From 8ad9e45acf6a5db52ac01e22db31d9a6d1694053 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Tue, 15 Nov 2016 11:32:30 -0500 Subject: [PATCH] OpenSSL 0.9.8 does not support the pkey command The `tls_sockets()` and `sslv2_sockets()` use `get_pub_key_size()` to extract the size of the server's public key if the full response is being processed, and `get_pub_key_size()` uses `$OPENSSL pkey` to extract the server's public key from the certificate. However, OpenSSL 0.9.8 does not support the "pkey" command. This PR changes `get_pub_key_size()` to suppress the error message displayed by OpenSSL when the "pkey" command is not supported. --- testssl.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/testssl.sh b/testssl.sh index d0ddbad..0c51454 100755 --- a/testssl.sh +++ b/testssl.sh @@ -5937,15 +5937,16 @@ get_pub_key_size() { local tmppubkeyfile # OpenSSL displays the number of bits for RSA and ECC - pubkeybits=$($OPENSSL x509 -noout -pubkey -in $HOSTCERT | $OPENSSL pkey -pubin -text | grep -aw "Public-Key:" | sed -e 's/.*(//' -e 's/)//') + pubkeybits=$($OPENSSL x509 -noout -pubkey -in $HOSTCERT | $OPENSSL pkey -pubin -text 2> $ERRFILE | grep -aw "Public-Key:" | sed -e 's/.*(//' -e 's/)//') if [[ -n $pubkeybits ]]; then echo "Server public key is $pubkeybits" >> $TMPFILE else # This extracts the public key for DSA, DH, and GOST tmppubkeyfile=$(mktemp $TEMPDIR/pubkey.XXXXXX) || return 7 - $OPENSSL x509 -noout -pubkey -in $HOSTCERT | $OPENSSL pkey -pubin -outform DER -out "$tmppubkeyfile" + $OPENSSL x509 -noout -pubkey -in $HOSTCERT | $OPENSSL pkey -pubin -outform DER -out "$tmppubkeyfile" 2> $ERRFILE pubkey=$(hexdump -v -e '16/1 "%02X"' "$tmppubkeyfile") rm $tmppubkeyfile + [[ -z "$pubkey" ]] && return 1 # Skip over tag and length of subjectPublicKeyInfo i=2 len1="0x${pubkey:i:2}" @@ -6030,6 +6031,7 @@ get_pub_key_size() { pubkeybits="$(printf "%d" $len)" echo "Server public key is $pubkeybits bit" >> $TMPFILE fi + return 0 } # arg1: name of file with socket reply