mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-07 17:20:57 +01:00
Merge pull request #677 from dcooper16/no_sni
Just get non-SNI certificate once
This commit is contained in:
commit
7294df927f
@ -5948,8 +5948,6 @@ certificate_info() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -n "$sni_used" ]]; then
|
if [[ -n "$sni_used" ]]; then
|
||||||
# no cipher suites specified here. We just want the default vhost subject
|
|
||||||
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $OPTIMAL_PROTO") 2>>$ERRFILE </dev/null | awk '/-----BEGIN/,/-----END/ { print $0 }' >$HOSTCERT.nosni
|
|
||||||
if grep -q "\-\-\-\-\-BEGIN" "$HOSTCERT.nosni"; then
|
if grep -q "\-\-\-\-\-BEGIN" "$HOSTCERT.nosni"; then
|
||||||
cn_nosni="$(get_cn_from_cert "$HOSTCERT.nosni")"
|
cn_nosni="$(get_cn_from_cert "$HOSTCERT.nosni")"
|
||||||
[[ -z "$cn_nosni" ]] && cn_nosni="no CN field in subject"
|
[[ -z "$cn_nosni" ]] && cn_nosni="no CN field in subject"
|
||||||
@ -6393,6 +6391,7 @@ run_server_defaults() {
|
|||||||
success[n]=$?
|
success[n]=$?
|
||||||
fi
|
fi
|
||||||
if [[ ${success[n]} -eq 0 ]]; then
|
if [[ ${success[n]} -eq 0 ]]; then
|
||||||
|
[[ $n -ge 8 ]] && [[ ! -e $HOSTCERT.nosni ]] && cp $HOSTCERT $HOSTCERT.nosni
|
||||||
cp "$TEMPDIR/$NODEIP.get_server_certificate.txt" $TMPFILE
|
cp "$TEMPDIR/$NODEIP.get_server_certificate.txt" $TMPFILE
|
||||||
>$ERRFILE
|
>$ERRFILE
|
||||||
if [[ -z "$sessticket_lifetime_hint" ]]; then
|
if [[ -z "$sessticket_lifetime_hint" ]]; then
|
||||||
@ -6577,6 +6576,11 @@ run_server_defaults() {
|
|||||||
|
|
||||||
tls_time
|
tls_time
|
||||||
|
|
||||||
|
if [[ -n "$SNI" ]] && [[ $certs_found -ne 0 ]] && [[ ! -e $HOSTCERT.nosni ]]; then
|
||||||
|
# no cipher suites specified here. We just want the default vhost subject
|
||||||
|
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $OPTIMAL_PROTO") 2>>$ERRFILE </dev/null | awk '/-----BEGIN/,/-----END/ { print $0 }' >$HOSTCERT.nosni
|
||||||
|
fi
|
||||||
|
|
||||||
for (( i=1; i <= certs_found; i++ )); do
|
for (( i=1; i <= certs_found; i++ )); do
|
||||||
echo "${previous_hostcert[i]}" > $HOSTCERT
|
echo "${previous_hostcert[i]}" > $HOSTCERT
|
||||||
echo "${previous_intermediates[i]}" > $TEMPDIR/intermediatecerts.pem
|
echo "${previous_intermediates[i]}" > $TEMPDIR/intermediatecerts.pem
|
||||||
|
Loading…
Reference in New Issue
Block a user