Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sslscan for openSUSE:Factory checked in at 2024-07-25 15:40:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sslscan (Old) and /work/SRC/openSUSE:Factory/.sslscan.new.1882 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "sslscan" Thu Jul 25 15:40:14 2024 rev:19 rq:1189590 version:2.1.4 Changes: -------- --- /work/SRC/openSUSE:Factory/sslscan/sslscan.changes 2024-02-26 19:50:57.325978730 +0100 +++ /work/SRC/openSUSE:Factory/.sslscan.new.1882/sslscan.changes 2024-07-25 16:02:19.558967679 +0200 @@ -1,0 +2,6 @@ +Thu Jul 25 09:38:59 UTC 2024 - Dirk Müller <dmueller@suse.com> + +- update to 2.1.4: + * Display the full cert chain --show-certificates + +------------------------------------------------------------------- Old: ---- sslscan-2.1.3.tar.gz New: ---- sslscan-2.1.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sslscan.spec ++++++ --- /var/tmp/diff_new_pack.eq0ND9/_old 2024-07-25 16:02:20.042987173 +0200 +++ /var/tmp/diff_new_pack.eq0ND9/_new 2024-07-25 16:02:20.046987334 +0200 @@ -17,7 +17,7 @@ Name: sslscan -Version: 2.1.3 +Version: 2.1.4 Release: 0 Summary: SSL cipher scanning tool License: SUSE-GPL-3.0+-with-openssl-exception ++++++ sslscan-2.1.3.tar.gz -> sslscan-2.1.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sslscan-2.1.3/Changelog new/sslscan-2.1.4/Changelog --- old/sslscan-2.1.3/Changelog 2024-01-21 14:41:31.000000000 +0100 +++ new/sslscan-2.1.4/Changelog 2024-06-16 19:49:50.000000000 +0200 @@ -1,5 +1,11 @@ Changelog ========= +Version: 2.1.4 +Date : 16/06/2024 +Author : rbsec <robin@rbsec.net> +Changes: The following are a list of changes + > Display the full cert chain --show-certificates (credit fhtino) + Version: 2.1.3 Date : 21/01/2024 Author : rbsec <robin@rbsec.net> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sslscan-2.1.3/Makefile new/sslscan-2.1.4/Makefile --- old/sslscan-2.1.3/Makefile 2024-01-21 14:41:31.000000000 +0100 +++ new/sslscan-2.1.4/Makefile 2024-06-16 19:49:50.000000000 +0200 @@ -35,7 +35,11 @@ # for dynamic linking LIBS = -lssl -lcrypto ifneq ($(OS), FreeBSD) +ifneq ($(findstring MINGW64,$(OS)),MINGW64) LIBS += -ldl +else + LIBS += -lwsock32 -lWs2_32 +endif endif ifeq ($(OS), SunOS) CFLAGS += -m64 @@ -50,7 +54,13 @@ # Don't enable some hardening flags on OS X because it uses an old version of Clang ifneq ($(OS), Darwin) ifneq ($(OS), SunOS) +ifneq ($(findstring CYGWIN,$(OS)),CYGWIN) +ifneq ($(findstring MINGW64,$(OS)),MINGW64) LDFLAGS += -pie -z relro -z now +else + LDFLAGS += -pie +endif +endif endif endif @@ -68,8 +78,10 @@ LIBS = -lssl -lcrypto -lz -lpthread endif ifneq ($(OS), FreeBSD) +ifneq ($(findstring CYGWIN,$(OS)),CYGWIN) LIBS += -ldl endif +endif ifeq ($(OS), SunOS) LIBS += -lsocket -lnsl endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sslscan-2.1.3/README.md new/sslscan-2.1.4/README.md --- old/sslscan-2.1.3/README.md 2024-01-21 14:41:31.000000000 +0100 +++ new/sslscan-2.1.4/README.md 2024-06-16 19:49:50.000000000 +0200 @@ -30,7 +30,8 @@ [](https://github.com/rbsec/sslscan/actions/workflows/ci.yml) -This is a fork of ioerror's version of sslscan (the original readme of which is included below). +This is a fork of ioerror's version of sslscan (the original readme of which is included below) by rbsec (robin@rbsec.net). + Key changes are as follows: * Highlight SSLv2 and SSLv3 ciphers in output. @@ -71,6 +72,7 @@ * Check for supported key exchange groups. * Check for supported server signature algorithms. * Display IANA/RFC cipher names `--iana-names` +* Display the full certifiate chain `--show-certificates` ### Building on Linux diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sslscan-2.1.3/sslscan.1 new/sslscan-2.1.4/sslscan.1 --- old/sslscan-2.1.3/sslscan.1 2024-01-21 14:41:31.000000000 +0100 +++ new/sslscan-2.1.4/sslscan.1 2024-06-16 19:49:50.000000000 +0200 @@ -48,6 +48,10 @@ .B \-\-show\-certificate Display certificate information. .TP +.B \-\-show\-certificates +Display the full certificate chain. +.TP +.B \-\-no\-check\-certificate .B \-\-no\-check\-certificate Don't flag certificates signed with weak algorithms (MD5 and SHA-1) or short (<2048 bit) RSA keys .TP diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sslscan-2.1.3/sslscan.c new/sslscan-2.1.4/sslscan.c --- old/sslscan-2.1.3/sslscan.c 2024-01-21 14:41:31.000000000 +0100 +++ new/sslscan-2.1.4/sslscan.c 2024-06-16 19:49:50.000000000 +0200 @@ -2814,186 +2814,204 @@ BIO_set_fp(fileBIO, options->xmlOutput, BIO_NOCLOSE); } - // Get Certificate... - printf("\n %sSSL Certificate:%s\n", COL_BLUE, RESET); - printf_xml(" <certificate type=\"full\">\n"); - x509Cert = SSL_get_peer_certificate(ssl); - if (x509Cert != NULL) - { + // Get certificate(s) chain + STACK_OF(X509) *certificatesChain; - // Print a base64 blob version of the cert - printf(" Certificate blob:\n"); - PEM_write_bio_X509(stdoutBIO,x509Cert); - if (options->xmlOutput) - { - printf_xml(" <certificate-blob>\n"); - PEM_write_bio_X509(fileBIO,x509Cert); - printf_xml(" </certificate-blob>\n"); - } + if (options->showCertificates == true) + { + certificatesChain = SSL_get_peer_cert_chain(ssl); + } + else + { + X509 *peerCertificate = SSL_get_peer_certificate(ssl); + certificatesChain = sk_X509_new_null(); + sk_X509_push(certificatesChain, peerCertificate); + } - //SSL_set_verify(ssl, SSL_VERIFY_NONE|SSL_VERIFY_CLIENT_ONCE, NULL); + for (int cert_index = 0; cert_index < sk_X509_num(certificatesChain); cert_index++) + { + // Get Certificate... + printf("\n %sSSL Certificate: %s\n", COL_BLUE, RESET); + printf_xml(" <certificate type=\"full\">\n"); - //X509_print_ex(bp, x509Cert, 0, 0); + x509Cert = sk_X509_value(certificatesChain, cert_index); - // Cert Version - if (!(X509_FLAG_COMPAT & X509_FLAG_NO_VERSION)) + if (x509Cert != NULL) { - tempLong = X509_get_version(x509Cert); - printf(" Version: %lu\n", tempLong); - printf_xml(" <version>%lu</version>\n", tempLong); - } - // Cert Serial No. - Code adapted from OpenSSL's crypto/asn1/t_x509.c - if (!(X509_FLAG_COMPAT & X509_FLAG_NO_SERIAL)) - { - ASN1_INTEGER *bs; - BIO *bp; - BIO *xml_bp; - bp = BIO_new_fp(stdout, BIO_NOCLOSE); + // Print a base64 blob version of the cert + printf(" Certificate blob:\n"); + PEM_write_bio_X509(stdoutBIO,x509Cert); if (options->xmlOutput) - xml_bp = BIO_new_fp(options->xmlOutput, BIO_NOCLOSE); - long l; - int i; - const char *neg; - bs=X509_get_serialNumber(x509Cert); + { + printf_xml(" <certificate-blob>\n"); + PEM_write_bio_X509(fileBIO,x509Cert); + printf_xml(" </certificate-blob>\n"); + } - if (BIO_write(bp," Serial Number:",18) <= 0) - return(1); + // SSL_set_verify(ssl, SSL_VERIFY_NONE|SSL_VERIFY_CLIENT_ONCE, NULL); - if (bs->length <= 4) + // X509_print_ex(bp, x509Cert, 0, 0); + + // Cert Version + if (!(X509_FLAG_COMPAT & X509_FLAG_NO_VERSION)) { - l=ASN1_INTEGER_get(bs); - if (l < 0) - { - l= -l; - neg="-"; - } - else - neg=""; - if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0) - return(1); - if (options->xmlOutput) - if (BIO_printf(xml_bp," <serial>%s%lu (%s0x%lx)</serial>\n",neg,l,neg,l) <= 0) - return(1); + tempLong = X509_get_version(x509Cert); + printf(" Version: %lu\n", tempLong); + printf_xml(" <version>%lu</version>\n", tempLong); } - else + + // Cert Serial No. - Code adapted from OpenSSL's crypto/asn1/t_x509.c + if (!(X509_FLAG_COMPAT & X509_FLAG_NO_SERIAL)) { - neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":""; - if (BIO_printf(bp,"%1s%s","",neg) <= 0) + ASN1_INTEGER *bs; + BIO *bp; + BIO *xml_bp; + bp = BIO_new_fp(stdout, BIO_NOCLOSE); + if (options->xmlOutput) + xml_bp = BIO_new_fp(options->xmlOutput, BIO_NOCLOSE); + long l; + int i; + const char *neg; + bs=X509_get_serialNumber(x509Cert); + + if (BIO_write(bp," Serial Number:",18) <= 0) return(1); - if (options->xmlOutput) - if (BIO_printf(xml_bp," <serial>") <= 0) + if (bs->length <= 4) + { + l=ASN1_INTEGER_get(bs); + if (l < 0) + { + l= -l; + neg="-"; + } + else + neg=""; + if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0) return(1); - - for (i=0; i<bs->length; i++) + if (options->xmlOutput) + if (BIO_printf(xml_bp," <serial>%s%lu (%s0x%lx)</serial>\n",neg,l,neg,l) <= 0) + return(1); + } + else { - if (BIO_printf(bp,"%02x%c",bs->data[i], - ((i+1 == bs->length)?'\n':':')) <= 0) + neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":""; + if (BIO_printf(bp,"%1s%s","",neg) <= 0) return(1); - if (options->xmlOutput) { - if (i+1 == bs->length) - { - if (BIO_printf(xml_bp,"%02x",bs->data[i]) <= 0) - return(1); - } - else - { - if (BIO_printf(xml_bp,"%02x%c",bs->data[i], ':') <= 0) - return(1); + + if (options->xmlOutput) + if (BIO_printf(xml_bp," <serial>") <= 0) + return(1); + + for (i=0; i<bs->length; i++) + { + if (BIO_printf(bp,"%02x%c",bs->data[i], + ((i+1 == bs->length)?'\n':':')) <= 0) + return(1); + if (options->xmlOutput) { + if (i+1 == bs->length) + { + if (BIO_printf(xml_bp,"%02x",bs->data[i]) <= 0) + return(1); + } + else + { + if (BIO_printf(xml_bp,"%02x%c",bs->data[i], ':') <= 0) + return(1); + } } } - } - if (options->xmlOutput) - if (BIO_printf(xml_bp,"</serial>\n") <= 0) - return(1); + if (options->xmlOutput) + if (BIO_printf(xml_bp,"</serial>\n") <= 0) + return(1); + } + if(NULL != bp) + BIO_free(bp); + // We don't free the xml_bp because it will be used in the future } - if(NULL != bp) - BIO_free(bp); - // We don't free the xml_bp because it will be used in the future - } - // Signature Algo... - if (!(X509_FLAG_COMPAT & X509_FLAG_NO_SIGNAME)) - { - X509_signature_print(stdoutBIO, X509_get0_tbs_sigalg(x509Cert), NULL); -/* printf(" Signature Algorithm: "); - i2a_ASN1_OBJECT(stdoutBIO, X509_get0_tbs_sigalg(x509Cert)); - printf("\n"); -*/ - if (options->xmlOutput) + // Signature Algo... + if (!(X509_FLAG_COMPAT & X509_FLAG_NO_SIGNAME)) { - printf_xml(" <signature-algorithm>"); - X509_signature_print(fileBIO, X509_get0_tbs_sigalg(x509Cert), NULL); - printf_xml("</signature-algorithm>\n"); + X509_signature_print(stdoutBIO, X509_get0_tbs_sigalg(x509Cert), NULL); + /* printf(" Signature Algorithm: "); + i2a_ASN1_OBJECT(stdoutBIO, X509_get0_tbs_sigalg(x509Cert)); + printf("\n"); + */ + if (options->xmlOutput) + { + printf_xml(" <signature-algorithm>"); + X509_signature_print(fileBIO, X509_get0_tbs_sigalg(x509Cert), NULL); + printf_xml("</signature-algorithm>\n"); + } } - } - // SSL Certificate Issuer... - if (!(X509_FLAG_COMPAT & X509_FLAG_NO_ISSUER)) - { - X509_NAME_oneline(X509_get_issuer_name(x509Cert), buffer, sizeof(buffer) - 1); - printf(" Issuer: %s\n", buffer); - printf_xml(" <issuer><![CDATA[%s]]></issuer>\n", buffer); - } - - // Validity... - if (!(X509_FLAG_COMPAT & X509_FLAG_NO_VALIDITY)) - { - printf(" Not valid before: "); - ASN1_TIME_print(stdoutBIO, X509_get_notBefore(x509Cert)); - if (options->xmlOutput) + // SSL Certificate Issuer... + if (!(X509_FLAG_COMPAT & X509_FLAG_NO_ISSUER)) { - printf_xml(" <not-valid-before>"); - ASN1_TIME_print(fileBIO, X509_get_notBefore(x509Cert)); - printf_xml("</not-valid-before>\n"); + X509_NAME_oneline(X509_get_issuer_name(x509Cert), buffer, sizeof(buffer) - 1); + printf(" Issuer: %s\n", buffer); + printf_xml(" <issuer><![CDATA[%s]]></issuer>\n", buffer); } - printf("\n Not valid after: "); - ASN1_TIME_print(stdoutBIO, X509_get_notAfter(x509Cert)); - printf("\n"); - if (options->xmlOutput) - { - printf_xml(" <not-valid-after>"); - ASN1_TIME_print(fileBIO, X509_get_notAfter(x509Cert)); - printf_xml("</not-valid-after>\n"); - } - } - - // SSL Certificate Subject... - if (!(X509_FLAG_COMPAT & X509_FLAG_NO_SUBJECT)) - { - X509_NAME_oneline(X509_get_subject_name(x509Cert), buffer, sizeof(buffer) - 1); - printf(" Subject: %s\n", buffer); - printf_xml(" <subject><![CDATA[%s]]></subject>\n", buffer); - } - // Public Key Algo... - if (!(X509_FLAG_COMPAT & X509_FLAG_NO_PUBKEY)) - { - printf(" Public Key Algorithm: "); - ASN1_OBJECT *xpoid = NULL; - i2a_ASN1_OBJECT(stdoutBIO, xpoid); - printf("\n"); - if (options->xmlOutput) + // Validity... + if (!(X509_FLAG_COMPAT & X509_FLAG_NO_VALIDITY)) { - printf_xml(" <pk-algorithm>"); - i2a_ASN1_OBJECT(fileBIO, xpoid); - printf_xml("</pk-algorithm>\n"); + printf(" Not valid before: "); + ASN1_TIME_print(stdoutBIO, X509_get_notBefore(x509Cert)); + if (options->xmlOutput) + { + printf_xml(" <not-valid-before>"); + ASN1_TIME_print(fileBIO, X509_get_notBefore(x509Cert)); + printf_xml("</not-valid-before>\n"); + } + printf("\n Not valid after: "); + ASN1_TIME_print(stdoutBIO, X509_get_notAfter(x509Cert)); + printf("\n"); + if (options->xmlOutput) + { + printf_xml(" <not-valid-after>"); + ASN1_TIME_print(fileBIO, X509_get_notAfter(x509Cert)); + printf_xml("</not-valid-after>\n"); + } } - // Public Key... - publicKey = X509_get_pubkey(x509Cert); - if (publicKey == NULL) + // SSL Certificate Subject... + if (!(X509_FLAG_COMPAT & X509_FLAG_NO_SUBJECT)) { - printf(" Public Key: Could not load\n"); - printf_xml(" <pk error=\"true\" />\n"); + X509_NAME_oneline(X509_get_subject_name(x509Cert), buffer, sizeof(buffer) - 1); + printf(" Subject: %s\n", buffer); + printf_xml(" <subject><![CDATA[%s]]></subject>\n", buffer); } - else + + // Public Key Algo... + if (!(X509_FLAG_COMPAT & X509_FLAG_NO_PUBKEY)) { - switch (EVP_PKEY_id(publicKey)) + printf(" Public Key Algorithm: "); + ASN1_OBJECT *xpoid = NULL; + i2a_ASN1_OBJECT(stdoutBIO, xpoid); + printf("\n"); + if (options->xmlOutput) + { + printf_xml(" <pk-algorithm>"); + i2a_ASN1_OBJECT(fileBIO, xpoid); + printf_xml("</pk-algorithm>\n"); + } + + // Public Key... + publicKey = X509_get_pubkey(x509Cert); + if (publicKey == NULL) { + printf(" Public Key: Could not load\n"); + printf_xml(" <pk error=\"true\" />\n"); + } + else + { + switch (EVP_PKEY_id(publicKey)) + { case EVP_PKEY_RSA: if (EVP_PKEY_get1_RSA(publicKey)!=NULL) { @@ -3049,77 +3067,79 @@ printf(" Public Key: Unknown\n"); printf_xml(" <pk error=\"true\" type=\"unknown\" />\n"); break; - } + } - EVP_PKEY_free(publicKey); + EVP_PKEY_free(publicKey); + } } - } - // X509 v3... - if (!(X509_FLAG_COMPAT & X509_FLAG_NO_EXTENSIONS)) - { - if (sk_X509_EXTENSION_num(X509_get0_extensions(x509Cert)) > 0) + // X509 v3... + if (!(X509_FLAG_COMPAT & X509_FLAG_NO_EXTENSIONS)) { - printf(" X509v3 Extensions:\n"); - printf_xml(" <X509v3-Extensions>\n"); - for (tempInt = 0; tempInt < sk_X509_EXTENSION_num(X509_get0_extensions(x509Cert)); tempInt++) + if (sk_X509_EXTENSION_num(X509_get0_extensions(x509Cert)) > 0) { - // Get Extension... - extension = sk_X509_EXTENSION_value(X509_get0_extensions(x509Cert), tempInt); - - // Print Extension name... - printf(" "); - asn1Object = X509_EXTENSION_get_object(extension); - i2a_ASN1_OBJECT(stdoutBIO, asn1Object); - tempInt2 = X509_EXTENSION_get_critical(extension); - BIO_printf(stdoutBIO, ": %s\n", tempInt2 ? "critical" : ""); - if (options->xmlOutput) + printf(" X509v3 Extensions:\n"); + printf_xml(" <X509v3-Extensions>\n"); + for (tempInt = 0; tempInt < sk_X509_EXTENSION_num(X509_get0_extensions(x509Cert)); tempInt++) { - printf_xml(" <extension name=\""); - i2a_ASN1_OBJECT(fileBIO, asn1Object); - BIO_printf(fileBIO, "\"%s><![CDATA[", tempInt2 ? " level=\"critical\"" : ""); - } + // Get Extension... + extension = sk_X509_EXTENSION_value(X509_get0_extensions(x509Cert), tempInt); - // Print Extension value... - if (!X509V3_EXT_print(stdoutBIO, extension, X509_FLAG_COMPAT, 8)) - { - printf(" "); - ASN1_STRING_print(stdoutBIO, X509_EXTENSION_get_data(extension)); - } - if (options->xmlOutput) - { - if (!X509V3_EXT_print(fileBIO, extension, X509_FLAG_COMPAT, 0)) - ASN1_STRING_print(stdoutBIO, X509_EXTENSION_get_data(extension)); - printf_xml("]]></extension>\n"); + // Print Extension name... + printf(" "); + asn1Object = X509_EXTENSION_get_object(extension); + i2a_ASN1_OBJECT(stdoutBIO, asn1Object); + tempInt2 = X509_EXTENSION_get_critical(extension); + BIO_printf(stdoutBIO, ": %s\n", tempInt2 ? "critical" : ""); + if (options->xmlOutput) + { + printf_xml(" <extension name=\""); + i2a_ASN1_OBJECT(fileBIO, asn1Object); + BIO_printf(fileBIO, "\"%s><![CDATA[", tempInt2 ? " level=\"critical\"" : ""); + } + + // Print Extension value... + if (!X509V3_EXT_print(stdoutBIO, extension, X509_FLAG_COMPAT, 8)) + { + printf(" "); + ASN1_STRING_print(stdoutBIO, X509_EXTENSION_get_data(extension)); + } + if (options->xmlOutput) + { + if (!X509V3_EXT_print(fileBIO, extension, X509_FLAG_COMPAT, 0)) + ASN1_STRING_print(stdoutBIO, X509_EXTENSION_get_data(extension)); + printf_xml("]]></extension>\n"); + } + printf("\n"); } - printf("\n"); + printf_xml(" </X509v3-Extensions>\n"); } - printf_xml(" </X509v3-Extensions>\n"); } - } - // Verify Certificate... - printf(" Verify Certificate:\n"); - verifyError = SSL_get_verify_result(ssl); - if (verifyError == X509_V_OK) - { - printf(" Certificate passed verification\n"); + // Verify Certificate... + printf(" Verify m:\n"); + verifyError = SSL_get_verify_result(ssl); + if (verifyError == X509_V_OK) + { + printf(" Certificate passed verification\n"); + } + else + { + printf(" %s\n", X509_verify_cert_error_string(verifyError)); + } + + // Free X509 Certificate... + X509_free(x509Cert); } + else { - printf(" %s\n", X509_verify_cert_error_string(verifyError)); + printf(" Unable to parse certificate\n"); } - // Free X509 Certificate... - X509_free(x509Cert); - } - - else { - printf(" Unable to parse certificate\n"); + printf_xml(" </certificate>\n"); } - printf_xml(" </certificate>\n"); - // Free BIO BIO_free(stdoutBIO); if (options->xmlOutput) @@ -3710,8 +3730,9 @@ if (status == true && (options->showCertificate == true || options->checkCertificate == true)) { printf_xml(" <certificates>\n"); - // Full certificate details (--show-certificates) - if (status == true && options->showCertificate == true) + + // Full certificate details + if (status == true && (options->showCertificate == true || options->showCertificates == true)) { status = showCertificate(options); } @@ -3874,10 +3895,14 @@ options->targets = argLoop; } - // Show certificate + // Show certificate (only one) else if (strcmp("--show-certificate", argv[argLoop]) == 0) options->showCertificate = true; + // Show certificates (all) + else if (strcmp("--show-certificates", argv[argLoop]) == 0) + options->showCertificates = true; + // Don't check certificate strength else if (strcmp("--no-check-certificate", argv[argLoop]) == 0) options->checkCertificate = false; @@ -4239,6 +4264,7 @@ printf(" %s--ipv6, -6%s Only use IPv6\n", COL_GREEN, RESET); printf("\n"); printf(" %s--show-certificate%s Show full certificate information\n", COL_GREEN, RESET); + printf(" %s--show-certificates%s Show chain full certificates information\n", COL_GREEN, RESET); printf(" %s--show-client-cas%s Show trusted CAs for TLS client auth\n", COL_GREEN, RESET); printf(" %s--no-check-certificate%s Don't warn about weak certificate algorithm or keys\n", COL_GREEN, RESET); printf(" %s--ocsp%s Request OCSP response from server\n", COL_GREEN, RESET); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sslscan-2.1.3/sslscan.h new/sslscan-2.1.4/sslscan.h --- old/sslscan-2.1.3/sslscan.h 2024-01-21 14:41:31.000000000 +0100 +++ new/sslscan-2.1.4/sslscan.h 2024-06-16 19:49:50.000000000 +0200 @@ -151,6 +151,7 @@ char addrstr[INET6_ADDRSTRLEN]; int port; int showCertificate; + int showCertificates; int checkCertificate; int showTrustedCAs; int showClientCiphers;