Fix issue with run_protocols() in --ssl-native mode
This PR fixes a minor problem with run_protocols() in "--ssl-native" mode if $OPENSSL does not support TLS 1.3. Currently, the warning message that $OPENSSL does not support a protocol is printed when run_prototest_openssl() is called. This causes a problem for the output if $OPENSSL does not support TLS 1.3, since the run_prototest_openssl() is called before the results for TLS 1.2 are printed. The result is something like this: SSLv2 not offered (OK) SSLv3 not offered (OK) TLS 1 offered (deprecated) TLS 1.1 offered (deprecated) Local problem: /home/cooper/Desktop/testssl.sh/bin/openssl.Linux.x86_64 doesn't support "s_client -tls1_3" TLS 1.2 offered (OK) TLS 1.3 NPN/SPDY not offered ALPN/HTTP2 http/1.1 (offered)
This commit is contained in:
parent
cd647ba2d0
commit
54fad800c0
16
testssl.sh
16
testssl.sh
|
@ -4796,7 +4796,8 @@ locally_supported() {
|
|||
run_prototest_openssl() {
|
||||
local -i ret=0
|
||||
|
||||
! locally_supported "$1" && return 7
|
||||
# check whether the protocol being tested is supported by $OPENSSL
|
||||
$OPENSSL s_client "$1" -connect x 2>&1 | grep -aq "unknown option" && return 7
|
||||
$OPENSSL s_client $(s_client_options "-state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>$ERRFILE </dev/null
|
||||
sclient_connect_successful $? $TMPFILE
|
||||
ret=$?
|
||||
|
@ -4967,7 +4968,8 @@ run_protocols() {
|
|||
fileout "$jsonID" "HIGH" "offered, no cipher" "CVE-2015-3197" "CWE-310"
|
||||
add_tls_offered ssl2 yes
|
||||
;;
|
||||
7) fileout "$jsonID" "INFO" "not tested due to lack of local support"
|
||||
7) prln_local_problem "$OPENSSL doesn't support \"s_client -ssl2\""
|
||||
fileout "$jsonID" "INFO" "not tested due to lack of local support"
|
||||
((ret++))
|
||||
;;
|
||||
esac
|
||||
|
@ -5030,7 +5032,7 @@ run_protocols() {
|
|||
# can only happen in debug mode
|
||||
pr_warning "strange reply, maybe a client side problem with SSLv3"; outln "$debug_recomm"
|
||||
else
|
||||
# warning on screen came already from locally_supported()
|
||||
prln_local_problem "$OPENSSL doesn't support \"s_client -ssl3\""
|
||||
fileout "$jsonID" "WARN" "not tested due to lack of local support"
|
||||
fi
|
||||
;;
|
||||
|
@ -5107,7 +5109,7 @@ run_protocols() {
|
|||
# can only happen in debug mode
|
||||
pr_warning "strange reply, maybe a client side problem with TLS 1.0"; outln "$debug_recomm"
|
||||
else
|
||||
# warning on screen came already from locally_supported()
|
||||
prln_local_problem "$OPENSSL doesn't support \"s_client -tls1\""
|
||||
fileout "$jsonID" "WARN" "not tested due to lack of local support"
|
||||
fi
|
||||
((ret++))
|
||||
|
@ -5188,7 +5190,7 @@ run_protocols() {
|
|||
# can only happen in debug mode
|
||||
pr_warning "strange reply, maybe a client side problem with TLS 1.1"; outln "$debug_recomm"
|
||||
else
|
||||
# warning on screen came already from locally_supported()
|
||||
prln_local_problem "$OPENSSL doesn't support \"s_client -tls1_1\""
|
||||
fileout "$jsonID" "WARN" "not tested due to lack of local support"
|
||||
fi
|
||||
((ret++))
|
||||
|
@ -5309,7 +5311,7 @@ run_protocols() {
|
|||
# can only happen in debug mode
|
||||
pr_warning "strange reply, maybe a client side problem with TLS 1.2"; outln "$debug_recomm"
|
||||
else
|
||||
# warning on screen came already from locally_supported()
|
||||
prln_local_problem "$OPENSSL doesn't support \"s_client -tls1_2\""
|
||||
fileout "$jsonID" "WARN" "not tested due to lack of local support"
|
||||
fi
|
||||
((ret++))
|
||||
|
@ -5462,7 +5464,7 @@ run_protocols() {
|
|||
# can only happen in debug mode
|
||||
prln_warning "strange reply, maybe a client side problem with TLS 1.3"; outln "$debug_recomm"
|
||||
else
|
||||
# warning on screen came already from locally_supported()
|
||||
prln_local_problem "$OPENSSL doesn't support \"s_client -tls1_3\""
|
||||
fileout "$jsonID" "WARN" "not tested due to lack of local support"
|
||||
fi
|
||||
((ret++))
|
||||
|
|
Loading…
Reference in New Issue