mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-07 09:10:57 +01:00
editing of comments
This commit is contained in:
parent
ee72e9deae
commit
053a2265ab
22
testssl.sh
22
testssl.sh
@ -4609,7 +4609,8 @@ run_client_simulation() {
|
|||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
# generic function whether $1 is supported by s_client ($2: string to display)
|
# generic function whether $1 is supported by s_client ($2: string to display, currently nowhere being used)
|
||||||
|
#
|
||||||
locally_supported() {
|
locally_supported() {
|
||||||
[[ -n "$2" ]] && out "$2 "
|
[[ -n "$2" ]] && out "$2 "
|
||||||
if $OPENSSL s_client "$1" -connect x 2>&1 | grep -aq "unknown option"; then
|
if $OPENSSL s_client "$1" -connect x 2>&1 | grep -aq "unknown option"; then
|
||||||
@ -4620,18 +4621,19 @@ locally_supported() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# the protocol check needs to be revamped. It sucks.
|
# The protocol check in run_protocols needs to be redone. The using_socket part there kind of sucks.
|
||||||
# 1) we need to have a variable where the results are being stored so that every other test doesn't have to do this again.
|
# 1) we need to have a variable where the results are being stored so that every other test doesn't have to do this agai
|
||||||
# 2) the code is too old and one can do that way better
|
# --> we have that but certain information like "downgraded" are not being passed. That's not ok for run_protocols()/
|
||||||
# 3) HAS_SSL3/2 does already exist
|
# for all other functions we can use it
|
||||||
# we should do what's available and faster (openssl vs. sockets). Keep in mind that the socket reply for SSLv2 returns the number # of ciphers!
|
# 2) the code is old and one can do that way better
|
||||||
|
# We should do what's available and faster (openssl vs. sockets). Keep in mind that the socket reply for SSLv2 returns the number # of ciphers!
|
||||||
|
#
|
||||||
|
# arg1: -ssl2|-ssl3|-tls1|-tls1_1|-tls1_2|-tls1_3
|
||||||
#
|
#
|
||||||
# arg1: -ssl2|-ssl3|-tls1
|
|
||||||
# arg2: doesn't seem to be used in calling, seems to be a textstring with the protocol though
|
|
||||||
run_prototest_openssl() {
|
run_prototest_openssl() {
|
||||||
local -i ret=0
|
local -i ret=0
|
||||||
|
|
||||||
! locally_supported "$1" "$2" && return 7
|
! locally_supported "$1" && return 7
|
||||||
$OPENSSL s_client $(s_client_options "-state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>$ERRFILE </dev/null
|
$OPENSSL s_client $(s_client_options "-state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>$ERRFILE </dev/null
|
||||||
sclient_connect_successful $? $TMPFILE
|
sclient_connect_successful $? $TMPFILE
|
||||||
ret=$?
|
ret=$?
|
||||||
@ -4651,7 +4653,7 @@ run_prototest_openssl() {
|
|||||||
# 7: no local support
|
# 7: no local support
|
||||||
}
|
}
|
||||||
|
|
||||||
# idempotent function to add SSL/TLS protocols. It should accelerate testing.
|
# Idempotent function to add SSL/TLS protocols. It should accelerate testing.
|
||||||
# PROTOS_OFFERED can be e.g. "ssl2:no ssl3:no tls1_2:yes" which means that
|
# PROTOS_OFFERED can be e.g. "ssl2:no ssl3:no tls1_2:yes" which means that
|
||||||
# SSLv2 and SSLv3 was tested but not available, TLS 1.2 was tested and available
|
# SSLv2 and SSLv3 was tested but not available, TLS 1.2 was tested and available
|
||||||
# TLS 1.0 and TLS 1.2 not tested yet
|
# TLS 1.0 and TLS 1.2 not tested yet
|
||||||
|
Loading…
Reference in New Issue
Block a user