mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-19 06:59:30 +01:00
Improved connection failure conditions
As a kind of a pre-warning this commit allows the n-1 connection problem to give feedback on the screen (that wasn't working before). Also the message on the screen is now more clear and the manpage gives better advice. Related to #1172
This commit is contained in:
parent
11cf06d6e9
commit
6fe5adbbc3
@ -1,7 +1,7 @@
|
||||
.\" generated with Ronn/v0.7.3
|
||||
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
||||
.
|
||||
.TH "TESTSSL" "1" "November 2018" "" ""
|
||||
.TH "TESTSSL" "1" "December 2018" "" ""
|
||||
.
|
||||
.SH "NAME"
|
||||
\fBtestssl\fR
|
||||
@ -521,13 +521,13 @@ MAX_WAIT_TEST is the maximum time (in seconds) to wait for a single test in para
|
||||
CA_BUNDLES_PATH: If you have an own set of CA bundles or you want to point testssl\.sh to a specific location of a CA bundle, you can use this variable to set the directory which testssl\.sh will use\. Please note that it overrides completely the builtin path of testssl\.sh which means that you will only test against the bundles you point to\. Also you might want to use ~/utils/create_ca_hashes\.sh to create the hashes for HPKP\.
|
||||
.
|
||||
.IP "\(bu" 4
|
||||
MAX_SOCKET_FAIL: A number which tells testssl\.sh how often a TCP socket connection may fail before the program gives up and terminates\. The default is 2\.
|
||||
MAX_SOCKET_FAIL: A number which tells testssl\.sh how often a TCP socket connection may fail before the program gives up and terminates\. The default is 2\. You can increase it to a higher value if you frequently see a message like \fBFatal error: repeated openssl s_client connect problem, doesn\'t make sense to continue\fR\.
|
||||
.
|
||||
.IP "\(bu" 4
|
||||
MAX_OSSL_FAIL: A number which tells testssl\.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates\. The default is 2\.
|
||||
MAX_OSSL_FAIL: A number which tells testssl\.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates\. The default is 2\. You can increase it to a higher value if you frequently see a message like \fBFatal error: repeated TCP connect problems, giving up\fR\.
|
||||
.
|
||||
.IP "\(bu" 4
|
||||
MAX_HEADER_FAIL: A number which tells testssl\.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates\. The default is 3\.
|
||||
MAX_HEADER_FAIL: A number which tells testssl\.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates\. The default is 3\. Also here you can incerase the threshold when you spot messages lioke \fBFatal error: repeated HTTP header connect problems, doesn\'t make sense to continue\fR
|
||||
.
|
||||
.IP "" 0
|
||||
.
|
||||
|
@ -462,9 +462,9 @@ after 3.0.</p>
|
||||
<li>CA_BUNDLES_PATH: If you have an own set of CA bundles or you want to point testssl.sh to a specific location of a CA bundle, you can use this variable to set the directory which testssl.sh will
|
||||
use. Please note that it overrides completely the builtin path of testssl.sh which means that you will only test against the bundles you point to. Also you might want to use ~/utils/create_ca_hashes.sh
|
||||
to create the hashes for HPKP.</li>
|
||||
<li>MAX_SOCKET_FAIL: A number which tells testssl.sh how often a TCP socket connection may fail before the program gives up and terminates. The default is 2.</li>
|
||||
<li>MAX_OSSL_FAIL: A number which tells testssl.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates. The default is 2.</li>
|
||||
<li>MAX_HEADER_FAIL: A number which tells testssl.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates. The default is 3.</li>
|
||||
<li>MAX_SOCKET_FAIL: A number which tells testssl.sh how often a TCP socket connection may fail before the program gives up and terminates. The default is 2. You can increase it to a higher value if you frequently see a message like <code>Fatal error: repeated openssl s_client connect problem, doesn't make sense to continue</code>.</li>
|
||||
<li>MAX_OSSL_FAIL: A number which tells testssl.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates. The default is 2. You can increase it to a higher value if you frequently see a message like <code>Fatal error: repeated TCP connect problems, giving up</code>.</li>
|
||||
<li>MAX_HEADER_FAIL: A number which tells testssl.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates. The default is 3. Also here you can incerase the threshold when you spot messages lioke <code>Fatal error: repeated HTTP header connect problems, doesn't make sense to continue</code></li>
|
||||
</ul>
|
||||
|
||||
|
||||
@ -586,7 +586,7 @@ to create the hashes for HPKP.</li>
|
||||
|
||||
<ol class='man-decor man-foot man foot'>
|
||||
<li class='tl'></li>
|
||||
<li class='tc'>November 2018</li>
|
||||
<li class='tc'>December 2018</li>
|
||||
<li class='tr'>testssl(1)</li>
|
||||
</ol>
|
||||
|
||||
|
@ -393,9 +393,9 @@ Except the environment variables mentioned above which replace command line opti
|
||||
* CA_BUNDLES_PATH: If you have an own set of CA bundles or you want to point testssl.sh to a specific location of a CA bundle, you can use this variable to set the directory which testssl.sh will
|
||||
use. Please note that it overrides completely the builtin path of testssl.sh which means that you will only test against the bundles you point to. Also you might want to use ~/utils/create_ca_hashes.sh
|
||||
to create the hashes for HPKP.
|
||||
* MAX_SOCKET_FAIL: A number which tells testssl.sh how often a TCP socket connection may fail before the program gives up and terminates. The default is 2.
|
||||
* MAX_OSSL_FAIL: A number which tells testssl.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates. The default is 2.
|
||||
* MAX_HEADER_FAIL: A number which tells testssl.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates. The default is 3.
|
||||
* MAX_SOCKET_FAIL: A number which tells testssl.sh how often a TCP socket connection may fail before the program gives up and terminates. The default is 2. You can increase it to a higher value if you frequently see a message like `Fatal error: repeated openssl s_client connect problem, doesn't make sense to continue`.
|
||||
* MAX_OSSL_FAIL: A number which tells testssl.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates. The default is 2. You can increase it to a higher value if you frequently see a message like `Fatal error: repeated TCP connect problems, giving up`.
|
||||
* MAX_HEADER_FAIL: A number which tells testssl.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates. The default is 3. Also here you can incerase the threshold when you spot messages lioke `Fatal error: repeated HTTP header connect problems, doesn't make sense to continue`
|
||||
|
||||
|
||||
[comment]: # CAPATH
|
||||
|
11
testssl.sh
11
testssl.sh
@ -1930,12 +1930,15 @@ service_detection() {
|
||||
# 4: string for repeated occurrence of problem
|
||||
#
|
||||
connectivity_problem() {
|
||||
if [[ $1 -ge $2 ]]; then
|
||||
if [[ $2 -eq 1 ]]; then
|
||||
fatal "$3" $ERR_CONNECT
|
||||
if [[ $1 -lt $2 ]]; then
|
||||
prln_warning "Oops: $3"
|
||||
return 0
|
||||
fi
|
||||
if [[ $1 -ge $2 ]]; then
|
||||
if [[ "$4" =~ openssl\ s_client\ connect ]] ; then
|
||||
fatal "$4" $ERR_CONNECT "consider increasing MAX_OSSL_FAIL (currently: $2)"
|
||||
fatal "$4" $ERR_CONNECT "Consider increasing MAX_OSSL_FAIL (currently: $2)"
|
||||
elif [[ "$4" =~ repeated\ TCP\ connect ]]; then
|
||||
fatal "$4" $ERR_CONNECT "Consider increasing MAX_SOCKET_FAIL (currently: $2)"
|
||||
fi
|
||||
fatal "$4" $ERR_CONNECT
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user