@@ -8783,7 +8783,7 @@ certificate_info() {
87838783 prln_italic "$(out_row_aligned_max_width "$all_san" "$indent " $TERM_WIDTH)"
87848784 fileout "${jsonID}${json_postfix}" "INFO" "$all_san"
87858785 else
8786- if [[ $SERVICE == " HTTP" ]] || "$ASSUME_HTTP"; then
8786+ if [[ $SERVICE == HTTP ]] || "$ASSUME_HTTP"; then
87878787 pr_svrty_high "missing (NOT ok)"; outln " -- Browsers are complaining"
87888788 fileout "${jsonID}${json_postfix}" "HIGH" "No SAN, browsers are complaining"
87898789 else
@@ -8878,7 +8878,7 @@ certificate_info() {
88788878 pr_svrty_high "$trustfinding"
88798879 trust_sni_finding="HIGH"
88808880 elif ( [[ $trust_sni -eq 4 ]] || [[ $trust_sni -eq 8 ]] ); then
8881- if [[ $SERVICE == " HTTP" ]] || "$ASSUME_HTTP"; then
8881+ if [[ $SERVICE == HTTP ]] || "$ASSUME_HTTP"; then
88828882 # https://bugs.chromium.org/p/chromium/issues/detail?id=308330
88838883 # https://bugzilla.mozilla.org/show_bug.cgi?id=1245280
88848884 # https://www.chromestatus.com/feature/4981025180483584
@@ -8941,7 +8941,7 @@ certificate_info() {
89418941 fi
89428942 if [[ -n "$sni_used" ]] || [[ $trust_nosni -eq 0 ]] || ( [[ $trust_nosni -ne 4 ]] && [[ $trust_nosni -ne 8 ]] ); then
89438943 outln "$trustfinding_nosni"
8944- elif [[ $SERVICE == " HTTP" ]] || "$ASSUME_HTTP"; then
8944+ elif [[ $SERVICE == HTTP ]] || "$ASSUME_HTTP"; then
89458945 prln_svrty_high "$trustfinding_nosni"
89468946 else
89478947 prln_svrty_medium "$trustfinding_nosni"
@@ -17499,6 +17499,10 @@ run_winshock() {
1749917499 outln
1750017500 return 0
1750117501 fi
17502+ if ( [[ "$STARTTLS_PROTOCOL" =~ ldap ]] || [[ "$STARTTLS_PROTOCOL" =~ irc ]] ); then
17503+ prln_local_problem "STARTTLS/$STARTTLS_PROTOCOL and --ssl-native collide here"
17504+ return 1
17505+ fi
1750217506
1750317507 # Now we check whether any CAMELLIA, ARIA, CCM or CHACHA cipher is available.
1750417508 # We do this in two shots in order to stay below the 128 cipher limit
0 commit comments