Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-07 17:20:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Support OpenSSL 3.0.1-dev and 3.1.0-dev

Browse Source 
This commit changes a few lines of code that checks OpenSSL version numbers to recognize 3.0.1 and 3.1.0 in addtion to 3.0.0.

According to https://www.openssl.org/blog/blog/2018/11/28/version, API/ABI compatibility is guaranteed for the same MAJOR version number (starting with version 3), so it should be sufficient to just check that $OSSL_VER_MAJOR is 3.
This commit is contained in:
David Cooper 2021-10-29 13:54:13 -04:00
parent b7d6b7ca7b
commit 095433774d
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
testssl.sh
View File

@ -1977,7 +1977,7 @@ check_revocation_ocsp() {
if [[ "$OSSL_NAME" =~ LibreSSL ]]; then if [[ "$OSSL_NAME" =~ LibreSSL ]]; then
host_header="-header Host ${host_header}" host_header="-header Host ${host_header}"
elif [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.0* ]] || [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.1* ]] || \ elif [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.0* ]] || [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.1* ]] || \
[[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 3.0.0* ]]; then [[ $OSSL_VER_MAJOR == 3 ]]; then
host_header="-header Host=${host_header}" host_header="-header Host=${host_header}"
else else
host_header="-header Host ${host_header}" host_header="-header Host ${host_header}"
@ -4256,7 +4256,7 @@ ciphers_by_strength() {
ossl_ciphers_proto="" ossl_ciphers_proto=""
elif [[ $proto == -ssl2 ]] || [[ $proto == -ssl3 ]] || \ elif [[ $proto == -ssl2 ]] || [[ $proto == -ssl3 ]] || \
[[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.0* ]] || [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.1* ]] || \ [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.0* ]] || [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.1* ]] || \
[[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 3.0.0* ]]; then [[ $OSSL_VER_MAJOR == 3 ]]; then
ossl_ciphers_proto="$proto" ossl_ciphers_proto="$proto"
else else
ossl_ciphers_proto="-tls1" ossl_ciphers_proto="-tls1"
@ -6482,7 +6482,7 @@ sub_session_resumption() {
return 7 return 7
fi fi
if "$byID" && [[ ! "$OSSL_NAME" =~ LibreSSL ]] && \ if "$byID" && [[ ! "$OSSL_NAME" =~ LibreSSL ]] && \
( [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.1* ]] || [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 3.0.0* ]] ) && \ ( [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.1* ]] || [[ $OSSL_VER_MAJOR == 3 ]] ) && \
[[ ! -s "$sess_data" ]]; then [[ ! -s "$sess_data" ]]; then
# it seems OpenSSL indicates no Session ID resumption by just not generating output # it seems OpenSSL indicates no Session ID resumption by just not generating output
debugme echo -n "No session resumption byID (empty file)" debugme echo -n "No session resumption byID (empty file)"
@ -11670,7 +11670,7 @@ hmac() {
local key="$2" text="$3" output local key="$2" text="$3" output
local -i ret local -i ret
if [[ ! "$OSSL_NAME" =~ LibreSSL ]] && [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 3.0.0* ]]; then if [[ ! "$OSSL_NAME" =~ LibreSSL ]] && [[ $OSSL_VER_MAJOR == 3 ]]; then
output="$(hex2binary "$text" | $OPENSSL mac -macopt digest:"${hash_fn/-/}" -macopt hexkey:"$key" HMAC 2>/dev/null)" output="$(hex2binary "$text" | $OPENSSL mac -macopt digest:"${hash_fn/-/}" -macopt hexkey:"$key" HMAC 2>/dev/null)"
ret=$? ret=$?
tm_out "$(strip_lf "$output")" tm_out "$(strip_lf "$output")"
@ -11691,7 +11691,7 @@ hmac-transcript() {
local key="$2" transcript="$3" output local key="$2" transcript="$3" output
local -i ret local -i ret
if [[ ! "$OSSL_NAME" =~ LibreSSL ]] && [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 3.0.0* ]]; then if [[ ! "$OSSL_NAME" =~ LibreSSL ]] && [[ $OSSL_VER_MAJOR == 3 ]]; then
output="$(hex2binary "$transcript" | \ output="$(hex2binary "$transcript" | \
$OPENSSL dgst "$hash_fn" -binary 2>/dev/null | \ $OPENSSL dgst "$hash_fn" -binary 2>/dev/null | \
$OPENSSL mac -macopt digest:"${hash_fn/-/}" -macopt hexkey:"$key" HMAC 2>/dev/null)" $OPENSSL mac -macopt digest:"${hash_fn/-/}" -macopt hexkey:"$key" HMAC 2>/dev/null)"
@ -19329,7 +19329,7 @@ find_openssl_binary() {
# see #190, reverting logic: unless otherwise proved openssl has no dh bits # see #190, reverting logic: unless otherwise proved openssl has no dh bits
case "$OSSL_VER_MAJOR.$OSSL_VER_MINOR" in case "$OSSL_VER_MAJOR.$OSSL_VER_MINOR" in
1.0.2|1.1.0|1.1.1|3.0.0) HAS_DH_BITS=true ;; 1.0.2|1.1.0|1.1.1|3.*) HAS_DH_BITS=true ;;
esac esac
if [[ "$OSSL_NAME" =~ LibreSSL ]]; then if [[ "$OSSL_NAME" =~ LibreSSL ]]; then
[[ ${OSSL_VER//./} -ge 210 ]] && HAS_DH_BITS=true [[ ${OSSL_VER//./} -ge 210 ]] && HAS_DH_BITS=true
@ -19463,7 +19463,7 @@ find_openssl_binary() {
# not check /usr/bin/openssl -- if available. This is more a kludge which we shouldn't use for # not check /usr/bin/openssl -- if available. This is more a kludge which we shouldn't use for
# every openssl feature. At some point we need to decide which with openssl version we go. # every openssl feature. At some point we need to decide which with openssl version we go.
OPENSSL2=/usr/bin/openssl OPENSSL2=/usr/bin/openssl
if [[ ! $OSSL_VER =~ 1.1.1 ]] && [[ ! $OSSL_VER_MAJOR =~ 3 ]]; then if [[ ! "$OSSL_NAME" =~ LibreSSL ]] && [[ ! $OSSL_VER =~ 1.1.1 ]] && [[ ! $OSSL_VER_MAJOR =~ 3 ]]; then
if [[ -x $OPENSSL2 ]]; then if [[ -x $OPENSSL2 ]]; then
$OPENSSL2 s_client -help 2>$s_client_has2 $OPENSSL2 s_client -help 2>$s_client_has2
$OPENSSL2 s_client -starttls foo 2>$s_client_starttls_has2 $OPENSSL2 s_client -starttls foo 2>$s_client_starttls_has2