Improve check for client authentication

Based on initial testing, this commit improves the check for client authentication in the case that the server only requests client authentication for specific URLs. However, it does not work correctly if the server supports TLS 1.3 and $OPENSSL is a version of LibreSSL that supports TLS 1.3 in s_client. The problem is that LibreSSL does not support post-handshake authentication with TLS 1.3
This commit is contained in:
David Cooper 2022-01-03 15:02:27 -05:00 committed by Dirk
parent 555c6eb4d0
commit a66e3cd3ad

View File

@ -21086,7 +21086,7 @@ determine_optimal_proto() {
if [[ -z "$URL_PATH" ]] || [[ "$URL_PATH" == "/" ]]; then if [[ -z "$URL_PATH" ]] || [[ "$URL_PATH" == "/" ]]; then
$OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI") </dev/null >$TMPFILE 2>>$ERRFILE $OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI") </dev/null >$TMPFILE 2>>$ERRFILE
else else
safe_echo "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI -prexit -enable_pha") </dev/null >$TMPFILE 2>>$ERRFILE safe_echo "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI -ign_eof -enable_pha") >$TMPFILE 2>>$ERRFILE
fi fi
if sclient_auth $? $TMPFILE; then if sclient_auth $? $TMPFILE; then