2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-04 23:13:41 +01:00

Add handling of TLS-dependent pubkey sizes.

As with previous commits, this adds reporting for TLS-dependent pubkey
sizes.
This commit is contained in:
Richard Soderberg 2015-09-18 16:38:41 -07:00
parent 8757bbd039
commit d7a7458667

View File

@ -515,6 +515,7 @@ test_cipher_on_target() {
declare -A tickethints=()
declare -A ocspstaples=()
declare -A trusteds=()
declare -A pubkeys=()
for tls_version in "${TLS_VERSIONS_TO_TEST[@]}"; do
# sslv2 client hello doesn't support SNI extension
# in SSLv3 mode OpenSSL just ignores the setting so it's ok
@ -628,7 +629,7 @@ test_cipher_on_target() {
cipher=$current_cipher
[[ -z $current_pfs ]] && current_pfs="None"
pfses[$current_protocol]="$current_pfs"
pubkey=$current_pubkey
pubkeys[$current_protocol]="$current_pubkey"
sigalgs[$current_protocol]="$current_sigalg"
trusteds[$current_protocol]=$current_trusted
tickethints[$current_protocol]=$current_tickethint
@ -734,6 +735,24 @@ test_cipher_on_target() {
trusted="${trusteds[@]}"
fi
# Flatten the pubkeys list to a single item if every entry is the same.
if (( ${#pubkeys[*]} > 1 )); then
local pubkeys_values=()
for each_protocol in "${protocols[@]}"; do
pubkeys_values+=("${pubkeys[$each_protocol]}")
done
if [[ $OUTPUTFORMAT == 'json' ]]; then
# Don't deduplicate for JSON.
join_array_by_char ',' "${pubkeys_values[@]}"
else
flatten_or_join_array_by_char ',' "${pubkeys_values[@]}"
fi
pubkey="$joined_array"
else
# Just extract the one value that's present and use it.
pubkey="${pubkeys[@]}"
fi
# Pre-join this, since we use it in a couple of places below.
join_array_by_char ',' "${protocols[@]}"
protocols_csv="$joined_array"