From 2a65bb8c9a82cd45d811d5c7c5bfd961aa412018 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Tue, 30 Oct 2018 00:06:59 +0100
Subject: [PATCH] Add +2 to MAX_OSSL_FAIL if running with --openssl-native AND
 an --openssl-timeout

.. otherwise we'll hit too soon the threshold: Logic: by specifying
a timeout a user indicates that there might be a problem.

Also fatal() now supports a hint which is printed in normal
text (to stderr)
---
 testssl.sh | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index 5d8e467..e924e87 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -1931,7 +1931,12 @@ service_detection() {
 #
 connectivity_problem() {
      if [[ $1 -ge $2 ]]; then
-          [[ $2 -eq 1 ]] && fatal "$3" $ERR_CONNECT
+          if [[ $2 -eq 1 ]]; then
+                fatal "$3" $ERR_CONNECT
+          fi
+          if [[ "$4" =~ openssl\ s_client\ connect ]] ; then
+               fatal "$4" $ERR_CONNECT "consider increasing MAX_OSSL_FAIL (currently: $2)"
+          fi
           fatal "$4" $ERR_CONNECT
      fi
 }
@@ -15613,6 +15618,7 @@ find_openssl_binary() {
                          OPENSSL="timeout $OPENSSL_TIMEOUT $OPENSSL"
                     fi
                fi
+               MAX_OSSL_FAIL+=2
           else
                outln
                prln_warning " Necessary binary \"timeout\" not found."
@@ -16055,10 +16061,12 @@ child_error() {
 
 # arg1: string to print / to write to file
 # arg2: error code, is a global, see ERR_* above
+# arg3: an optional string
 #
 fatal() {
      outln
      prln_magenta "Fatal error: $1" >&2
+     [[ -n "$3" ]] && outln "$3" >&2
      fileout "fatal_error"  "ERROR" "$1"
      exit $2
 }