Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Allow again file name with spaces for "--add-ca" and treat them correctly #2647

Open
muralito opened this issue Feb 5, 2025 · 5 comments
Open

[Feature] Allow again file name with spaces for "--add-ca" and treat them correctly #2647

muralito opened this issue Feb 5, 2025 · 5 comments

Comments

@muralito
Copy link

muralito commented Feb 5, 2025

Before you open an issue please check which version you are running and whether it is the latest in stable / dev branch

I am running version 3.0.8 from https://testssl.sh/

Before you open an issue please whether this is a known problem by searching the issues

I couldn't find anything related to filename with spaces

Command line / docker command to reproduce

testssl.sh --add-ca /etc/pki/trust/anchors/SPACE\ IN\ NAME.crt https://server

Fatal error: CA file "/etc/pki/trust/anchors/SPACE" does not exist

Expected behavior

Accept the filename with spaces as any other filename.

Your system (please complete the following information):

  • OS: openSUSE Leap 15.6
  • Platform: Linux 6.4.0-150600.23.33-default x86_64
  • OpenSSL + bash: Using "OpenSSL 3.1.4 24 Oct 2023 (Library: OpenSSL 3.1.4 24 Oct 2023)" [~60 ciphers]

Additional context

Renaming the CA file to a filename without spaces solves the issue, but I reported anyway because the issue could hide another problem.
@muralito muralito changed the title Option "--add-ca" fails when CA certificate filename contains space. [BUG] Option "--add-ca" fails when CA certificate filename contains space. Feb 5, 2025
@drwetter drwetter added bug bug:security 3.2 upcoming release 3.0 old branch and removed bug:needs triage/confirmation bug:to be reproduced ... from maintainers labels Feb 5, 2025
@drwetter
Copy link
Collaborator

drwetter commented Feb 5, 2025
edited
Loading

Hi @muralito ,
thanks! Good catch

@drwetter
Copy link
Collaborator

drwetter commented Feb 5, 2025
edited
Loading

Not as easy to fix as I thought it would be

@muralito
Copy link
Author

muralito commented Feb 6, 2025

Not as easy to fix as I thought it would be

Don't worry. Just put a warning in the docs and don't fix it (unless is security related)...

@drwetter
Copy link
Collaborator

drwetter commented Feb 7, 2025

It's potentially security related (see tag), at least when people can supply this option via web interface or so -- which OTOH and IMO doesn't seem very likely.

A fix would be easy if I could remove a feature like not supplying multiple comma separated CAs. I was sitting the other night over this (bad moment anyway) and was scratching my head how to do that properly.

drwetter added a commit that referenced this issue Feb 7, 2025
@drwetter
Address CA file parsing problem
b0c026e 
.... by forbidding spaces in supplied CA files/directories

Also now we're sanitizing the cmd line parameter better `using safe_echo()`

See also #2647 .
@drwetter drwetter mentioned this issue Feb 7, 2025
Merged
12 tasks
drwetter added a commit that referenced this issue Feb 7, 2025
@drwetter
Address CA file parsing problem (3.2)
5e1db5f 
.... by forbidding spaces in supplied CA files/directories

Also now we're sanitizing the cmd line parameter better using `safe_echo()`

See also #2647 .
@drwetter drwetter mentioned this issue Feb 7, 2025
Merged
12 tasks
@drwetter
Copy link
Collaborator

drwetter commented Feb 7, 2025

For now I just implemented input validation which does not allow spaces in those file names. On the long run this should be improved to allow also files with spaces -- thus I am leaving this open -- but there are other priorities here.

@drwetter drwetter removed bug bug:security 3.2 upcoming release 3.0 old branch labels Feb 7, 2025
@drwetter drwetter changed the title [BUG] Option "--add-ca" fails when CA certificate filename contains space. [Feature] Allow again file name with spaces for "--add-ca" and treat them correctly Feb 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@muralito @drwetter