Merge pull request #411 from welwood08/patch-2

Server cipher order NPN tests should use SNI
This commit is contained in:
Dirk Wetter 2016-07-11 16:24:45 +02:00 committed by GitHub
commit 16087f8252
1 changed files with 4 additions and 4 deletions

View File

@ -3324,7 +3324,7 @@ run_server_preference() {
[[ -n "$PROXY" ]] && arg=" SPDY/NPN is" [[ -n "$PROXY" ]] && arg=" SPDY/NPN is"
[[ -n "$STARTTLS" ]] && arg=" " [[ -n "$STARTTLS" ]] && arg=" "
if spdy_pre " $arg" ; then # is NPN/SPDY supported and is this no STARTTLS? / no PROXY if spdy_pre " $arg" ; then # is NPN/SPDY supported and is this no STARTTLS? / no PROXY
$OPENSSL s_client -connect $NODEIP:$PORT $BUGS -nextprotoneg "$NPN_PROTOs" </dev/null 2>>$ERRFILE >$TMPFILE $OPENSSL s_client -connect $NODEIP:$PORT $BUGS -nextprotoneg "$NPN_PROTOs" $SNI </dev/null 2>>$ERRFILE >$TMPFILE
if sclient_connect_successful $? $TMPFILE; then if sclient_connect_successful $? $TMPFILE; then
proto[i]=$(grep -aw "Next protocol" $TMPFILE | sed -e 's/^Next protocol://' -e 's/(.)//' -e 's/ //g') proto[i]=$(grep -aw "Next protocol" $TMPFILE | sed -e 's/^Next protocol://' -e 's/(.)//' -e 's/ //g')
if [[ -z "${proto[i]}" ]]; then if [[ -z "${proto[i]}" ]]; then
@ -3499,16 +3499,16 @@ cipher_pref_check() {
if ! spdy_pre " SPDY/NPN: "; then # is NPN/SPDY supported and is this no STARTTLS? if ! spdy_pre " SPDY/NPN: "; then # is NPN/SPDY supported and is this no STARTTLS?
outln outln
else else
npn_protos=$($OPENSSL s_client -host $NODE -port $PORT $BUGS -nextprotoneg \"\" </dev/null 2>>$ERRFILE | grep -a "^Protocols " | sed -e 's/^Protocols.*server: //' -e 's/,//g') npn_protos=$($OPENSSL s_client $BUGS -nextprotoneg \"\" -connect $NODEIP:$PORT $SNI </dev/null 2>>$ERRFILE | grep -a "^Protocols " | sed -e 's/^Protocols.*server: //' -e 's/,//g')
for p in $npn_protos; do for p in $npn_protos; do
order="" order=""
$OPENSSL s_client -host $NODE -port $PORT $BUGS -nextprotoneg "$p" $PROXY </dev/null 2>>$ERRFILE >$TMPFILE $OPENSSL s_client $BUGS -nextprotoneg "$p" -connect $NODEIP:$PORT $SNI </dev/null 2>>$ERRFILE >$TMPFILE
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE) cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
printf " %-10s %s " "$p:" "$cipher" printf " %-10s %s " "$p:" "$cipher"
tested_cipher="-"$cipher tested_cipher="-"$cipher
order="$cipher" order="$cipher"
while true; do while true; do
$OPENSSL s_client -cipher "ALL:$tested_cipher" -host $NODE -port $PORT $BUGS -nextprotoneg "$p" $PROXY </dev/null 2>>$ERRFILE >$TMPFILE $OPENSSL s_client -cipher "ALL:$tested_cipher" $BUGS -nextprotoneg "$p" -connect $NODEIP:$PORT $SNI </dev/null 2>>$ERRFILE >$TMPFILE
sclient_connect_successful $? $TMPFILE || break sclient_connect_successful $? $TMPFILE || break
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE) cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
out "$cipher " out "$cipher "