Add +2 to MAX_OSSL_FAIL if running with --openssl-native AND an --openssl-timeout

.. otherwise we'll hit too soon the threshold: Logic: by specifying a timeout a user indicates that there might be a problem. Also fatal() now supports a hint which is printed in normal text (to stderr)
2024-12-28 12:29:44 +01:00 · 2018-10-30 00:06:59 +01:00 · 2018-10-30 00:06:59 +01:00 · 2a65bb8c9a
commit 2a65bb8c9a
parent 987fbeda37
1 changed files with 9 additions and 1 deletions
--- a/testssl.sh
+++ b/testssl.sh
@ -1931,7 +1931,12 @@ service_detection() {
 #
 connectivity_problem() {
     if [[ $1 -ge $2 ]]; then
-          [[ $2 -eq 1 ]] && fatal "$3" $ERR_CONNECT
+          if [[ $2 -eq 1 ]]; then
+                fatal "$3" $ERR_CONNECT
+          fi
+          if [[ "$4" =~ openssl\ s_client\ connect ]] ; then
+               fatal "$4" $ERR_CONNECT "consider increasing MAX_OSSL_FAIL (currently: $2)"
+          fi
          fatal "$4" $ERR_CONNECT
     fi
 }
@ -15613,6 +15618,7 @@ find_openssl_binary() {
                         OPENSSL="timeout $OPENSSL_TIMEOUT $OPENSSL"
                    fi
               fi
+               MAX_OSSL_FAIL+=2
          else
               outln
               prln_warning " Necessary binary \"timeout\" not found."
@ -16055,10 +16061,12 @@ child_error() {

 # arg1: string to print / to write to file
 # arg2: error code, is a global, see ERR_* above
+# arg3: an optional string
 #
 fatal() {
     outln
     prln_magenta "Fatal error: $1" >&2
+     [[ -n "$3" ]] && outln "$3" >&2
     fileout "fatal_error"  "ERROR" "$1"
     exit $2
 }