- tempfile handling: every function leaves one, if DEBUG is set

- FIX*2: OPENSSL_CONF/GOST_CONF
This commit is contained in:
Dirk 2014-12-19 17:02:26 +01:00
parent 1a699c7bbf
commit 95f9e844c0

View File

@ -212,7 +212,11 @@ boldandunder() { [[ "$COLOR" != 0 ]] && out "\033[1m\033[4m$1" || out "$1" ; off
reverse() { [[ "$COLOR" != 0 ]] && out "\033[7m$1" || out "$1" ; off; } reverse() { [[ "$COLOR" != 0 ]] && out "\033[7m$1" || out "$1" ; off; }
tmpfile_handle() { tmpfile_handle() {
[[ "$DEBUG" -eq 0 ]] && rm $TMPFILE if [[ "$DEBUG" -eq 0 ]] ; then
rm $TMPFILE
else
mv $TMPFILE "$TEMPDIR/$1"
fi
} }
@ -323,7 +327,7 @@ runs_HTTP() {
*) outln " Couldn't determine what's running on port $PORT, assuming not HTTP\n" ;; *) outln " Couldn't determine what's running on port $PORT, assuming not HTTP\n" ;;
esac esac
tmpfile_handle $TMPFILE tmpfile_handle $FUNCNAME.txt
return $ret return $ret
} }
@ -341,7 +345,7 @@ poodle() {
fi fi
outln outln
tmpfile_handle $TMPFILE tmpfile_handle $FUNCNAME.txt
return $ret return $ret
} }
@ -411,7 +415,7 @@ hsts() {
fi fi
outln outln
tmpfile_handle $TMPFILE tmpfile_handle $FUNCNAME.txt
return $? return $?
} }
@ -437,7 +441,7 @@ hpkp() {
fi fi
outln outln
tmpfile_handle $TMPFILE tmpfile_handle $FUNCNAME.txt
return $? return $?
} }
#FIXME: report-uri #FIXME: report-uri
@ -472,7 +476,7 @@ serverbanner() {
fi fi
outln outln
tmpfile_handle $TMPFILE tmpfile_handle $FUNCNAME.txt
return $? return $?
} }
@ -491,6 +495,8 @@ secure_cookie() { # ARG1: Path
outln "no secure flag" outln "no secure flag"
fi fi
fi fi
tmpfile_handle $FUNCNAME.txt
return 0 return 0
} }
#FIXME: Access-Control-Allow-Origin, CSP, Upgrade, X-Frame-Options, X-XSS-Protection, X-Content-Type-Options #FIXME: Access-Control-Allow-Origin, CSP, Upgrade, X-Frame-Options, X-XSS-Protection, X-Content-Type-Options
@ -548,6 +554,8 @@ listciphers() {
$OPENSSL ciphers "$VERB_CLIST" $1 &>$TMPFILE $OPENSSL ciphers "$VERB_CLIST" $1 &>$TMPFILE
ret=$? ret=$?
[[ $LOCERR -eq 1 ]] && cat $TMPFILE [[ $LOCERR -eq 1 ]] && cat $TMPFILE
tmpfile_handle $FUNCNAME.txt
return $ret return $ret
} }
@ -583,7 +591,7 @@ std_cipherlists() {
ok 0 1 # was not offered --> green ok 0 1 # was not offered --> green
fi ;; fi ;;
esac esac
tmpfile_handle $TMPFILE tmpfile_handle $FUNCNAME.txt
else else
singlespaces=`echo "$2" | sed -e 's/ \+/ /g' -e 's/^ //' -e 's/ $//g' -e 's/ //g'` singlespaces=`echo "$2" | sed -e 's/ \+/ /g' -e 's/^ //' -e 's/ $//g' -e 's/ //g'`
magentaln "Local problem: No $singlespaces configured in $OPENSSL" magentaln "Local problem: No $singlespaces configured in $OPENSSL"
@ -683,10 +691,9 @@ test_just_one(){
fi fi
done done
done done
outln outln
tmpfile_handle $TMPFILE
tmpfile_handle $FUNCNAME.txt
return 0 return 0
} }
@ -712,7 +719,7 @@ allciphers(){
fi fi
fi fi
outln outln
tmpfile_handle $TMPFILE tmpfile_handle $FUNCNAME.txt
done done
return 0 return 0
} }
@ -740,7 +747,7 @@ cipher_per_proto(){
fi fi
fi fi
outln outln
tmpfile_handle $TMPFILE tmpfile_handle $FUNCNAME.txt
done done
done done
@ -773,7 +780,7 @@ testversion_new() {
ret=5 ret=5
fi fi
tmpfile_handle $TMPFILE tmpfile_handle $FUNCNAME.txt
return $ret return $ret
} }
@ -1007,8 +1014,7 @@ server_defaults() {
#fi #fi
#http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html #http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html
cp -p $TMPFILE $TMPFILE.tlsextdebug+status tmpfile_handle tlsextdebug+status.txt
tmpfile_handle $TMPFILE
return $ret return $ret
} }
@ -1076,7 +1082,7 @@ pfs() {
fi fi
outln outln
fi fi
tmpfile_handle $TMPFILE tmpfile_handle $FUNCNAME.txt
return $ret return $ret
} }
@ -1122,7 +1128,7 @@ rc4() {
bad=0 bad=0
fi fi
tmpfile_handle $TMPFILE tmpfile_handle $FUNCNAME.txt
return $bad return $bad
} }
@ -1177,7 +1183,7 @@ spdy(){
outln outln
# btw: nmap can do that too http://nmap.org/nsedoc/scripts/tls-nextprotoneg.html # btw: nmap can do that too http://nmap.org/nsedoc/scripts/tls-nextprotoneg.html
# nmap --script=tls-nextprotoneg #NODE -p $PORT is your friend if your openssl doesn't want to test this # nmap --script=tls-nextprotoneg #NODE -p $PORT is your friend if your openssl doesn't want to test this
tmpfile_handle $TMPFILE tmpfile_handle $FUNCNAME.txt
return $ret return $ret
} }
@ -1300,7 +1306,7 @@ ccs_injection(){
outln outln
close_socket close_socket
tmpfile_handle $TMPFILE tmpfile_handle $FUNCNAME.txt
return $ret return $ret
} }
@ -1402,7 +1408,7 @@ heartbleed(){
outln outln
close_socket close_socket
tmpfile_handle $TMPFILE tmpfile_handle $FUNCNAME.txt
return $ret return $ret
} }
@ -1642,6 +1648,7 @@ starttls() {
ret=2 ret=2
;; ;;
esac esac
return $ret return $ret
} }
@ -1750,10 +1757,12 @@ initialize_engine(){
litemagenta "No engine or GOST support via engine with your $OPENSSL"; outln "\n" litemagenta "No engine or GOST support via engine with your $OPENSSL"; outln "\n"
return 1 return 1
else else
if [ -z "$OPENSSL_CONF" ]; then if [ ! -z "$OPENSSL_CONF" ]; then
GOST_CONF=`mktemp /tmp/ssltester.GOST.XXXXXX` || exit 6 litemagenta "For now I am providing the config file in to have GOST support"; outln
else
OPENSSL_CONF=$TMPDIR/gost.conf || exit 6
# see https://www.mail-archive.com/openssl-users@openssl.org/msg65395.html # see https://www.mail-archive.com/openssl-users@openssl.org/msg65395.html
cat >$GOST_CONF << EOF cat >$OPENSSL_CONF << EOF
openssl_conf = openssl_def openssl_conf = openssl_def
[ openssl_def ] [ openssl_def ]
@ -1768,11 +1777,7 @@ default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
EOF EOF
export OPENSSL_CONF=$GOST_CONF export OPENSSL_CONF
else
litemagenta "For now I am providing the config file in to have GOST support"; outln
sleep 2
outln
fi fi
fi fi
return 0 return 0
@ -2125,6 +2130,6 @@ case "$1" in
exit $ret ;; exit $ret ;;
esac esac
# $Id: testssl.sh,v 1.156 2014/12/19 06:12:18 dirkw Exp $ # $Id: testssl.sh,v 1.157 2014/12/19 16:02:25 dirkw Exp $
# vim:ts=5:sw=5 # vim:ts=5:sw=5