Esempio n. 1
0
        void PrintCert(TextWriter w, X509Chain xchain, int num, ReportDataDto reportData, String domain)
        {
            w.WriteLine("\tThumprint:  {0}", xchain.ThumbprintsRev[num]);
            X509Cert xc = xchain.ElementsRev[num];

            if (xc == null)
            {
                w.WriteLine("\tUNDECODABLE: {0}", xchain.DecodingIssuesRev[num]);
            }
            else
            {
                w.WriteLine("\tSerial:     {0}", xc.SerialHex);
                w.WriteLine("\tSubject:    {0}", xc.Subject.ToString());
                w.WriteLine("\tIssuer:     {0}", xc.Issuer.ToString());
                w.WriteLine("\tValid from: {0:yyyy-MM-dd HH:mm:ss} UTC", xc.ValidFrom);
                w.WriteLine("\tValid to:   {0:yyyy-MM-dd HH:mm:ss} UTC", xc.ValidTo);
                w.WriteLine("\tKey type:   {0}", xc.KeyType);
                w.WriteLine("\tKey size:   {0}", xc.KeySize);
                string cname = xc.CurveName;
                if (cname != null)
                {
                    w.WriteLine("\tKey curve:  {0}", cname);
                }
                w.WriteLine("\tSign hash:  {0}", xc.HashAlgorithm);
                if (xc.SelfIssued)
                {
                    w.WriteLine("\t(Self-Issued)");
                }
                if (num == 0)
                {
                    w.Write("\tServer names:");
                    string[] names = xc.ServerNames;
                    if (names.Length == 0)
                    {
                        w.WriteLine(" NONE");
                    }
                    else
                    {
                        foreach (string name in names)
                        {
                            reportData.NameMismatch = NameMismatch(name, domain);
                            w.Write(name);
                        }
                    }
                }
            }
            if (withPEM)
            {
                M.WritePEM(w, "CERTIFICATE", xchain.EncodedRev[num]);
            }
        }
Esempio n. 2
0
        /*
         * Print the report on the provided writer (text version for
         * humans).
         */
        public ReportDataDto Print(TextWriter w)
        {
            var reportData = new ReportDataDto();

            if (sni == null)
            {
                w.WriteLine("No SNI sent");
            }
            else
            {
                w.WriteLine("SNI: {0}", sni);
            }
            if (ssl2Suites != null && ssl2Suites.Length > 0)
            {
                w.WriteLine("  {0}", M.VersionString(M.SSLv20));
                foreach (int s in ssl2Suites)
                {
                    w.WriteLine("     {0}", CipherSuite.ToNameV2(s));
                }
            }
            SupportedCipherSuites last = null;

            foreach (int v in suites.Keys)
            {
                w.Write("  {0}:", M.VersionString(v));
                SupportedCipherSuites scs = suites[v];
                last = scs;
                w.WriteLine();
                w.Write("     server selection: ");
                if (scs.PrefClient)
                {
                    w.WriteLine("uses client preferences");
                }
                else if (scs.PrefServer)
                {
                    w.WriteLine("enforce server preferences");
                }
                else
                {
                    w.WriteLine("complex");
                }
                foreach (int s in scs.Suites)
                {
                    CipherSuite cs;
                    string      strength;
                    string      fsf;
                    string      anon;
                    string      kt;
                    if (CipherSuite.ALL.TryGetValue(s, out cs))
                    {
                        strength = cs.Strength.ToString();
                        fsf      = cs.HasForwardSecrecy ? "f" : "-";
                        anon     = cs.IsAnonymous ? "A" : "-";
                        kt       = cs.ServerKeyType;

                        if (cs.Strength < 3)
                        {
                            reportData.WeakCipher = true;
                        }
                    }
                    else
                    {
                        strength = "?";
                        fsf      = "?";
                        anon     = "?";
                        kt       = "?";
                    }
                    w.WriteLine("     {0}{1}{2} (key: {3,4})  {4}",
                                strength, fsf, anon, kt,
                                CipherSuite.ToName(s));
                }
            }
            w.WriteLine(Environment.NewLine);
            if (ssl2Chain != null)
            {
                w.WriteLine("SSLv2 certificate");
                PrintCert(w, ssl2Chain, 0, reportData, this.ConnName);
                w.WriteLine(Environment.NewLine);
            }
            w.WriteLine("SSLv3/TLS: {0} certificate chain(s)", chains.Count);
            foreach (X509Chain xchain in chains.Values)
            {
                int n = xchain.Elements.Length;
                w.WriteLine("Chain: length={0}", n);
                if (xchain.Decodable)
                {
                    w.WriteLine("Names match:        {0}", xchain.NamesMatch ? "yes" : "no");
                    w.WriteLine("Includes root:      {0}", xchain.IncludesRoot ? "yes" : "no");
                    w.Write("Signature hash(es):");
                    foreach (string name in xchain.SignHashes)
                    {
                        w.Write(" {0}", name);
                    }
                    w.WriteLine();
                }
                else if (n == 0)
                {
                    w.WriteLine("CHAIN IS EMPTY");
                }
                else
                {
                    w.WriteLine("CHAIN PROCESSING ERROR");
                }

                w.WriteLine();
                for (int i = 0; i < n; i++)
                {
                    w.WriteLine("Certificate: {0}", i);
                    PrintCert(w, xchain, i, reportData, this.ConnName);
                }
            }

            w.WriteLine(Environment.NewLine);
            w.WriteLine("Server compression support: {0}", DeflateCompress ? "yes" : "no");
            if (serverTimeOffset == Int64.MinValue)
            {
                w.WriteLine("Server does not send its system time.");
            }
            else if (serverTimeOffset == Int64.MaxValue)
            {
                w.WriteLine("Server sends a random system time.");
            }
            else
            {
                DateTime dt = DateTime.UtcNow;
                dt = dt.AddMilliseconds((double)serverTimeOffset);
                w.WriteLine("Server time: {0:yyyy-MM-dd HH:mm:ss} UTC (offset: {1} ms)", dt, serverTimeOffset);
            }
            w.WriteLine("Secure renegotiation support: {0}", doesRenego ? "yes" : "no");
            w.WriteLine("Encrypt-then-MAC support (RFC 7366): {0}", doesEtM ? "yes" : "no");
            w.WriteLine("SSLv2 ClientHello format (for SSLv3+): {0}", helloV2 ? "yes" : "no");
            if (minDHSize > 0)
            {
                w.WriteLine("Minimum DH size: {0}", minDHSize);
                w.WriteLine("DH parameter reuse: {0}", kxReuseDH ? "yes" : " no");
            }
            if (minECSize > 0)
            {
                w.WriteLine("Minimum EC size (no extension):   {0}", minECSize);
            }
            if (minECSizeExt > 0)
            {
                w.WriteLine("Minimum EC size (with extension): {0}", minECSizeExt);
                if (minECSize == 0)
                {
                    w.WriteLine("Server does not use EC without" + " the client extension");
                }
            }
            if (minECSize > 0 || minECSizeExt > 0)
            {
                w.WriteLine("ECDH parameter reuse: {0}", kxReuseECDH ? "yes" : " no");
            }
            if (namedCurves != null && namedCurves.Length > 0)
            {
                w.WriteLine("Supported curves (size and name)" + " ('*' = selected by server):");
                foreach (SSLCurve nc in namedCurves)
                {
                    w.WriteLine("  {0} {1,3}  {2}",
                                IsSpontaneous(nc) ? "*" : " ",
                                nc.Size, nc.Name);
                }
                if (curveExplicitPrime > 0)
                {
                    w.WriteLine("  explicit prime, size = {0}", curveExplicitPrime);
                }
                if (curveExplicitChar2 > 0)
                {
                    w.WriteLine("  explicit char2, size = {0}", curveExplicitChar2);
                }
            }

            w.WriteLine(Environment.NewLine);
            if (warnings == null)
            {
                Analyse();
            }
            if (warnings.Count != 0)
            {
                foreach (string k in warnings.Keys)
                {
                    w.WriteLine("WARN[{0}]: {1}", k, warnings[k]);
                    reportData.Issues.Add(warnings[k]);
                }
            }

            return(reportData);
        }