mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-03 23:39:45 +01:00
* NEW: xmpphost support
* FIX for regression (80e26a75ef
), config file GOST
This commit is contained in:
parent
016b488ae3
commit
179d8700d1
42
testssl.sh
42
testssl.sh
@ -149,6 +149,7 @@ NODE=""
|
|||||||
NODEIP=""
|
NODEIP=""
|
||||||
IPADDRs=""
|
IPADDRs=""
|
||||||
IP46ADDRs=""
|
IP46ADDRs=""
|
||||||
|
XMPP_HOST=""
|
||||||
PROXY=""
|
PROXY=""
|
||||||
PROXYIP=""
|
PROXYIP=""
|
||||||
PROXYPORT=""
|
PROXYPORT=""
|
||||||
@ -3382,6 +3383,7 @@ $PROG_NAME <options> URI ("$PROG_NAME URI" does everything except -E)
|
|||||||
special invocations:
|
special invocations:
|
||||||
|
|
||||||
-t, --starttls <protocol> does a default run against a STARTTLS enabled <protocol>
|
-t, --starttls <protocol> does a default run against a STARTTLS enabled <protocol>
|
||||||
|
--xmpphost <to_domain> for STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed
|
||||||
--mx <domain/host> tests MX records from high to low priority (STARTTLS, port 25)
|
--mx <domain/host> tests MX records from high to low priority (STARTTLS, port 25)
|
||||||
--ip <ipv4> a) tests the supplied <ipv4> instead of resolving host(s) in URI
|
--ip <ipv4> a) tests the supplied <ipv4> instead of resolving host(s) in URI
|
||||||
b) "one" means: just test the first DNS returns (useful for multiple IPs)
|
b) "one" means: just test the first DNS returns (useful for multiple IPs)
|
||||||
@ -3547,7 +3549,7 @@ initialize_engine(){
|
|||||||
return 1
|
return 1
|
||||||
elif echo $osslver | grep -q LibreSSL; then
|
elif echo $osslver | grep -q LibreSSL; then
|
||||||
return 1
|
return 1
|
||||||
elif grep -q '^# testssl config file' "$OPENSSL_CONF"; then
|
elif grep -q '^# testssl config file' "$OPENSSL_CONF" 2>/dev/null; then
|
||||||
return 0
|
return 0
|
||||||
else
|
else
|
||||||
if [ -n "$OPENSSL_CONF" ]; then
|
if [ -n "$OPENSSL_CONF" ]; then
|
||||||
@ -3733,9 +3735,21 @@ determine_service() {
|
|||||||
else
|
else
|
||||||
protocol=$(echo "$1" | sed 's/s$//') # strip trailing s in ftp(s), smtp(s), pop3(s), imap(s), ldap(s), telnet(s)
|
protocol=$(echo "$1" | sed 's/s$//') # strip trailing s in ftp(s), smtp(s), pop3(s), imap(s), ldap(s), telnet(s)
|
||||||
case "$protocol" in
|
case "$protocol" in
|
||||||
|
xmpp) # for XMPP, openssl has a problem using -connect $NODEIP:$PORT. thus we use -connect $NODE:$PORT instead!
|
||||||
|
NODEIP="$NODE"
|
||||||
|
;&
|
||||||
ftp|smtp|pop3|imap|xmpp|telnet|ldap)
|
ftp|smtp|pop3|imap|xmpp|telnet|ldap)
|
||||||
STARTTLS="-starttls $protocol"; export STARTTLS
|
STARTTLS="-starttls $protocol"
|
||||||
SNI=""
|
SNI=""
|
||||||
|
if [[ -n "$XMPP_HOST" ]] && [[ $protocol == "xmpp" ]] ; then
|
||||||
|
if ! $OPENSSL s_client --help 2>&1 | grep -q xmpphost; then
|
||||||
|
outln
|
||||||
|
pr_magentaln " Local problem: Your $OPENSSL does not support the \"-xmpphost\" option"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
STARTTLS="$STARTTLS -xmpphost $XMPP_HOST" # it's a hack -- instead of changing calls all over the place
|
||||||
|
# see http://xmpp.org/rfcs/rfc3920.html
|
||||||
|
fi
|
||||||
$OPENSSL s_client -connect $NODEIP:$PORT $PROXY $STARTTLS 2>/dev/null >$TMPFILE </dev/null
|
$OPENSSL s_client -connect $NODEIP:$PORT $PROXY $STARTTLS 2>/dev/null >$TMPFILE </dev/null
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
pr_magentaln " $OPENSSL couldn't establish STARTTLS via $protocol to $NODEIP:$PORT"
|
pr_magentaln " $OPENSSL couldn't establish STARTTLS via $protocol to $NODEIP:$PORT"
|
||||||
@ -3743,7 +3757,9 @@ determine_service() {
|
|||||||
exit 3
|
exit 3
|
||||||
fi
|
fi
|
||||||
out " Service set: STARTTLS via "
|
out " Service set: STARTTLS via "
|
||||||
echo $protocol | tr '[a-z]' '[A-Z]'
|
printf $protocol | tr '[a-z]' '[A-Z]'
|
||||||
|
[[ -n "$XMPP_HOST" ]] && printf " (with to=\'$XMPP_HOST\')"
|
||||||
|
outln
|
||||||
;;
|
;;
|
||||||
*) pr_litemagentaln "momentarily only ftp, smtp, pop3, imap, xmpp and telnet, ldap allowed" >&2
|
*) pr_litemagentaln "momentarily only ftp, smtp, pop3, imap, xmpp and telnet, ldap allowed" >&2
|
||||||
exit 1
|
exit 1
|
||||||
@ -3964,12 +3980,16 @@ parse_cmd_line() {
|
|||||||
-x|-x=*|--single[-_]cipher|--single[-_]cipher=*)
|
-x|-x=*|--single[-_]cipher|--single[-_]cipher=*)
|
||||||
do_test_just_one=true
|
do_test_just_one=true
|
||||||
single_cipher=$(parse_opt_equal_sign "$1" "$2")
|
single_cipher=$(parse_opt_equal_sign "$1" "$2")
|
||||||
[ $? -eq 0 ] && shift
|
[[ $? -eq 0 ]] && shift
|
||||||
;;
|
;;
|
||||||
-t|-t=*|--starttls|--starttls=*)
|
-t|-t=*|--starttls|--starttls=*)
|
||||||
do_starttls=true
|
do_starttls=true
|
||||||
STARTTLS_PROTOCOL=$(parse_opt_equal_sign "$1" "$2")
|
STARTTLS_PROTOCOL=$(parse_opt_equal_sign "$1" "$2")
|
||||||
[ $? -eq 0 ] && shift
|
[[ $? -eq 0 ]] && shift
|
||||||
|
;;
|
||||||
|
--xmpphost|--xmpphost=*)
|
||||||
|
XMPP_HOST=$(parse_opt_equal_sign "$1" "$2")
|
||||||
|
[[ $? -eq 0 ]] && shift
|
||||||
;;
|
;;
|
||||||
-e|--each-cipher)
|
-e|--each-cipher)
|
||||||
do_allciphers=true
|
do_allciphers=true
|
||||||
@ -4083,7 +4103,7 @@ parse_cmd_line() {
|
|||||||
;;
|
;;
|
||||||
--warnings|--warnings=*)
|
--warnings|--warnings=*)
|
||||||
WARNINGS=$(parse_opt_equal_sign "$1" "$2")
|
WARNINGS=$(parse_opt_equal_sign "$1" "$2")
|
||||||
[ $? -eq 0 ] && shift
|
[[ $? -eq 0 ]] && shift
|
||||||
case "$WARNING" in
|
case "$WARNING" in
|
||||||
batch|off|false) ;;
|
batch|off|false) ;;
|
||||||
default) pr_magentaln "warnings can be either \"batch\", \"off\" or \"false\"" ;;
|
default) pr_magentaln "warnings can be either \"batch\", \"off\" or \"false\"" ;;
|
||||||
@ -4094,11 +4114,11 @@ parse_cmd_line() {
|
|||||||
;;
|
;;
|
||||||
--debug|--debug=*)
|
--debug|--debug=*)
|
||||||
DEBUG=$(parse_opt_equal_sign "$1" "$2")
|
DEBUG=$(parse_opt_equal_sign "$1" "$2")
|
||||||
[ $? -eq 0 ] && shift
|
[[ $? -eq 0 ]] && shift
|
||||||
;;
|
;;
|
||||||
--color|--color=*)
|
--color|--color=*)
|
||||||
COLOR=$(parse_opt_equal_sign "$1" "$2")
|
COLOR=$(parse_opt_equal_sign "$1" "$2")
|
||||||
[ $? -eq 0 ] && shift
|
[[ $? -eq 0 ]] && shift
|
||||||
if [ $COLOR -ne 0 ] && [ $COLOR -ne 1 ] && [ $COLOR -ne 2 ] ; then
|
if [ $COLOR -ne 0 ] && [ $COLOR -ne 1 ] && [ $COLOR -ne 2 ] ; then
|
||||||
COLOR=2
|
COLOR=2
|
||||||
pr_magentaln "$0: unrecognized color: $2" 1>&2
|
pr_magentaln "$0: unrecognized color: $2" 1>&2
|
||||||
@ -4107,11 +4127,11 @@ parse_cmd_line() {
|
|||||||
;;
|
;;
|
||||||
--openssl|--openssl=*)
|
--openssl|--openssl=*)
|
||||||
OPENSSL=$(parse_opt_equal_sign "$1" "$2")
|
OPENSSL=$(parse_opt_equal_sign "$1" "$2")
|
||||||
[ $? -eq 0 ] && shift
|
[[ $? -eq 0 ]] && shift
|
||||||
;;
|
;;
|
||||||
--proxy|--proxy=*)
|
--proxy|--proxy=*)
|
||||||
PROXY=$(parse_opt_equal_sign "$1" "$2")
|
PROXY=$(parse_opt_equal_sign "$1" "$2")
|
||||||
[ $? -eq 0 ] && shift
|
[[ $? -eq 0 ]] && shift
|
||||||
;;
|
;;
|
||||||
--ssl_native|--ssl-native)
|
--ssl_native|--ssl-native)
|
||||||
SSL_NATIVE=true
|
SSL_NATIVE=true
|
||||||
@ -4256,4 +4276,4 @@ fi
|
|||||||
exit $ret
|
exit $ret
|
||||||
|
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.300 2015/07/06 08:10:45 dirkw Exp $
|
# $Id: testssl.sh,v 1.301 2015/07/06 18:42:42 dirkw Exp $
|
||||||
|
Loading…
Reference in New Issue
Block a user