Connectivity problems, man page update

See previous commit This commit finally fixes #1005 so that either a --ssl-native scan terminates on the next (defined) occasion if there are network connectivity problems. It introduces another set of variables (MAX_OSSL_FAIL vs. NR_OSSL_FAIL). As "openssl s_client connect" is sometimes still being used without --ssl-native it also shortens the wait for regular scans if an outage is encountered. To make things easier bot sets (incl. *_SOCKET_FAIL) of variables are independent. For the seldom case that somebody uses --ssl-native with client checks an exception had to be made as otherwise only MAX_OSSL_FAIL client check would be performed. This hasn't been understood yet... As sometimes HTTP header requests (over OpenSSL) fail repeatedly in a way that an empty reply is returned, the same strategy of detecting problems is applied here, using MAX_HEADER_FAIL and NR_HEADER_FAIL. All three detection mechanisims share a new function connectivity_problem().
2024-12-31 22:09:44 +01:00 · 2018-03-28 17:48:04 +02:00 · 2018-03-28 17:48:04 +02:00 · 1924c9a0a6
commit 1924c9a0a6
parent baabf2a61e
3 changed files with 10 additions and 0 deletions
--- a/doc/testssl.1
+++ b/doc/testssl.1
@ -507,6 +507,12 @@ CA_BUNDLES_PATH: If you have an own set of CA bundles or you want to point tests
 .IP "\(bu" 4
 MAX_SOCKET_FAIL: A number which tells testssl\.sh how often a TCP socket connection may fail before the program gives up and terminates\. The default is 2\.
 .
+.IP "\(bu" 4
+MAX_OSSL_FAIL: A number which tells testssl\.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates\. The default is 2\.
+.
+.IP "\(bu" 4
+MAX_HEADER_FAIL: A number which tells testssl\.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates\. The default is 3\.
+.
 .IP "" 0
 .
 .SH "EXAMPLES"
--- a/doc/testssl.1.html
+++ b/doc/testssl.1.html
@ -440,6 +440,8 @@ The same can be achieved by setting the environment variable <code>WARNINGS</cod
 use. Please note that it overrides completely the builtin path of testssl.sh which means that you will only test against the bundles you point to. Also you might want to use ~/utils/create_ca_hashes.sh
 to create the hashes for HPKP.</li>
 <li>MAX_SOCKET_FAIL: A number which tells testssl.sh how often a TCP socket connection may fail before the program gives up and terminates. The default is 2.</li>
+<li>MAX_OSSL_FAIL: A number which tells testssl.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates. The default is 2.</li>
+<li>MAX_HEADER_FAIL: A number which tells testssl.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates. The default is 3.</li>
 </ul>


--- a/doc/testssl.1.md
+++ b/doc/testssl.1.md
@ -371,6 +371,8 @@ Except the environment variables mentioned above which replace command line opti
 use. Please note that it overrides completely the builtin path of testssl.sh which means that you will only test against the bundles you point to. Also you might want to use ~/utils/create_ca_hashes.sh
 to create the hashes for HPKP.
 * MAX_SOCKET_FAIL: A number which tells testssl.sh how often a TCP socket connection may fail before the program gives up and terminates. The default is 2.
+* MAX_OSSL_FAIL: A number which tells testssl.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates. The default is 2.
+* MAX_HEADER_FAIL: A number which tells testssl.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates. The default is 3.


 [comment]: # CAPATH