FIX: Dilyans bug where a STARTTLS servive runs on a different port
This commit is contained in:
parent
5bc6e5fda9
commit
719536a44e
42
testssl.sh
42
testssl.sh
|
@ -389,10 +389,15 @@ newline_to_spaces() {
|
||||||
echo "$1" | tr '\n' ' ' | sed 's/ $//'
|
echo "$1" | tr '\n' ' ' | sed 's/ $//'
|
||||||
}
|
}
|
||||||
|
|
||||||
trim_lf() {
|
strip_lf() {
|
||||||
echo "$1" | tr -d '\n'
|
echo "$1" | tr -d '\n' | tr -d '\r'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
toupper() {
|
||||||
|
printf "$1" | tr '[a-z]' '[A-Z]'
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
tmpfile_handle() {
|
tmpfile_handle() {
|
||||||
if [[ "$DEBUG" -eq 0 ]] ; then
|
if [[ "$DEBUG" -eq 0 ]] ; then
|
||||||
rm $TMPFILE
|
rm $TMPFILE
|
||||||
|
@ -466,11 +471,6 @@ runs_HTTP() {
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
strip_lf() {
|
|
||||||
echo "$1" | tr -d '\n' | tr -d '\r'
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
#problems not handled: chunked
|
#problems not handled: chunked
|
||||||
run_http_header() {
|
run_http_header() {
|
||||||
local header
|
local header
|
||||||
|
@ -2144,40 +2144,40 @@ fd_socket() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -n "$STARTTLS" ]]; then
|
if [[ -n "$STARTTLS" ]]; then
|
||||||
case "$PORT" in # port
|
case "$STARTTLS_PROTOCOL" in # port
|
||||||
21) # https://tools.ietf.org/html/rfc4217
|
ftp) # https://tools.ietf.org/html/rfc4217
|
||||||
$FAST_STARTTLS || starttls_just_read
|
$FAST_STARTTLS || starttls_just_read
|
||||||
$FAST_STARTTLS || starttls_line "FEAT" "211" && starttls_just_send "FEAT"
|
$FAST_STARTTLS || starttls_line "FEAT" "211" && starttls_just_send "FEAT"
|
||||||
starttls_line "AUTH TLS" "successful|234"
|
starttls_line "AUTH TLS" "successful|234"
|
||||||
;;
|
;;
|
||||||
25) # SMTP, see https://tools.ietf.org/html/rfc4217
|
smtp) # SMTP, see https://tools.ietf.org/html/rfc4217
|
||||||
$FAST_STARTTLS || starttls_just_read
|
$FAST_STARTTLS || starttls_just_read
|
||||||
$FAST_STARTTLS || starttls_line "EHLO testssl.sh" "220|250" && starttls_just_send "EHLO testssl.sh"
|
$FAST_STARTTLS || starttls_line "EHLO testssl.sh" "220|250" && starttls_just_send "EHLO testssl.sh"
|
||||||
starttls_line "STARTTLS" "220"
|
starttls_line "STARTTLS" "220"
|
||||||
;;
|
;;
|
||||||
110) # POP, see https://tools.ietf.org/html/rfc2595
|
pop3) # POP, see https://tools.ietf.org/html/rfc2595
|
||||||
$FAST_STARTTLS || starttls_just_read
|
$FAST_STARTTLS || starttls_just_read
|
||||||
starttls_line "STLS" "OK"
|
starttls_line "STLS" "OK"
|
||||||
;;
|
;;
|
||||||
119|433) # NNTP, see https://tools.ietf.org/html/rfc4642
|
nntp) # NNTP, see https://tools.ietf.org/html/rfc4642
|
||||||
$FAST_STARTTLS || starttls_just_read
|
$FAST_STARTTLS || starttls_just_read
|
||||||
$FAST_STARTTLS || starttls_line "CAPABILITIES" "101|200" && starttls_just_send "CAPABILITIES"
|
$FAST_STARTTLS || starttls_line "CAPABILITIES" "101|200" && starttls_just_send "CAPABILITIES"
|
||||||
starttls_line "STARTTLS" "382"
|
starttls_line "STARTTLS" "382"
|
||||||
;;
|
;;
|
||||||
143) # IMAP, https://tools.ietf.org/html/rfc2595
|
imap) # IMAP, https://tools.ietf.org/html/rfc2595
|
||||||
$FAST_STARTTLS || starttls_just_read
|
$FAST_STARTTLS || starttls_just_read
|
||||||
$FAST_STARTTLS || starttls_line "a001 CAPABILITY" "OK" && starttls_just_send "a001 CAPABILITY"
|
$FAST_STARTTLS || starttls_line "a001 CAPABILITY" "OK" && starttls_just_send "a001 CAPABILITY"
|
||||||
starttls_line "a002 STARTTLS" "OK"
|
starttls_line "a002 STARTTLS" "OK"
|
||||||
;;
|
;;
|
||||||
389) # LDAP, https://tools.ietf.org/html/rfc2830, https://tools.ietf.org/html/rfc4511
|
ldap) # LDAP, https://tools.ietf.org/html/rfc2830, https://tools.ietf.org/html/rfc4511
|
||||||
pr_magentaln "FIXME: LDAP/STARTTLS not yet supported"
|
pr_magentaln "FIXME: LDAP/STARTTLS not yet supported"
|
||||||
exit -4
|
exit -4
|
||||||
;;
|
;;
|
||||||
674) # ACAP = Application Configuration Access Protocol, see https://tools.ietf.org/html/rfc2595
|
acap) # ACAP = Application Configuration Access Protocol, see https://tools.ietf.org/html/rfc2595
|
||||||
pr_magentaln "ACAP Easteregg: not implemented -- probably never will"
|
pr_magentaln "ACAP Easteregg: not implemented -- probably never will"
|
||||||
exit -4
|
exit -4
|
||||||
;;
|
;;
|
||||||
5222) # XMPP, see https://tools.ietf.org/html/rfc6120
|
xmpp) # XMPP, see https://tools.ietf.org/html/rfc6120
|
||||||
starttls_just_read
|
starttls_just_read
|
||||||
[[ -z $XMPP_HOST ]] && XMPP_HOST="$NODE"
|
[[ -z $XMPP_HOST ]] && XMPP_HOST="$NODE"
|
||||||
jabber=$(cat <<EOF
|
jabber=$(cat <<EOF
|
||||||
|
@ -2194,6 +2194,9 @@ EOF
|
||||||
starttls_line "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>" "proceed"
|
starttls_line "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>" "proceed"
|
||||||
# BTW: https://xmpp.net !
|
# BTW: https://xmpp.net !
|
||||||
;;
|
;;
|
||||||
|
*) # we need to throw an error here -- otherwise testssl.sh treats the STARTTLS protocol as plain SSL/TLS which leads to FP
|
||||||
|
pr_magentaln "FIXME: STARTTLS protocol $STARTTLS_PROTOCOL is not yet supported"
|
||||||
|
exit -4
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -4157,7 +4160,7 @@ determine_service() {
|
||||||
exit -2
|
exit -2
|
||||||
fi
|
fi
|
||||||
out " Service set: STARTTLS via "
|
out " Service set: STARTTLS via "
|
||||||
printf $protocol | tr '[a-z]' '[A-Z]'
|
toupper "$protocol"
|
||||||
[[ -n "$XMPP_HOST" ]] && printf " (XMPP domain=\'$XMPP_HOST\')"
|
[[ -n "$XMPP_HOST" ]] && printf " (XMPP domain=\'$XMPP_HOST\')"
|
||||||
outln
|
outln
|
||||||
;;
|
;;
|
||||||
|
@ -4218,7 +4221,6 @@ mx_all_ips() {
|
||||||
if [ -n "$mxs" ] && [ "$mxs" != ' ' ] ; then
|
if [ -n "$mxs" ] && [ "$mxs" != ' ' ] ; then
|
||||||
[[ $mxport == "465" ]] && \
|
[[ $mxport == "465" ]] && \
|
||||||
starttls_proto="" # no starttls for Port 465, on all other ports we speak starttls
|
starttls_proto="" # no starttls for Port 465, on all other ports we speak starttls
|
||||||
outln
|
|
||||||
pr_bold "Testing now all MX records (on port $mxport): "; outln "$mxs"
|
pr_bold "Testing now all MX records (on port $mxport): "; outln "$mxs"
|
||||||
for mx in $mxs; do
|
for mx in $mxs; do
|
||||||
draw_dotted_line "-" $(($TERM_DWITH * 2 / 3))
|
draw_dotted_line "-" $(($TERM_DWITH * 2 / 3))
|
||||||
|
@ -4661,7 +4663,7 @@ if $do_read_from_file; then
|
||||||
[[ -z "$cmdline" ]] && continue
|
[[ -z "$cmdline" ]] && continue
|
||||||
[[ "$cmdline" == "EOF" ]] && break
|
[[ "$cmdline" == "EOF" ]] && break
|
||||||
echo "$0 -q $cmdline"
|
echo "$0 -q $cmdline"
|
||||||
draw_dotted_line "=" $(($TERM_DWITH / 2))
|
draw_dotted_line "=" $(($TERM_DWITH / 2)); outln;
|
||||||
$0 -q $cmdline
|
$0 -q $cmdline
|
||||||
done
|
done
|
||||||
exit $?
|
exit $?
|
||||||
|
@ -4708,4 +4710,4 @@ fi
|
||||||
exit $ret
|
exit $ret
|
||||||
|
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.342 2015/08/11 22:17:27 dirkw Exp $
|
# $Id: testssl.sh,v 1.343 2015/08/12 11:58:44 dirkw Exp $
|
||||||
|
|
Loading…
Reference in New Issue