manually resolved conflict from #839 + change it to new logic

This commit is contained in:
Dirk 2017-10-02 14:55:57 +02:00
parent f3dc53f554
commit 411accb66d
1 changed files with 31 additions and 8 deletions

View File

@ -3972,16 +3972,21 @@ run_prototest_openssl() {
# arg1: protocol
# arg2: available (yes) or not (no)
add_tls_offered() {
<<<<<<< HEAD
if [[ "$PROTOS_OFFERED" =~ $1: ]]; then
# the ":" is mandatory here (and @ other palces), otherwise e.g. tls1 will match tls1_2
:
else
PROTOS_OFFERED+="${1}:$2 "
fi
=======
[[ "$PROTOS_OFFERED" =~ "$1 " ]] || PROTOS_OFFERED+="$1 "
>>>>>>> af15bd0f002c0523579b3807949fa54c05c793e3
}
# function which checks whether SSLv2 - TLS 1.2 is being offereed, see add_tls_offered()
has_server_protocol() {
<<<<<<< HEAD
local proto_val_pair
if [[ "$PROTOS_OFFERED" =~ $1: ]]; then
@ -3999,6 +4004,9 @@ has_server_protocol() {
else
# if empty echo 2, hinting to the caller to check at additional cost/connect
echo 2
=======
if [[ "$PROTOS_OFFERED" =~ "$1 " ]]; then
>>>>>>> af15bd0f002c0523579b3807949fa54c05c793e3
return 0
fi
}
@ -4881,6 +4889,7 @@ run_server_preference() {
cipher[i]=""
fi
fi
[[ -n "${cipher[i]}" ]] && add_tls_offered "$proto" yes
i=$((i + 1))
done
@ -4997,7 +5006,7 @@ cipher_pref_check() {
pr_bold " Cipher order"
tm_out " ssl3 00 SSLv3\n tls1 01 TLSv1\n tls1_1 02 TLSv1.1\n tls1_2 03 TLSv1.2\n" | while read p proto_hex proto; do
while read p proto_hex proto; do
order=""; ciphers_found_with_sockets=false
if [[ $p == ssl3 ]] && ! "$HAS_SSL3" && ! "$using_sockets"; then
out "\n SSLv3: "; pr_local_problem "$OPENSSL doesn't support \"s_client -ssl3\"";
@ -5168,12 +5177,13 @@ cipher_pref_check() {
fi
if [[ -n "$order" ]]; then
add_tls_offered "$p" yes
outln
out "$(printf " %-10s " "$proto: ")"
out "$(out_row_aligned_max_width "$order" " " $TERM_WIDTH)"
fileout "order_$p" "INFO" "Default cipher order for protocol $p: $order"
fi
done
done <<< "$(tm_out " ssl3 00 SSLv3\n tls1 01 TLSv1\n tls1_1 02 TLSv1.1\n tls1_2 03 TLSv1.2\n")"
outln
outln
@ -10808,9 +10818,17 @@ run_beast(){
# first determine whether it's mitigated by higher protocols
for proto in tls1_1 tls1_2; do
$OPENSSL s_client -state -"$proto" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI 2>>$ERRFILE >$TMPFILE </dev/null
if sclient_connect_successful $? $TMPFILE; then
higher_proto_supported="$higher_proto_supported $(get_protocol $TMPFILE)"
if [[ $(has_server_protocol "$proto") -eq 0 ]]; then
case $proto in
tls1_1) higher_proto_supported+=" TLSv1.1" ;;
tls1_2) higher_proto_supported+=" TLSv1.2" ;;
esac
else
$OPENSSL s_client -state -"$proto" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI 2>>$ERRFILE >$TMPFILE </dev/null
if sclient_connect_successful $? $TMPFILE; then
higher_proto_supported+=" $(get_protocol $TMPFILE)"
add_tls_offered "$proto" yes
fi
fi
done
@ -10820,14 +10838,18 @@ run_beast(){
out " "
continue
fi
if [[ "$proto" != "ssl3" ]] || "$HAS_SSL3"; then
[[ ! "$proto" =~ ssl ]] && sni="$SNI" || sni=""
[[ ! "$proto" =~ ssl ]] && sni="$SNI" || sni=""
if [[ $(has_server_protocol "$proto") -eq 0 ]]; then
sclient_success=0
elif [[ "$proto" != "ssl3" ]] || "$HAS_SSL3"; then
$OPENSSL s_client -"$proto" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $sni >$TMPFILE 2>>$ERRFILE </dev/null
sclient_connect_successful $? $TMPFILE
sclient_success=$?
else
tls_sockets "00" "$TLS_CIPHER"
sclient_success=$?
fi
if [[ $? -ne 0 ]]; then # protocol supported?
if [[ $sclient_success -ne 0 ]]; then # protocol supported?
if "$continued"; then # second round: we hit TLS1
if "$HAS_SSL3" || "$using_sockets"; then
prln_done_good "no SSL3 or TLS1 (OK)"
@ -10842,6 +10864,7 @@ run_beast(){
continue # protocol not supported, so we do not need to check each cipher with that protocol
fi
fi # protocol succeeded
add_tls_offered "$proto" yes
# now we test in one shot with the precompiled ciphers
if "$using_sockets"; then