Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-26 18:39:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

catch border cases better (GOST ONLY, server w handshake limits)

Browse Source
This commit is contained in:
Dirk 2017-02-21 11:21:35 +01:00
parent 2df7982890
commit 205c522178
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
testssl.sh
View File

@ -4195,7 +4195,8 @@ determine_tls_extensions() {
return $success return $success
fi fi
# first shot w/o any protocol, then we collect in turn all extensions >$TEMPDIR/tlsext.txt
# first shot w/o any protocol, then in turn we collect all extensions (if it succeeds)
$OPENSSL s_client $STARTTLS $BUGS $1 -showcerts -connect $NODEIP:$PORT $PROXY $addcmd -tlsextdebug -status </dev/null 2>$ERRFILE >$TMPFILE $OPENSSL s_client $STARTTLS $BUGS $1 -showcerts -connect $NODEIP:$PORT $PROXY $addcmd -tlsextdebug -status </dev/null 2>$ERRFILE >$TMPFILE
sclient_connect_successful $? $TMPFILE && grep -a 'TLS server extension' $TMPFILE >$TEMPDIR/tlsext.txt sclient_connect_successful $? $TMPFILE && grep -a 'TLS server extension' $TMPFILE >$TEMPDIR/tlsext.txt
for proto in $protocols_to_try; do for proto in $protocols_to_try; do
@ -4205,12 +4206,12 @@ determine_tls_extensions() {
$OPENSSL s_client $STARTTLS $BUGS $1 -showcerts -connect $NODEIP:$PORT $PROXY $addcmd -$proto -tlsextdebug $alpn_params -status </dev/null 2>$ERRFILE >$TMPFILE $OPENSSL s_client $STARTTLS $BUGS $1 -showcerts -connect $NODEIP:$PORT $PROXY $addcmd -$proto -tlsextdebug $alpn_params -status </dev/null 2>$ERRFILE >$TMPFILE
if sclient_connect_successful $? $TMPFILE; then if sclient_connect_successful $? $TMPFILE; then
success=0 success=0
grep -a 'TLS server extension' $TMPFILE >>$TEMPDIR/tlsext.txt grep -a 'TLS server extension' $TMPFILE >>$TEMPDIR/tlsext.txt
fi fi
$OPENSSL s_client $STARTTLS $BUGS $1 -showcerts -connect $NODEIP:$PORT $PROXY $addcmd -$proto -tlsextdebug $npn_params -status </dev/null 2>$ERRFILE >$TMPFILE $OPENSSL s_client $STARTTLS $BUGS $1 -showcerts -connect $NODEIP:$PORT $PROXY $addcmd -$proto -tlsextdebug $npn_params -status </dev/null 2>$ERRFILE >$TMPFILE
if sclient_connect_successful $? $TMPFILE ; then if sclient_connect_successful $? $TMPFILE ; then
success=0 success=0
grep -a 'TLS server extension' $TMPFILE >>$TEMPDIR/tlsext.txt grep -a 'TLS server extension' $TMPFILE >>$TEMPDIR/tlsext.txt
break break
fi fi
done # this loop is needed for IIS6 and others which have a handshake size limitations done # this loop is needed for IIS6 and others which have a handshake size limitations
@ -4224,6 +4225,7 @@ determine_tls_extensions() {
tmpfile_handle $FUNCNAME.txt tmpfile_handle $FUNCNAME.txt
return 7 # this is ugly, I know return 7 # this is ugly, I know
else else
grep -a 'TLS server extension' $TMPFILE >>$TEMPDIR/tlsext.txt
GOST_STATUS_PROBLEM=true GOST_STATUS_PROBLEM=true
fi fi
fi fi
@ -9104,4 +9106,4 @@ fi
exit $? exit $?
# $Id: testssl.sh,v 1.566 2017/02/21 09:39:54 dirkw Exp $ # $Id: testssl.sh,v 1.567 2017/02/21 10:21:33 dirkw Exp $