The actual code grep for "MongoDB" keyword in the head of the HTTP
session.
In case of "compressed" HTML, a big page is on one line.
On a IT page, we could encounter the "MongoDB" keyword and
miss-identify the application protocol.
Fixed by matching on a longuer string taken from a live MogoDB
server.
Implemnation for 3.0, 3.2 see #2450
If a user chose a broken umask testssl.sh will start but emits subsequent errors.
This patch adds two sanity checks whether it is allowed to create and read files in the temp directory.
Fixes#2449
What was problematic was the error message when the certificate stores were missing. This fixes it by redirecting the error message to /dev/null so that if the sub function detects the missing file it returns with an error by the program and not by executing "basename"
As for 3.2 this is for the 3.0 branch.
This PR includes two tweaks:
* it helps avoiding the bug querying OCSP responder #2329 by adding
openssl. The openssl supplied has a mimor DNS lookup problem due
to glibc / musl libc compatibilty issues
* by adding openssl also it helps a bit for some performance problems
related to other projects, see #2314
Also the git binary is removed (#2315).
Thanks to @polarathene for the discussions
This is for 3.0. For 3.1dev, see #2332 .
This PR addresses the bug #2330 by implementing a function which removes control characters from the file output format html,csv,json in the output.
In every instance called there's a check before whether the string contains control chars, hoping it'll save a few milli seconds.
A tr function is used, omitting LF.
It doesn't filter the terminal output and the log file output, yet. It provides a function though which is not being called.
see #2325. This is for the 3.0 branch (for 3.1dev see #2326)
"whenever HTTP/1.1 is used then the Accept header uses "text/*" as a MIME type.
This causes some minor issues with some of the checks we are doing"
Grading is a new feature in 3.1dev,, so set_grade_cap() is not defined in the 3.0 branch.
This commit removes the call to set_grade_cap() in certificate_info().
As noted in #2304, the way that the '&' character is treated in the string part of a pattern substitution changed in Bash 5.2. As a result, the change that was made in #1481 to accommodate older versions of Bash (e.g., on MacOS) now causes testssl.sh to produce incorrect HTML output when run on Bash 5.2.
This commit encodes the '&' characters in the substitution strings in a way that produces correct results on multiple versions of Bash (3.2 on MacOS, 5.2 on Ubuntu 23.10, 5.0 on Ubuntu 20.04).
This commit fixes#2271 by adding the `-no_ssl2` option to the call to get_host_cert() in run_drown(). There is at least one server that causes OpenSSL to hang if this call to get_host_cert() results in an SSLv2 ClientHello being sent. Since this call to get_host_cert() only needs to find the server's certificate in cases in which the server does not support SSLv2, there is no need to send an SSLv2 ClientHello.
Dirk Wetter