mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-20 23:49:30 +01:00
Fix for STARTTLS+socket of postgresql
As noted in #1249 STARTTLS with sockets doesn't work. This commit fixes that by correcting the STARTTLS handshake for postgresql. It has to be send via sockets instead of echo. The server side then will respond with "S" when STARTTLS is supported. For this starttls_io() was slightly modified so that also an input (from the server perspective) is not necessary. It's fast too
This commit is contained in:
parent
00d39693f3
commit
206c80aed5
15
testssl.sh
15
testssl.sh
@ -9821,8 +9821,13 @@ starttls_io() {
|
||||
|
||||
[[ -n "$3" ]] && waitsleep=$3
|
||||
[[ -z "$2" ]] && echo "FIXME $((LINENO))"
|
||||
debugme echo -en "C: \"$1\""
|
||||
echo -en "$1" >&5
|
||||
|
||||
# If there's a sending part it's IO. Postgres sends via socket and replies via
|
||||
# strings "S". So there's no I part of IO ;-)
|
||||
if [[ -n "$1" ]]; then
|
||||
debugme echo -en "C: \"$1\""
|
||||
echo -en "$1" >&5
|
||||
fi
|
||||
|
||||
# This seems a bit dangerous but works. No blockings yet. "if=nonblock" doesn't work on BSDs
|
||||
buffer="$(dd bs=512 count=1 <&5 2>/dev/null)"
|
||||
@ -10005,9 +10010,9 @@ starttls_nntp_dialog() {
|
||||
|
||||
starttls_postgres_dialog() {
|
||||
debugme echo "=== starting postgres STARTTLS dialog ==="
|
||||
local init_tls="\x00\x00\x00\x08\x04\xD2\x16\x2F"
|
||||
starttls_just_send "${init_tls}" && debugme echo "initiated STARTTLS" &&
|
||||
starttls_full_read '' '' 'S' && debugme echo "received ack for STARTTLS"
|
||||
local init_tls=",x00, x00 ,x00 ,x08 ,x04 ,xD2 ,x16 ,x2F"
|
||||
socksend "${init_tls}" 0 && debugme echo "initiated STARTTLS" &&
|
||||
starttls_io "" S 1 && debugme echo "received ack for STARTTLS"
|
||||
local ret=$?
|
||||
debugme echo "=== finished postgres STARTTLS dialog with ${ret} ==="
|
||||
return $ret
|
||||
|
Loading…
Reference in New Issue
Block a user