mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-19 06:59:30 +01:00
2nd try
This commit is contained in:
parent
f39408086b
commit
88856ecad5
13
testssl.sh
13
testssl.sh
@ -17173,10 +17173,11 @@ run_renego() {
|
|||||||
prln_warning "not having provided client certificate and private key file, the client x509-based authentication prevents this from being tested"
|
prln_warning "not having provided client certificate and private key file, the client x509-based authentication prevents this from being tested"
|
||||||
fileout "$jsonID" "WARN" "not having provided client certificate and private key file, the client x509-based authentication prevents this from being tested"
|
fileout "$jsonID" "WARN" "not having provided client certificate and private key file, the client x509-based authentication prevents this from being tested"
|
||||||
else
|
else
|
||||||
# We will extensively use subshell and command pipe
|
# # We will extensively use subshell and command pipe
|
||||||
# Do not let herited pipeline error control interfere
|
# # Do not let herited pipeline error control interfere
|
||||||
[[ $- == *e* ]] && restore_pipeerror=1
|
# [[ $- == *e* ]] && restore_pipeerror=1
|
||||||
[[ $restore_pipeerror == 1 ]] && set +e
|
# [[ $restore_pipeerror == 1 ]] && set +e
|
||||||
|
# set +o pipefail
|
||||||
# We will need $ERRFILE for mitigation detection
|
# We will need $ERRFILE for mitigation detection
|
||||||
if [[ $ERRFILE =~ dev.null ]]; then
|
if [[ $ERRFILE =~ dev.null ]]; then
|
||||||
ERRFILE=$TEMPDIR/errorfile.txt || exit $ERR_FCREATE
|
ERRFILE=$TEMPDIR/errorfile.txt || exit $ERR_FCREATE
|
||||||
@ -17209,7 +17210,7 @@ run_renego() {
|
|||||||
# s_client STDIN too early as the close could come at any time and race with the tear down of s_client.
|
# s_client STDIN too early as the close could come at any time and race with the tear down of s_client.
|
||||||
# See https://github.com/drwetter/testssl.sh/issues/2590
|
# See https://github.com/drwetter/testssl.sh/issues/2590
|
||||||
# In this case the added iteration is harmless as it will just spin in backgroup
|
# In this case the added iteration is harmless as it will just spin in backgroup
|
||||||
for ((i=0; i <= ssl_reneg_attempts; i++ )); do sleep $ssl_reneg_wait; echo R; k=0; \
|
for ((i=0; i <= ssl_reneg_attempts; i++ )); do sleep $ssl_reneg_wait; echo R 2>/dev/null; k=0; \
|
||||||
# 0 means client is renegotiating & doesn't return an error --> vuln!
|
# 0 means client is renegotiating & doesn't return an error --> vuln!
|
||||||
# 1 means client tried to renegotiating but the server side errored then. You still see RENEGOTIATING in the output
|
# 1 means client tried to renegotiating but the server side errored then. You still see RENEGOTIATING in the output
|
||||||
# Exemption from above: server closed the connection but return value was zero
|
# Exemption from above: server closed the connection but return value was zero
|
||||||
@ -17287,7 +17288,7 @@ run_renego() {
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
[[ $restore_pipeerror == 1 ]] && set -e
|
# [[ $restore_pipeerror == 1 ]] && set -e
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#pr_bold " Insecure Client-Initiated Renegotiation " # pre-RFC 5746, CVE-2009-3555
|
#pr_bold " Insecure Client-Initiated Renegotiation " # pre-RFC 5746, CVE-2009-3555
|
||||||
|
Loading…
Reference in New Issue
Block a user