From 191223017382251c7cd774eea5fe6e7bae152dbe Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Mon, 31 Aug 2020 18:29:59 +0200 Subject: [PATCH] Show that we need socat for this check but still do a soft fail here, also no warning, as we do not expect to have everybody have socat installed --- testssl.sh | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/testssl.sh b/testssl.sh index f3e834c..2a8c925 100755 --- a/testssl.sh +++ b/testssl.sh @@ -17809,16 +17809,6 @@ run_starttls_injection() { [[ -z "$STARTTLS" ]] && return 0 - if [[ -z "$SOCAT" ]]; then - fileout "$jsonID" "WARN" "Need socat for this" "$cve" "$cwe" "$hint" - debugme1 echo "Need socat for this check" - return 1 - fi - if [[ -z "$HAS_UDS2" ]] && [[ -z "$HAS_UDS" ]]; then - fileout "$jsonID" "WARN" "Need OpenSSL with Unix-domain socket s_client support for this check" "$cve" "$cwe" "$hint" - debugme1 echo "Need an OpenSSL with Unix-domain socket s_client support for this check" - return 1 - fi if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then outln pr_headlineln " Checking for STARTTLS injection " @@ -17826,6 +17816,18 @@ run_starttls_injection() { fi pr_bold " STARTTLS injection" ; out " (experimental) " + # We'll do a soft fail here, also no warning, as I do not expect to have everybody have socat installed + if [[ -z "$SOCAT" ]]; then + fileout "$jsonID" "WARN" "Need socat for this" "$cve" "$cwe" "$hint" + outln "Need socat for this check" + return 1 + fi + if [[ -z "$HAS_UDS2" ]] && [[ -z "$HAS_UDS" ]]; then + fileout "$jsonID" "WARN" "Need OpenSSL with Unix-domain socket s_client support for this check" "$cve" "$cwe" "$hint" + outln "Need an OpenSSL with Unix-domain socket s_client support for this check" + return 1 + fi + case $SERVICE in smtp) fd_socket 5 "EHLO google.com" ;;