Description: Config is presumed to be in the same dir as the script, or in ./etc/
Author: Unit 193 <unit193@debian.org>
Origin: vendor
Forwarded: not-needed
Last-Update: 2019-10-01

---
 testssl.sh |   24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

--- a/testssl.sh
+++ b/testssl.sh
@@ -192,7 +192,7 @@ ADDTL_CA_FILES="${ADDTL_CA_FILES:-""}"
 
 ########### Tuning vars which cannot be set by a cmd line switch. Use instead e.g "HEADER_MAXSLEEP=10 ./testssl.sh <your_args_here>"
 #
-TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}"  # If you run testssl.sh and it doesn't find it necessary file automagically set TESTSSL_INSTALL_DIR
+TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-"/etc/testssl"}"  # If you run testssl.sh and it doesn't find it necessary file automagically set TESTSSL_INSTALL_DIR
 CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}"          # You can have your CA stores some place else
 EXPERIMENTAL=${EXPERIMENTAL:-false}     # a development hook which allows us to disable code
 PROXY_WAIT=${PROXY_WAIT:-20}            # waiting at max 20 seconds for socket reply through proxy
@@ -2792,7 +2792,7 @@ run_hpkp() {
      local -i i nrsaved
      local first_hpkp_header
      local spki
-     local ca_hashes="$TESTSSL_INSTALL_DIR/etc/ca_hashes.txt"
+     local ca_hashes="$TESTSSL_INSTALL_DIR/ca_hashes.txt"
 
      if [[ ! -s $HEADERFILE ]]; then
           run_http_header "$1" || return 1
@@ -5029,9 +5029,9 @@ run_client_simulation() {
      local client_service=""
 
      # source the external file
-     . "$TESTSSL_INSTALL_DIR/etc/client-simulation.txt" 2>/dev/null
+     . "$TESTSSL_INSTALL_DIR/client-simulation.txt" 2>/dev/null
      if [[ $? -ne 0 ]]; then
-          prln_local_problem "couldn't find client simulation data in $TESTSSL_INSTALL_DIR/etc/client-simulation.txt"
+          prln_local_problem "couldn't find client simulation data in $TESTSSL_INSTALL_DIR/client-simulation.txt"
           return 1
      fi
 
@@ -7614,7 +7614,7 @@ determine_trust() {
 
      # if you run testssl.sh from a different path /you can set either TESTSSL_INSTALL_DIR or CA_BUNDLES_PATH to find the CA BUNDLES
      if [[ -z "$CA_BUNDLES_PATH" ]]; then
-          ca_bundles="$TESTSSL_INSTALL_DIR/etc/*.pem"
+          ca_bundles="$TESTSSL_INSTALL_DIR/*.pem"
      else
           ca_bundles="$CA_BUNDLES_PATH/*.pem"
      fi
@@ -8887,7 +8887,7 @@ certificate_info() {
      local certificate_list_ordering_problem="${13}"
      local cert_sig_algo cert_sig_hash_algo cert_key_algo cert_spki_info
      local hostcert=""
-     local common_primes_file="$TESTSSL_INSTALL_DIR/etc/common-primes.txt"
+     local common_primes_file="$TESTSSL_INSTALL_DIR/common-primes.txt"
      local -i lineno_matched=0
      local cert_keyusage cert_ext_keyusage short_keyAlgo
      local outok=true
@@ -17956,7 +17956,7 @@ get_common_prime() {
      local spaces="$3"
      local pubkey dh_p=""
      local -i subret=0
-     local common_primes_file="$TESTSSL_INSTALL_DIR/etc/common-primes.txt"
+     local common_primes_file="$TESTSSL_INSTALL_DIR/common-primes.txt"
      local -i lineno_matched=0
 
      "$HAS_PKEY" || return 2
@@ -19952,16 +19952,16 @@ get_install_dir() {
           DISPLAY_CIPHERNAMES="openssl-only"
           debugme echo "$CIPHERS_BY_STRENGTH_FILE"
           prln_warning "\nATTENTION: No cipher mapping file found!"
-          outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/etc/\" to function correctly."
+          outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/\" to function correctly."
           outln
           ignore_no_or_lame "Type \"yes\" to ignore this warning and proceed at your own risk" "yes"
           [[ $? -ne 0 ]] && exit $ERR_RESOURCE
      fi
 
-     TLS_DATA_FILE="$TESTSSL_INSTALL_DIR/etc/tls_data.txt"
+     TLS_DATA_FILE="$TESTSSL_INSTALL_DIR/tls_data.txt"
      if [[ ! -r "$TLS_DATA_FILE" ]]; then
           prln_warning "\nATTENTION: No TLS data file found -- needed for socket-based handshakes"
-          outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/etc/\" to function correctly."
+          outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/\" to function correctly."
           outln
           ignore_no_or_lame "Type \"yes\" to ignore this warning and proceed at your own risk" "yes"
           [[ $? -ne 0 ]] && exit $ERR_RESOURCE
@@ -20029,7 +20029,7 @@ find_openssl_binary() {
      # couldn't be parsed by our openssl it bailed out here with a misleading error, see #1982.
      # Now we try with another version of the config file and if it still fails we bail out.
      if ! $OPENSSL version -d >/dev/null 2>&1 ; then
-          export OPENSSL_CONF="$TESTSSL_INSTALL_DIR/etc/openssl.cnf"
+          export OPENSSL_CONF="$TESTSSL_INSTALL_DIR/openssl.cnf"
           if ! $OPENSSL version -d >/dev/null 2>&1 ; then
                fatal "cannot exec or find any openssl binary" $ERR_OSSLBIN
           else
@@ -20850,7 +20850,7 @@ initialize_engine(){
      else
           # we have engine support. But we want to check whether an external OPENSSL_CONF was supplied.
           # $TESTSSL_INSTALL_DIR/etc/openssl.cnf is an internal presetting, see #1982
-          if [[ -n "$OPENSSL_CONF" ]] && [[ "$OPENSSL_CONF" != "$TESTSSL_INSTALL_DIR/etc/openssl.cnf" ]]; then
+          if [[ -n "$OPENSSL_CONF" ]] && [[ "$OPENSSL_CONF" != "$TESTSSL_INSTALL_DIR/openssl.cnf" ]]; then
                prln_warning "For now I am providing the config file to have GOST support"
           else
                OPENSSL_CONF=$TEMPDIR/gost.conf