From 7994fab03562e06642af249784ef8364245542d1 Mon Sep 17 00:00:00 2001
From: Peter Mosmans <support@go-forward.net>
Date: Mon, 23 Feb 2015 21:46:02 +1000
Subject: [PATCH] Check result of openssl when renegotiating

An OpenSSL error could influence the test result
---
 testssl.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index 45ac47b..0991dfd 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -2081,10 +2081,16 @@ renego() {
 	pr_bold " Renegotiation "; out "(CVE 2009-3555)             "
 	NEG_STR="Secure Renegotiation IS NOT"
 	echo "R" | $OPENSSL s_client $STARTTLS -connect $NODEIP:$PORT $SNI 2>&1 | grep -iq "$NEG_STR"
-	secreg=$?						# 0= Secure Renegotiation IS NOT supported
+    pipe_result=("${PIPESTATUS[@]}") # catch the return values of all commands
+    secreg=${pipe_result[2]} 	# 0= Secure Renegotiation IS NOT supported
+    if [[ ${pipe_result[1]} -ge 1 ]]; then
+        let secreg+=2 # OpenSSL didn't exit correctly
+    fi
 	case $secreg in
 		0) pr_redln "VULNERABLE (NOT ok)" ;;
 		1) pr_greenln "not vulnerable (OK)" ;;
+        2) pr_magentaln "Looks vulnerable but generates error" ;;
+        3) pr_magentaln "probably not vulnerable but error (OK)" ;;
 		*) outln "FIXME: $secreg" ;;
 	esac