File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -9416,10 +9416,11 @@ certificate_info() {
94169416
94179417 out "$indent"; pr_bold " Chain of trust"; out " "
94189418 jsonID="cert_chain_of_trust"
9419- if [[ "$issuer_O" =~ StartCom ]] || [[ "$issuer_O" =~ WoSign ]] || [[ "$issuer_CN" =~ StartCom ]] || [[ "$issuer_CN" =~ WoSign ]]; then
9420- # Shortcut for this special case here.
9421- pr_italic "WoSign/StartCom"; out " are " ; prln_svrty_critical "not trusted anymore (NOT ok)"
9422- fileout "${jsonID}${json_postfix}" "CRITICAL" "Issuer not trusted anymore (WoSign/StartCom)"
9419+ # Looks for CA's that have their trust removed by the first part of their Organization Name, add multiple with ^(TrustCor Systems|WoSign) etc.
9420+ if [[ "$issuer_O" =~ ^(TrustCor Systems) ]]; then
9421+ # Shortcut for this special case here. There is a difference between not being in a root store and being removed from a root store.
9422+ pr_italic "$issuer_O"; out " is " ; prln_svrty_critical "actively removed from one or more root stores (NOT ok)"
9423+ fileout "${jsonID}${json_postfix}" "CRITICAL" "Issuer removed from one or more root stores ($issuer_O)"
94239424 set_grade_cap "T" "Untrusted certificate chain"
94249425 else
94259426 # Also handles fileout, keep error if happened
You can’t perform that action at this time.
0 commit comments