Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-11-03 23:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '2.9dev' into fix_782

Browse Source
This commit is contained in:
David Cooper
2017-07-12 08:55:44 -04:00
parent 7037bd8e4b 9244f2c83c
commit 6004123dc0
1 changed files with 23 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
testssl.sh
View File

@@ -1725,7 +1725,7 @@ run_hpkp() {
hpkp_ca="$($OPENSSL x509 -in $HOSTCERT -issuer -noout|sed 's/^.*CN=//' | sed 's/\/.*$//')" hpkp_ca="$($OPENSSL x509 -in $HOSTCERT -issuer -noout|sed 's/^.*CN=//' | sed 's/\/.*$//')"
# Get keys/hashes from intermediate certificates # Get keys/hashes from intermediate certificates
$OPENSSL s_client $STARTTLS $BUGS $PROXY -showcerts -connect $NODEIP:$PORT ${sni[i]} </dev/null >$TMPFILE 2>$ERRFILE $OPENSSL s_client $STARTTLS $BUGS $PROXY -showcerts -connect $NODEIP:$PORT $SNI </dev/null >$TMPFILE 2>$ERRFILE
# Place the server's certificate in $HOSTCERT and any intermediate # Place the server's certificate in $HOSTCERT and any intermediate
# certificates that were provided in $TEMPDIR/intermediatecerts.pem # certificates that were provided in $TEMPDIR/intermediatecerts.pem
# http://backreference.org/2010/05/09/ocsp-verification-with-openssl/ # http://backreference.org/2010/05/09/ocsp-verification-with-openssl/
@@ -3447,8 +3447,8 @@ client_simulation_sockets() {
done done
debugme echo "sending client hello..." debugme echo "sending client hello..."
code2network "${data}" code2network "${data}"
fd_socket 5 || return 6
data="$NW_STR" data="$NW_STR"
fd_socket 5 || return 6
[[ "$DEBUG" -ge 4 ]] && echo "\"$data\"" [[ "$DEBUG" -ge 4 ]] && echo "\"$data\""
printf -- "$data" >&5 2>/dev/null & printf -- "$data" >&5 2>/dev/null &
sleep $USLEEP_SND sleep $USLEEP_SND
@@ -6883,11 +6883,18 @@ starttls_line() {
return 0 return 0
} }
# Line based send with newline characters appended
starttls_just_send(){ starttls_just_send(){
debugme echo -e "C: $1" debugme echo -e "C: $1"
echo -ne "$1\r\n" >&5 echo -ne "$1\r\n" >&5
} }
# Stream based send
starttls_just_send2(){
debugme echo -e "C: $1"
echo -ne "$1" >&5
}
starttls_just_read(){ starttls_just_read(){
debugme echo "=== just read banner ===" debugme echo "=== just read banner ==="
if [[ "$DEBUG" -ge 2 ]]; then if [[ "$DEBUG" -ge 2 ]]; then
@@ -7015,9 +7022,20 @@ starttls_postgres_dialog() {
starttls_mysql_dialog() { starttls_mysql_dialog() {
debugme echo "=== starting mysql STARTTLS dialog ===" debugme echo "=== starting mysql STARTTLS dialog ==="
local login_request="
debugme echo "mysql socket dialog not yet implemented" , 20, 00, 00, 01, # payload_length, sequence_id
85, ae, ff, 00, # capability flags, CLIENT_SSL always set
00, 00, 00, 01, # max-packet size
21, # character set
00, 00, 00, 00, 00, 00, 00, 00, # string[23] reserved (all [0])
00, 00, 00, 00, 00, 00, 00, 00,
00, 00, 00, 00, 00, 00, 00"
code2network "${login_request}"
starttls_just_read && debugme echo -e "\nreceived server greeting" &&
starttls_just_send2 "$NW_STR" && debugme echo "initiated STARTTLS"
# TODO: We could detect if the server supports STARTTLS via the "Server Capabilities"
# bit field, but we'd need to parse the binary stream, with greater precision than regex.
local ret=$?
debugme echo "=== finished mysql STARTTLS dialog with ${ret} ===" debugme echo "=== finished mysql STARTTLS dialog with ${ret} ==="
return $ret return $ret
} }