Don't ignore first call to $OPENSSL s_client

run_prototest_openssl() currently calls "$OPENSSL s_client" twice, once with $PROXY and once without. The problem is that the results of the first call are just ignored. This commit changes run_prototest_openssl() so that the attempt without $PROXY is only tried if the first attempt was unsuccessful.
This commit is contained in:
David Cooper 2019-11-07 13:12:41 -05:00 committed by GitHub
parent 8e729d1396
commit a7fe481904
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 6 deletions

View File

@ -4802,12 +4802,18 @@ run_prototest_openssl() {
sclient_connect_successful $? $TMPFILE sclient_connect_successful $? $TMPFILE
ret=$? ret=$?
debugme grep -E "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error" debugme grep -E "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error"
if [[ $ret -ne 0 ]]; then
if grep -aq "no cipher list" $TMPFILE; then
ret=5 # <--- important indicator for SSL2 (maybe others, too)
else
# try again without $PROXY # try again without $PROXY
$OPENSSL s_client $(s_client_options "-state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $SNI") >$TMPFILE 2>&1 </dev/null $OPENSSL s_client $(s_client_options "-state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $SNI") >$TMPFILE 2>&1 </dev/null
sclient_connect_successful $? $TMPFILE sclient_connect_successful $? $TMPFILE
ret=$? ret=$?
debugme grep -E "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error" debugme grep -E "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error"
grep -aq "no cipher list" $TMPFILE && ret=5 # <--- important indicator for SSL2 (maybe others, too) grep -aq "no cipher list" $TMPFILE && ret=5 # <--- important indicator for SSL2 (maybe others, too)
fi
fi
tmpfile_handle ${FUNCNAME[0]}$1.txt tmpfile_handle ${FUNCNAME[0]}$1.txt
return $ret return $ret