mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-22 14:23:41 +01:00
Add handling of TLS-dependent pubkey sizes.
As with previous commits, this adds reporting for TLS-dependent pubkey sizes.
This commit is contained in:
parent
8757bbd039
commit
d7a7458667
21
cipherscan
21
cipherscan
@ -515,6 +515,7 @@ test_cipher_on_target() {
|
|||||||
declare -A tickethints=()
|
declare -A tickethints=()
|
||||||
declare -A ocspstaples=()
|
declare -A ocspstaples=()
|
||||||
declare -A trusteds=()
|
declare -A trusteds=()
|
||||||
|
declare -A pubkeys=()
|
||||||
for tls_version in "${TLS_VERSIONS_TO_TEST[@]}"; do
|
for tls_version in "${TLS_VERSIONS_TO_TEST[@]}"; do
|
||||||
# sslv2 client hello doesn't support SNI extension
|
# sslv2 client hello doesn't support SNI extension
|
||||||
# in SSLv3 mode OpenSSL just ignores the setting so it's ok
|
# in SSLv3 mode OpenSSL just ignores the setting so it's ok
|
||||||
@ -628,7 +629,7 @@ test_cipher_on_target() {
|
|||||||
cipher=$current_cipher
|
cipher=$current_cipher
|
||||||
[[ -z $current_pfs ]] && current_pfs="None"
|
[[ -z $current_pfs ]] && current_pfs="None"
|
||||||
pfses[$current_protocol]="$current_pfs"
|
pfses[$current_protocol]="$current_pfs"
|
||||||
pubkey=$current_pubkey
|
pubkeys[$current_protocol]="$current_pubkey"
|
||||||
sigalgs[$current_protocol]="$current_sigalg"
|
sigalgs[$current_protocol]="$current_sigalg"
|
||||||
trusteds[$current_protocol]=$current_trusted
|
trusteds[$current_protocol]=$current_trusted
|
||||||
tickethints[$current_protocol]=$current_tickethint
|
tickethints[$current_protocol]=$current_tickethint
|
||||||
@ -734,6 +735,24 @@ test_cipher_on_target() {
|
|||||||
trusted="${trusteds[@]}"
|
trusted="${trusteds[@]}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Flatten the pubkeys list to a single item if every entry is the same.
|
||||||
|
if (( ${#pubkeys[*]} > 1 )); then
|
||||||
|
local pubkeys_values=()
|
||||||
|
for each_protocol in "${protocols[@]}"; do
|
||||||
|
pubkeys_values+=("${pubkeys[$each_protocol]}")
|
||||||
|
done
|
||||||
|
if [[ $OUTPUTFORMAT == 'json' ]]; then
|
||||||
|
# Don't deduplicate for JSON.
|
||||||
|
join_array_by_char ',' "${pubkeys_values[@]}"
|
||||||
|
else
|
||||||
|
flatten_or_join_array_by_char ',' "${pubkeys_values[@]}"
|
||||||
|
fi
|
||||||
|
pubkey="$joined_array"
|
||||||
|
else
|
||||||
|
# Just extract the one value that's present and use it.
|
||||||
|
pubkey="${pubkeys[@]}"
|
||||||
|
fi
|
||||||
|
|
||||||
# Pre-join this, since we use it in a couple of places below.
|
# Pre-join this, since we use it in a couple of places below.
|
||||||
join_array_by_char ',' "${protocols[@]}"
|
join_array_by_char ',' "${protocols[@]}"
|
||||||
protocols_csv="$joined_array"
|
protocols_csv="$joined_array"
|
||||||
|
Loading…
Reference in New Issue
Block a user