Merge updates from branch 'master' into github

rwbaumg · Jul 2, 2019 · 2622f56 · 2622f56
2 parents f8983b5 + 57b91f0
commit 2622f56
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 5 deletions.
diff --git a/TODO.md b/TODO.md
@@ -1,12 +1,12 @@
 # pki-lint TODO list
 
--   [ ] Fix linking for ASN1_TIME_to_tm() function (currently breaking TravisCI build)
 -   [ ] Create new development branch for ```gs-certlint``` module to fix multiple bugs and/or contact upstream devs
 -   [ ] Support custom error levels for certain messages depending on context?
 -   [ ] Add support for optional downloading of AIA certificates to attempt to build missing chains.
 -   [ ] Add support for OpenSSL CRL validation along the entire chain (use ```-crl_check_all```).
 -   [ ] Add basic test PKI structure for post-build unit testing.
 -   [ ] Refactor LLVM / clang++ installation to use upstream source.
+-   [x] Fix linking for ASN1_TIME_to_tm() function (currently breaking TravisCI build)
 -   [x] Fix remaining shellcheck warnings and remove exclusions from ```make check``` target.
 -   [x] Check/fix zlint output processing for accuracy.
 -   [x] Fix cases where output is null (eg. certain GlobalSign lint output not processed).

diff --git a/lint.sh b/lint.sh
@@ -1325,22 +1325,28 @@ CERTTOOL_VERSION=$(certtool --version | head -n1 | grep -Po '(?<=\s)[0-9\.]+$')
 if version_gt "$CERTTOOL_VERSION" "$CERTTOOL_MIN_VER"; then
   CERTTOOL_CAN_VERIFY="true"
 fi
+if [ -z "${CERTTOOL_VERSION}" ]; then
+  exit_script 1 "Failed to detect installed certtool version."
+fi
 
 if [ $VERBOSITY -gt 1 ]; then
   print_info "Detected certtool version ${CERTTOOL_VERSION}"
 fi
 
 OPENSSL_IS_OLD="true"
-OPENSSL_VERSION_NUM=$(openssl version | grep -Po '(?<=OpenSSL\s)\d\.\d\.\d(?=[a-z]\s)')
+OPENSSL_VERSION_NUM=$(openssl version | grep -Po '(?<=OpenSSL\s)\d\.\d\.\d(?=[a-z]\s)?')
 OPENSSL_VERSION_EXT=$(openssl version | grep -Po '(?<=OpenSSL\s\d\.\d\.\d)[a-z](?=\s)')
 OPENSSL_FULLVERSION="${OPENSSL_VERSION_NUM}${OPENSSL_VERSION_EXT}"
-if [ "$OPENSSL_VERSION_NUM" == "$OPENSSL_MIN_VERSION_NUM" ] || version_gt "$OPENSSL_VERSION_NUM" "$OPENSSL_MIN_VERSION_NUM"; then
+if version_gt "$OPENSSL_VERSION_NUM" "$OPENSSL_MIN_VERSION_NUM"; then
   REQ_EXT_NUMBER=$(printf '%d' "'$OPENSSL_MIN_VERSION_EXT")
   CUR_EXT_NUMBER=$(printf '%d' "'$OPENSSL_VERSION_EXT")
-  if [ "${CUR_EXT_NUMBER}" -ge "${REQ_EXT_NUMBER}" ]; then
+  if [ -z "${OPENSSL_VERSION_EXT}" ] || [ "${CUR_EXT_NUMBER}" -ge "${REQ_EXT_NUMBER}" ]; then
     OPENSSL_IS_OLD="false"
   fi
 fi
+if [ -z "${OPENSSL_FULLVERSION}" ]; then
+  exit_script 1 "Failed to detect installed OpenSSL version."
+fi
 
 if [ $VERBOSITY -gt 1 ]; then
   print_info "Detected OpenSSL version ${OPENSSL_FULLVERSION}"

diff --git a/lints/x509lint b/lints/x509lint