mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-03 23:39:45 +01:00
Add support for TN3270/telnet STARTTLS (similar to OpenSSL's approach).
This commit is contained in:
parent
22ec6de58c
commit
82367ab96e
26
testssl.sh
26
testssl.sh
@ -11159,6 +11159,29 @@ starttls_mysql_dialog() {
|
|||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
|
starttls_telnet_dialog() {
|
||||||
|
debugme echo "=== starting telnet STARTTLS dialog ==="
|
||||||
|
local msg1="
|
||||||
|
, xff, xfb, x2e"
|
||||||
|
local msg2="
|
||||||
|
, xff, xfa, x2e, x01, xff, xf0
|
||||||
|
"
|
||||||
|
local tnres=""
|
||||||
|
local ret=""
|
||||||
|
socksend "${msg1}" 0 && debugme echo "${debugpad}initiated STARTTLS" &&
|
||||||
|
socksend "${msg2}" 1 &&
|
||||||
|
tnres=$(sockread_fast 20) && debugme echo "read succeeded"
|
||||||
|
[[ $DEBUG -ge 6 ]] && safe_echo "$debugpad $tnres\n"
|
||||||
|
# check for START_TLS and FOLLOWS
|
||||||
|
if [[ ${tnres:10:2} == 2E && ${tnres:12:2} == 01 ]]; then
|
||||||
|
ret=0
|
||||||
|
else
|
||||||
|
ret=1
|
||||||
|
fi
|
||||||
|
debugme echo "=== finished telnet STARTTLS dialog with ${ret} ==="
|
||||||
|
return $ret
|
||||||
|
}
|
||||||
|
|
||||||
# arg1: fd for socket -- which we don't use yes as it is a hassle (not clear whether it works under every bash version)
|
# arg1: fd for socket -- which we don't use yes as it is a hassle (not clear whether it works under every bash version)
|
||||||
# arg2: optional: for STARTTLS additional command to be injected
|
# arg2: optional: for STARTTLS additional command to be injected
|
||||||
# returns 6 if opening the socket caused a problem, 1 if STARTTLS handshake failed, 0: all ok
|
# returns 6 if opening the socket caused a problem, 1 if STARTTLS handshake failed, 0: all ok
|
||||||
@ -11270,6 +11293,9 @@ fd_socket() {
|
|||||||
mysql) # MySQL, see https://dev.mysql.com/doc/internals/en/x-protocol-lifecycle-lifecycle.html#x-protocol-lifecycle-tls-extension
|
mysql) # MySQL, see https://dev.mysql.com/doc/internals/en/x-protocol-lifecycle-lifecycle.html#x-protocol-lifecycle-tls-extension
|
||||||
starttls_mysql_dialog
|
starttls_mysql_dialog
|
||||||
;;
|
;;
|
||||||
|
telnet) # captured from a tn3270 negotiation against a z/VM 7.2
|
||||||
|
starttls_telnet_dialog
|
||||||
|
;;
|
||||||
*) # we need to throw an error here -- otherwise testssl.sh treats the STARTTLS protocol as plain SSL/TLS which leads to FP
|
*) # we need to throw an error here -- otherwise testssl.sh treats the STARTTLS protocol as plain SSL/TLS which leads to FP
|
||||||
fatal "FIXME: STARTTLS protocol $STARTTLS_PROTOCOL is not supported yet" $ERR_NOSUPPORT
|
fatal "FIXME: STARTTLS protocol $STARTTLS_PROTOCOL is not supported yet" $ERR_NOSUPPORT
|
||||||
esac
|
esac
|
||||||
|
Loading…
Reference in New Issue
Block a user