967/2

TL;DR:  There is no way to specify the common paths for two events
2021-06-19 11:12:00 +02:00
Dirk 5cd97ddcb9 Correct YAML error in GHA + add macOS
- yamllint to the rescue. Still shows an error though:
  4:3       error    syntax error: expected <block end>, but found '<block mapping start>' (syntax)

- added macos, see https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners
2021-06-19 10:45:08 +02:00
Dirk b8a9b9c6db Github actions modifications
- define deny list of files when modified not to run GHA
- specRitfy OS to be ubuntu-20.04 (is there a debian at all?)
- only use perl 5.26

While researching I stumbled over mac.osx as an OS one can specify. If anybody
knows whether this is really macosx (license?) please let me know. That
would be a great addition for CI. (Couldn't find BSD yet...)

See #1920
2021-06-19 09:20:48 +02:00