Don't ignore first call to $OPENSSL s_client
run_prototest_openssl() currently calls "$OPENSSL s_client" twice, once with $PROXY and once without. The problem is that the results of the first call are just ignored. This commit changes run_prototest_openssl() so that the attempt without $PROXY is only tried if the first attempt was unsuccessful.
This commit is contained in:
parent
8e729d1396
commit
a7fe481904
18
testssl.sh
18
testssl.sh
|
@ -4802,12 +4802,18 @@ run_prototest_openssl() {
|
|||
sclient_connect_successful $? $TMPFILE
|
||||
ret=$?
|
||||
debugme grep -E "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error"
|
||||
# try again without $PROXY
|
||||
$OPENSSL s_client $(s_client_options "-state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $SNI") >$TMPFILE 2>&1 </dev/null
|
||||
sclient_connect_successful $? $TMPFILE
|
||||
ret=$?
|
||||
debugme grep -E "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error"
|
||||
grep -aq "no cipher list" $TMPFILE && ret=5 # <--- important indicator for SSL2 (maybe others, too)
|
||||
if [[ $ret -ne 0 ]]; then
|
||||
if grep -aq "no cipher list" $TMPFILE; then
|
||||
ret=5 # <--- important indicator for SSL2 (maybe others, too)
|
||||
else
|
||||
# try again without $PROXY
|
||||
$OPENSSL s_client $(s_client_options "-state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $SNI") >$TMPFILE 2>&1 </dev/null
|
||||
sclient_connect_successful $? $TMPFILE
|
||||
ret=$?
|
||||
debugme grep -E "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error"
|
||||
grep -aq "no cipher list" $TMPFILE && ret=5 # <--- important indicator for SSL2 (maybe others, too)
|
||||
fi
|
||||
fi
|
||||
tmpfile_handle ${FUNCNAME[0]}$1.txt
|
||||
return $ret
|
||||
|
||||
|
|
Loading…
Reference in New Issue