Check result of openssl when renegotiating

An OpenSSL error could influence the test result
2025-01-03 23:39:45 +01:00 · 2015-02-23 21:46:02 +10:00 · 2015-02-23 21:46:02 +10:00 · 7994fab035
commit 7994fab035
parent d0d7bb47e2
1 changed files with 7 additions and 1 deletions
--- a/testssl.sh
+++ b/testssl.sh
@ -2081,10 +2081,16 @@ renego() {
 	pr_bold " Renegotiation "; out "(CVE 2009-3555)             "
 	NEG_STR="Secure Renegotiation IS NOT"
 	echo "R" | $OPENSSL s_client $STARTTLS -connect $NODEIP:$PORT $SNI 2>&1 | grep -iq "$NEG_STR"
-	secreg=$?						# 0= Secure Renegotiation IS NOT supported
+    pipe_result=("${PIPESTATUS[@]}") # catch the return values of all commands
+    secreg=${pipe_result[2]} 	# 0= Secure Renegotiation IS NOT supported
+    if [[ ${pipe_result[1]} -ge 1 ]]; then
+        let secreg+=2 # OpenSSL didn't exit correctly
+    fi
 	case $secreg in
 		0) pr_redln "VULNERABLE (NOT ok)" ;;
 		1) pr_greenln "not vulnerable (OK)" ;;
+        2) pr_magentaln "Looks vulnerable but generates error" ;;
+        3) pr_magentaln "probably not vulnerable but error (OK)" ;;
 		*) outln "FIXME: $secreg" ;;
 	esac