diff --git a/testssl.sh b/testssl.sh index 57a106e..23e5f34 100755 --- a/testssl.sh +++ b/testssl.sh @@ -214,7 +214,7 @@ ALL_CLIENTS=${ALL_CLIENTS:-false} # do you want to run all client simulati # tuning vars which cannot be set by a cmd line switch EXPERIMENTAL=${EXPERIMENTAL:-false} HEADER_MAXSLEEP=${HEADER_MAXSLEEP:-5} # we wait this long before killing the process to retrieve a service banner / http header -MAX_SOCKET_FAIL=${MAX_SOCKET_FAIL:-2} # we allow this many failures for tcp sockets before we terminate +MAX_SOCKET_FAIL=${MAX_SOCKET_FAIL:-2} # If this many failures for TCP socket conencts are reached we terminate MAX_WAITSOCK=${MAX_WAITSOCK:-10} # waiting at max 10 seconds for socket reply. There shouldn't be any reason to change this. CCS_MAX_WAITSOCK=${CCS_MAX_WAITSOCK:-5} # for the two CCS payload (each). There shouldn't be any reason to change this. HEARTBLEED_MAX_WAITSOCK=${HEARTBLEED_MAX_WAITSOCK:-8} # for the heartbleed payload. There shouldn't be any reason to change this. @@ -732,7 +732,7 @@ fileout_json_print_parameter() { fileout_json_finding() { local target - local finding="$3" # FIXME: dealing with locals and globals in fileout() + local finding="$3" local cve="$4" local cwe="$5" local hint="$6" @@ -8347,8 +8347,9 @@ fd_socket() { elif ! exec 5<>/dev/tcp/$nodeip/$PORT; then # 2>/dev/null would remove an error message, but disables debugging ((NR_SOCKET_FAIL++)) if [[ $NR_SOCKET_FAIL -ge $MAX_SOCKET_FAIL ]]; then + outln [[ $MAX_SOCKET_FAIL -eq 1 ]] && fatal "TCP connect problem" -2 - fatal "repeated TCP connect problems, doesn't make sense to continue" -2 + fatal "repeated TCP connect problems, giving up.." -2 fi outln pr_warning "Unable to open a socket to $NODEIP:$PORT. "