From d648a0851d8fca1ecd007b5b5cab9da612c7875e Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Fri, 28 Nov 2025 01:46:16 +0100 Subject: [PATCH] Fix error when early data empty This PR fixes an error when early data was empty which caused testssl.sh to exit instead of marking that there was no file returned. Also it changes HEAD to GET as the latter is probably more often supported. There needs to be a unit test for 0-RTT / early data! --- testssl.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/testssl.sh b/testssl.sh index 6de9802..189ca0c 100755 --- a/testssl.sh +++ b/testssl.sh @@ -7176,12 +7176,11 @@ sub_early_data() { else return 5 fi - - safe_echo "HEAD / HTTP/1.1\r\nHost: $NODE\r\nConnection: close\r\nEarly-Data: 1\r\n\r\n" > $early_data + safe_echo "GET / HTTP/1.1\r\nHost: $NODE\r\nEarly-Data: 1\r\nConnection: close\r\n\r\n" > $early_data $openssl_bin s_client $(s_client_options "$STARTTLS $BUGS -tls1_3 -connect $NODEIP:$PORT $PROXY $SNI") -sess_out $sess_data -ign_eof \ < $early_data >/dev/null 2>$ERRFILE if [[ ! -s "$sess_data" ]]; then - exit 7 + return 7 fi $openssl_bin s_client $(s_client_options "$STARTTLS $BUGS -tls1_3 -connect $NODEIP:$PORT $PROXY $SNI") -sess_in $sess_data \ @@ -10804,7 +10803,7 @@ run_server_defaults() { 6) prln_warning "Client Auth: early data check not supported" fileout "$jsonID" "WARN" "check couldn't be performed because of client authentication" ;; - 7) prln_warning "check failed (no session data" + 7) prln_warning "check failed (no session data received)" fileout "$jsonID" "WARN" "check failed (no session data)" ((ret++)) ;;