mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-22 16:39:30 +01:00
Don't parse SSLv2 ServerHello unless successful response
This PR is a proposed alternative to #537. It only attempts to extract the certificate and list of ciphers from the SSLv2 ServerHello is `ret=3`.
This commit is contained in:
parent
72a96f64e4
commit
8b9bc3ca2c
27
testssl.sh
27
testssl.sh
@ -6514,20 +6514,21 @@ parse_sslv2_serverhello() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
certificate_len=2*$(hex2dec "$v2_hello_cert_length")
|
[[ "$2" == "true" ]] && [[ -e $HOSTCERT ]] && rm $HOSTCERT
|
||||||
[[ -e $HOSTCERT ]] && rm $HOSTCERT
|
[[ "$2" == "true" ]] && [[ -e $TEMPDIR/intermediatecerts.pem ]] && rm $TEMPDIR/intermediatecerts.pem
|
||||||
[[ -e $TEMPDIR/intermediatecerts.pem ]] && rm $TEMPDIR/intermediatecerts.pem
|
if [[ "$2" == "true" ]] && [[ $ret -eq 3 ]]; then
|
||||||
if [[ "$2" == "true" ]] && [[ "$v2_cert_type" == "01" ]] && [[ "$v2_hello_cert_length" != "00" ]]; then
|
certificate_len=2*$(hex2dec "$v2_hello_cert_length")
|
||||||
tmp_der_certfile=$(mktemp $TEMPDIR/der_cert.XXXXXX) || return $ret
|
|
||||||
asciihex_to_binary_file "${v2_hello_ascii:26:certificate_len}" "$tmp_der_certfile"
|
if [[ "$v2_cert_type" == "01" ]] && [[ "$v2_hello_cert_length" != "00" ]]; then
|
||||||
$OPENSSL x509 -inform DER -in $tmp_der_certfile -outform PEM -out $HOSTCERT
|
tmp_der_certfile=$(mktemp $TEMPDIR/der_cert.XXXXXX) || return $ret
|
||||||
rm $tmp_der_certfile
|
asciihex_to_binary_file "${v2_hello_ascii:26:certificate_len}" "$tmp_der_certfile"
|
||||||
get_pub_key_size
|
$OPENSSL x509 -inform DER -in $tmp_der_certfile -outform PEM -out $HOSTCERT
|
||||||
echo "======================================" >> $TMPFILE
|
rm $tmp_der_certfile
|
||||||
fi
|
get_pub_key_size
|
||||||
|
echo "======================================" >> $TMPFILE
|
||||||
|
fi
|
||||||
|
|
||||||
# Output list of supported ciphers
|
# Output list of supported ciphers
|
||||||
if [[ "$2" == "true" ]]; then
|
|
||||||
let offset=26+$certificate_len
|
let offset=26+$certificate_len
|
||||||
nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))
|
nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))
|
||||||
for (( i=0 ; i<nr_ciphers_detected; i++ )); do
|
for (( i=0 ; i<nr_ciphers_detected; i++ )); do
|
||||||
|
Loading…
Reference in New Issue
Block a user