From 981432c19a3bf45cfef146bf8e475e560c321171 Mon Sep 17 00:00:00 2001 From: Dirk Date: Tue, 13 Nov 2018 21:10:41 +0100 Subject: [PATCH] Finalize redoing XMPP handshake This commit finally fixes #547 and makes XMPP handshakes at least as fast as the other STARTTLS handshakes. It utilizes dd to read from the file descriptor. In all tests I ran so far it didn't cause any problems. There's a potential problem though that dd might block. --- testssl.sh | 82 ++++++++++-------------------------------------------- 1 file changed, 14 insertions(+), 68 deletions(-) diff --git a/testssl.sh b/testssl.sh index 57bdb23..fd5c9cc 100755 --- a/testssl.sh +++ b/testssl.sh @@ -9039,50 +9039,31 @@ run_alpn() { # arg2: possible success strings a egrep pattern, needed! # arg3: wait in seconds starttls_io() { - local waitsleep=$((STARTTLS_SLEEP/5)) - - [[ -n "$3" ]] && waitsleep=$3 - [[ -z "$2" ]] && echo "FIXME $((LINENO))" - debugme echo -en "C: \"$1\"" - echo -en "$1" >&5 - cat <&5 >$TMPFILE & - wait_kill $! $waitsleep - [[ "$DEBUG" -ge 2 ]] && echo -n "S: " && cat $TMPFILE - - if [[ "$(cat $TMPFILE)" =~ $2 ]]; then - debugme echo " ---> reply matched \"$2\"" - return 0 - fi - return 1 -} - -# arg1: string to send -# arg2: possible success strings a egrep pattern, needed! -# arg3: wait in seconds -_starttls_io() { local waitsleep=$STARTTLS_SLEEP + local buffer="" [[ -n "$3" ]] && waitsleep=$3 -waitsleep=4 [[ -z "$2" ]] && echo "FIXME $((LINENO))" debugme echo -en "C: \"$1\"" echo -en "$1" >&5 - cat <&5 >$TMPFILE & - [[ "$DEBUG" -ge 2 ]] && echo -n "S: " && cat $TMPFILE + + # This seems a bit dangerous but works. No blockings yet. "if=nonblock" doesn't work on BSDs + buffer="$(dd bs=512 count=1 <&5 2>/dev/null)" + [[ "$DEBUG" -ge 2 ]] && echo -en "\nS: " && echo $buffer for ((i=1; i < $waitsleep; i++ )); do - #if [[ "$(cat $TMPFILE)" =~ $2 ]]; then - if grep -E -q $2 $TMPFILE; then + if [[ "$buffer" =~ $2 ]]; then debugme echo " ---> reply matched \"$2\"" - # buffer seems? sometimes to contain still chars which confuses the TLS handshake, trying to empty: - #dd of=/dev/null count=20 <&5 2>/dev/null & - #sleep 0.5 + # the fd sometimes still seem to contain chars which confuses the following TLS handshake, trying to empty: + dd of=/dev/null bs=512 count=1 <&5 2>/dev/null return 0 + else + # no match yet, more reading from fd helps. + buffer+=$(dd bs=512 count=1 <&5 2>/dev/null) fi sleep 0.5 - debugme cat $TMPFILE done - return 1 + return 0 } @@ -9224,47 +9205,12 @@ starttls_imap_dialog() { return $ret } -# works: -_starttls_xmpp_dialog() { - debugme echo "=== starting imap XMPP dialog ===" - [[ -z $XMPP_HOST ]] && XMPP_HOST="$NODE" - - # send w/o no LF: - starttls_just_send "" "no-lf" \ - && debugme echo "sent server xmpp greeting" && \ - starttls_just_read 1 && debugme echo "received server greeting" && \ - starttls_just_send "" && debugme echo "initiated STARTTLS" && \ - starttls_just_read 1 && debugme echo "probably received ack for STARTTLS" - local ret=$? - debugme echo "=== finished XMPP STARTTLS dialog with ${ret} ===" - return $ret - - # works, too: - starttls_io "" 'starttls(.*)features' 2 && - starttls_io "" 'proceed' 2 -} - starttls_xmpp_dialog() { debugme echo "=== starting imap XMPP dialog ===" [[ -z $XMPP_HOST ]] && XMPP_HOST="$NODE" - # starttls_just_send "" "no-lf" \ - # && debugme echo "done" - #starttls_just_read 1 && debugme echo "received server greeting" - #starttls_just_send "" && debugme echo "initiated STARTTLS" && - #starttls_just_read 1 && debugme echo "probably received ack for STARTTLS" - - # not working as starttls_full_read waits for LF - # stream w/o lf: - #starttls_just_send "" "no-lf" && \ - # debugme echo "done" && - #starttls_full_read '' '' 'starttls(.*)features' && debugme echo "received server features and starttls" && - #tarttls_just_send "" && debugme echo "initiated STARTTLS" && - #starttls_full_read '' '' 'proceed' && debugme echo "received ack for STARTTLS" - - starttls_io "" 'starttls(.*)features' 1 && - starttls_io "" 'proceed' 1 - + starttls_io "" 'starttls(.*)features' 1 && + starttls_io "" '