From af20952b860a440e2379beb09546a86145021b26 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Emmanuel=20Fust=C3=A9?= <efuste@boardofcyber.io>
Date: Mon, 19 Feb 2024 10:58:04 +0100
Subject: [PATCH] Fix subshell killing to avoid zombies

Learned from the rest of the code ...
---
 testssl.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index c03cc74..46d3d24 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -17083,11 +17083,12 @@ run_renego() {
                               (for ((i=0; i < ssl_reneg_attempts; i++ )); do echo R; sleep $ssl_reneg_wait; done) | \
                                    $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE &
                               pid=$!
-                              ( sleep $(($ssl_reneg_attempts*3)) && kill $pid && touch $TEMPDIR/was_killed ) >&2 2>/dev/null &
+                              ( sleep $(($ssl_reneg_attempts*3)) && pkill -HUP -P $pid && wait $pid && touch $TEMPDIR/was_killed ) >&2 2>/dev/null &
                               watcher=$!
                               # Trick to get the return value of the openssl command, output redirection and a timeout. Yes, some target hang/block after some tries.  
-                              wait $pid && pkill -HUP -P $watcher 
+                              wait $pid && pkill -HUP -P $watcher
                               tmp_result=$?
+                              wait $watcher
                               # If we are here, we have done two successful renegotiation (-2) and do the loop
                               loop_reneg=$(($(grep -ac '^RENEGOTIATING' $ERRFILE )-2))
                               if [[ -f $TEMPDIR/was_killed ]]; then