Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-05 16:29:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2143 from dcooper16/fix2138_30

Browse Source 
Fix #2138 in 3.0 branch
This commit is contained in:
Dirk Wetter 2022-04-07 21:27:32 +02:00 committed by GitHub
commit 4a5d93dad6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
testssl.sh
View File

@ -912,14 +912,19 @@ fileout_insert_warning() {
[[ "$CMDLINE=" =~ -iL ]] && return 0
# Note we still have the message on screen + in HTML which is not as optimal as it could be
if "$do_pretty_json"; then
if "$do_pretty_json" && "$JSONHEADER"; then
echo -e " \"clientProblem${CLIENT_PROB_NO}\" : [" >>"$JSONFILE"
CLIENT_PROB_NO=$((CLIENT_PROB_NO + 1))
FIRST_FINDING=true # make sure we don't have a comma here
fi
fileout "$1" "$2" "$3"
if "$do_pretty_json"; then
echo -e "\n ]," >>"$JSONFILE"
if "$JSONHEADER"; then
echo -e "\n ]," >>"$JSONFILE"
else
echo -e ", " >>"$JSONFILE"
fi
FIRST_FINDING=true
fi
}
@ -18535,6 +18540,7 @@ determine_optimal_proto() {
local all_failed=true
local tmp=""
local proto optimal_proto
local jsonID="optimal_proto"
"$do_tls_sockets" && return 0
@ -18601,6 +18607,7 @@ determine_optimal_proto() {
if [[ "$optimal_proto" == -ssl2 ]]; then
prln_magenta "$NODEIP:$PORT appears to only support SSLv2."
fileout "$jsonID" "WARN" "$NODEIP:$PORT appears to only support SSLv2."
ignore_no_or_lame " Type \"yes\" to proceed and accept false negatives or positives" "yes"
[[ $? -ne 0 ]] && exit $ERR_CLUELESS
elif "$all_failed" && ! "$ALL_FAILED_SOCKETS"; then
@ -18608,6 +18615,7 @@ determine_optimal_proto() {
pr_magenta " $NODE:$PORT appears to support TLS 1.3 ONLY. You better use --openssl=<path_to_openssl_supporting_TLS_1.3>"
if ! "$OSSL_SHORTCUT" || [[ ! -x /usr/bin/openssl ]] || /usr/bin/openssl s_client -tls1_3 2>&1 | grep -aiq "unknown option"; then
outln
fileout "$jsonID" "WARN" "$NODE:$PORT appears to support TLS 1.3 ONLY, but $OPENSSL does not support TLS 1.3"
ignore_no_or_lame " Type \"yes\" to proceed and accept all scan problems" "yes"
[[ $? -ne 0 ]] && exit $ERR_CLUELESS
MAX_OSSL_FAIL=10
@ -18624,11 +18632,13 @@ determine_optimal_proto() {
[[ "$(has_server_protocol "tls1_2")" -ne 0 ]] && [[ "$(has_server_protocol "tls1_1")" -ne 0 ]] &&
[[ "$(has_server_protocol "tls1")" -ne 0 ]]; then
prln_magenta " $NODE:$PORT appears to support SSLv3 ONLY. You better use --openssl=<path_to_openssl_supporting_SSL_3>"
fileout "$jsonID" "WARN" "$NODE:$PORT appears to support SSLv3 ONLY, but $OPENSSL does not support SSLv3."
ignore_no_or_lame " Type \"yes\" to proceed and accept all scan problems" "yes"
[[ $? -ne 0 ]] && exit $ERR_CLUELESS
MAX_OSSL_FAIL=10
else
prln_bold " Your OpenSSL cannot connect to $NODEIP:$PORT"
fileout "$jsonID" "WARN" "Your OpenSSL cannot connect to $NODEIP:$PORT."
ignore_no_or_lame " The results might look ok but they could be nonsense. Really proceed ? (\"yes\" to continue)" "yes"
[[ $? -ne 0 ]] && exit $ERR_CLUELESS
fi
@ -18636,8 +18646,10 @@ determine_optimal_proto() {
outln
if "$HAS_IPv6"; then
pr_bold " Your $OPENSSL is not IPv6 aware, or $NODEIP:$PORT "
fileout "$jsonID" "WARN" "Your $OPENSSL is not IPv6 aware, or $NODEIP:$PORT doesn't seem to be a TLS/SSL enabled server."
else
pr_bold " $NODEIP:$PORT "
fileout "$jsonID" "WARN" "$NODEIP:$PORT doesn't seem to be a TLS/SSL enabled server."
fi
tmpfile_handle ${FUNCNAME[0]}.txt
prln_bold "doesn't seem to be a TLS/SSL enabled server";
@ -18649,6 +18661,7 @@ determine_optimal_proto() {
# FIXME: Should we include some sort of "please report" note here?
prln_magenta " Testing with $NODE:$PORT only worked using $OPENSSL."
prln_magenta " Test results may be somewhat better if the --ssl-native option is used."
fileout "$jsonID" "WARN" "Testing with $NODE:$PORT only worked using $OPENSSL."
ignore_no_or_lame " Type \"yes\" to proceed and accept false negatives or positives" "yes"
[[ $? -ne 0 ]] && exit $ERR_CLUELESS
fi