From 54ec2aca9927f4db9425a5f8f77e11e2b40f646a Mon Sep 17 00:00:00 2001 From: Christian Stadelmann Date: Fri, 2 Jan 2015 22:47:28 +0100 Subject: [PATCH 1/3] fix: ignore case in bash version string MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently on some systems `bash --version` reports `GNU bash, Version 4[…]` which will fail the test. --- cipherscan | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cipherscan b/cipherscan index 4bf4e5b..b52199d 100755 --- a/cipherscan +++ b/cipherscan @@ -19,7 +19,7 @@ if [ "$(uname -s)" == "Darwin" ]; then fi # cipherscan requires bash4, which doesn't come by default in OSX -if [ "$(bash --version |grep 'version 4')" == "" ]; then +if [ "$(bash --version |grep -i 'version 4')" == "" ]; then echo "Bash version 4 is required to run cipherscan." echo "Please upgrade your version of bash (ex: brew install bash)." exit 1 From d1a8604a2a32e3d4c88d7318eac486c8be04b506 Mon Sep 17 00:00:00 2001 From: Vincent Riquer Date: Sat, 10 Jan 2015 03:51:26 +0100 Subject: [PATCH 2/3] fix silent TypeError on sigalg md5WithRSAEncryption conn['sigalg'] is an array, logging.debug(conn['sigalg']) caused silent failure --- analyze.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/analyze.py b/analyze.py index fa00d89..6376c3a 100755 --- a/analyze.py +++ b/analyze.py @@ -62,7 +62,7 @@ def is_fubar(results): has_wrong_pfs = True if 'md5WithRSAEncryption' in conn['sigalg']: has_md5_sig = True - logging.debug(conn['sigalg']+ ' is a fubar cert signature') + logging.debug(conn['sigalg'][0] + ' is a fubar cert signature') fubar = True if conn['trusted'] == 'False': has_untrust_cert = True From 9ecc3f7164ad77d62c469b8c509ad33ff263d1fa Mon Sep 17 00:00:00 2001 From: Christian Stadelmann Date: Mon, 12 Jan 2015 16:46:18 +0100 Subject: [PATCH 3/3] New bash version info test using $BASH_VERSINFO --- cipherscan | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cipherscan b/cipherscan index b52199d..46bb981 100755 --- a/cipherscan +++ b/cipherscan @@ -19,7 +19,7 @@ if [ "$(uname -s)" == "Darwin" ]; then fi # cipherscan requires bash4, which doesn't come by default in OSX -if [ "$(bash --version |grep -i 'version 4')" == "" ]; then +if [ ${BASH_VERSINFO[0]} -lt 4 ]; then echo "Bash version 4 is required to run cipherscan." echo "Please upgrade your version of bash (ex: brew install bash)." exit 1