Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 05:15:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix client simulations

Browse Source 
parse_tls_serverhello() checks $TLS_CLIENT_HELLO for a supported_versions extension, and if it contains one, checks that the negotiated version is listed in that extension. However, while $TLS_CLIENT_HELLO is always set in socksend_tls_clienthello() it is not set by client_simulation_sockets() (or any of the functions that client_simulation_sockets() calls). As a result, when the server's response to a client simulation is parsed, parse_tls_serverhello() may compare the negotiated version against the supported_versions extension from a ClientHello message from a previous test.

This PR fixes the problem by having client_simulation_sockets() set $TLS_CLIENT_HELLO.
This commit is contained in:
David Cooper
2018-03-26 09:43:51 -04:00
committed by GitHub
parent 224d851f7b
commit 72e7259ab2
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
testssl.sh
View File

@@ -3953,8 +3953,10 @@ client_simulation_sockets() {
if [[ "${1:0:4}" == "1603" ]]; then if [[ "${1:0:4}" == "1603" ]]; then
clienthello="$(create_client_simulation_tls_clienthello "$1")" clienthello="$(create_client_simulation_tls_clienthello "$1")"
TLS_CLIENT_HELLO="${clienthello:10}"
else else
clienthello="$1" clienthello="$1"
TLS_CLIENT_HELLO=""
fi fi
len=${#clienthello} len=${#clienthello}
for (( i=0; i < len; i=i+2 )); do for (( i=0; i < len; i=i+2 )); do