security/testssl.sh: Update to 3.2.0

The improvements are extensive, but operation remains the same.

Changes: https://github.com/testssl/testssl.sh/blob/3.2/CHANGELOG.md

1 files changed, 19 insertions, 18 deletions

diff --git a/security/testssl.sh/files/patch-testssl.sh b/security/testssl.sh/files/patch-testssl.sh
index 46ad2069d189..476e424b1f14 100644
--- a/security/testssl.sh/files/patch-testssl.sh
+++ b/security/testssl.sh/files/patch-testssl.sh
@@ -1,25 +1,26 @@
---- testssl.sh.orig	2022-02-19 20:34:21 UTC
+--- testssl.sh.orig	2025-04-23 10:29:50 UTC
 +++ testssl.sh
-@@ -132,7 +132,7 @@ declare -r RUN_DIR="$(dirname "$0")"
- declare -r SYSTEM="$(uname -s)"
- declare -r SYSTEMREV="$(uname -r)"
- SYSTEM2=""                                        # currently only being used for WSL = bash on windows
+@@ -193,7 +193,7 @@ ADDTL_CA_FILES="${ADDTL_CA_FILES:-""}"  # single file 
+ 
+ ########### Tuning vars which cannot be set by a cmd line switch. Use instead e.g "HEADER_MAXSLEEP=10 ./testssl.sh <your_args_here>"
+ #
 -TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}"  # If you run testssl.sh and it doesn't find it necessary file automagically set TESTSSL_INSTALL_DIR
 +TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-"%%DATADIR%%"}"  # If you run testssl.sh and it doesn't find it necessary file automagically set TESTSSL_INSTALL_DIR
- CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}"          # You can have your stores some place else
- ADDITIONAL_CA_FILES="${ADDITIONAL_CA_FILES:-""}"  # single file with a CA in PEM format or comma separated lists of them
+ CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}"          # You can have your CA stores some place else
+ EXPERIMENTAL=${EXPERIMENTAL:-false}     # a development hook which allows us to disable code
+ PROXY_WAIT=${PROXY_WAIT:-20}            # waiting at max 20 seconds for socket reply through proxy
+@@ -244,8 +244,8 @@ TLS_DATA_FILE=""                        # mandatory fi
+ PRINTF=""                               # which external printf to use. Empty presets the internal one, see #1130
  CIPHERS_BY_STRENGTH_FILE=""
-@@ -187,6 +187,9 @@ TERM_CURRPOS=0                                        
- ########### Defining (and presetting) variables which can be changed
- #
- # Following variables make use of $ENV and can be used like "OPENSSL=<myprivate_path_to_openssl> ./testssl.sh <URI>"
-+if [[ -z "$OPENSSL" ]]; then
-+     OPENSSL="%%PREFIX%%/openssl-unsafe/bin/openssl"
-+fi
- declare -x OPENSSL
- OPENSSL_TIMEOUT=${OPENSSL_TIMEOUT:-""}  # Default connect timeout with openssl before we call the server side unreachable
- CONNECT_TIMEOUT=${CONNECT_TIMEOUT:-""}  # Default connect timeout with sockets before we call the server side unreachable
-@@ -20345,7 +20348,6 @@ lets_roll() {
+ TLS_DATA_FILE=""                        # mandatory file for socket-based handshakes
+-OPENSSL=""                              # ~/bin/openssl.$(uname).$(uname -m) if you run this from GitHub. Linux otherwise probably /usr/bin/openssl
+-OPENSSL2=${OPENSSL2:-/usr/bin/openssl}  # This will be openssl version >=1.1.1 (auto determined) as opposed to openssl-bad (OPENSSL)
++OPENSSL="%%PREFIX%%/openssl-unsafe/bin/openssl"                              # ~/bin/openssl.$(uname).$(uname -m) if you run this from GitHub. Linux otherwise probably /usr/bin/openssl
++OPENSSL2=${OPENSSL2:-"%%OPENSSLBASE%%/bin/openssl"}  # This will be openssl version >=1.1.1 (auto determined) as opposed to openssl-bad (OPENSSL)
+ OPENSSL2_HAS_TLS_1_3=false              # If we run with supplied binary AND $OPENSSL2 supports TLS 1.3 this will be set to true
+ OPENSSL2_HAS_CHACHA20=false
+ OPENSSL2_HAS_AES128_GCM=false
+@@ -24940,7 +24940,6 @@ lets_roll() {
       mybanner
       check_proxy
       check4openssl_oldfarts