From 3b7264ff1f9ac1aea3681b77a417e9106d11ef1b Mon Sep 17 00:00:00 2001 From: David Cooper Date: Mon, 27 Mar 2017 14:54:47 -0400 Subject: [PATCH 1/2] Populate OPENSSL_LOCATION in find_openssl_binary `$OPENSSL_LOCATION` is used in `fileout_pretty_json_banner()`, `html_banner()`, `mybanner()`, and `prepare_logging()`, but the value of `$OPENSSL_LOCATION` is populated in `mybanner()`. This is usually okay, since `mybanner()` is always called before the other three functions are called. However, if `$QUIET` is `true`, then `mybanner()` returns immediately, without populating `$OPENSSL_LOCATION`, even though the value of `$OPENSSL_LOCATION` may be needed by one or more of the other functions. This PR addresses this problem by populating `$OPENSSL_LOCATION` in `find_openssl_binary()` rather than `mybanner()`. --- testssl.sh | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/testssl.sh b/testssl.sh index 9144cdd..7797919 100755 --- a/testssl.sh +++ b/testssl.sh @@ -10544,6 +10544,7 @@ test_openssl_suffix() { find_openssl_binary() { local s_client_has=$TEMPDIR/s_client_has.txt local s_client_starttls_has=$TEMPDIR/s_client_starttls_has.txt + local openssl_location cwd="" # 0. check environment variable whether it's executable if [[ -n "$OPENSSL" ]] && [[ ! -x "$OPENSSL" ]]; then @@ -10590,6 +10591,18 @@ find_openssl_binary() { initialize_engine + openssl_location="$(which $OPENSSL)" + [[ -n "$GIT_REL" ]] && \ + cwd=$(/bin/pwd) || \ + cwd=$RUN_DIR + if [[ "$openssl_location" =~ $(/bin/pwd)/bin ]]; then + OPENSSL_LOCATION="\$PWD/bin/$(basename "$openssl_location")" + elif [[ "$openssl_location" =~ $cwd ]] && [[ "$cwd" != '.' ]]; then + OPENSSL_LOCATION="${openssl_location%%$cwd}" + else + OPENSSL_LOCATION="$openssl_location" + fi + OPENSSL_NR_CIPHERS=$(count_ciphers "$($OPENSSL ciphers 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>/dev/null)") $OPENSSL s_client -ssl2 -connect x 2>&1 | grep -aq "unknown option" || \ @@ -10923,8 +10936,6 @@ prepare_arrays() { mybanner() { local idtag local bb1 bb2 bb3 - local openssl_location="$(which $OPENSSL)" - local cwd="" $QUIET && return OPENSSL_NR_CIPHERS=$(count_ciphers "$($OPENSSL ciphers 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>/dev/null)") @@ -10962,17 +10973,6 @@ EOF outln "\n" outln " Using \"$($OPENSSL version 2>/dev/null)\" [~$OPENSSL_NR_CIPHERS ciphers]" out " on $HNAME:" - - [[ -n "$GIT_REL" ]] && \ - cwd=$(/bin/pwd) || \ - cwd=$RUN_DIR - if [[ "$openssl_location" =~ $(/bin/pwd)/bin ]]; then - OPENSSL_LOCATION="\$PWD/bin/$(basename "$openssl_location")" - elif [[ "$openssl_location" =~ $cwd ]] && [[ "$cwd" != '.' ]]; then - OPENSSL_LOCATION="${openssl_location%%$cwd}" - else - OPENSSL_LOCATION="$openssl_location" - fi outln "$OPENSSL_LOCATION" outln " (built: \"$OSSL_BUILD_DATE\", platform: \"$OSSL_VER_PLATFORM\")\n" } From 59683927f8bdaa541e34583ce34d193d5e33ef4e Mon Sep 17 00:00:00 2001 From: David Cooper Date: Wed, 12 Apr 2017 15:39:37 -0400 Subject: [PATCH 2/2] Prevent word splitting --- testssl.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/testssl.sh b/testssl.sh index 5ed1d3e..12468da 100755 --- a/testssl.sh +++ b/testssl.sh @@ -10484,8 +10484,8 @@ find_openssl_binary() { openssl_location="$(which $OPENSSL)" [[ -n "$GIT_REL" ]] && \ - cwd=$(/bin/pwd) || \ - cwd=$RUN_DIR + cwd="$(/bin/pwd)" || \ + cwd="$RUN_DIR" if [[ "$openssl_location" =~ $(/bin/pwd)/bin ]]; then OPENSSL_LOCATION="\$PWD/bin/$(basename "$openssl_location")" elif [[ "$openssl_location" =~ $cwd ]] && [[ "$cwd" != '.' ]]; then