LittleNellie/cipherscan
2
0
Fork 0
mirror of https://github.com/mozilla/cipherscan.git synced 2026-02-05 22:55:15 +01:00
Code Issues Releases Wiki Activity

properly detect ECDSA certs for keysize compare

Browse Source 
since ECDSA certificates during the transition are likely to be
signed using RSA keys, we need to check the cipher rather than the
signature in the certificate to tell if the cert is ECDSA and as such
can have small key sizes
This commit is contained in:
Hubert Kario
2015-11-17 15:31:46 +01:00
parent 1e65be5fd5
commit 4d77c87494
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cipherscan
View File

@@ -762,6 +762,7 @@ display_results_in_terminal() {
fi fi
local cipher_data=($cipher) local cipher_data=($cipher)
if [[ $ctr -eq 1 ]]; then if [[ $ctr -eq 1 ]]; then
cipher="${cipher_data[1]}"
pubkey="${cipher_data[2]}" pubkey="${cipher_data[2]}"
sigalg="${cipher_data[3]}" sigalg="${cipher_data[3]}"
trusted="${cipher_data[4]}" trusted="${cipher_data[4]}"
@@ -826,7 +827,7 @@ display_results_in_terminal() {
done|column -t done|column -t
echo echo
if [[ ($sigalg =~ RSA && $pubkey -ge 2047) || ($sigalg =~ ECDSA && $pubkey -gt 255) ]]; then if [[ ($sigalg =~ RSA && $pubkey -ge 2047) || ($cipher =~ ECDSA && $pubkey -gt 255) ]]; then
pubkey="${c_green}${pubkey}${c_reset}" pubkey="${c_green}${pubkey}${c_reset}"
else else
pubkey="${c_red}${pubkey}${c_reset}" pubkey="${c_red}${pubkey}${c_reset}"