Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2024-12-31 22:09:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2487 from Tazmaniac/renego-fix3

Browse Source 
[Client Renego] Small important fixes
This commit is contained in:
Dirk Wetter 2024-04-02 11:15:12 +02:00 committed by GitHub
commit 5581499da5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
testssl.sh
View File

@ -17060,6 +17060,8 @@ run_renego() {
# We will need $ERRFILE for mitigation detection # We will need $ERRFILE for mitigation detection
if [[ $ERRFILE =~ dev.null ]]; then if [[ $ERRFILE =~ dev.null ]]; then
ERRFILE=$TEMPDIR/errorfile.txt || exit $ERR_FCREATE ERRFILE=$TEMPDIR/errorfile.txt || exit $ERR_FCREATE
# cleanup previous run if any (multiple IP)
rm -f $ERRFILE
restore_errfile=1 restore_errfile=1
else else
restore_errfile=0 restore_errfile=0
@ -17105,14 +17107,16 @@ run_renego() {
(j=0; while [[ $(grep -ac '^SSL-Session:' $TMPFILE) -ne 1 ]] && [[ $j -lt 30 ]]; do sleep $ssl_reneg_wait; ((j++)); done; \ (j=0; while [[ $(grep -ac '^SSL-Session:' $TMPFILE) -ne 1 ]] && [[ $j -lt 30 ]]; do sleep $ssl_reneg_wait; ((j++)); done; \
for ((i=0; i < ssl_reneg_attempts; i++ )); do sleep $ssl_reneg_wait; echo R; k=0; \ for ((i=0; i < ssl_reneg_attempts; i++ )); do sleep $ssl_reneg_wait; echo R; k=0; \
while [[ $(grep -ac '^RENEGOTIATING' $ERRFILE) -ne $((i+3)) ]] && [[ -f $TEMPDIR/allowed_to_loop ]] \ while [[ $(grep -ac '^RENEGOTIATING' $ERRFILE) -ne $((i+3)) ]] && [[ -f $TEMPDIR/allowed_to_loop ]] \
&& [[ $(tail -n1 $ERRFILE |grep -acE '^(RENEGOTIATING|depth|verify)') -eq 1 ]] && [[ $k -lt 120 ]]; \ && [[ $(tail -n1 $ERRFILE |grep -acE '^(RENEGOTIATING|depth|verify|notAfter)') -eq 1 ]] \
do sleep $ssl_reneg_wait; ((k++)); done; \ && [[ $k -lt 120 ]]; \
do sleep $ssl_reneg_wait; ((k++)); if (tail -5 $TMPFILE| grep -qa '^closed'); then sleep 1; break; fi; done; \
done) | \ done) | \
$OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE & $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE &
pid=$! pid=$!
( sleep $((ssl_reneg_attempts*3)) && kill $pid && touch $TEMPDIR/was_killed ) >&2 2>/dev/null & ( sleep $((ssl_reneg_attempts*3)) && kill $pid && touch $TEMPDIR/was_killed ) >&2 2>/dev/null &
watcher=$! watcher=$!
# Trick to get the return value of the openssl command, output redirection and a timeout. Yes, some target hang/block after some tries. # Trick to get the return value of the openssl command, output redirection and a timeout.
# Yes, some target hang/block after some tries.
wait $pid wait $pid
tmp_result=$? tmp_result=$?
pkill -HUP -P $watcher pkill -HUP -P $watcher
@ -17120,6 +17124,10 @@ run_renego() {
rm -f $TEMPDIR/allowed_to_loop rm -f $TEMPDIR/allowed_to_loop
# If we are here, we have done two successful renegotiation (-2) and do the loop # If we are here, we have done two successful renegotiation (-2) and do the loop
loop_reneg=$(($(grep -ac '^RENEGOTIATING' $ERRFILE)-2)) loop_reneg=$(($(grep -ac '^RENEGOTIATING' $ERRFILE)-2))
# As above, some servers close the connection and return value is zero
if (tail -5 $TMPFILE| grep -qa '^closed'); then
tmp_result=1
fi
if [[ -f $TEMPDIR/was_killed ]]; then if [[ -f $TEMPDIR/was_killed ]]; then
tmp_result=2 tmp_result=2
rm -f $TEMPDIR/was_killed rm -f $TEMPDIR/was_killed