Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-19 15:09:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Polish screen output "protos" not offered

Browse Source 
In scenarios where --ssl-native was chosen AND the
openssl binary wasn't supporting the protocol
there were two warnings. This has been addressed.

Also tls_sockets() can return different values -- for now: 6 -- as
tested by the caller in run_protocols. In order to make
it more robust a fixme statement was added so that the
user becomes iat least aware of it.
This commit is contained in:
Dirk 2017-11-24 16:21:06 +01:00
parent 778a7cc12d
commit ad97b6fc4e
1 changed files with 51 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
testssl.sh
View File

@ -4152,7 +4152,7 @@ run_prototest_openssl() {
# arg2: available (yes) or not (no) # arg2: available (yes) or not (no)
add_tls_offered() { add_tls_offered() {
if [[ "$PROTOS_OFFERED" =~ $1: ]]; then if [[ "$PROTOS_OFFERED" =~ $1: ]]; then
# the ":" is mandatory here (and @ other palces), otherwise e.g. tls1 will match tls1_2 # the ":" is mandatory here (and @ other places), otherwise e.g. tls1 will match tls1_2
: :
else else
PROTOS_OFFERED+="${1}:$2 " PROTOS_OFFERED+="${1}:$2 "
@ -4313,9 +4313,16 @@ run_protocols() {
outln "(may need debugging)" outln "(may need debugging)"
add_tls_offered ssl3 yes add_tls_offered ssl3 yes
;; ;;
7) prln_warning "SSLv3 seems locally not supported" 7) if "$using_sockets" ; then
# can only happen in debug mode
prln_warning "strange reply, maybe a client side problem with SSLv3"
else
# warning on screen came already from locally_supported()
fileout "sslv3" "WARN" "SSLv3 is not tested due to lack of local support" fileout "sslv3" "WARN" "SSLv3 is not tested due to lack of local support"
;; # no local support fi
;;
*) prln_fixme "unexpected value around line $((LINENO))"
;;
esac esac
pr_bold " TLS 1 "; pr_bold " TLS 1 ";
@ -4365,9 +4372,16 @@ run_protocols() {
fileout "tls1" "INFO" "TLSv1.0 is $supported_no_ciph1" fileout "tls1" "INFO" "TLSv1.0 is $supported_no_ciph1"
add_tls_offered tls1 yes add_tls_offered tls1 yes
;; ;;
7) prln_warning "TLSv1.0 seems locally not supported" 7) if "$using_sockets" ; then
fileout "tlsv1" "WARN" "TLSv1.0 is not tested due to lack of local support" # can only happen in debug mode
;; # no local support prln_warning "strange reply, maybe a client side problem with TLS 1.0"
else
# warning on screen came already from locally_supported()
fileout "tls1" "WARN" "TLSv1.0 is not tested due to lack of local support"
fi
;;
*) prln_fixme "unexpected value around line $((LINENO))"
;;
esac esac
pr_bold " TLS 1.1 "; pr_bold " TLS 1.1 ";
@ -4420,9 +4434,16 @@ run_protocols() {
fileout "tls1_1" "INFO" "TLSv1.1 is $supported_no_ciph1" fileout "tls1_1" "INFO" "TLSv1.1 is $supported_no_ciph1"
add_tls_offered tls1_1 yes add_tls_offered tls1_1 yes
;; # protocol ok, but no cipher ;; # protocol ok, but no cipher
7) prln_warning "TLSv1.1 seems locally not supported" 7) if "$using_sockets" ; then
# can only happen in debug mode
prln_warning "strange reply, maybe a client side problem with TLS 1.1"
else
# warning on screen came already from locally_supported()
fileout "tls1_1" "WARN" "TLSv1.1 is not tested due to lack of local support" fileout "tls1_1" "WARN" "TLSv1.1 is not tested due to lack of local support"
;; # no local support fi
;;
*) prln_fixme "unexpected value around line $((LINENO))"
;;
esac esac
pr_bold " TLS 1.2 "; pr_bold " TLS 1.2 ";
@ -4486,9 +4507,16 @@ run_protocols() {
fileout "tls1_2" "INFO" "TLSv1.2 is $supported_no_ciph1" fileout "tls1_2" "INFO" "TLSv1.2 is $supported_no_ciph1"
add_tls_offered tls1_2 yes add_tls_offered tls1_2 yes
;; # protocol ok, but no cipher ;; # protocol ok, but no cipher
7) prln_warning "TLSv1.2 seems locally not supported" 7) if "$using_sockets" ; then
# can only happen in debug mode
prln_warning "strange reply, maybe a client side problem with TLS 1.2"
else
# warning on screen came already from locally_supported()
fileout "tls1_2" "WARN" "TLSv1.2 is not tested due to lack of local support" fileout "tls1_2" "WARN" "TLSv1.2 is not tested due to lack of local support"
;; # no local support fi
;;
*) prln_fixme "unexpected value around line $((LINENO))"
;;
esac esac
pr_bold " TLS 1.3 "; pr_bold " TLS 1.3 ";
@ -4590,9 +4618,16 @@ run_protocols() {
fileout "tls1_3" "INFO" "TLSv1.3 is $supported_no_ciph1" fileout "tls1_3" "INFO" "TLSv1.3 is $supported_no_ciph1"
add_tls_offered tls1_3 yes add_tls_offered tls1_3 yes
;; # protocol ok, but no cipher ;; # protocol ok, but no cipher
7) prln_warning "TLSv1.3 seems locally not supported" 7) if "$using_sockets" ; then
fileout "tls1_3" "INFO" "TLSv1.3 is not tested due to lack of local support" # can only happen in debug mode
;; # no local support prln_warning "strange reply, maybe a client side problem with TLS 1.3"
else
# warning on screen came already from locally_supported()
fileout "tls1_3" "WARN" "TLSv1.3 is not tested due to lack of local support"
fi
;;
*) prln_fixme "unexpected value around line $((LINENO))"
;;
esac esac
debugme echo "PROTOS_OFFERED: $PROTOS_OFFERED" debugme echo "PROTOS_OFFERED: $PROTOS_OFFERED"
if [[ ! "$PROTOS_OFFERED" =~ yes ]]; then if [[ ! "$PROTOS_OFFERED" =~ yes ]]; then