Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2024-12-29 12:59:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix #1961

Browse Source 
This commit fixes #1961 in the 3.1dev branch by leaving NODEIP set to the server's IP address rather than changing it to the DNS name in the case of STARTTLS XMPP.

In order to address the problem of $OPENSSL s_client not working with STARTTLS XMPP if an IP address is provided to -connect, the -xmpphost option is used to provide the DNS name.
This commit is contained in:
David Cooper 2021-08-05 15:07:57 -04:00
parent f15da8d15d
commit 667de371cd
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
testssl.sh
View File

@ -20983,8 +20983,6 @@ determine_service() {
ftp|smtp|lmtp|pop3|imap|xmpp|xmpp-server|telnet|ldap|postgres|mysql|nntp) ftp|smtp|lmtp|pop3|imap|xmpp|xmpp-server|telnet|ldap|postgres|mysql|nntp)
STARTTLS="-starttls $protocol" STARTTLS="-starttls $protocol"
if [[ "$protocol" == xmpp ]] || [[ "$protocol" == xmpp-server ]]; then if [[ "$protocol" == xmpp ]] || [[ "$protocol" == xmpp-server ]]; then
# for XMPP, openssl has a problem using -connect $NODEIP:$PORT. thus we use -connect $NODE:$PORT instead!
NODEIP="$NODE"
if [[ -n "$XMPP_HOST" ]]; then if [[ -n "$XMPP_HOST" ]]; then
if ! "$HAS_XMPP"; then if ! "$HAS_XMPP"; then
fatal "Your $OPENSSL does not support the \"-xmpphost\" option" $ERR_OSSLBIN fatal "Your $OPENSSL does not support the \"-xmpphost\" option" $ERR_OSSLBIN
@ -20998,11 +20996,18 @@ determine_service() {
prln_warning " IP address doesn't work for XMPP, trying PTR record $rDNS" prln_warning " IP address doesn't work for XMPP, trying PTR record $rDNS"
# remove trailing . # remove trailing .
NODE=${rDNS%%.} NODE=${rDNS%%.}
NODEIP=${rDNS%%.}
else else
fatal "No DNS supplied and no PTR record available which I can try for XMPP" $ERR_DNSLOOKUP fatal "No DNS supplied and no PTR record available which I can try for XMPP" $ERR_DNSLOOKUP
fi fi
fi fi
if "$HAS_XMPP"; then
# small hack -- instead of changing calls all over the place
STARTTLS="$STARTTLS -xmpphost $NODE"
else
# If the XMPP name cannot be provided using -xmpphost,
# then it needs to be provided to the -connect option
NODEIP="$NODE"
fi
fi fi
if [[ "$protocol" == xmpp-server ]] && ! "$HAS_XMPP_SERVER"; then if [[ "$protocol" == xmpp-server ]] && ! "$HAS_XMPP_SERVER"; then
#FIXME: make use of HAS_XMPP_SERVER2 #FIXME: make use of HAS_XMPP_SERVER2