Merge pull request #2095 from drwetter/fix_2052.Darwin.3.0

Fix Darwin / LibreSSL startup problem (3.0)
This commit is contained in:
Dirk Wetter 2022-02-02 13:34:38 +01:00 committed by GitHub
commit 8b2fae0e3b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -18317,26 +18317,30 @@ check_proxy() {
} }
# this is only being called from determine_optimal_proto in order to check whether we have a server # This is only being called from determine_optimal_proto() in order to check whether we have a server with
# with client authentication, a server with no SSL session ID switched off # client authentication, a server with no SSL session ID switched off -- and as the name indicates a protocol.
# ARG1 is the return value of openssl s_client connect. (Darwin or LibreSSL may return 1 here)
# ARG2 is the file name containing the server hello
# #
sclient_auth() { sclient_auth() {
[[ $1 -eq 0 ]] && return 0 # no client auth (CLIENT_AUTH=false is preset globally) local -i ret=1
if [[ -n $(awk '/Master-Key: / { print $2 }' "$2") ]]; then # connect succeeded
if grep -q '^<<< .*CertificateRequest' "$2"; then # CertificateRequest message in -msg if [[ $1 -eq 0 ]] ; then
CLIENT_AUTH=true ret=0 # no client auth (CLIENT_AUTH=false is preset globally)
return 0 else
fi if [[ -n $(awk '/Master-Key: / { print $2 }' "$2") ]]; then # connect succeeded
if [[ -z $(awk '/Session-ID: / { print $2 }' "$2") ]]; then # probably no SSL session if grep -q '^<<< .*CertificateRequest' "$2"; then # CertificateRequest message in -msg
if [[ 2 -eq $(grep -c CERTIFICATE "$2") ]]; then # do another sanity check to be sure CLIENT_AUTH=true
ret=0
elif [[ 2 -eq $(grep -c CERTIFICATE "$2") ]]; then # do another sanity check to be sure
CLIENT_AUTH=false CLIENT_AUTH=false
NO_SSL_SESSIONID=true # NO_SSL_SESSIONID is preset globally to false for all other cases ret=0
return 0
fi fi
fi fi
fi fi
# what's left now is: master key empty, handshake returned not successful, session ID empty --> not successful [[ $ret -eq 0 ]] && \
return 1 [[ -z $(awk '/Session-ID: / { print $2 }' "$2") ]] && NO_SSL_SESSIONID=true # NO_SSL_SESSIONID is preset globally first
return $ret
} }
# Determine the best parameters to use with tls_sockets(): # Determine the best parameters to use with tls_sockets():