mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-03-13 21:29:50 +01:00
d001bba86b
See #2328, original PR #2295 from @w4ntun . Formally testssl.sh returned an error when it wasn't not possible to determine IP addresses through DNS resolution, even if --proxy and --ip=proxy flags are set. The main function always tried to determine IP addresses via DNS and exits with a fatal error if it cannot do it. Although the client cannot get the IP, the proxy could, so the SSL/TLS analysis is still possible. This PR allows the analysis for an HTTP service via a proxy server and the DNS traffic can be sent directly or through the proxy using the flag --ip=proxy. ATTENTION: This may be a breaking change for those who don't have a local resolver. They now have to add --ip=proxy. In addition: * help() was amended to add --ip=proxy (was only in the ~i/doc dir before) * amending ~/doc dir to document it's better to add --nodns=min when there's no local resolver