Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 13:55:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix some IPv6 proxy issues

Browse Source 
As a quick hack this PR enables *basically* the IPv6 proxy which results that testssl.sh
will use an IPv6 proxy when

* the binary supports that
* the binary is used an not tls_sockets()
* there's no A record but an AAAA record of the proxy or an IPv6 address as proxy address was specified.

The latter should guarantee that it doesn't break anything.

However tls_sockets() still uses IPv4 for the connection to the proxy.

See #1105
This commit is contained in:
Dirk Wetter
2025-03-25 19:13:30 +01:00
parent 5359befc60
commit 18da1b8df5
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
testssl.sh
View File

@@ -21962,17 +21962,23 @@ check_proxy() {
# strip off http/https part if supplied: # strip off http/https part if supplied:
PROXY="${PROXY/http\:\/\//}" PROXY="${PROXY/http\:\/\//}"
PROXY="${PROXY/https\:\/\//}" # this shouldn't be needed PROXY="${PROXY/https\:\/\//}" # this shouldn't be needed
PROXYPORT="${PROXY##*:}"
PROXYNODE="${PROXY%:*}" PROXYNODE="${PROXY%:*}"
PROXYPORT="${PROXY#*:}"
is_number "$PROXYPORT" || fatal "Proxy port cannot be determined from \"$PROXY\"" $ERR_CMDLINE is_number "$PROXYPORT" || fatal "Proxy port cannot be determined from \"$PROXY\"" $ERR_CMDLINE
#if is_ipv4addr "$PROXYNODE" || is_ipv6addr "$PROXYNODE" ; then #FIXME: finish this with IPv6 proxy support, see #1105.
# IPv6 via openssl -proxy: that doesn't work. Sockets does
#FIXME: finish this with LibreSSL which supports an IPv6 proxy
if is_ipv4addr "$PROXYNODE"; then if is_ipv4addr "$PROXYNODE"; then
PROXYIP="$PROXYNODE" PROXYIP="$PROXYNODE"
elif is_ipv6addr "$PROXYNODE"; then
# Maybe an option like --proxy6 is better for purists
PROXYIP="[$PROXYNODE]"
else else
# We check now preferred whether there was an IPv4 proxy via DNS specified
# If it fails it could be an IPv6 only proxy via DNS or we just can't reach the proxy
PROXYIP="$(get_a_record "$PROXYNODE" 2>/dev/null | grep -v alias | sed 's/^.*address //')" PROXYIP="$(get_a_record "$PROXYNODE" 2>/dev/null | grep -v alias | sed 's/^.*address //')"
if [[ -z "$PROXYIP" ]]; then
PROXYIP="$(get_aaaa_record "$PROXYNODE" 2>/dev/null | grep -v alias | sed 's/^.*address //')"
fi
[[ -z "$PROXYIP" ]] && fatal "Proxy IP cannot be determined from \"$PROXYNODE\"" $ERR_CMDLINE [[ -z "$PROXYIP" ]] && fatal "Proxy IP cannot be determined from \"$PROXYNODE\"" $ERR_CMDLINE
fi fi
PROXY="-proxy $PROXYIP:$PROXYPORT" PROXY="-proxy $PROXYIP:$PROXYPORT"