2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-23 06:33:41 +01:00

make handling of self signed certs more robust

openssl sometimes will print the filename, then the error, and finish
with OK, matching the colon and space prevents from considering such
certs to be valid
This commit is contained in:
Hubert Kario 2014-08-04 17:22:53 +02:00 committed by Hubert Kario
parent 9a956dc5a5
commit 3c93cbd6c2

View File

@ -211,7 +211,7 @@ test_cipher_on_target() {
local saved="False" local saved="False"
if ${OPENSSLBIN} verify "${trust_source[@]}" \ if ${OPENSSLBIN} verify "${trust_source[@]}" \
-untrusted <(echo "$tmp") <(echo "$cert") 2>/dev/null | \ -untrusted <(echo "$tmp") <(echo "$cert") 2>/dev/null | \
grep 'OK$' >/dev/null; then grep ': OK$' >/dev/null; then
# if the certificate is an intermediate CA it may be useful # if the certificate is an intermediate CA it may be useful
# for connecting to servers that are misconfigured so save it # for connecting to servers that are misconfigured so save it