From 3cd1273439595603100e199422e03aa83c5fd862 Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Wed, 28 Oct 2020 09:52:10 +0100 Subject: [PATCH] Address complaint by Travis Despite the fact google doesn't support RC4 ciphers, testssl.sh called sslv2_sockets(). Google answered with a >= TLS alert. Building a sum then failed then in sslv2_sockets(). This fixes sslv2_sockets() and introduces count_chars() as a helper function (tested also under old FreeBSD to make sure it works under MacOSX). --- testssl.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/testssl.sh b/testssl.sh index 3bea2dc..9b00b6a 100755 --- a/testssl.sh +++ b/testssl.sh @@ -803,6 +803,10 @@ count_ciphers() { echo $(wc -w <<< "${1//:/ }") } +count_chars() { + echo $(wc -c <<< "$1") +} + newline_to_spaces() { tr '\n' ' ' <<< "$1" | sed 's/ $//' } @@ -14331,8 +14335,8 @@ sslv2_sockets() { if "$parse_complete"; then if [[ -s "$SOCK_REPLY_FILE" ]]; then server_hello=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE") - server_hello_len=2 + $(hex2dec "${server_hello:1:3}") - response_len=$(wc -c "$SOCK_REPLY_FILE" | awk '{ print $1 }') + server_hello_len=$((2 + $(hex2dec "${server_hello:1:3}") )) + response_len=$(count_chars "$SOCK_REPLY_FILE") for (( 1; response_len < server_hello_len; 1 )); do sock_reply_file2=${SOCK_REPLY_FILE}.2 mv "$SOCK_REPLY_FILE" "$sock_reply_file2" @@ -14344,7 +14348,7 @@ sslv2_sockets() { [[ ! -s "$SOCK_REPLY_FILE" ]] && break cat "$SOCK_REPLY_FILE" >> "$sock_reply_file2" mv "$sock_reply_file2" "$SOCK_REPLY_FILE" - response_len=$(wc -c "$SOCK_REPLY_FILE" | awk '{ print $1 }') + response_len=$(count_chars "$SOCK_REPLY_FILE") done fi fi @@ -14362,6 +14366,7 @@ sslv2_sockets() { return $ret } + # arg1: supported groups extension # arg2: "all" - process full response (including Certificate and certificate_status handshake messages) # "ephemeralkey" - extract the server's ephemeral key (if any)