mirror of
https://github.com/drwetter/testssl.sh.git
synced 2026-06-02 22:48:49 +02:00
Dirk Wetter
e0c0a6658f
This is a fresh start for #2484 as the PR wasn't ready yet for 3.2 by the time it was released. And it continues #2866 which was kind of messed up by accident. The info for the HTTPS RR shows up in the very beginning, i.e. in `service_detection()`. All keys are listed now in bold, values in a regular font. `get_https_rrecord()` was introduced by copying and modifying `get_caa_rr_record()`. There's a similar obstacle as with CAA RRs: older binaries show the resource records binary encoded. Thus a new set of global vars is introduced HAS_*_HTTPS which check whether the binaries support decoding the RR directly. As of now raw decoding doesn't work completely. Todo: - Add logic in QUIC - if RR is detected and not QUIC is possible - add time for QUIC detection when RR is retrieved - show full HTTPS RR record, at least when having a new DNS client - coninue with raw decoding, if possible (otherwise problematic for MacOS) - shorten the comments in `get_https_rrecord()` - man page - when ASSUME_HTTP is set and no services was detected: this needs to be handled - The placement of the output should be reconsidered and/or cached when multiple IPs belong to a FQDN
Naming scheme
- 00-05: Does the bare testssl.sh work at all?
- 10-29: Do scans work fine (client side)?
- 30-39: Does reporting work?
- 50-69: Are the results what I expect (server side)?
Please help to write CI tests! Documentation can be found here.
You can consult the existing code here. Feel free to use 10_baseline_ipv4_http.t or 12_diff_opensslversions.t as a
template. The latter is newer and code is cleaner.