Merge pull request #551 from dcooper16/parse_sslv2_fix

Don't parse SSLv2 ServerHello unless successful response

testssl.sh

@@ -6528,20 +6528,21 @@ parse_sslv2_serverhello() {
           fi
      fi
 
-     certificate_len=2*$(hex2dec "$v2_hello_cert_length")
+     [[ "$2" == "true" ]] || return $ret
-     [[ -e $HOSTCERT ]] && rm $HOSTCERT
+     rm -f $HOSTCERT $TEMPDIR/intermediatecerts.pem
-     [[ -e $TEMPDIR/intermediatecerts.pem ]] && rm $TEMPDIR/intermediatecerts.pem
+     if [[ $ret -eq 3 ]]; then
-     if [[ "$2" == "true" ]] && [[ "$v2_cert_type" == "01" ]] && [[ "$v2_hello_cert_length" != "00" ]]; then
+          certificate_len=2*$(hex2dec "$v2_hello_cert_length")
-          tmp_der_certfile=$(mktemp $TEMPDIR/der_cert.XXXXXX) || return $ret
+     
-          asciihex_to_binary_file "${v2_hello_ascii:26:certificate_len}" "$tmp_der_certfile"
+          if [[ "$v2_cert_type" == "01" ]] && [[ "$v2_hello_cert_length" != "00" ]]; then
-          $OPENSSL x509 -inform DER -in $tmp_der_certfile -outform PEM -out $HOSTCERT
+               tmp_der_certfile=$(mktemp $TEMPDIR/der_cert.XXXXXX) || return $ret
-          rm $tmp_der_certfile
+               asciihex_to_binary_file "${v2_hello_ascii:26:certificate_len}" "$tmp_der_certfile"
-          get_pub_key_size
+               $OPENSSL x509 -inform DER -in $tmp_der_certfile -outform PEM -out $HOSTCERT
-          echo "======================================" >> $TMPFILE
+               rm $tmp_der_certfile
-     fi
+               get_pub_key_size
+               echo "======================================" >> $TMPFILE
+          fi
 
-     # Output list of supported ciphers
+          # Output list of supported ciphers
-     if [[ "$2" == "true" ]]; then
           let offset=26+$certificate_len
           nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))
           for (( i=0 ; i<nr_ciphers_detected; i++ )); do