Merge branch '2.9dev' into mass_testing_command_line_error

This commit is contained in:
David Cooper 2017-05-23 08:57:49 -04:00
commit 01fb0ba9a2
1 changed files with 26 additions and 30 deletions

View File

@ -3556,23 +3556,23 @@ run_client_simulation() {
else else
pr_headline " Running client simulations via openssl " pr_headline " Running client simulations via openssl "
prln_warning " Depending on your openssl client you may get false results" prln_warning " Depending on your openssl client you may get false results"
fileout "client_simulation" "WARNING" "Depending on your openssl client you may false results" fileout "client_simulation" "WARNING" "Depending on your openssl client you may encounter false results"
fi fi
outln outln
debugme tmln_out debugme echo
if "$WIDE"; then if "$WIDE"; then
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then
out " Browser Protocol Cipher Suite Name (OpenSSL) " out " Browser Protocol Cipher Suite Name (OpenSSL) "
( "$using_sockets" || "$HAS_DH_BITS") && out "Forward Secrecy" ( "$using_sockets" || "$HAS_DH_BITS") && out "Forward Secrecy"
outln outln
out "------------------------------------------------------------------------------" out "--------------------------------------------------------------------------"
else else
out " Browser Protocol Cipher Suite Name (RFC) " out " Browser Protocol Cipher Suite Name (RFC) "
( "$using_sockets" || "$HAS_DH_BITS") && out "Forward Secrecy" ( "$using_sockets" || "$HAS_DH_BITS") && out "Forward Secrecy"
outln outln
out "----------------------------------------------------------------------------------------------" out "------------------------------------------------------------------------------------------"
fi fi
( "$using_sockets" || "$HAS_DH_BITS") && out "----------------------" ( "$using_sockets" || "$HAS_DH_BITS") && out "----------------------"
outln outln
@ -3581,7 +3581,7 @@ run_client_simulation() {
if ${current[i]} ; then if ${current[i]} ; then
# for ANY we test this service or if the service we determined from STARTTLS matches # for ANY we test this service or if the service we determined from STARTTLS matches
if [[ "${service[i]}" == "ANY" ]] || grep -q "$client_service" <<< "${service[i]}"; then if [[ "${service[i]}" == "ANY" ]] || grep -q "$client_service" <<< "${service[i]}"; then
out " $(printf -- "%-33s" "${names[i]}")" out " $(printf -- "%-29s" "${names[i]}")"
if "$using_sockets" && [[ -n "${handshakebytes[i]}" ]]; then if "$using_sockets" && [[ -n "${handshakebytes[i]}" ]]; then
client_simulation_sockets "${handshakebytes[i]}" client_simulation_sockets "${handshakebytes[i]}"
sclient_success=$? sclient_success=$?
@ -3593,7 +3593,7 @@ run_client_simulation() {
[[ $sclient_success -eq 0 ]] && cp "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" $TMPFILE >$ERRFILE [[ $sclient_success -eq 0 ]] && cp "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" $TMPFILE >$ERRFILE
fi fi
else else
! "$HAS_NO_SSL2" && protos[i]="$(sed 's/-no_ssl2//' <<< "${protos[i]}")" "$HAS_NO_SSL2" || protos[i]="$(sed 's/-no_ssl2//' <<< "${protos[i]}")"
debugme echo "$OPENSSL s_client -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null" debugme echo "$OPENSSL s_client -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null"
$OPENSSL s_client -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null >$TMPFILE 2>$ERRFILE $OPENSSL s_client -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null >$TMPFILE 2>$ERRFILE
sclient_connect_successful $? $TMPFILE sclient_connect_successful $? $TMPFILE
@ -3638,17 +3638,11 @@ run_client_simulation() {
sclient_success=$? sclient_success=$?
if [[ $sclient_success -eq 0 ]]; then if [[ $sclient_success -eq 0 ]]; then
case "$tls" in case "$tls" in
"-tls1_2") "-tls1_2") break ;;
break "-tls1_1") proto="TLSv1.1"
;; break ;;
"-tls1_1") "-tls1") proto="TLSv1.0"
proto="TLSv1.1" break ;;
break
;;
"-tls1")
proto="TLSv1.0"
break
;;
esac esac
fi fi
done done
@ -3664,9 +3658,9 @@ run_client_simulation() {
if ! "$WIDE"; then if ! "$WIDE"; then
out "$proto $cipher" out "$proto $cipher"
elif [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then elif [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then
out "$(printf -- "%-7s %-33s" "$proto" "$cipher")" out "$(printf -- "%-7s %-34s" "$proto" "$cipher")"
else else
out "$(printf -- "%-7s %-49s" "$proto" "$cipher")" out "$(printf -- "%-7s %-50s" "$proto" "$cipher")"
fi fi
if ! "$WIDE"; then if ! "$WIDE"; then
"$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && has_dh_bits=$HAS_DH_BITS && HAS_DH_BITS=true "$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && has_dh_bits=$HAS_DH_BITS && HAS_DH_BITS=true
@ -11283,32 +11277,34 @@ EOF
prepare_arrays() { prepare_arrays() {
local hexc mac ossl_ciph local hexc mac ossl_ciph
local ossl_supported_tls="" ossl_supported_sslv2="" local ossl_supported_tls="" ossl_supported_sslv2=""
local -i i=0
if [[ -e "$CIPHERS_BY_STRENGTH_FILE" ]]; then if [[ -e "$CIPHERS_BY_STRENGTH_FILE" ]]; then
"$HAS_SSL2" && ossl_supported_sslv2="$($OPENSSL ciphers -ssl2 -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE)" "$HAS_SSL2" && ossl_supported_sslv2="$($OPENSSL ciphers -ssl2 -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE)"
ossl_supported_tls="$($OPENSSL ciphers -tls1 -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE)" ossl_supported_tls="$($OPENSSL ciphers -tls1 -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE)"
while read hexc n TLS_CIPHER_OSSL_NAME[TLS_NR_CIPHERS] TLS_CIPHER_RFC_NAME[TLS_NR_CIPHERS] TLS_CIPHER_SSLVERS[TLS_NR_CIPHERS] TLS_CIPHER_KX[TLS_NR_CIPHERS] TLS_CIPHER_AUTH[TLS_NR_CIPHERS] TLS_CIPHER_ENC[TLS_NR_CIPHERS] mac TLS_CIPHER_EXPORT[TLS_NR_CIPHERS]; do while read hexc n TLS_CIPHER_OSSL_NAME[i] TLS_CIPHER_RFC_NAME[i] TLS_CIPHER_SSLVERS[i] TLS_CIPHER_KX[i] TLS_CIPHER_AUTH[i] TLS_CIPHER_ENC[i] mac TLS_CIPHER_EXPORT[i]; do
TLS_CIPHER_HEXCODE[TLS_NR_CIPHERS]="$hexc" TLS_CIPHER_HEXCODE[i]="$hexc"
TLS_CIPHER_OSSL_SUPPORTED[TLS_NR_CIPHERS]=false TLS_CIPHER_OSSL_SUPPORTED[i]=false
if [[ ${#hexc} -eq 9 ]]; then if [[ ${#hexc} -eq 9 ]]; then
# >= SSLv3 ciphers # >= SSLv3 ciphers
if [[ $OSSL_VER_MAJOR -lt 1 ]]; then if [[ $OSSL_VER_MAJOR -lt 1 ]]; then
[[ ":${ossl_supported_tls}:" =~ ":${TLS_CIPHER_OSSL_NAME[TLS_NR_CIPHERS]}:" ]] && TLS_CIPHER_OSSL_SUPPORTED[TLS_NR_CIPHERS]=true [[ ":${ossl_supported_tls}:" =~ ":${TLS_CIPHER_OSSL_NAME[i]}:" ]] && TLS_CIPHER_OSSL_SUPPORTED[i]=true
else else
ossl_ciph="$(awk '/\<'"$hexc"'\>/ { print $3 }' <<< "$ossl_supported_tls")" ossl_ciph="$(awk '/\<'"$hexc"'\>/ { print $3 }' <<< "$ossl_supported_tls")"
if [[ -n "$ossl_ciph" ]]; then if [[ -n "$ossl_ciph" ]]; then
TLS_CIPHER_OSSL_SUPPORTED[TLS_NR_CIPHERS]=true TLS_CIPHER_OSSL_SUPPORTED[i]=true
[[ "$ossl_ciph" != "${TLS_CIPHER_OSSL_NAME[TLS_NR_CIPHERS]}" ]] && TLS_CIPHER_OSSL_NAME[TLS_NR_CIPHERS]="$ossl_ciph" [[ "$ossl_ciph" != "${TLS_CIPHER_OSSL_NAME[i]}" ]] && TLS_CIPHER_OSSL_NAME[i]="$ossl_ciph"
fi fi
fi fi
elif [[ $OSSL_VER_MAJOR -lt 1 ]]; then elif [[ $OSSL_VER_MAJOR -lt 1 ]]; then
[[ ":${ossl_supported_sslv2}:" =~ ":${TLS_CIPHER_OSSL_NAME[TLS_NR_CIPHERS]}:" ]] && TLS_CIPHER_OSSL_SUPPORTED[TLS_NR_CIPHERS]=true [[ ":${ossl_supported_sslv2}:" =~ ":${TLS_CIPHER_OSSL_NAME[i]}:" ]] && TLS_CIPHER_OSSL_SUPPORTED[i]=true
else else
grep -qw "$hexc" <<< "$ossl_supported_sslv2" && TLS_CIPHER_OSSL_SUPPORTED[TLS_NR_CIPHERS]=true grep -qw "$hexc" <<< "$ossl_supported_sslv2" && TLS_CIPHER_OSSL_SUPPORTED[i]=true
fi fi
TLS_NR_CIPHERS+=1 i+=1
done < "$CIPHERS_BY_STRENGTH_FILE" done < "$CIPHERS_BY_STRENGTH_FILE"
fi fi
TLS_NR_CIPHERS=i
} }