FIX: Dilyans bug where a STARTTLS servive runs on a different port

This commit is contained in:
Dirk Wetter 2015-08-12 13:58:45 +02:00
parent 5bc6e5fda9
commit 719536a44e
1 changed files with 22 additions and 20 deletions

View File

@ -389,10 +389,15 @@ newline_to_spaces() {
echo "$1" | tr '\n' ' ' | sed 's/ $//' echo "$1" | tr '\n' ' ' | sed 's/ $//'
} }
trim_lf() { strip_lf() {
echo "$1" | tr -d '\n' echo "$1" | tr -d '\n' | tr -d '\r'
} }
toupper() {
printf "$1" | tr '[a-z]' '[A-Z]'
}
tmpfile_handle() { tmpfile_handle() {
if [[ "$DEBUG" -eq 0 ]] ; then if [[ "$DEBUG" -eq 0 ]] ; then
rm $TMPFILE rm $TMPFILE
@ -466,11 +471,6 @@ runs_HTTP() {
return $ret return $ret
} }
strip_lf() {
echo "$1" | tr -d '\n' | tr -d '\r'
}
#problems not handled: chunked #problems not handled: chunked
run_http_header() { run_http_header() {
local header local header
@ -2144,40 +2144,40 @@ fd_socket() {
fi fi
if [[ -n "$STARTTLS" ]]; then if [[ -n "$STARTTLS" ]]; then
case "$PORT" in # port case "$STARTTLS_PROTOCOL" in # port
21) # https://tools.ietf.org/html/rfc4217 ftp) # https://tools.ietf.org/html/rfc4217
$FAST_STARTTLS || starttls_just_read $FAST_STARTTLS || starttls_just_read
$FAST_STARTTLS || starttls_line "FEAT" "211" && starttls_just_send "FEAT" $FAST_STARTTLS || starttls_line "FEAT" "211" && starttls_just_send "FEAT"
starttls_line "AUTH TLS" "successful|234" starttls_line "AUTH TLS" "successful|234"
;; ;;
25) # SMTP, see https://tools.ietf.org/html/rfc4217 smtp) # SMTP, see https://tools.ietf.org/html/rfc4217
$FAST_STARTTLS || starttls_just_read $FAST_STARTTLS || starttls_just_read
$FAST_STARTTLS || starttls_line "EHLO testssl.sh" "220|250" && starttls_just_send "EHLO testssl.sh" $FAST_STARTTLS || starttls_line "EHLO testssl.sh" "220|250" && starttls_just_send "EHLO testssl.sh"
starttls_line "STARTTLS" "220" starttls_line "STARTTLS" "220"
;; ;;
110) # POP, see https://tools.ietf.org/html/rfc2595 pop3) # POP, see https://tools.ietf.org/html/rfc2595
$FAST_STARTTLS || starttls_just_read $FAST_STARTTLS || starttls_just_read
starttls_line "STLS" "OK" starttls_line "STLS" "OK"
;; ;;
119|433) # NNTP, see https://tools.ietf.org/html/rfc4642 nntp) # NNTP, see https://tools.ietf.org/html/rfc4642
$FAST_STARTTLS || starttls_just_read $FAST_STARTTLS || starttls_just_read
$FAST_STARTTLS || starttls_line "CAPABILITIES" "101|200" && starttls_just_send "CAPABILITIES" $FAST_STARTTLS || starttls_line "CAPABILITIES" "101|200" && starttls_just_send "CAPABILITIES"
starttls_line "STARTTLS" "382" starttls_line "STARTTLS" "382"
;; ;;
143) # IMAP, https://tools.ietf.org/html/rfc2595 imap) # IMAP, https://tools.ietf.org/html/rfc2595
$FAST_STARTTLS || starttls_just_read $FAST_STARTTLS || starttls_just_read
$FAST_STARTTLS || starttls_line "a001 CAPABILITY" "OK" && starttls_just_send "a001 CAPABILITY" $FAST_STARTTLS || starttls_line "a001 CAPABILITY" "OK" && starttls_just_send "a001 CAPABILITY"
starttls_line "a002 STARTTLS" "OK" starttls_line "a002 STARTTLS" "OK"
;; ;;
389) # LDAP, https://tools.ietf.org/html/rfc2830, https://tools.ietf.org/html/rfc4511 ldap) # LDAP, https://tools.ietf.org/html/rfc2830, https://tools.ietf.org/html/rfc4511
pr_magentaln "FIXME: LDAP/STARTTLS not yet supported" pr_magentaln "FIXME: LDAP/STARTTLS not yet supported"
exit -4 exit -4
;; ;;
674) # ACAP = Application Configuration Access Protocol, see https://tools.ietf.org/html/rfc2595 acap) # ACAP = Application Configuration Access Protocol, see https://tools.ietf.org/html/rfc2595
pr_magentaln "ACAP Easteregg: not implemented -- probably never will" pr_magentaln "ACAP Easteregg: not implemented -- probably never will"
exit -4 exit -4
;; ;;
5222) # XMPP, see https://tools.ietf.org/html/rfc6120 xmpp) # XMPP, see https://tools.ietf.org/html/rfc6120
starttls_just_read starttls_just_read
[[ -z $XMPP_HOST ]] && XMPP_HOST="$NODE" [[ -z $XMPP_HOST ]] && XMPP_HOST="$NODE"
jabber=$(cat <<EOF jabber=$(cat <<EOF
@ -2194,6 +2194,9 @@ EOF
starttls_line "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>" "proceed" starttls_line "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>" "proceed"
# BTW: https://xmpp.net ! # BTW: https://xmpp.net !
;; ;;
*) # we need to throw an error here -- otherwise testssl.sh treats the STARTTLS protocol as plain SSL/TLS which leads to FP
pr_magentaln "FIXME: STARTTLS protocol $STARTTLS_PROTOCOL is not yet supported"
exit -4
esac esac
fi fi
@ -4157,7 +4160,7 @@ determine_service() {
exit -2 exit -2
fi fi
out " Service set: STARTTLS via " out " Service set: STARTTLS via "
printf $protocol | tr '[a-z]' '[A-Z]' toupper "$protocol"
[[ -n "$XMPP_HOST" ]] && printf " (XMPP domain=\'$XMPP_HOST\')" [[ -n "$XMPP_HOST" ]] && printf " (XMPP domain=\'$XMPP_HOST\')"
outln outln
;; ;;
@ -4218,7 +4221,6 @@ mx_all_ips() {
if [ -n "$mxs" ] && [ "$mxs" != ' ' ] ; then if [ -n "$mxs" ] && [ "$mxs" != ' ' ] ; then
[[ $mxport == "465" ]] && \ [[ $mxport == "465" ]] && \
starttls_proto="" # no starttls for Port 465, on all other ports we speak starttls starttls_proto="" # no starttls for Port 465, on all other ports we speak starttls
outln
pr_bold "Testing now all MX records (on port $mxport): "; outln "$mxs" pr_bold "Testing now all MX records (on port $mxport): "; outln "$mxs"
for mx in $mxs; do for mx in $mxs; do
draw_dotted_line "-" $(($TERM_DWITH * 2 / 3)) draw_dotted_line "-" $(($TERM_DWITH * 2 / 3))
@ -4661,7 +4663,7 @@ if $do_read_from_file; then
[[ -z "$cmdline" ]] && continue [[ -z "$cmdline" ]] && continue
[[ "$cmdline" == "EOF" ]] && break [[ "$cmdline" == "EOF" ]] && break
echo "$0 -q $cmdline" echo "$0 -q $cmdline"
draw_dotted_line "=" $(($TERM_DWITH / 2)) draw_dotted_line "=" $(($TERM_DWITH / 2)); outln;
$0 -q $cmdline $0 -q $cmdline
done done
exit $? exit $?
@ -4708,4 +4710,4 @@ fi
exit $ret exit $ret
# $Id: testssl.sh,v 1.342 2015/08/11 22:17:27 dirkw Exp $ # $Id: testssl.sh,v 1.343 2015/08/12 11:58:44 dirkw Exp $