Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-06 00:39:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

special treatment for empty serverhello for ticketbleed

Browse Source
This commit is contained in:
Dirk 2017-04-24 09:25:23 +02:00
parent 2db8e8e8b1
commit 01489b9ca1
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
testssl.sh
View File

@ -9234,10 +9234,15 @@ run_ticketbleed() {
pr_done_best "not vulnerable (OK)"
fileout "ticketbleed" "OK" "Ticketbleed: not vulnerable" "$cve" "$cwe"
else
ret=1
pr_warning "test failed "
out "around line $LINENO (debug info: ${tls_hello_ascii:0:2}, ${tls_hello_ascii:2:10})"
fileout "ticketbleed" "WARN" "Ticketbleed: test failed, around $LINENO (debug info: ${tls_hello_ascii:0:2}, ${tls_hello_ascii:2:10})" "$cve" "$cwe"
ret=7
pr_warning "test failed"
if [[ -z "${tls_hello_ascii:0:2}" ]]; then
out ": reply empty"
fileout "ticketbleed" "WARN" "Ticketbleed: test failed with empty ServerHello" "$cve" "$cwe"
else
out " around line $LINENO (debug info: ${tls_hello_ascii:0:2}, ${tls_hello_ascii:2:10})"
fileout "ticketbleed" "WARN" "Ticketbleed: test failed, around $LINENO (debug info: ${tls_hello_ascii:0:2}, ${tls_hello_ascii:2:10})" "$cve" "$cwe"
fi
fi
outln