Adding upstream version 3.2~rc3+dfsg.upstream/3.2_rc3+dfsgupstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 200 insertions, 0 deletions

diff --git a/CREDITS.md b/CREDITS.md
new file mode 100644
index 0000000..9522a76
--- /dev/null
+++ b/CREDITS.md
@@ -0,0 +1,200 @@
+
+Full contribution, see git log.
+
+* Dirk Wetter (creator, maintainer and main contributor)
+  - Everything what's not mentioned below and is included in testssl.sh's git log
+    minus what I probably forgot to mention
+  (too much other things to do at the moment and to list it would be a tough job)
+
+* David Cooper (main contributor)
+  - Major extensions to socket support for all protocols
+  - extended parsing of TLS ServerHello messages
+  - TLS 1.3 support (final and pre-final) with needed en/decryption
+  - add several TLS extensions
+  - Detection + output of multiple certificates
+  - several cleanups of server certificate related stuff
+  - testssl.sh -e/-E: testing with a mixture of openssl + sockets
+  - add more ciphers
+  - coloring of ciphers
+  - extensive CN+SAN <--> hostname check
+  - separate check for curves
+  - RFC 7919, key shares extension
+  - keyUsage extension in certificate
+  - experimental "eTLS" detection
+  - parallel mass testing!
+  - RFC <--> OpenSSL cipher name space switches for the command line
+  - better error msg suppression (not fully installed openssl)
+  - GREASE support
+  - Bleichenbacher / ROBOT vulnerability test
+  - several protocol preferences improvements
+  - pwnedkeys.com support
+  - CT support
+  - Extract CA list CertificateRequest message is encountered
+  - RFC 8879, certificate compression
+  - 128 cipher limit, padding
+  - compatibility for LibreSSL and different OpenSSL versions
+  - Check for ffdhe groups
+  - TLS 1.2 and TLS 1.3 sig algs added
+  - Show server supported signature algorithms
+  - Show supported certification authorities sent by the server when client auth is requested
+  - Provide a better verdict wrt to server order: Now per protocol and ciphers are weighted for each protocol
+ -  Provide compatibility to every LibreSSL/OpenSSL versions
+  - Lots of fixes and improvements
+
+##### Further credits (in alphabetical order)
+
+* a666
+  - Bugfix
+
+* Christoph Badura
+  - NetBSD fixes
+
+* Jim Blankendaal
+  - maximum certificate lifespan of 398 days
+  - ssl renegotiation amount variable
+  - custom http request headers
+
+* Frank Breedijk
+  - Detection of insecure redirects
+  - JSON and CSV output
+  - CA pinning
+  - Client simulations
+  - CI integration, some test cases for it
+
+* Steven Danneman
+  - Postgres and MySQL STARTTLS support
+  - MongoDB support
+
+* Christian Dresen
+   - Dockerfile
+
+* csett86
+   - some MacOSX and Java client handshake data
+
+* Mark Felder
+  - lots of cleanups
+  - Shellcheck static analysis
+
+* Laine Gholson
+  - avahi/mDNS support
+  - HTTP2/ALPN
+  - bugfixes
+  - former ARM binary support
+
+* Maciej Grela
+  - colorless handling
+
+* Jac2NL
+  - initial support for skipping offensive vulnerability tests
+
+* Scott Johnson
+  - Bugfix F5
+
+* Hubert Kario
+  - helped with avoiding accidental TCP fragmentation
+
+* Brennan Kinney
+  - refactored multistage Dockerfiles: performance gain+address bugs/inconsistencies
+
+* Magnus Larsen
+  - SSL Labs Rating
+
+* Jacco de Leeuw
+  - skip checks which might trigger an IDS ($OFFENSIVE / --ids-friendly)
+
+* Manuel
+  - HTTP basic auth
+
+* Markus Manzke
+  - Fix for HSTS + subdomains
+  - LibreSSL patch
+
+* Jean Marsault
+  - client auth: ideas, code snippets
+
+* Thomas Martens
+  - adding colorblind option
+  - no-rfc mapping
+
+* Peter Mosmans
+  - started way better cmd line parsing
+  - cleanups, fixes
+  - openssl sources support with the "missing" features
+
+* John Newbigin
+  - Proxy support (sockets and openssl)
+
+* Oleksandr Nosenko
+  - non-flat JSON support (--json-pretty)
+  - in file output (CSV, JSON flat, JSON non-flat) support of a minimum severity level
+
+* Jonathan Roach
+  - TLS_FALLBACK_SCSV checks
+
+* Jonathon Rossi
+  - fix for bash3 (Darwin)
+  - and other Darwin fixes
+
+* Дилян Палаузов
+  - bug fix for 3des report
+  - reported a tricky STARTTLS bug
+
+* Thomas Patzke:
+  - Support of supplying timeout value for openssl connect
+
+* Olivier Paroz
+  - conversion xxd --> hexdump stuff
+
+* Jeroen Wiert Pluimers
+  - Darwin binaries support
+
+* Joao Poupino
+  - Minimize false positive detection for Renegotiation checks against Node.js etc.
+
+* Rechi
+  - initial MX stuff
+  - fixes
+
+* Gonçalo Ribeiro
+  - --connect-timeout
+
+* Dmitri S
+  - inspiration & help for Darwin port
+
+* Jonas Schäfer
+  - XMPP server patch
+
+* Marcin Szychowski
+  - Quick'n'dirty client certificate support
+
+* Viktor Szépe
+  - color function maker
+
+* Julien Vehent
+  - supplied 1st Darwin binary
+
+* Thomas Ward
+  - add initial IDN support
+
+* @typingArtist
+  - improved BEAST detection
+
+* @f-s
+  - ARM binary support
+
+* @nvsofts (NV)
+  - LibreSSL patch for GOST
+
+* @w4ntun
+  - fixed DNS via proxy
+
+Probably more I forgot to mention which did give me feedback, bug reports and helped one way or another.
+
+
+##### Last but not least:
+
+* OpenSSL team for providing openssl.
+
+* Ivan Ristic/Qualys for the liberal license which made it possible to make partly use of the client data
+
+* My family for supporting me doing this work