Merge pull request #796 from sdann/mysql_standard_cipher

Catch MySQL (yaSSL) server bug when testing standard cipher categories
This commit is contained in:
Dirk Wetter 2017-09-15 14:02:26 +02:00 committed by GitHub
commit 90cd8cd3e2
1 changed files with 65 additions and 52 deletions

View File

@ -2317,59 +2317,72 @@ std_cipherlists() {
fi fi
fi fi
fi fi
case $3 in if [[ $sclient_success -ne 0 ]] && $BAD_SERVER_HELLO_CIPHER; then
2) if [[ $sclient_success -eq 0 ]]; then # If server failed with a known error, raise it to the user.
# Strong is excellent to offer if [[ $STARTTLS_PROTOCOL == "mysql" ]]; then
pr_done_best "offered (OK)" pr_warning "SERVER_ERROR: test inconclusive due to MySQL Community Edition (yaSSL) bug."
fileout "std_$4" "OK" "$2 offered" fileout "std_$4" "WARN" "SERVER_ERROR: test inconclusive due to MySQL Community Edition (yaSSL) bug."
else else
pr_svrty_medium "not offered" pr_warning "SERVER_ERROR: test inconclusive."
fileout "std_$4" "MEDIUM" "$2 not offered" fileout "std_$4" "WARN" "SERVER_ERROR: test inconclusive."
fi fi
;; else
# Otherwise the error means the server doesn't support that cipher list.
case $3 in
2) if [[ $sclient_success -eq 0 ]]; then
# Strong is excellent to offer
pr_done_best "offered (OK)"
fileout "std_$4" "OK" "$2 offered"
else
pr_svrty_medium "not offered"
fileout "std_$4" "MEDIUM" "$2 not offered"
fi
;;
1) if [[ $sclient_success -eq 0 ]]; then 1) if [[ $sclient_success -eq 0 ]]; then
# High is good to offer # High is good to offer
pr_done_good "offered (OK)" pr_done_good "offered (OK)"
fileout "std_$4" "OK" "$2 offered" fileout "std_$4" "OK" "$2 offered"
else else
# FIXME: the rating could be readjusted if we knew the result of STRONG before # FIXME: the rating could be readjusted if we knew the result of STRONG before
pr_svrty_medium "not offered" pr_svrty_medium "not offered"
fileout "std_$4" "MEDIUM" "$2 not offered" fileout "std_$4" "MEDIUM" "$2 not offered"
fi fi
;; ;;
0) if [[ $sclient_success -eq 0 ]]; then 0) if [[ $sclient_success -eq 0 ]]; then
# medium is not that bad # medium is not that bad
pr_svrty_medium "offered" pr_svrty_medium "offered"
fileout "std_$4" "MEDIUM" "$2 offered - not too bad" fileout "std_$4" "MEDIUM" "$2 offered - not too bad"
else else
out "not offered (OK)" out "not offered (OK)"
fileout "std_$4" "OK" "$2 not offered" fileout "std_$4" "OK" "$2 not offered"
fi fi
;; ;;
-1) if [[ $sclient_success -eq 0 ]]; then -1) if [[ $sclient_success -eq 0 ]]; then
# bad but there is worse # bad but there is worse
pr_svrty_high "offered (NOT ok)" pr_svrty_high "offered (NOT ok)"
fileout "std_$4" "HIGH" "$2 offered - bad" fileout "std_$4" "HIGH" "$2 offered - bad"
else else
pr_done_good "not offered (OK)" # need a check for -eq 1 here
fileout "std_$4" "OK" "$2 not offered" pr_done_good "not offered (OK)"
fi fileout "std_$4" "OK" "$2 not offered"
;; fi
-2) if [[ $sclient_success -eq 0 ]]; then ;;
# the ugly ones -2) if [[ $sclient_success -eq 0 ]]; then
pr_svrty_critical "offered (NOT ok)" # the ugly ones
fileout "std_$4" "CRITICAL" "$2 offered - ugly" pr_svrty_critical "offered (NOT ok)"
else fileout "std_$4" "CRITICAL" "$2 offered - ugly"
pr_done_best "not offered (OK)" else
fileout "std_$4" "OK" "$2 not offered" pr_done_best "not offered (OK)"
fi fileout "std_$4" "OK" "$2 not offered"
;; fi
*) # we shouldn't reach this ;;
pr_warning "?: $3 (please report this)" *) # we shouldn't reach this
fileout "std_$4" "WARN" "return condition $3 unclear" pr_warning "?: $3 (please report this)"
;; fileout "std_$4" "WARN" "return condition $3 unclear"
esac ;;
esac
fi
tmpfile_handle $FUNCNAME.$debugname.txt tmpfile_handle $FUNCNAME.$debugname.txt
[[ $DEBUG -ge 1 ]] && tm_out " -- $1" [[ $DEBUG -ge 1 ]] && tm_out " -- $1"
outln outln