Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-06 00:39:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Finalize redoing XMPP handshake

Browse Source 
This commit finally fixes #547 and makes XMPP handshakes at least
as fast as the other STARTTLS handshakes.

It utilizes dd to read from the file descriptor. In all tests
I ran so far it didn't cause any problems. There's a potential
problem though that dd might block.
This commit is contained in:
Dirk 2018-11-13 21:10:41 +01:00
parent f591126a1b
commit 981432c19a
1 changed files with 14 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
testssl.sh
View File

@ -9039,50 +9039,31 @@ run_alpn() {
# arg2: possible success strings a egrep pattern, needed! # arg2: possible success strings a egrep pattern, needed!
# arg3: wait in seconds # arg3: wait in seconds
starttls_io() { starttls_io() {
local waitsleep=$((STARTTLS_SLEEP/5))
[[ -n "$3" ]] && waitsleep=$3
[[ -z "$2" ]] && echo "FIXME $((LINENO))"
debugme echo -en "C: \"$1\""
echo -en "$1" >&5
cat <&5 >$TMPFILE &
wait_kill $! $waitsleep
[[ "$DEBUG" -ge 2 ]] && echo -n "S: " && cat $TMPFILE
if [[ "$(cat $TMPFILE)" =~ $2 ]]; then
debugme echo " ---> reply matched \"$2\""
return 0
fi
return 1
}
# arg1: string to send
# arg2: possible success strings a egrep pattern, needed!
# arg3: wait in seconds
_starttls_io() {
local waitsleep=$STARTTLS_SLEEP local waitsleep=$STARTTLS_SLEEP
local buffer=""
[[ -n "$3" ]] && waitsleep=$3 [[ -n "$3" ]] && waitsleep=$3
waitsleep=4
[[ -z "$2" ]] && echo "FIXME $((LINENO))" [[ -z "$2" ]] && echo "FIXME $((LINENO))"
debugme echo -en "C: \"$1\"" debugme echo -en "C: \"$1\""
echo -en "$1" >&5 echo -en "$1" >&5
cat <&5 >$TMPFILE &
[[ "$DEBUG" -ge 2 ]] && echo -n "S: " && cat $TMPFILE # This seems a bit dangerous but works. No blockings yet. "if=nonblock" doesn't work on BSDs
buffer="$(dd bs=512 count=1 <&5 2>/dev/null)"
[[ "$DEBUG" -ge 2 ]] && echo -en "\nS: " && echo $buffer
for ((i=1; i < $waitsleep; i++ )); do for ((i=1; i < $waitsleep; i++ )); do
#if [[ "$(cat $TMPFILE)" =~ $2 ]]; then if [[ "$buffer" =~ $2 ]]; then
if grep -E -q $2 $TMPFILE; then
debugme echo " ---> reply matched \"$2\"" debugme echo " ---> reply matched \"$2\""
# buffer seems? sometimes to contain still chars which confuses the TLS handshake, trying to empty: # the fd sometimes still seem to contain chars which confuses the following TLS handshake, trying to empty:
#dd of=/dev/null count=20 <&5 2>/dev/null & dd of=/dev/null bs=512 count=1 <&5 2>/dev/null
#sleep 0.5
return 0 return 0
else
# no match yet, more reading from fd helps.
buffer+=$(dd bs=512 count=1 <&5 2>/dev/null)
fi fi
sleep 0.5 sleep 0.5
debugme cat $TMPFILE
done done
return 1 return 0
} }
@ -9224,47 +9205,12 @@ starttls_imap_dialog() {
return $ret return $ret
} }
# works:
_starttls_xmpp_dialog() {
debugme echo "=== starting imap XMPP dialog ==="
[[ -z $XMPP_HOST ]] && XMPP_HOST="$NODE"
# send w/o no LF:
starttls_just_send "<stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' to='"$XMPP_HOST"' version='1.0'>" "no-lf" \
&& debugme echo "sent server xmpp greeting" && \
starttls_just_read 1 && debugme echo "received server greeting" && \
starttls_just_send "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>" && debugme echo "initiated STARTTLS" && \
starttls_just_read 1 && debugme echo "probably received ack for STARTTLS"
local ret=$?
debugme echo "=== finished XMPP STARTTLS dialog with ${ret} ==="
return $ret
# works, too:
starttls_io "<stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' to='"$XMPP_HOST"' version='1.0'>" 'starttls(.*)features' 2 &&
starttls_io "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>" 'proceed' 2
}
starttls_xmpp_dialog() { starttls_xmpp_dialog() {
debugme echo "=== starting imap XMPP dialog ===" debugme echo "=== starting imap XMPP dialog ==="
[[ -z $XMPP_HOST ]] && XMPP_HOST="$NODE" [[ -z $XMPP_HOST ]] && XMPP_HOST="$NODE"
# starttls_just_send "<stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' to='"$XMPP_HOST"' version='1.0'>" "no-lf" \ starttls_io "<stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' to='"$XMPP_HOST"' version='1.0'>" 'starttls(.*)features' 1 &&
# && debugme echo "done" starttls_io "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>" '<proceed' 1
#starttls_just_read 1 && debugme echo "received server greeting"
#starttls_just_send "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>" && debugme echo "initiated STARTTLS" &&
#starttls_just_read 1 && debugme echo "probably received ack for STARTTLS"
# not working as starttls_full_read waits for LF
# stream w/o lf:
#starttls_just_send "<stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' to='"$XMPP_HOST"' version='1.0'>" "no-lf" && \
# debugme echo "done" &&
#starttls_full_read '' '' 'starttls(.*)features' && debugme echo "received server features and starttls" &&
#tarttls_just_send "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>" && debugme echo "initiated STARTTLS" &&
#starttls_full_read '' '' 'proceed' && debugme echo "received ack for STARTTLS"
starttls_io "<stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' to='"$XMPP_HOST"' version='1.0'>" 'starttls(.*)features' 1 &&
starttls_io "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>" 'proceed' 1
local ret=$? local ret=$?
debugme echo "=== finished XMPP STARTTLS dialog with ${ret} ===" debugme echo "=== finished XMPP STARTTLS dialog with ${ret} ==="
return $ret return $ret