d001bba86b
See #2328, original PR #2295 from @w4ntun . Formally testssl.sh returned an error when it wasn't not possible to determine IP addresses through DNS resolution, even if --proxy and --ip=proxy flags are set. The main function always tried to determine IP addresses via DNS and exits with a fatal error if it cannot do it. Although the client cannot get the IP, the proxy could, so the SSL/TLS analysis is still possible. This PR allows the analysis for an HTTP service via a proxy server and the DNS traffic can be sent directly or through the proxy using the flag --ip=proxy. ATTENTION: This may be a breaking change for those who don't have a local resolver. They now have to add --ip=proxy. In addition: * help() was amended to add --ip=proxy (was only in the ~i/doc dir before) * amending ~/doc dir to document it's better to add --nodns=min when there's no local resolver |
||
---|---|---|
.. | ||
Makefile | ||
template.html | ||
testssl.1 | ||
testssl.1.html | ||
testssl.1.md |