Merge branch 'master' into more_sslv2_sslv3_fixes
Conflicts: testssl.sh
This commit is contained in:
commit
1add0f86f9
17
testssl.sh
17
testssl.sh
|
@ -717,7 +717,7 @@ run_http_header() {
|
||||||
wait_kill $! $HEADER_MAXSLEEP
|
wait_kill $! $HEADER_MAXSLEEP
|
||||||
if [[ $? -eq 0 ]]; then
|
if [[ $? -eq 0 ]]; then
|
||||||
# we do the get command again as it terminated within $HEADER_MAXSLEEP. Thus it didn't hang, we do it
|
# we do the get command again as it terminated within $HEADER_MAXSLEEP. Thus it didn't hang, we do it
|
||||||
# again in the foreground ito get an ccurate header time!
|
# again in the foreground to get an accurate header time!
|
||||||
printf "$GET_REQ11" | $OPENSSL s_client $OPTIMAL_PROTO $BUGS -quiet -ign_eof -connect $NODEIP:$PORT $PROXY $addcmd >$HEADERFILE 2>$ERRFILE
|
printf "$GET_REQ11" | $OPENSSL s_client $OPTIMAL_PROTO $BUGS -quiet -ign_eof -connect $NODEIP:$PORT $PROXY $addcmd >$HEADERFILE 2>$ERRFILE
|
||||||
NOW_TIME=$(date "+%s")
|
NOW_TIME=$(date "+%s")
|
||||||
HTTP_TIME=$(awk -F': ' '/^date:/ { print $2 } /^Date:/ { print $2 }' $HEADERFILE)
|
HTTP_TIME=$(awk -F': ' '/^date:/ { print $2 } /^Date:/ { print $2 }' $HEADERFILE)
|
||||||
|
@ -3858,7 +3858,7 @@ tls_time() {
|
||||||
debugme out "$TLS_TIME"
|
debugme out "$TLS_TIME"
|
||||||
outln
|
outln
|
||||||
else
|
else
|
||||||
pr_warning "SSLv3 through TLS 1.2 didn't return a timestamp"
|
pr_warningln "SSLv3 through TLS 1.2 didn't return a timestamp"
|
||||||
fileout "tls_time" "INFO" "No TLS timestamp returned by SSLv3 through TLSv1.2"
|
fileout "tls_time" "INFO" "No TLS timestamp returned by SSLv3 through TLSv1.2"
|
||||||
fi
|
fi
|
||||||
return 0
|
return 0
|
||||||
|
@ -7182,6 +7182,7 @@ check4openssl_oldfarts() {
|
||||||
*) outln " Update openssl binaries or compile from github.com/PeterMosmans/openssl" ;;
|
*) outln " Update openssl binaries or compile from github.com/PeterMosmans/openssl" ;;
|
||||||
esac
|
esac
|
||||||
ignore_no_or_lame " Type \"yes\" to accept some false negatives or positives "
|
ignore_no_or_lame " Type \"yes\" to accept some false negatives or positives "
|
||||||
|
[[ $? -ne 0 ]] && exit -2
|
||||||
fi
|
fi
|
||||||
outln
|
outln
|
||||||
}
|
}
|
||||||
|
@ -7877,7 +7878,7 @@ sclient_auth() {
|
||||||
#
|
#
|
||||||
determine_optimal_proto() {
|
determine_optimal_proto() {
|
||||||
local all_failed
|
local all_failed
|
||||||
local addcmd=""
|
local sni=""
|
||||||
|
|
||||||
#TODO: maybe query known openssl version before this workaround. 1.0.1 doesn't need this
|
#TODO: maybe query known openssl version before this workaround. 1.0.1 doesn't need this
|
||||||
|
|
||||||
|
@ -7895,8 +7896,9 @@ determine_optimal_proto() {
|
||||||
done
|
done
|
||||||
debugme echo "STARTTLS_OPTIMAL_PROTO: $STARTTLS_OPTIMAL_PROTO"
|
debugme echo "STARTTLS_OPTIMAL_PROTO: $STARTTLS_OPTIMAL_PROTO"
|
||||||
else
|
else
|
||||||
for OPTIMAL_PROTO in '' -tls1_2 -tls1 -ssl3 -tls1_1 -ssl2 ''; do
|
for OPTIMAL_PROTO in '' -tls1_2 -tls1 -ssl3 -tls1_1 -ssl2; do
|
||||||
$OPENSSL s_client $OPTIMAL_PROTO $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI </dev/null >$TMPFILE 2>>$ERRFILE
|
[[ "$OPTIMAL_PROTO" =~ ssl ]] && sni="" || sni=$SNI
|
||||||
|
$OPENSSL s_client $OPTIMAL_PROTO $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $sni </dev/null >$TMPFILE 2>>$ERRFILE
|
||||||
if sclient_auth $? $TMPFILE; then
|
if sclient_auth $? $TMPFILE; then
|
||||||
all_failed=1
|
all_failed=1
|
||||||
break
|
break
|
||||||
|
@ -7904,6 +7906,11 @@ determine_optimal_proto() {
|
||||||
all_failed=0
|
all_failed=0
|
||||||
done
|
done
|
||||||
debugme echo "OPTIMAL_PROTO: $OPTIMAL_PROTO"
|
debugme echo "OPTIMAL_PROTO: $OPTIMAL_PROTO"
|
||||||
|
if [[ "$OPTIMAL_PROTO" == "-ssl2" ]]; then
|
||||||
|
pr_magentaln "$NODEIP:$PORT appears to only support SSLv2."
|
||||||
|
ignore_no_or_lame " Type \"yes\" to accept some false negatives or positives "
|
||||||
|
[[ $? -ne 0 ]] && exit -2
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
grep -q '^Server Temp Key' $TMPFILE && HAS_DH_BITS=true # FIX #190
|
grep -q '^Server Temp Key' $TMPFILE && HAS_DH_BITS=true # FIX #190
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue