mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-10-31 13:55:25 +01:00
Fix and optimisation
There is a race condition if openssl exit during a renego but after the RENEGOTIATING printing. In this case we could issue a R before the process exit and be blocked in the waiting loop. With the safety guards in place (loop count + timeout) this is harmless but not optimal. Fix this by: - reordering the sleep vs echo to let the process exit and catch the pipe error more frequently. - exit the while loop if RENEGOTIATING is not the last log line. We will catch the pipe error on the next for loop echo. - correct the k variable initialisation - correct the for (( ; ; )) variable $ convention usage - reduce the while loop count limit to 120 to align with the global timeout
This commit is contained in:
Emmanuel Fusté
@@ -17113,8 +17113,9 @@ run_renego() {
|
||||
# too early losing all the attempts before the session establishment as OpenSSL will not buffer them
|
||||
# (only the first will be till the establishement of the session).
|
||||
(j=0; while [[ $(grep -ac '^SSL-Session:' $TMPFILE) -ne 1 ]] && [[ $j -lt 30 ]]; do sleep $ssl_reneg_wait; j=$(($j+1)); done; \
|
||||
for ((i=0; i < $ssl_reneg_attempts; i++ )); do echo R; sleep $ssl_reneg_wait; j=0; \
|
||||
while [[ $(grep -ac '^RENEGOTIATING' $ERRFILE) -ne $(($i+3)) ]] && [[ -f $TEMPDIR/allowed_to_loop ]] && [[ $k -lt 180 ]]; \
|
||||
for ((i=0; i < $ssl_reneg_attempts; i++ )); do sleep $ssl_reneg_wait; echo R; k=0; \
|
||||
while [[ $(grep -ac '^RENEGOTIATING' $ERRFILE) -ne $(($i+3)) ]] && [[ -f $TEMPDIR/allowed_to_loop ]] \
|
||||
&& [[ $(tail -n1 $ERRFILE |grep -ac '^RENEGOTIATING') -eq 1 ]] && [[ $k -lt 120 ]]; \
|
||||
do sleep $ssl_reneg_wait; k=$(($k+1)); done; \
|
||||
done) | \
|
||||
$OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE &
|
||||
|
||||
Reference in New Issue
Block a user