Improve check for client authentication

Based on initial testing, this commit improves the check for client authentication in the case that the server only requests client authentication for specific URLs. However, it does not work correctly if the server supports TLS 1.3 and $OPENSSL is a version of LibreSSL that supports TLS 1.3 in s_client. The problem is that LibreSSL does not support post-handshake authentication with TLS 1.3
This commit is contained in:
David Cooper 2022-01-03 15:02:27 -05:00 committed by Dirk
parent 555c6eb4d0
commit a66e3cd3ad
1 changed files with 1 additions and 1 deletions

View File

@ -21086,7 +21086,7 @@ determine_optimal_proto() {
if [[ -z "$URL_PATH" ]] || [[ "$URL_PATH" == "/" ]]; then
$OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI") </dev/null >$TMPFILE 2>>$ERRFILE
else
safe_echo "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI -prexit -enable_pha") </dev/null >$TMPFILE 2>>$ERRFILE
safe_echo "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI -ign_eof -enable_pha") >$TMPFILE 2>>$ERRFILE
fi
if sclient_auth $? $TMPFILE; then