Connectivity problems, man page update

See previous commit This commit finally fixes #1005 so that either a --ssl-native scan terminates on the next (defined) occasion if there are network connectivity problems. It introduces another set of variables (MAX_OSSL_FAIL vs. NR_OSSL_FAIL). As "openssl s_client connect" is sometimes still being used without --ssl-native it also shortens the wait for regular scans if an outage is encountered. To make things easier bot sets (incl. *_SOCKET_FAIL) of variables are independent. For the seldom case that somebody uses --ssl-native with client checks an exception had to be made as otherwise only MAX_OSSL_FAIL client check would be performed. This hasn't been understood yet... As sometimes HTTP header requests (over OpenSSL) fail repeatedly in a way that an empty reply is returned, the same strategy of detecting problems is applied here, using MAX_HEADER_FAIL and NR_HEADER_FAIL. All three detection mechanisims share a new function connectivity_problem().
2025-09-02 10:08:29 +02:00 · 2018-03-28 17:48:04 +02:00
parent baabf2a61e
commit 1924c9a0a6
3 changed files with 10 additions and 0 deletions
--- a/doc/testssl.1
+++ b/doc/testssl.1
@ -507,6 +507,12 @@ CA_BUNDLES_PATH: If you have an own set of CA bundles or you want to point tests
 .IP "\(bu" 4
 MAX_SOCKET_FAIL: A number which tells testssl\.sh how often a TCP socket connection may fail before the program gives up and terminates\. The default is 2\.
 .
+.IP "\(bu" 4
+MAX_OSSL_FAIL: A number which tells testssl\.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates\. The default is 2\.
+.
+.IP "\(bu" 4
+MAX_HEADER_FAIL: A number which tells testssl\.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates\. The default is 3\.
+.
 .IP "" 0
 .
 .SH "EXAMPLES"