work with ssllabs-scan v1.5.0. fix bug in rdapConformance contents check

parent f1e4fcd0
Pipeline #54 failed with stages
......@@ -108,7 +108,7 @@ sub check_gtld_conformance {
# use the command-line interface to the Qualys SSLLabs scanner, server must score at least A-
#
note('running TLS configuration check - this may take a while unless a cached result is available...');
my $pid = open3(undef, \*OUT, \*ERR, 'ssllabs-scan', '-quiet', '-grade', '-usecache', $host);
my $pid = open3(undef, \*OUT, \*ERR, 'ssllabs-scan', '-quiet', '-usecache', $host);
undef $/;
my $out = <OUT>;
......@@ -122,14 +122,15 @@ sub check_gtld_conformance {
);
} else {
my $json = from_json('{'.$out.'}');
my $json = from_json($out);
foreach my $endpoint (@{$json->[0]->{'endpoints'}}) {
#
# str is a a test score, such as "A+", "C-", "F", etc
#
my $str = uc($json->{$host});
my $str = uc($endpoint->{'grade'});
if (length($str) < 1) {
fail('no valid grade returned by sslabs-scan');
fail('no valid grade returned by sslabs-scan for %s', $endpoint->{'ipAddress'});
} else {
# generate an integer based on the first character (its ASCII value, minus 64, x 3)
......@@ -145,7 +146,7 @@ sub check_gtld_conformance {
#
$grade-- if ('+' eq substr($str, 1, 1));
my $msg = sprintf('TLS configuration grade is "%s"', $str);
my $msg = sprintf('TLS configuration grade for %s is "%s"', $endpoint->{'ipAddress'}, $str);
# 4 is "A-":
if ($grade > 4) {
......@@ -157,6 +158,7 @@ sub check_gtld_conformance {
}
}
}
}
# Implementation Guide - RDAP Protocol - 1.5: The TLS certificate used for the RDAP service SHOULD be issued by a Certificate Authority (CA) trusted by the major browsers and mobile operating systems such as the ones listed in the Mozilla Included CA Certificate List (​https://wiki.mozilla.org/CA:IncludedCAs​). The TLS certificate used for the RDAP service SHOULD be issued by a CA that follows the latest CAB Forum Baseline Requirements (​https://cabforum.org/baseline-requirements-documents​).
pass('Net::RDAP uses Mozilla::CA so to get this far, the server certificate is trusted by a major browser (i.e. Firefox)');
......@@ -191,6 +193,7 @@ sub check_gtld_conformance {
}
pass("values in the 'rdapConformance' property are all strings");
}
if (defined($conformance{'rdap_level_0'})) {
pass("'rdap_level_0' is present in the 'rdapConformance' array");
......@@ -200,7 +203,6 @@ sub check_gtld_conformance {
}
}
}
# Implementation Guide - RDAP Protocol - 1.8: RDAP services MUST be available over both IPv4 and IPv6 transport.
my $v4answer = $resolver->query($host, 'A');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment