Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-01 06:19:44 +01:00
Code Issues Packages Projects Releases Wiki Activity
50660e9edd
testssl.sh/etc
History
Dirk Wetter 50660e9edd typos, minor additions
2016-03-13 21:13:03 +01:00
..
curves.txt checkin (for future work) 2016-02-06 15:42:55 +01:00
linux.pem - NEW: chain of trust -- for openssl 1.0.2 only 2015-09-22 15:05:59 +02:00
mapping-rfc.txt Fix typo in etc/mapping-rfc.txt 2016-02-05 14:53:19 -05:00
microsoft.pem - updated, see #317 2016-03-13 20:38:06 +01:00
mozilla.pem - updated Mozilla truststore from http://curl.haxx.se/ instead of local firefox install, #317 2016-03-12 18:19:15 +01:00
README.md typos, minor additions 2016-03-13 21:13:03 +01:00

README.md

Certification stores

The certificate stores were retrieved by

  • Mozilla; see https://curl.haxx.se/docs/caextract.html
  • Linux: Just copied from an up-to-date Linux machine
  • Microsoft: under Windows >= 7,2008 MS decided not to provide a full certificate store bu default/via update as other OS. It's being populated with time -- supposed you use e.g. IE while browsing. This store was destilled from three different windows installations via certmgr.msc and is an export of "Trusted Root Certification Authorities"
    --> "Certificates". Third Party Root Certificates were for now deliberately omitted. Feedback is welcome, see #317.

In this directory you can also save e.g. your company Root CA(s) in PEM format, extension pem. This has two catches momentarily: You will still get a warning for the other certificate storesthough while scanning internal networks. If you scan other hosts in the internet the check against your Root CA will fail, too. This will be fixed in the future, see #230.

Mapping files

The file mapping-rfc.txt uses the hexcode to map OpenSSL names against the RFC/IANA names. curves.txt is not being used yet, it is supposed to map EC curve names properly.