2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-16 20:03:41 +01:00

properly detect ECDSA certs for keysize compare

since ECDSA certificates during the transition are likely to be
signed using RSA keys, we need to check the cipher rather than the
signature in the certificate to tell if the cert is ECDSA and as such
can have small key sizes
This commit is contained in:
Hubert Kario 2015-11-17 15:31:46 +01:00
parent 1e65be5fd5
commit 4d77c87494

View File

@ -762,6 +762,7 @@ display_results_in_terminal() {
fi fi
local cipher_data=($cipher) local cipher_data=($cipher)
if [[ $ctr -eq 1 ]]; then if [[ $ctr -eq 1 ]]; then
cipher="${cipher_data[1]}"
pubkey="${cipher_data[2]}" pubkey="${cipher_data[2]}"
sigalg="${cipher_data[3]}" sigalg="${cipher_data[3]}"
trusted="${cipher_data[4]}" trusted="${cipher_data[4]}"
@ -826,7 +827,7 @@ display_results_in_terminal() {
done|column -t done|column -t
echo echo
if [[ ($sigalg =~ RSA && $pubkey -ge 2047) || ($sigalg =~ ECDSA && $pubkey -gt 255) ]]; then if [[ ($sigalg =~ RSA && $pubkey -ge 2047) || ($cipher =~ ECDSA && $pubkey -gt 255) ]]; then
pubkey="${c_green}${pubkey}${c_reset}" pubkey="${c_green}${pubkey}${c_reset}"
else else
pubkey="${c_red}${pubkey}${c_reset}" pubkey="${c_red}${pubkey}${c_reset}"