From 1924c9a0a633aa4ad9f62de4ab130017b4b3c306 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Wed, 28 Mar 2018 17:48:04 +0200
Subject: [PATCH] Connectivity problems, man page update

See previous commit

This commit finally fixes #1005 so that either a --ssl-native scan
terminates on the next (defined) occasion if there are network connectivity
problems. It introduces another set of variables (MAX_OSSL_FAIL vs. NR_OSSL_FAIL).
As "openssl s_client connect" is sometimes still being used without --ssl-native
it also shortens the wait for regular scans if an outage is encountered.
To make things easier bot sets (incl. *_SOCKET_FAIL) of variables are independent.

For the seldom case that somebody uses --ssl-native with client checks an exception
had to be made as otherwise only MAX_OSSL_FAIL client check would be performed.
This hasn't been understood yet...

As sometimes HTTP header requests (over OpenSSL) fail repeatedly in a way that an empty
reply is returned, the same strategy of detecting problems is applied here,
using MAX_HEADER_FAIL and NR_HEADER_FAIL.

All three detection mechanisims share a new function connectivity_problem().
---
 doc/testssl.1      | 6 ++++++
 doc/testssl.1.html | 2 ++
 doc/testssl.1.md   | 2 ++
 3 files changed, 10 insertions(+)

diff --git a/doc/testssl.1 b/doc/testssl.1
index b1e3f94..13f152d 100644
--- a/doc/testssl.1
+++ b/doc/testssl.1
@@ -507,6 +507,12 @@ CA_BUNDLES_PATH: If you have an own set of CA bundles or you want to point tests
 .IP "\(bu" 4
 MAX_SOCKET_FAIL: A number which tells testssl\.sh how often a TCP socket connection may fail before the program gives up and terminates\. The default is 2\.
 .
+.IP "\(bu" 4
+MAX_OSSL_FAIL: A number which tells testssl\.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates\. The default is 2\.
+.
+.IP "\(bu" 4
+MAX_HEADER_FAIL: A number which tells testssl\.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates\. The default is 3\.
+.
 .IP "" 0
 .
 .SH "EXAMPLES"
diff --git a/doc/testssl.1.html b/doc/testssl.1.html
index 20faea3..3686707 100644
--- a/doc/testssl.1.html
+++ b/doc/testssl.1.html
@@ -440,6 +440,8 @@ The same can be achieved by setting the environment variable <code>WARNINGS</cod
 use. Please note that it overrides completely the builtin path of testssl.sh which means that you will only test against the bundles you point to. Also you might want to use ~/utils/create_ca_hashes.sh
 to create the hashes for HPKP.</li>
 <li>MAX_SOCKET_FAIL: A number which tells testssl.sh how often a TCP socket connection may fail before the program gives up and terminates. The default is 2.</li>
+<li>MAX_OSSL_FAIL: A number which tells testssl.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates. The default is 2.</li>
+<li>MAX_HEADER_FAIL: A number which tells testssl.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates. The default is 3.</li>
 </ul>
 
 
diff --git a/doc/testssl.1.md b/doc/testssl.1.md
index 6fe46c0..8482455 100644
--- a/doc/testssl.1.md
+++ b/doc/testssl.1.md
@@ -371,6 +371,8 @@ Except the environment variables mentioned above which replace command line opti
 use. Please note that it overrides completely the builtin path of testssl.sh which means that you will only test against the bundles you point to. Also you might want to use ~/utils/create_ca_hashes.sh
 to create the hashes for HPKP.
 * MAX_SOCKET_FAIL: A number which tells testssl.sh how often a TCP socket connection may fail before the program gives up and terminates. The default is 2.
+* MAX_OSSL_FAIL: A number which tells testssl.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates. The default is 2.
+* MAX_HEADER_FAIL: A number which tells testssl.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates. The default is 3.
 
 
 [comment]: # CAPATH