Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 13:55:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

2nd try

Browse Source
This commit is contained in:
Emmanuel Fusté
2024-12-09 12:00:16 +01:00
parent f39408086b
commit 88856ecad5
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
testssl.sh
View File

@@ -17173,10 +17173,11 @@ run_renego() {
prln_warning "not having provided client certificate and private key file, the client x509-based authentication prevents this from being tested"
fileout "$jsonID" "WARN" "not having provided client certificate and private key file, the client x509-based authentication prevents this from being tested"
else
# We will extensively use subshell and command pipe
# Do not let herited pipeline error control interfere
[[ $- == *e* ]] && restore_pipeerror=1
[[ $restore_pipeerror == 1 ]] && set +e
# # We will extensively use subshell and command pipe
# # Do not let herited pipeline error control interfere
# [[ $- == *e* ]] && restore_pipeerror=1
# [[ $restore_pipeerror == 1 ]] && set +e
# set +o pipefail
# We will need $ERRFILE for mitigation detection
if [[ $ERRFILE =~ dev.null ]]; then
ERRFILE=$TEMPDIR/errorfile.txt || exit $ERR_FCREATE
@@ -17209,7 +17210,7 @@ run_renego() {
# s_client STDIN too early as the close could come at any time and race with the tear down of s_client.
# See https://github.com/drwetter/testssl.sh/issues/2590
# In this case the added iteration is harmless as it will just spin in backgroup
for ((i=0; i <= ssl_reneg_attempts; i++ )); do sleep $ssl_reneg_wait; echo R; k=0; \
for ((i=0; i <= ssl_reneg_attempts; i++ )); do sleep $ssl_reneg_wait; echo R 2>/dev/null; k=0; \
# 0 means client is renegotiating & doesn't return an error --> vuln!
# 1 means client tried to renegotiating but the server side errored then. You still see RENEGOTIATING in the output
# Exemption from above: server closed the connection but return value was zero
@@ -17287,7 +17288,7 @@ run_renego() {
;;
esac
fi
[[ $restore_pipeerror == 1 ]] && set -e
# [[ $restore_pipeerror == 1 ]] && set -e
fi
#pr_bold " Insecure Client-Initiated Renegotiation " # pre-RFC 5746, CVE-2009-3555