Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-01 06:19:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix run_server_defaults()

Browse Source 
PR #1960 created a bug by placing code between the call to determine_tls_extensions() and a check of its return code. This commit fixes the problem.
This commit is contained in:
David Cooper 2022-04-14 11:01:26 -04:00
parent 54e5469411
commit 15f8fc5a3f
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
testssl.sh
View File

@ -9961,10 +9961,6 @@ run_server_defaults() {
done done
determine_tls_extensions determine_tls_extensions
"$using_sockets" && cert_compression_methods="$(determine_cert_compression)"
[[ -n "$cert_compression_methods" ]] && [[ "$cert_compression_methods" != "none" ]] && \
extract_new_tls_extensions "$TEMPDIR/$NODEIP.determine_cert_compression.txt"
if [[ $? -eq 0 ]] && [[ "$OPTIMAL_PROTO" != -ssl2 ]]; then if [[ $? -eq 0 ]] && [[ "$OPTIMAL_PROTO" != -ssl2 ]]; then
cp "$TEMPDIR/$NODEIP.determine_tls_extensions.txt" $TMPFILE cp "$TEMPDIR/$NODEIP.determine_tls_extensions.txt" $TMPFILE
>$ERRFILE >$ERRFILE
@ -9973,6 +9969,10 @@ run_server_defaults() {
sessticket_proto="$(get_protocol "$TMPFILE")" sessticket_proto="$(get_protocol "$TMPFILE")"
fi fi
fi fi
"$using_sockets" && cert_compression_methods="$(determine_cert_compression)"
[[ -n "$cert_compression_methods" ]] && [[ "$cert_compression_methods" != "none" ]] && \
extract_new_tls_extensions "$TEMPDIR/$NODEIP.determine_cert_compression.txt"
if "$using_sockets" && ! "$TLS13_ONLY" && [[ -z "$sessticket_lifetime_hint" ]] && [[ "$OPTIMAL_PROTO" != -ssl2 ]]; then if "$using_sockets" && ! "$TLS13_ONLY" && [[ -z "$sessticket_lifetime_hint" ]] && [[ "$OPTIMAL_PROTO" != -ssl2 ]]; then
if "$HAS_TLS13" && ( [[ -z "$OPTIMAL_PROTO" ]] || [[ "$OPTIMAL_PROTO" == -tls1_3 ]] ) ; then if "$HAS_TLS13" && ( [[ -z "$OPTIMAL_PROTO" ]] || [[ "$OPTIMAL_PROTO" == -tls1_3 ]] ) ; then
# If a session ticket were sent in response to a TLSv1.3 ClientHello, then a session ticket # If a session ticket were sent in response to a TLSv1.3 ClientHello, then a session ticket