Don't ignore first call to $OPENSSL s_client
run_prototest_openssl() currently calls "$OPENSSL s_client" twice, once with $PROXY and once without. The problem is that the results of the first call are just ignored. This commit changes run_prototest_openssl() so that the attempt without $PROXY is only tried if the first attempt was unsuccessful.
This commit is contained in:
parent
8e729d1396
commit
a7fe481904
18
testssl.sh
18
testssl.sh
|
@ -4802,12 +4802,18 @@ run_prototest_openssl() {
|
||||||
sclient_connect_successful $? $TMPFILE
|
sclient_connect_successful $? $TMPFILE
|
||||||
ret=$?
|
ret=$?
|
||||||
debugme grep -E "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error"
|
debugme grep -E "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error"
|
||||||
# try again without $PROXY
|
if [[ $ret -ne 0 ]]; then
|
||||||
$OPENSSL s_client $(s_client_options "-state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $SNI") >$TMPFILE 2>&1 </dev/null
|
if grep -aq "no cipher list" $TMPFILE; then
|
||||||
sclient_connect_successful $? $TMPFILE
|
ret=5 # <--- important indicator for SSL2 (maybe others, too)
|
||||||
ret=$?
|
else
|
||||||
debugme grep -E "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error"
|
# try again without $PROXY
|
||||||
grep -aq "no cipher list" $TMPFILE && ret=5 # <--- important indicator for SSL2 (maybe others, too)
|
$OPENSSL s_client $(s_client_options "-state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $SNI") >$TMPFILE 2>&1 </dev/null
|
||||||
|
sclient_connect_successful $? $TMPFILE
|
||||||
|
ret=$?
|
||||||
|
debugme grep -E "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error"
|
||||||
|
grep -aq "no cipher list" $TMPFILE && ret=5 # <--- important indicator for SSL2 (maybe others, too)
|
||||||
|
fi
|
||||||
|
fi
|
||||||
tmpfile_handle ${FUNCNAME[0]}$1.txt
|
tmpfile_handle ${FUNCNAME[0]}$1.txt
|
||||||
return $ret
|
return $ret
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue