Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2026-02-22 21:03:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2985 from testssl/fix_2983_robot_timeout

Browse Source 
Finalize renaming MAX_WAITSOCK --> ROBOT_TIMEOUT
This commit is contained in:
Dirk Wetter
2026-02-11 21:36:17 +01:00
committed by GitHub
parent 79db2763b6 ee316ef7ee
commit 18a1264223
2 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
t/12_diff_opensslversions.t
View File

@@ -82,6 +82,10 @@ $cat_csvfile2 =~ s/HTTP_headerTime.*\n//g;
$cat_csvfile =~ s/"engine_problem.*\n//g; $cat_csvfile =~ s/"engine_problem.*\n//g;
$cat_csvfile2 =~ s/"engine_problem.*\n//g; $cat_csvfile2 =~ s/"engine_problem.*\n//g;
# Google has KEMs for TLS 1.3 which the local openssl has not - yet
$cat_csvfile =~ s/MLKEM1024 AESGCM/ECDH 253 AESGCM/g;
$cat_csvfile =~ s/MLKEM1024 ChaCha20/ECDH 253 ChaCha20/g;
# PR #2628. TL:DR; make the kx between tls_sockets() and openssl the same for this CI run # PR #2628. TL:DR; make the kx between tls_sockets() and openssl the same for this CI run
$cat_csvfile =~ s/ECDH 256/ECDH 253/g; $cat_csvfile =~ s/ECDH 256/ECDH 253/g;
$cat_csvfile =~ s/ECDH\/MLKEM/ECDH 253 /g; $cat_csvfile =~ s/ECDH\/MLKEM/ECDH 253 /g;

18
testssl.sh
View File

@@ -209,7 +209,7 @@ MAX_WAITSOCK=${MAX_WAITSOCK:-5} # waiting at max 5 seconds for socket re
QUIC_WAIT=${QUIC_WAIT:-3} # QUIC is UDP. Thus we run the connect in the background. This is how long in sec to wait QUIC_WAIT=${QUIC_WAIT:-3} # QUIC is UDP. Thus we run the connect in the background. This is how long in sec to wait
CCS_MAX_WAITSOCK=${CCS_MAX_WAITSOCK:-5} # for the two CCS payload (each). There shouldn't be any reason to change this. CCS_MAX_WAITSOCK=${CCS_MAX_WAITSOCK:-5} # for the two CCS payload (each). There shouldn't be any reason to change this.
HEARTBLEED_MAX_WAITSOCK=${HEARTBLEED_MAX_WAITSOCK:-8} # for the heartbleed payload. There shouldn't be any reason to change this. HEARTBLEED_MAX_WAITSOCK=${HEARTBLEED_MAX_WAITSOCK:-8} # for the heartbleed payload. There shouldn't be any reason to change this.
ROBOT_TIMEOUT=${ROBOT_TIMEOUT:5} # Initial timeout for ROBOT check ROBOT_TIMEOUT=${ROBOT_TIMEOUT:-1} # Initial timeout for ROBOT check
STARTTLS_SLEEP=${STARTTLS_SLEEP:-10} # max time wait on a socket for STARTTLS. MySQL has a fixed value of 1 which can't be overwritten (#914) STARTTLS_SLEEP=${STARTTLS_SLEEP:-10} # max time wait on a socket for STARTTLS. MySQL has a fixed value of 1 which can't be overwritten (#914)
FAST_STARTTLS=${FAST_STARTTLS:-true} # at the cost of reliability decrease the handshakes for STARTTLS FAST_STARTTLS=${FAST_STARTTLS:-true} # at the cost of reliability decrease the handshakes for STARTTLS
USLEEP_SND=${USLEEP_SND:-0.1} # sleep time for general socket send USLEEP_SND=${USLEEP_SND:-0.1} # sleep time for general socket send
@@ -20690,7 +20690,7 @@ run_robot() {
local -i i subret len iteration testnum pubkeybytes local -i i subret len iteration testnum pubkeybytes
local pubkeybits local pubkeybits
local vulnerable=false send_ccs_finished=true local vulnerable=false send_ccs_finished=true
local -i start_time end_time robottimeout=$ROBOT_TIMEOUT local -i start_time end_time robot_timeout=$ROBOT_TIMEOUT
local cve="CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168" local cve="CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168"
local cwe="CWE-203" local cwe="CWE-203"
local jsonID="ROBOT" local jsonID="ROBOT"
@@ -20854,7 +20854,7 @@ run_robot() {
fi fi
debugme echo "reading server error response..." debugme echo "reading server error response..."
start_time=$(LC_ALL=C date "+%s") start_time=$(LC_ALL=C date "+%s")
sockread 32768 $robottimeout sockread 32768 $robot_timeout
subret=$? subret=$?
if [[ $subret -eq 0 ]]; then if [[ $subret -eq 0 ]]; then
end_time=$(LC_ALL=C date "+%s") end_time=$(LC_ALL=C date "+%s")
@@ -20869,9 +20869,9 @@ run_robot() {
# exchange message, measure the amount of time it took to # exchange message, measure the amount of time it took to
# receive a response and set the timeout value for future # receive a response and set the timeout value for future
# tests to 2 seconds longer than it took to receive a response. # tests to 2 seconds longer than it took to receive a response.
[[ $iteration -ne 2 ]] && [[ $robottimeout -eq $MAX_WAITSOCK ]] && \ [[ $iteration -ne 2 ]] && [[ $robot_timeout -eq $ROBOT_TIMEOUT ]] && \
[[ $((end_time-start_time)) -lt $((MAX_WAITSOCK-2)) ]] && \ [[ $((end_time-start_time)) -lt $((ROBOT_TIMEOUT-2)) ]] && \
robottimeout=$((end_time-start_time+2)) robot_timeout=$((end_time-start_time+2))
else else
response[testnum]="Timeout waiting for alert" response[testnum]="Timeout waiting for alert"
fi fi
@@ -20910,14 +20910,15 @@ run_robot() {
# If the test was run with a short timeout and was found to be # If the test was run with a short timeout and was found to be
# potentially vulnerable due to some tests timing out, then # potentially vulnerable due to some tests timing out, then
# verify the results by rerunning with a longer timeout. # verify the results by rerunning with a longer timeout.
if [[ $robottimeout -eq $MAX_WAITSOCK ]]; then if [[ $robot_timeout -eq $ROBOT_TIMEOUT ]]; then
break break
elif [[ "${response[0]}" == "Timeout waiting for alert" ]] || \ elif [[ "${response[0]}" == "Timeout waiting for alert" ]] || \
[[ "${response[1]}" == "Timeout waiting for alert" ]] || \ [[ "${response[1]}" == "Timeout waiting for alert" ]] || \
[[ "${response[2]}" == "Timeout waiting for alert" ]] || \ [[ "${response[2]}" == "Timeout waiting for alert" ]] || \
[[ "${response[3]}" == "Timeout waiting for alert" ]] || \ [[ "${response[3]}" == "Timeout waiting for alert" ]] || \
[[ "${response[4]}" == "Timeout waiting for alert" ]]; then [[ "${response[4]}" == "Timeout waiting for alert" ]]; then
robottimeout=10 [[ "$DEBUG" -ge 3 ]] && echo "5x Timeout waiting for alert, $robot_timeout increasing to 8"
robot_timeout=8
else else
break break
fi fi
@@ -21795,6 +21796,7 @@ IPv6_OK: $IPv6_OK
MAX_WAITSOCK: $MAX_WAITSOCK MAX_WAITSOCK: $MAX_WAITSOCK
HEARTBLEED_MAX_WAITSOCK: $HEARTBLEED_MAX_WAITSOCK HEARTBLEED_MAX_WAITSOCK: $HEARTBLEED_MAX_WAITSOCK
CCS_MAX_WAITSOCK: $CCS_MAX_WAITSOCK CCS_MAX_WAITSOCK: $CCS_MAX_WAITSOCK
ROBOT_TIMEOUT: $ROBOT_TIMEOUT
USLEEP_SND $USLEEP_SND USLEEP_SND $USLEEP_SND
USLEEP_REC $USLEEP_REC USLEEP_REC $USLEEP_REC
HEADER_MAXSLEEP: $HEADER_MAXSLEEP HEADER_MAXSLEEP: $HEADER_MAXSLEEP