From 667de371cd7561990c84239f7a4c58dd6e023769 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Thu, 5 Aug 2021 15:07:57 -0400 Subject: [PATCH] Fix #1961 This commit fixes #1961 in the 3.1dev branch by leaving NODEIP set to the server's IP address rather than changing it to the DNS name in the case of STARTTLS XMPP. In order to address the problem of $OPENSSL s_client not working with STARTTLS XMPP if an IP address is provided to -connect, the -xmpphost option is used to provide the DNS name. --- testssl.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/testssl.sh b/testssl.sh index c9236a0..d814a7e 100755 --- a/testssl.sh +++ b/testssl.sh @@ -20983,8 +20983,6 @@ determine_service() { ftp|smtp|lmtp|pop3|imap|xmpp|xmpp-server|telnet|ldap|postgres|mysql|nntp) STARTTLS="-starttls $protocol" if [[ "$protocol" == xmpp ]] || [[ "$protocol" == xmpp-server ]]; then - # for XMPP, openssl has a problem using -connect $NODEIP:$PORT. thus we use -connect $NODE:$PORT instead! - NODEIP="$NODE" if [[ -n "$XMPP_HOST" ]]; then if ! "$HAS_XMPP"; then fatal "Your $OPENSSL does not support the \"-xmpphost\" option" $ERR_OSSLBIN @@ -20998,11 +20996,18 @@ determine_service() { prln_warning " IP address doesn't work for XMPP, trying PTR record $rDNS" # remove trailing . NODE=${rDNS%%.} - NODEIP=${rDNS%%.} else fatal "No DNS supplied and no PTR record available which I can try for XMPP" $ERR_DNSLOOKUP fi fi + if "$HAS_XMPP"; then + # small hack -- instead of changing calls all over the place + STARTTLS="$STARTTLS -xmpphost $NODE" + else + # If the XMPP name cannot be provided using -xmpphost, + # then it needs to be provided to the -connect option + NODEIP="$NODE" + fi fi if [[ "$protocol" == xmpp-server ]] && ! "$HAS_XMPP_SERVER"; then #FIXME: make use of HAS_XMPP_SERVER2