fix correct PTR lookup

author: Remy <relst@relst.nl> 2015-06-03 20:56:44 +0200
committer: Remy <relst@relst.nl> 2015-06-03 20:56:44 +0200
commit: b80d7a571df84291d0c57924de46773e35ab218c (patch)
tree: ee9f917a7386ab645293861682a2213eb8329ef5
parent: 456eca5418301adde7b970873bd25882ebc92ad2 (diff)
download: ssl-decoder-b80d7a571df84291d0c57924de46773e35ab218c.zip
ssl-decoder-b80d7a571df84291d0c57924de46773e35ab218c.tar.gz
ssl-decoder-b80d7a571df84291d0c57924de46773e35ab218c.tar.bz2
3 files changed, 27 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d764b6c..d889a01 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Changelog
 
+## 2.6
+
+- Fix testing of IPv6 only hosts.
+- Fix correct reverse DNS lookup for IPv6.
+- Don't test OCSP stapling, TLS_FALLBACK_SCSV and SSL Compression on IPv6 hosts because of bugs in OpenSSL's tools (https://rt.openssl.org/Ticket/Display.html?id=1365&user=guest&pass=guest). Don't give invalid test results, instead, give user a warning about it.
+- Add host header to get_headers function (fix #35).
+
 ## 2.5
 
 - Show specific endpoint picker when multiple A/AAAA records exist.
diff --git a/functions/connection.php b/functions/connection.php
index 46ba3f9..7988d37 100644
--- a/functions/connection.php
+++ b/functions/connection.php
@@ -606,7 +606,25 @@ function ssl_conn_metadata_json($host, $ip, $port, $read_stream, $chain_data=nul
     }
     // hostname ip port
     $result["ip"] = $ip;
-    $result["hostname"] = gethostbyaddr($ip);
+    if (filter_var(preg_replace('/[^A-Za-z0-9\.\:-]/', '', $ip), FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 )) {
+      $addr = inet_pton(preg_replace('/[^A-Za-z0-9\.\:-]/', '', $ip));
+      $unpack = unpack('H*hex', $addr);
+      $hex = $unpack['hex'];
+      $arpa = implode('.', array_reverse(str_split($hex))) . '.ip6.arpa';
+      if (!empty(dns_get_record($arpa, DNS_PTR)[0]["target"])) {
+        $result["hostname"] = dns_get_record($arpa, DNS_PTR)[0]["target"];
+      } else {
+        $result["hostname"] = "$host (No PTR available).";
+      }
+    } elseif (filter_var(preg_replace('/[^A-Za-z0-9\.\:-]/', '', $ip), FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 )) {
+      if (!empty(gethostbyaddr(preg_replace('/[^A-Za-z0-9\.\:-]/', '', $ip)))) {
+        $result["hostname"] = gethostbyaddr(preg_replace('/[^A-Za-z0-9\.\:-]/', '', $ip));
+      } else {
+        $result["hostname"] = "$host (No PTR available).";
+      }
+    } else {
+      $result["hostname"] = "$host (No PTR available).";
+    }
     $result["port"] = $port;
 
     //heartbleed
diff --git a/functions/variables.php b/functions/variables.php
index cc195f5..6e215fc 100644
--- a/functions/variables.php
+++ b/functions/variables.php
@@ -20,7 +20,7 @@ $timeout = 2;
 # Don't change stuff down here.
 date_default_timezone_set('UTC');
 
-$version = 2.5;
+$version = 2.6;
 
 ini_set('default_socket_timeout', 2);
author	Remy <relst@relst.nl>	2015-06-03 20:56:44 +0200
committer	Remy <relst@relst.nl>	2015-06-03 20:56:44 +0200
commit	b80d7a571df84291d0c57924de46773e35ab218c (patch)
tree	ee9f917a7386ab645293861682a2213eb8329ef5
parent	456eca5418301adde7b970873bd25882ebc92ad2 (diff)
download	ssl-decoder-b80d7a571df84291d0c57924de46773e35ab218c.zip ssl-decoder-b80d7a571df84291d0c57924de46773e35ab218c.tar.gz ssl-decoder-b80d7a571df84291d0c57924de46773e35ab218c.tar.bz2