diff --git a/.travis.yml b/.travis.yml
index 12d2579..6f97c79 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -10,16 +10,17 @@ matrix:
env:
global:
- - IMAGE=essentialkaos/perfecto:centos7
+ - IMAGE=essentialkaos/perfecto:centos7 SHELLCHECK_VERSION=0.7.1
before_install:
- - wget https://storage.googleapis.com/shellcheck/shellcheck-stable.linux.x86_64.tar.xz
- - tar xf shellcheck-stable.linux.x86_64.tar.xz
- - ./shellcheck-stable/shellcheck --version
+ - wget https://github.com/koalaman/shellcheck/releases/download/v${SHELLCHECK_VERSION}/shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz
+ - tar xf shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz
+ - mv shellcheck-v${SHELLCHECK_VERSION} shellcheck-latest
+ - ./shellcheck-latest/shellcheck --version
- docker pull "$IMAGE"
- wget https://kaos.sh/perfecto/perfecto-docker
- chmod +x perfecto-docker
script:
- - bash -c 'shopt -s globstar; ./shellcheck-stable/shellcheck SOURCES/webkaos-utils'
+ - bash -c 'shopt -s globstar; ./shellcheck-latest/shellcheck SOURCES/webkaos-utils'
- ./perfecto-docker webkaos-utils.spec
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..74f09f3
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,270 @@
+Essential Kaos Open Source License
+
+Version: 1.0 — May 10, 2013.
+
+Please read this License Agreement carefully before downloading this software.
+By downloading or using this software, you are agreeing to be bound by the
+terms of this License. If you do not or cannot agree to the terms of this
+License, please do not download or use the software.
+
+This License Agreement (hereinafter — the "License") defines the terms and
+conditions of use of the Source and Object forms of the products produced by
+the Essential Kaos Ltd. Company that are publicly available to any third
+parties.
+
+This license extends and is applicable to any Source and Object form of the
+product of the Essential Kaos Ltd. Company (hereinafter — the "Licensor"),
+which are publicly available (open source) for download by any third party
+(hereinafter — the "Licensee") by the decision of the Licensor.
+
+1. TERMS USED IN THE LICENSE
+
+For the purposes of this License the following terms are used in the following
+meaning:
+
+1.1 Product — any result of intellectual activity, produced by the
+implementation of the Source and/or Object form, in particular, but not
+limited to, software (computer programs), audio and video records, images,
+texts, etc.
+
+1.2 Source form of the product — the form, preferred for making modifications
+to the Product, including, but not limited to, source code, source file
+documentation, configuration and installation files, etc., initially provided
+by the Licensor.
+
+1.3 Object form of the product — the result of automatic (computer, hardware
+and technical) transformation or translation of the Source form of the Product,
+including but not limited to, source code compiled into object code, generated
+documentation, and other kinds of media files (resources), initially provided
+by the Licensor.
+
+1.4 Licensor — the Essential Kaos company, holding the exclusive (property)
+rights to collectively all Source and/or Object forms of products, published
+on the official website of Licensor, and to each of them individually.
+
+1.5 Licensee — any individual, sole proprietorship, legal entity or other
+entity legally capable in accordance with the provisions of the applicable
+law, who downloads and uses the Source and/or Object form of the product.
+
+1.6 Official Website of the Licensor — web site located on the Internet under
+the essentialkaos.com domain name (domain address).
+
+1.7 Modification of the Source or Object form of the Product — any addition,
+deletion, alteration of Source or Object form of the Product, the combination
+of source code with any other elements, etc.
+
+The License may use terms not defined in this section. In these cases, the
+terms shall be interpreted in accordance with the text and the context of this
+License. In the absence of a clear interpretation of the term in the text of
+the License, the parties shall rely upon, firstly, the interpretations used
+on the Official Website of the Licensor, and secondly, the provisions of
+applicable law.
+
+2. VALIDITY OF THE LICENSE
+
+2.1 Full awareness of the conditions and provisions of this License is an
+indispensable condition for downloading and using the Source and/or Object
+form of the Product.
+
+2.2 The download of the Source and/or Object form of the Product by the
+Licensee to its software and hardware device (with or without the use of
+their software and hardware devices) means the Licensee is fully aware of,
+accepts and agrees to, obligations to comply with and carry out the terms and
+conditions of this License. In case of disagreement with certain terms and
+conditions herein and/or inability to carry them out the Licensee must
+withdraw from the download and use of the Source and/or Object form of the
+Products.
+
+2.3 This License is effective upon posting on the Official Website of the
+Licensor, subject to paragraph 1.4. of this License.
+
+2.4 This License applies to Source and/or Object form of the Products,
+downloaded by the Licensee prior to publication of the License on the
+Official Website of the Licensor.
+
+2.5 This License is valid for an indefinite period of time and shall cease
+to be valid on its annulment by the Licensor.
+
+2.6 The Licensor has the right to change the text of the License at his sole
+discretion. In case of such changes to the License text, they come into force
+from the moment of publication of the new edition of the Lcense on the official
+Website of the Licensor, unless otherwise defined at the publication.
+
+2.7 The Licensee undertakes to monitor the changes in the provisions of this
+License, and bears the responsibility and risk of the potential negative
+consequences resulting from non-compliance with this obligation.
+
+2.8 If the Licensee does not agree with the changes in the text of the License
+and/or fails to carry out the terms of the new License edition, the Licensee
+must withdraw from downloading and stop using the Source and/or Object form of
+the Product. Otherwise, the Licensee’s continued use of the Source and/or
+Object form of the Product means the Licensee agrees to the terms of the new
+License edition and is capable of fully complying with them.
+
+2.9 The Licensor shall have the right at any time to unilaterally terminate
+this License. Upon termination of this License, the Licensee is obliged to
+cease all use of the Source and/or Object form of the Product.
+
+2.10 The current version of the License can be permanently found on the
+official Website of the Licensor at: http://essentialkaos.com/ekol.
+
+3. PERMITTED USE
+
+The basic principle of download and use of the Source and/or Object form of the
+Product is the use of the Source and/or Object form of the Product exclusively
+for personal (internal, intra-corporate) purposes.
+
+The Licensor hereby gives any Licensee, regardless of location and country of
+residence the right to download at no charge (for free) the Source and/or
+Object form of the Product and use it under a simple (non-exclusive) license
+in the following ways, and in the following amounts:
+
+3.1 Use of the Source and/or Object form of the Product by any means and for
+any purposes (both non-commercial and commercial), not prohibited by applicable
+law, solely for the personal benefit, subject to the limitations set out in
+this License, including but not limited to, reproduction demonstration,
+implementation of the Source and/or Object form of the Product.
+
+3.2 The modification of the Source and/or Object form of the Product and the
+use of modified Source and/or Object form solely for the Licensee’s personal
+(commercial or non-commercial) purposes. In the event that the modification of
+the Source and/or Object form of the Product requires the consent of a third
+party (including the cases of using the objects of the person in question for
+modifying the Source and/or Object form of the Product), the Licensee must
+independently obtain such consent from the party.
+
+3.3 The inclusion (incorporation) of the Source and/or Object form of the
+Product into a larger product, preserving the validity of terms of this
+License with respect to the Source and/or Object form of the Product,
+incorporated in the larger product. The Licensee shall ensure that this
+License is enclosed to each of the Source and/or Object form of the Product
+that is included in the larger product with the obligatory indication of the
+name of Licensor - Essential Kaos Ltd. Company. The Licensor shall also ensure
+the binding power of this License in the larger product, into which the Source
+and/or Object form of the Product is included.
+
+3.4 The right to distribute to third parties the Source and/or Object forms of
+the Product on a non-profit (free, no-charge) basis.
+
+This License does not grant Licensee any rights in any part to use the
+trademarks, logos, commercial symbols, service marks owned by the Licensor on
+legal grounds and in accordance with the provisions of applicable law, except
+when otherwise stipulated by the Licensor.
+
+4. RESTRICTIONS AND LIMITATIONS
+
+The licensor is constantly striving to improve and enhance the quality of the
+Source and Object forms for their most optimal and productive use by the
+Licensee.
+
+In connection with the aforesaid, in order to maintain the quality of the
+Source and Object forms of the product and to prevent it from decreasing the
+following requirements and restrictions are applied when downloading and using
+the Source and Object forms of the product:
+
+4.1 It is prohibited to distribute to third parties the modified Source and/or
+Object forms of the product in any ways and in any volume, including both on
+commercial (paid, reimbursable) and non-commercial (free, no-charge) basis. In
+some cases, determined at the discretion and by the decision of the Licensor,
+the Licensee shall be entitled to distribute the Source and/or Object forms of
+the products, but only with the Licensor’s written permission.
+
+4.2 It is prohibited to distribute to third parties the Source and/or Object
+forms of the product on a commercial (paid, reimbursable) basis.
+
+5. WARRANTY DISCLAIMER
+
+5.1 The Licensor is committed to providing the highest quality of the Source
+and Object forms of product, constantly improving them, and to the possible
+extent eliminating various errors, malfunctions and defects that occur when
+downloading and using the Source and Object forms of the Product.
+
+5.2 The Source and Object forms of the product are available to Licensee on an
+"as is" basis, without any guarantees of suitability of the Source or Object
+form for a particular purpose, or for the general use of the Source or Object
+form of the product.
+
+5.3 The Licensor disclaims all warranties and obligations to ensure the
+absence of any errors, faults, defects, etc., arising when downloading and
+using the Source and Object forms of the product, as well as modifications of
+the Source and Object forms of the product and/or using the modified Source
+and Object forms of the product.
+
+5.4 Nothing in this License shall act as a guarantee or obligation of the
+Licensor to ensure uninterrupted or error-free operation of the Source and/or
+Object forms of the product. In connection therewith, the Licensor shall be
+exempt from any liability for any errors, malfunctions, defects, etc.,
+occurring during the download and use of the Source and Object forms of
+product, as well as modifications of the Source and Object forms of product
+and/or the use of the modified Source and Object forms of the product.
+
+5.5 The Licensor does not assume any obligation to eliminate errors,
+malfunctions and defects, identified by the Licensee when downloading and using
+the Source and Object forms of the product, as well as modifications of the
+Source and Object forms of the product and/or using the modified Source and
+Object forms of the product.
+
+5.6 Source and/or Object forms of the product are available for download from
+the official Website of the Licensor in the condition, in which they are at
+present.
+
+5.7 The Licensee hereby confirms that he understands and accepts all risks and
+adverse consequences associated with downloading and using the Source and/or
+Object forms of the product, as well as modifying the Source and/or Object
+forms of the product and/or using the modified Source and/or Object forms of
+the product, including, but not limited to, the loss of any data, any
+malfunction or damage to the software and hardware of the Licensee.
+
+6. LIMITATION OF LIABILITY
+
+6.1 The Licensor shall not be liable for incidental, direct or consequential
+loss (damage, lost profits, etc.) incurred by third parties as a result of the
+implementation and execution of this License.
+
+6.2 The Licensor shall not be liable for any failure or temporary
+unavailability of the download and use of the Object or Source form of the
+product.
+6.3 The Licensor shall not be liable for any tort of Licensee, the Licensee's
+breach of warranty and violation of civil and constitutional rights of third
+parties.
+
+6.4 In any case, if the applicable law defines the necessity for the Licensor
+to bear responsibility for the Licensee under this License, the Licensor's
+liability is limited to the amount of 100 USD.
+
+7. INTELLECTUAL PROPERTY RIGHTS TO THE SOURCE AND OBJECT FORMS OF THE PRODUCT
+
+The Source and Object forms of the product have the potential and real value
+for the implementation of activities by individuals and legal entities.
+
+7.1 The Licensor hereby confirms that he has the exclusive (property) rights to
+collectively all Source and/or Object forms of the product, available for
+download on the official Website of the Licensor, and to each of them
+individually.
+
+7.2 The Licensor acknowledges that the placement of the Source and Object forms
+of the product on the website for download and use does not infringe the
+intellectual property rights of third parties. The exclusive rights of the
+Licensor to the Source and/or Object forms of the product are supported by the
+relevant permissions and consents of, or written agreements with, authors of
+the Source and Object forms of the product.
+
+7.3 This License does not mean alienation to any third party, including the
+Licensee, of the exclusive (property) rights of the Licensor to the Source or
+Object forms of the product. The exclusive (property) rights to the Source or
+Object forms of the product are fully retained by the Licensor.
+
+8. DISPUTE RESOLUTION
+
+8.1 Any disputes arising from the execution of this License and downloading and
+using the Source and Object forms of the product, as well as modifying the
+Source and Object forms of the product and/or using the modified Source and
+Object forms of the product, shall be settled in the court at the Licensor’s
+location.
+
+8.2 If the court recognizes any provision of this License as invalid, the rest
+of this License shall remain unchanged, and the invalid provision shall be
+amended in accordance with applicable law.
+
+8.3 Conditions not covered by this License shall be settled in accordance with
+the law, applicable in the country of the Licensor’s registration.
\ No newline at end of file
diff --git a/README.md b/README.md
index f0bc23c..c77788d 100644
--- a/README.md
+++ b/README.md
@@ -1,15 +1,17 @@
-## `webkaos-utils` [](https://travis-ci.org/essentialkaos/webkaos-utils) [](https://essentialkaos.com/ekol)
+
-`webkaos-utils` is helpers for working with [webkaos](https://github.com/essentialkaos/webkaos) server.
+
+ 
+ 
+
-### Installation
+Installation • Usage • Build Status • License
-#### From ESSENTIAL KAOS Public repo for RHEL6/CentOS6
+
-```
-[sudo] yum install -y yum install -y https://yum.kaos.st/kaos-repo-latest.el6.noarch.rpm
-[sudo] yum install webkaos-utils
-```
+`webkaos-utils` is helpers for working with [webkaos](https://github.com/essentialkaos/webkaos) server.
+
+### Installation
#### From ESSENTIAL KAOS Public repo for RHEL7/CentOS7
@@ -35,7 +37,7 @@ bash <(curl -fsSL https://kaos.sh/webkaos-utils/SOURCES/webkaos-utils) # pass op
### Usage
```
-Usage: webkaos-utils command args...
+Usage: webkaos-utils command args…
Commands
@@ -46,7 +48,8 @@ Commands
└ hpkp-gen crt backup Generate HTTP public key pinning (HPKP) header from CRT file
┌ ocsp-gen server-cert issuer-cert Generate OCSP stapling file from server certificate
└ ocsp-gen cert-chain Generate OCSP stapling file from server certificate chain
- ocsp-check host Check OCSP response status for some host
+ ocsp-check host server-name Check OCSP response status for some host
+ 0rtt-check host server-name Check 0-RTT support
Options
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..f42c71e
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,36 @@
+# Security Policies and Procedures
+
+This document outlines security procedures and general policies for all
+ESSENTIAL KAOS projects.
+
+ * [Reporting a Bug](#reporting-a-bug)
+ * [Disclosure Policy](#disclosure-policy)
+
+## Reporting a Bug
+
+The ESSENTIAL KAOS team and community take all security bugs in our projects
+very seriously. Thank you for improving the security of our project. We
+appreciate your efforts and responsible disclosure and will make every effort
+to acknowledge your contributions.
+
+Report security bugs by emailing our security team at security@essentialkaos.com.
+
+The security team will acknowledge your email within 48 hours and will send a
+more detailed response within 48 hours, indicating the next steps in handling
+your report. After the initial reply to your report, the security team will
+endeavor to keep you informed of the progress towards a fix and full
+announcement, and may ask for additional information or guidance.
+
+Report security bugs in third-party dependencies to the person or team
+maintaining the dependencies.
+
+## Disclosure Policy
+
+When the security team receives a security bug report, they will assign it to a
+primary handler. This person will coordinate the fix and release process,
+involving the following steps:
+
+ * Confirm the problem and determine the affected versions;
+ * Audit code to find any similar potential problems;
+ * Prepare fixes for all releases still under maintenance. These fixes will be
+ released as fast as possible.
diff --git a/SOURCES/webkaos-utils b/SOURCES/webkaos-utils
index c70b0f5..6f6e973 100755
--- a/SOURCES/webkaos-utils
+++ b/SOURCES/webkaos-utils
@@ -13,7 +13,7 @@ fi
APP="WEBKAOS Utils"
# Utility version
-VER="1.6.0"
+VER="1.7.0"
########################################################################################
@@ -93,6 +93,7 @@ main() {
"hpkp-gen") genHPKPHeader "$@" ;;
"ocsp-gen") genOCSP "$@" ;;
"ocsp-check") checkOCSP "$@" ;;
+ "0rtt-check") checkRTT "$@" ;;
*) error "Unknown command ${CL_BL_RED}${cmd}" $RED
doExit 1 ;;
esac
@@ -192,7 +193,8 @@ csrInfo() {
# Check OCSP stapling
#
-# 1: Host and port (String)
+# 1: Host (String)
+# 2: Server name (String) [Optional]
#
# Code: No
# Echo: No
@@ -217,6 +219,45 @@ checkOCSP() {
grep -A 14 'OCSP Response Data:' "$tmp_file"
}
+# Checks 0-RTT support
+#
+# 1: Host (String)
+# 2: Server name (String) [Optional]
+#
+# Code: No
+# Echo: No
+checkRTT() {
+ if [[ $# -eq 0 ]] ; then
+ usage && exit 0
+ fi
+
+ if ! isProtocolSupported "TLSv1.3" ; then
+ error "Installed OpenSSL version doesn't support TLS 1.3"
+ exit 1
+ fi
+
+ local host req_temp status
+
+ host="$1"
+ server_name="${2:-$host}"
+ req_temp=$(mktemp -u "$TMP_PATTERN")
+ ses_temp=$(mktemp -u "$TMP_PATTERN")
+
+ echo -e "GET / HTTP/1.1\r\nHost: ${server_name}\r\nConnection: close\r\n\r\n" > "$req_temp"
+
+ openssl s_client -servername "$server_name" -connect "${host}:443" -tls1_3 -sess_out "$ses_temp" -ign_eof < "$req_temp" &> /dev/null
+
+ sleep 0.1
+
+ status=$(openssl s_client -servername "$server_name" -connect "${host}:443" -tls1_3 -sess_in "$ses_temp" -early_data "$req_temp" <<< "Q" 2>&1 | grep 'Early data was ')
+
+ if [[ "$status" == "Early data was accepted" ]] ; then
+ show "0-RTT Status: ${CL_GREEN}$status${CL_NORM}"
+ else
+ show "0-RTT Status: ${CL_RED}${status:-Not supported}${CL_NORM}"
+ fi
+}
+
# Generate signing request
#
# 1: Hostname (String)
@@ -391,6 +432,17 @@ sigExitTrap() {
doExit 1
}
+# Checks if installed OpenSSL version supported given protocol
+#
+# 1: Protocol (String)
+#
+# Code: Yes
+# Echo: No
+isProtocolSupported() {
+ openssl ciphers -v | tr -s " " | cut -f2 -d" " | grep -q "$1"
+ return $?
+}
+
# Remove temporary data and exit with given exit code
#
# 1: Exit code (Number) [Optional]
@@ -439,7 +491,7 @@ error() {
# Echo: No
usage() {
show ""
- show "${CL_BOLD}Usage:${CL_NORM} webkaos-utils ${CL_YELLOW}command${CL_NORM} args..."
+ show "${CL_BOLD}Usage:${CL_NORM} webkaos-utils ${CL_YELLOW}command${CL_NORM} args…"
show ""
show "Commands" $BOLD
show ""
@@ -452,7 +504,8 @@ usage() {
show "${CL_DARK}└ ${CL_YELLOW}hpkp-gen${CL_NORM} ${CL_GREY}crt backup${CL_NORM} ${CL_DARK}...............${CL_NORM} Generate HTTP public key pinning (HPKP) header from CRT file"
show "${CL_DARK}┌ ${CL_YELLOW}ocsp-gen${CL_NORM} ${CL_GREY}server-cert${CL_NORM} ${CL_GREY}issuer-cert${CL_NORM} ${CL_DARK}..${CL_NORM} Generate OCSP stapling file from server certificate"
show "${CL_DARK}└ ${CL_YELLOW}ocsp-gen${CL_NORM} ${CL_GREY}cert-chain${CL_NORM} ${CL_DARK}...............${CL_NORM} Generate OCSP stapling file from server certificate chain"
- show " ${CL_YELLOW}ocsp-check${CL_NORM} ${CL_GREY}host${CL_NORM} ${CL_DARK}...................${CL_NORM} Check OCSP response status for some host"
+ show " ${CL_YELLOW}ocsp-check${CL_NORM} ${CL_GREY}host${CL_NORM} ${CL_DARK}server-name${CL_NORM} ${CL_DARK}.......${CL_NORM} Check OCSP response status for some host"
+ show " ${CL_YELLOW}0rtt-check${CL_NORM} ${CL_GREY}host${CL_NORM} ${CL_DARK}server-name${CL_NORM} ${CL_DARK}.......${CL_NORM} Check 0-RTT support"
else
show " csr-gen host Generate RSA key and a certificate signing request"
show " csr-info csr Print info from certificate signing request"
@@ -461,7 +514,8 @@ usage() {
show "└ hpkp-gen crt backup Generate HTTP public key pinning (HPKP) header from CRT file"
show "┌ ocsp-gen server-cert issuer-cert Generate OCSP stapling file from server certificate"
show "└ ocsp-gen cert-chain Generate OCSP stapling file from server certificate chain"
- show " ocsp-check host Check OCSP response status for some host"
+ show " ocsp-check host server-name Check OCSP response status for some host"
+ show " 0rtt-check host server-name Check 0-RTT support"
fi
show ""
diff --git a/webkaos-utils.spec b/webkaos-utils.spec
index 8d2811d..c2720d9 100644
--- a/webkaos-utils.spec
+++ b/webkaos-utils.spec
@@ -2,11 +2,11 @@
Summary: Helpers for working with webkaos server
Name: webkaos-utils
-Version: 1.6.0
+Version: 1.7.0
Release: 0%{?dist}
Group: Applications/System
License: EKOL
-URL: https://github.com/essentialkaos/webkaos-utils
+URL: https://kaos.sh/webkaos-utils
Source0: https://source.kaos.st/%{name}/%{name}-%{version}.tar.bz2
@@ -47,6 +47,10 @@ rm -rf %{buildroot}
################################################################################
%changelog
+* Thu May 28 2020 Anton Novojilov - 1.7.0-0
+- Added command '0rtt-check' for checking 0-RTT support
+- Fixed usage info
+
* Sat Jan 18 2020 Anton Novojilov - 1.6.0-0
- Added option for generating ECC certificate signing request