1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
Description: Config is presumed to be in the same dir as the script, or in ./etc/
Author: Unit 193 <unit193@debian.org>
Origin: vendor
Forwarded: not-needed
Last-Update: 2019-10-01
---
testssl.sh | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
--- a/testssl.sh
+++ b/testssl.sh
@@ -192,7 +192,7 @@ ADDTL_CA_FILES="${ADDTL_CA_FILES:-""}"
########### Tuning vars which cannot be set by a cmd line switch. Use instead e.g "HEADER_MAXSLEEP=10 ./testssl.sh <your_args_here>"
#
-TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}" # If you run testssl.sh and it doesn't find it necessary file automagically set TESTSSL_INSTALL_DIR
+TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-"/etc/testssl"}" # If you run testssl.sh and it doesn't find it necessary file automagically set TESTSSL_INSTALL_DIR
CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}" # You can have your CA stores some place else
EXPERIMENTAL=${EXPERIMENTAL:-false} # a development hook which allows us to disable code
PROXY_WAIT=${PROXY_WAIT:-20} # waiting at max 20 seconds for socket reply through proxy
@@ -2792,7 +2792,7 @@ run_hpkp() {
local -i i nrsaved
local first_hpkp_header
local spki
- local ca_hashes="$TESTSSL_INSTALL_DIR/etc/ca_hashes.txt"
+ local ca_hashes="$TESTSSL_INSTALL_DIR/ca_hashes.txt"
if [[ ! -s $HEADERFILE ]]; then
run_http_header "$1" || return 1
@@ -5029,9 +5029,9 @@ run_client_simulation() {
local client_service=""
# source the external file
- . "$TESTSSL_INSTALL_DIR/etc/client-simulation.txt" 2>/dev/null
+ . "$TESTSSL_INSTALL_DIR/client-simulation.txt" 2>/dev/null
if [[ $? -ne 0 ]]; then
- prln_local_problem "couldn't find client simulation data in $TESTSSL_INSTALL_DIR/etc/client-simulation.txt"
+ prln_local_problem "couldn't find client simulation data in $TESTSSL_INSTALL_DIR/client-simulation.txt"
return 1
fi
@@ -7614,7 +7614,7 @@ determine_trust() {
# if you run testssl.sh from a different path /you can set either TESTSSL_INSTALL_DIR or CA_BUNDLES_PATH to find the CA BUNDLES
if [[ -z "$CA_BUNDLES_PATH" ]]; then
- ca_bundles="$TESTSSL_INSTALL_DIR/etc/*.pem"
+ ca_bundles="$TESTSSL_INSTALL_DIR/*.pem"
else
ca_bundles="$CA_BUNDLES_PATH/*.pem"
fi
@@ -8887,7 +8887,7 @@ certificate_info() {
local certificate_list_ordering_problem="${13}"
local cert_sig_algo cert_sig_hash_algo cert_key_algo cert_spki_info
local hostcert=""
- local common_primes_file="$TESTSSL_INSTALL_DIR/etc/common-primes.txt"
+ local common_primes_file="$TESTSSL_INSTALL_DIR/common-primes.txt"
local -i lineno_matched=0
local cert_keyusage cert_ext_keyusage short_keyAlgo
local outok=true
@@ -17956,7 +17956,7 @@ get_common_prime() {
local spaces="$3"
local pubkey dh_p=""
local -i subret=0
- local common_primes_file="$TESTSSL_INSTALL_DIR/etc/common-primes.txt"
+ local common_primes_file="$TESTSSL_INSTALL_DIR/common-primes.txt"
local -i lineno_matched=0
"$HAS_PKEY" || return 2
@@ -19952,16 +19952,16 @@ get_install_dir() {
DISPLAY_CIPHERNAMES="openssl-only"
debugme echo "$CIPHERS_BY_STRENGTH_FILE"
prln_warning "\nATTENTION: No cipher mapping file found!"
- outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/etc/\" to function correctly."
+ outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/\" to function correctly."
outln
ignore_no_or_lame "Type \"yes\" to ignore this warning and proceed at your own risk" "yes"
[[ $? -ne 0 ]] && exit $ERR_RESOURCE
fi
- TLS_DATA_FILE="$TESTSSL_INSTALL_DIR/etc/tls_data.txt"
+ TLS_DATA_FILE="$TESTSSL_INSTALL_DIR/tls_data.txt"
if [[ ! -r "$TLS_DATA_FILE" ]]; then
prln_warning "\nATTENTION: No TLS data file found -- needed for socket-based handshakes"
- outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/etc/\" to function correctly."
+ outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/\" to function correctly."
outln
ignore_no_or_lame "Type \"yes\" to ignore this warning and proceed at your own risk" "yes"
[[ $? -ne 0 ]] && exit $ERR_RESOURCE
@@ -20029,7 +20029,7 @@ find_openssl_binary() {
# couldn't be parsed by our openssl it bailed out here with a misleading error, see #1982.
# Now we try with another version of the config file and if it still fails we bail out.
if ! $OPENSSL version -d >/dev/null 2>&1 ; then
- export OPENSSL_CONF="$TESTSSL_INSTALL_DIR/etc/openssl.cnf"
+ export OPENSSL_CONF="$TESTSSL_INSTALL_DIR/openssl.cnf"
if ! $OPENSSL version -d >/dev/null 2>&1 ; then
fatal "cannot exec or find any openssl binary" $ERR_OSSLBIN
else
@@ -20850,7 +20850,7 @@ initialize_engine(){
else
# we have engine support. But we want to check whether an external OPENSSL_CONF was supplied.
# $TESTSSL_INSTALL_DIR/etc/openssl.cnf is an internal presetting, see #1982
- if [[ -n "$OPENSSL_CONF" ]] && [[ "$OPENSSL_CONF" != "$TESTSSL_INSTALL_DIR/etc/openssl.cnf" ]]; then
+ if [[ -n "$OPENSSL_CONF" ]] && [[ "$OPENSSL_CONF" != "$TESTSSL_INSTALL_DIR/openssl.cnf" ]]; then
prln_warning "For now I am providing the config file to have GOST support"
else
OPENSSL_CONF=$TEMPDIR/gost.conf
|
