mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-01 06:19:44 +01:00
STARTTLS: add support for xmpp-server
XMPP client-to-server and server-to-server links historically use different XML namespaces. Some server implementations are strict about this and will not proceed with the connection attempt when the client namespace (`jabber:client`) is used on a server-to-server link. openssl s_client also supports `xmpp-server`.
This commit is contained in:
parent
e0d7945c8a
commit
4daf20585d
@ -134,7 +134,7 @@ Please note that \fBfname\fR has to be in Unix format\. DOS carriage returns won
|
|||||||
\fB\-\-basicauth <user:pass>\fR This can be set to provide HTTP basic auth credentials which are used during checks for security headers\. BASICAUTH is the ENV variable you can use instead\.
|
\fB\-\-basicauth <user:pass>\fR This can be set to provide HTTP basic auth credentials which are used during checks for security headers\. BASICAUTH is the ENV variable you can use instead\.
|
||||||
.
|
.
|
||||||
.SS "SPECIAL INVOCATIONS"
|
.SS "SPECIAL INVOCATIONS"
|
||||||
\fB\-t <protocol>, \-\-starttls <protocol>\fR does a default run against a STARTTLS enabled \fBprotocol\fR\. \fBprotocol\fR must be one of \fBftp\fR, \fBsmtp\fR, \fBpop3\fR, \fBimap\fR, \fBxmpp\fR, \fBtelnet\fR, \fBldap\fR, \fBirc\fR, \fBlmtp\fR, \fBnntp\fR, \fBpostgres\fR, \fBmysql\fR\. For the latter four you need e\.g\. the supplied OpenSSL or OpenSSL version 1\.1\.1\. Please note: MongoDB doesn\'t offer a STARTTLS connection, LDAP currently only works with \fB\-\-ssl\-native\fR\. \fBtelnet\fR and \fBirc\fR is WIP\.
|
\fB\-t <protocol>, \-\-starttls <protocol>\fR does a default run against a STARTTLS enabled \fBprotocol\fR\. \fBprotocol\fR must be one of \fBftp\fR, \fBsmtp\fR, \fBpop3\fR, \fBimap\fR, \fBxmpp\fR, \fBxmpp-server\fR, \fBtelnet\fR, \fBldap\fR, \fBirc\fR, \fBlmtp\fR, \fBnntp\fR, \fBpostgres\fR, \fBmysql\fR\. For the latter four you need e\.g\. the supplied OpenSSL or OpenSSL version 1\.1\.1\. Please note: MongoDB doesn\'t offer a STARTTLS connection, LDAP currently only works with \fB\-\-ssl\-native\fR\. \fBtelnet\fR and \fBirc\fR is WIP\.
|
||||||
.
|
.
|
||||||
.P
|
.P
|
||||||
\fB\-\-xmpphost <jabber_domain>\fR is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter\. This is only needed if the domain is different from the URI supplied\.
|
\fB\-\-xmpphost <jabber_domain>\fR is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter\. This is only needed if the domain is different from the URI supplied\.
|
||||||
|
15
testssl.sh
15
testssl.sh
@ -10296,7 +10296,10 @@ starttls_xmpp_dialog() {
|
|||||||
debugme echo "=== starting xmpp STARTTLS dialog ==="
|
debugme echo "=== starting xmpp STARTTLS dialog ==="
|
||||||
[[ -z $XMPP_HOST ]] && XMPP_HOST="$NODE"
|
[[ -z $XMPP_HOST ]] && XMPP_HOST="$NODE"
|
||||||
|
|
||||||
starttls_io "<stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' to='"$XMPP_HOST"' version='1.0'>" 'starttls(.*)features' 1 &&
|
namespace="jabber:client"
|
||||||
|
[[ "$STARTTLS_PROTOCOL" == xmpp-server ]] && namespace="jabber:server"
|
||||||
|
|
||||||
|
starttls_io "<stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='"$namespace"' to='"$XMPP_HOST"' version='1.0'>" 'starttls(.*)features' 1 &&
|
||||||
starttls_io "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>" '<proceed' 1
|
starttls_io "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>" '<proceed' 1
|
||||||
local ret=$?
|
local ret=$?
|
||||||
debugme echo "=== finished xmpp STARTTLS dialog with ${ret} ==="
|
debugme echo "=== finished xmpp STARTTLS dialog with ${ret} ==="
|
||||||
@ -10438,7 +10441,7 @@ fd_socket() {
|
|||||||
acap|acaps) # ACAP = Application Configuration Access Protocol, see https://tools.ietf.org/html/rfc2595
|
acap|acaps) # ACAP = Application Configuration Access Protocol, see https://tools.ietf.org/html/rfc2595
|
||||||
fatal "ACAP Easteregg: not implemented -- probably never will" $ERR_NOSUPPORT
|
fatal "ACAP Easteregg: not implemented -- probably never will" $ERR_NOSUPPORT
|
||||||
;;
|
;;
|
||||||
xmpp|xmpps) # XMPP, see https://tools.ietf.org/html/rfc6120
|
xmpp|xmpps|xmpp-server) # XMPP, see https://tools.ietf.org/html/rfc6120
|
||||||
starttls_xmpp_dialog
|
starttls_xmpp_dialog
|
||||||
# IM observatory: https://xmpp.net , XMPP server directory: https://xmpp.net/directory.php
|
# IM observatory: https://xmpp.net , XMPP server directory: https://xmpp.net/directory.php
|
||||||
;;
|
;;
|
||||||
@ -18310,7 +18313,7 @@ help() {
|
|||||||
"$PROG_NAME [options] <URI>", where [options] is:
|
"$PROG_NAME [options] <URI>", where [options] is:
|
||||||
|
|
||||||
-t, --starttls <protocol> Does a default run against a STARTTLS enabled <protocol,
|
-t, --starttls <protocol> Does a default run against a STARTTLS enabled <protocol,
|
||||||
protocol is <ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|nntp|postgres|mysql>
|
protocol is <ftp|smtp|lmtp|pop3|imap|xmpp|xmpp-server|telnet|ldap|nntp|postgres|mysql>
|
||||||
--xmpphost <to_domain> For STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed
|
--xmpphost <to_domain> For STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed
|
||||||
--mx <domain/host> Tests MX records from high to low priority (STARTTLS, port 25)
|
--mx <domain/host> Tests MX records from high to low priority (STARTTLS, port 25)
|
||||||
--file/-iL <fname> Mass testing option: Reads one testssl.sh command line per line from <fname>.
|
--file/-iL <fname> Mass testing option: Reads one testssl.sh command line per line from <fname>.
|
||||||
@ -19646,9 +19649,9 @@ determine_service() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
case "$protocol" in
|
case "$protocol" in
|
||||||
ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|postgres|mysql|nntp)
|
ftp|smtp|lmtp|pop3|imap|xmpp|xmpp-server|telnet|ldap|postgres|mysql|nntp)
|
||||||
STARTTLS="-starttls $protocol"
|
STARTTLS="-starttls $protocol"
|
||||||
if [[ "$protocol" == xmpp ]]; then
|
if [[ "$protocol" == xmpp ]] || [[ "$protocol" == xmpp-server ]]; then
|
||||||
# for XMPP, openssl has a problem using -connect $NODEIP:$PORT. thus we use -connect $NODE:$PORT instead!
|
# for XMPP, openssl has a problem using -connect $NODEIP:$PORT. thus we use -connect $NODE:$PORT instead!
|
||||||
NODEIP="$NODE"
|
NODEIP="$NODE"
|
||||||
if [[ -n "$XMPP_HOST" ]]; then
|
if [[ -n "$XMPP_HOST" ]]; then
|
||||||
@ -20591,7 +20594,7 @@ parse_cmd_line() {
|
|||||||
STARTTLS_PROTOCOL="$(parse_opt_equal_sign "$1" "$2")"
|
STARTTLS_PROTOCOL="$(parse_opt_equal_sign "$1" "$2")"
|
||||||
[[ $? -eq 0 ]] && shift
|
[[ $? -eq 0 ]] && shift
|
||||||
case $STARTTLS_PROTOCOL in
|
case $STARTTLS_PROTOCOL in
|
||||||
ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|irc|nntp|postgres|mysql) ;;
|
ftp|smtp|lmtp|pop3|imap|xmpp|xmpp-server|telnet|ldap|irc|nntp|postgres|mysql) ;;
|
||||||
ftps|smtps|lmtps|pop3s|imaps|xmpps|telnets|ldaps|ircs|nntps|mysqls) ;;
|
ftps|smtps|lmtps|pop3s|imaps|xmpps|telnets|ldaps|ircs|nntps|mysqls) ;;
|
||||||
*) tmln_magenta "\nunrecognized STARTTLS protocol \"$1\", see help" 1>&2
|
*) tmln_magenta "\nunrecognized STARTTLS protocol \"$1\", see help" 1>&2
|
||||||
help 1 ;;
|
help 1 ;;
|
||||||
|
Loading…
Reference in New Issue
Block a user