- fixing side effect from #225

- other minor output corrections
This commit is contained in:
Dirk 2015-11-03 10:30:59 +01:00
parent 84e6be3547
commit 0463471c40

View File

@ -94,10 +94,16 @@ echo A | sed -E 's/A//' >/dev/null 2>&1 && \
readonly HAS_SED_E=true || \ readonly HAS_SED_E=true || \
readonly HAS_SED_E=false readonly HAS_SED_E=false
if [[ $- == *i* ]]; then # Prevent tput errors if running non interactive shell tty -s && \
TERM_DWITH=${COLUMNS:-$(tput cols 2>/dev/null)} # for future custom line wrapping readonly INTERACTIVE=true || \
TERM_CURRPOS=0 readonly INTERACTIVE=false
if ! tput cols &>/dev/null || ! $INTERACTIVE; then # Prevent tput errors if running non interactive
TERM_DWITH=${COLUMNS:-80}
else
TERM_DWITH=${COLUMNS:-$(tput cols)} # for custom line wrapping and dashes
fi fi
TERM_CURRPOS=0 # custom line wrapping needs alter the current horizontal cursor pos
# following variables make use of $ENV, e.g. OPENSSL=<myprivate_path_to_openssl> ./testssl.sh <host> # following variables make use of $ENV, e.g. OPENSSL=<myprivate_path_to_openssl> ./testssl.sh <host>
# 0 means (normally) true here. Some of the variables are also accessible with a command line switch # 0 means (normally) true here. Some of the variables are also accessible with a command line switch
@ -342,8 +348,8 @@ set_color_functions() {
underline="" underline=""
italic="" italic=""
# Hey wait, do we actually have tput / ncurses ? which tput &>/dev/null || return 0 # Hey wait, do we actually have tput / ncurses ?
which tput &> /dev/null || return 0 tput cols &>/dev/null || return 0 # tput under BSDs and GNUs doesn't work either (TERM undefined?)
tput sgr0 &>/dev/null || ncurses_tput=false tput sgr0 &>/dev/null || ncurses_tput=false
if [[ "$COLOR" -eq 2 ]]; then if [[ "$COLOR" -eq 2 ]]; then
if $ncurses_tput; then if $ncurses_tput; then
@ -565,7 +571,7 @@ runs_HTTP() {
;; ;;
esac esac
outln outln "\n"
tmpfile_handle $FUNCNAME.txt tmpfile_handle $FUNCNAME.txt
return $ret return $ret
} }
@ -1449,11 +1455,11 @@ run_protocols() {
pr_headlineln "(via native openssl)" pr_headlineln "(via native openssl)"
else else
if [[ -n "$STARTTLS" ]]; then if [[ -n "$STARTTLS" ]]; then
pr_headlineln "(via openssl, SSLv2 via sockets)" pr_headlineln "(via openssl, SSLv2 via sockets) "
using_sockets=false using_sockets=false
else else
using_sockets=true using_sockets=true
pr_headlineln "(via sockets except TLS 1.2 and SPDY/NPN)" pr_headlineln "(via sockets except TLS 1.2 and SPDY/NPN) "
fi fi
fi fi
outln outln
@ -1760,6 +1766,7 @@ run_server_preference() {
cipher_pref_check cipher_pref_check
else else
outln "\n No further cipher order check has been done as order is determined by the client" outln "\n No further cipher order check has been done as order is determined by the client"
outln
fi fi
return 0 return 0
} }
@ -1811,6 +1818,7 @@ cipher_pref_check() {
done done
fi fi
outln
tmpfile_handle $FUNCNAME.txt tmpfile_handle $FUNCNAME.txt
return 0 return 0
} }
@ -1969,7 +1977,8 @@ tls_time() {
return 0 return 0
} }
# function which # core function determining whether handshake succeded or not
#
sclient_connect_successful() { sclient_connect_successful() {
[[ $1 -eq 0 ]] && return 0 [[ $1 -eq 0 ]] && return 0
[[ -z $(awk '/Master-Key: / { print $2 }' "$2") ]] && return 1 [[ -z $(awk '/Master-Key: / { print $2 }' "$2") ]] && return 1
@ -2254,7 +2263,6 @@ run_server_defaults() {
ocsp_uri=$($OPENSSL x509 -in $HOSTCERT -noout -ocsp_uri 2>>$ERRFILE) ocsp_uri=$($OPENSSL x509 -in $HOSTCERT -noout -ocsp_uri 2>>$ERRFILE)
[[ x"$ocsp_uri" == "x" ]] && pr_literedln "--" || echo "$ocsp_uri" [[ x"$ocsp_uri" == "x" ]] && pr_literedln "--" || echo "$ocsp_uri"
#set -x
pr_bold " OCSP stapling " pr_bold " OCSP stapling "
if grep -a "OCSP response" $TMPFILE | grep -q "no response sent" ; then if grep -a "OCSP response" $TMPFILE | grep -q "no response sent" ; then
out " not offered" out " not offered"
@ -2399,7 +2407,7 @@ run_spdy() {
pr_bold " SPDY/NPN " pr_bold " SPDY/NPN "
if ! spdy_pre ; then if ! spdy_pre ; then
echo outln "\n"
return 0 return 0
fi fi
$OPENSSL s_client -host $NODE -port $PORT -nextprotoneg $NPN_PROTOs </dev/null 2>$ERRFILE >$TMPFILE $OPENSSL s_client -host $NODE -port $PORT -nextprotoneg $NPN_PROTOs </dev/null 2>$ERRFILE >$TMPFILE
@ -2411,7 +2419,7 @@ run_spdy() {
# now comes a strange thing: "Protocols advertised by server:" is empty but connection succeeded # now comes a strange thing: "Protocols advertised by server:" is empty but connection succeeded
if echo $tmpstr | egrep -aq "spdy|http" ; then if echo $tmpstr | egrep -aq "spdy|http" ; then
out "$tmpstr" out "$tmpstr"
out " (advertised)" outln " (advertised)"
ret=0 ret=0
else else
pr_litemagentaln "please check manually, server response was ambigious ..." pr_litemagentaln "please check manually, server response was ambigious ..."
@ -4132,6 +4140,7 @@ CAPATH: $CAPATH
ECHO: $ECHO ECHO: $ECHO
COLOR: $COLOR COLOR: $COLOR
TERM_DWITH: $TERM_DWITH TERM_DWITH: $TERM_DWITH
INTERACTIVE: $INTERACTIVE
HAS_GNUDATE: $HAS_GNUDATE HAS_GNUDATE: $HAS_GNUDATE
HAS_SED_E: $HAS_SED_E HAS_SED_E: $HAS_SED_E
@ -4525,7 +4534,8 @@ get_mx_record() {
} }
# We need to get the IP address of the proxy so we can use it in fd_socket # We need to get the IP address of the proxy so we can use it in fd_socket
check_proxy(){ #
check_proxy() {
if [[ -n "$PROXY" ]]; then if [[ -n "$PROXY" ]]; then
if ! $OPENSSL s_client help 2>&1 | grep -qw proxy; then if ! $OPENSSL s_client help 2>&1 | grep -qw proxy; then
fatal "Your $OPENSSL is too old to support the \"--proxy\" option" -1 fatal "Your $OPENSSL is too old to support the \"--proxy\" option" -1
@ -4664,7 +4674,7 @@ determine_service() {
;; ;;
esac esac
fi fi
outln #outln
tmpfile_handle $FUNCNAME.txt tmpfile_handle $FUNCNAME.txt
return 0 # OPTIMAL_PROTO, GET_REQ*/HEAD_REQ* is set now return 0 # OPTIMAL_PROTO, GET_REQ*/HEAD_REQ* is set now
@ -5214,6 +5224,7 @@ get_install_dir
initialize_globals initialize_globals
parse_cmd_line "$@" parse_cmd_line "$@"
set_color_functions
find_openssl_binary find_openssl_binary
maketempf maketempf
mybanner mybanner
@ -5247,13 +5258,13 @@ else
if [[ $(count_words "$(echo -n "$IPADDRs")") -gt 1 ]]; then # we have more than one ipv4 address to check if [[ $(count_words "$(echo -n "$IPADDRs")") -gt 1 ]]; then # we have more than one ipv4 address to check
pr_bold "Testing all IPv4 addresses (port $PORT): "; outln "$IPADDRs" pr_bold "Testing all IPv4 addresses (port $PORT): "; outln "$IPADDRs"
for ip in $IPADDRs; do for ip in $IPADDRs; do
draw_line "-" $((TERM_DWITH / 2)) draw_line "-" $((TERM_DWITH * 2 / 3))
outln outln
NODEIP="$ip" NODEIP="$ip"
lets_roll "${STARTTLS_PROTOCOL}" lets_roll "${STARTTLS_PROTOCOL}"
ret=$(($? + ret)) ret=$(($? + ret))
done done
draw_line "-" $((TERM_DWITH / 2)) draw_line "-" $((TERM_DWITH * 2 / 3))
outln outln
pr_bold "Done testing now all IP addresses (on port $PORT): "; outln "$IPADDRs" pr_bold "Done testing now all IP addresses (on port $PORT): "; outln "$IPADDRs"
else # we need just one ip4v to check else # we need just one ip4v to check