Explain OSSL_SHORTCUT better, "automagically" is the word we wanted to use

This commit is contained in:
Dirk Wetter 2024-09-08 12:27:51 +02:00
parent c5b07e7d99
commit 4ce91d7d61

View File

@ -246,7 +246,7 @@ TLS_DATA_FILE="" # mandatory file for socket-based handsh
OPENSSL="" # ~/bin/openssl.$(uname).$(uname -m) if you run this from GitHub. Linux otherwise probably /usr/bin/openssl OPENSSL="" # ~/bin/openssl.$(uname).$(uname -m) if you run this from GitHub. Linux otherwise probably /usr/bin/openssl
OPENSSL2=${OPENSSL2:-/usr/bin/openssl} # This will be openssl version >=1.1.1 (auto determined) as opposed to openssl-bad (OPENSSL) OPENSSL2=${OPENSSL2:-/usr/bin/openssl} # This will be openssl version >=1.1.1 (auto determined) as opposed to openssl-bad (OPENSSL)
OPENSSL2_HAS_TLS_1_3=false # If we run with supplied binary AND $OPENSSL2 supports TLS 1.3 this will be set to true OPENSSL2_HAS_TLS_1_3=false # If we run with supplied binary AND $OPENSSL2 supports TLS 1.3 this will be set to true
OSSL_SHORTCUT=${OSSL_SHORTCUT:-true} # Hack: if during the scan turns out the OpenSSL binary supports TLS 1.3 would be a better choice OSSL_SHORTCUT=${OSSL_SHORTCUT:-true} # If you don't want automagically switch from $OPENSSL to $OPENSSL2 for TLS 1.3 hosts, set this to false
OPENSSL_LOCATION="" OPENSSL_LOCATION=""
IKNOW_FNAME=false IKNOW_FNAME=false
FIRST_FINDING=true # is this the first finding we are outputting to file? FIRST_FINDING=true # is this the first finding we are outputting to file?
@ -22039,8 +22039,8 @@ determine_optimal_proto() {
if "$OPENSSL2_HAS_TLS_1_3"; then if "$OPENSSL2_HAS_TLS_1_3"; then
if "$OSSL_SHORTCUT" || [[ "$WARNINGS" == batch ]]; then if "$OSSL_SHORTCUT" || [[ "$WARNINGS" == batch ]]; then
# switch w/o asking # switch w/o asking
OPEN_MSG=" $NODE:$PORT appeared to support TLS 1.3 ONLY. Thus switched implicitly from\n \"$OPENSSL\" to \"$OPENSSL2\"." OPEN_MSG=" $NODE:$PORT appeared to support TLS 1.3 ONLY. Thus switched automagically from\n \"$OPENSSL\" to \"$OPENSSL2\"."
fileout "$jsonID" "INFO" "$NODE:$PORT appears to support TLS 1.3 ONLY, switching from $OPENSSL to $OPENSSL2 was implicitly enforced" fileout "$jsonID" "INFO" "$NODE:$PORT appears to support TLS 1.3 ONLY, switching from $OPENSSL to $OPENSSL2 automagically"
OPENSSL="$OPENSSL2" OPENSSL="$OPENSSL2"
find_openssl_binary find_openssl_binary
prepare_arrays prepare_arrays