Merge pull request #1631 from dcooper16/has_sigalgs

Implement $HAS_SIGALGS
This commit is contained in:
Dirk Wetter 2020-05-09 10:38:03 +02:00 committed by GitHub
commit bbd46b4e03
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 1 deletions

View File

@ -307,6 +307,7 @@ HAS_SSL3=false
HAS_TLS13=false HAS_TLS13=false
HAS_X448=false HAS_X448=false
HAS_X25519=false HAS_X25519=false
HAS_SIGALGS=false
HAS_PKUTIL=false HAS_PKUTIL=false
HAS_PKEY=false HAS_PKEY=false
HAS_NO_SSL2=false HAS_NO_SSL2=false
@ -7542,7 +7543,7 @@ get_server_certificate() {
CERTIFICATE_LIST_ORDERING_PROBLEM=false CERTIFICATE_LIST_ORDERING_PROBLEM=false
if [[ "$1" =~ "tls1_3" ]]; then if [[ "$1" =~ "tls1_3" ]]; then
[[ $(has_server_protocol "tls1_3") -eq 1 ]] && return 1 [[ $(has_server_protocol "tls1_3") -eq 1 ]] && return 1
if "$HAS_TLS13"; then if "$HAS_TLS13" && "$HAS_SIGALGS"; then
if [[ "$1" =~ "tls1_3_RSA" ]]; then if [[ "$1" =~ "tls1_3_RSA" ]]; then
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -showcerts -connect $NODEIP:$PORT $PROXY $SNI -tls1_3 -tlsextdebug -status -msg -sigalgs PSS+SHA256:PSS+SHA384") </dev/null 2>$ERRFILE >$TMPFILE $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -showcerts -connect $NODEIP:$PORT $PROXY $SNI -tls1_3 -tlsextdebug -status -msg -sigalgs PSS+SHA256:PSS+SHA384") </dev/null 2>$ERRFILE >$TMPFILE
elif [[ "$1" =~ "tls1_3_ECDSA" ]]; then elif [[ "$1" =~ "tls1_3_ECDSA" ]]; then
@ -18264,6 +18265,7 @@ find_openssl_binary() {
HAS_TLS13=false HAS_TLS13=false
HAS_X448=false HAS_X448=false
HAS_X25519=false HAS_X25519=false
HAS_SIGALGS=false
HAS_NO_SSL2=false HAS_NO_SSL2=false
HAS_NOSERVERNAME=false HAS_NOSERVERNAME=false
HAS_CIPHERSUITES=false HAS_CIPHERSUITES=false
@ -18310,6 +18312,10 @@ find_openssl_binary() {
$OPENSSL genpkey -algorithm X25519 2>&1 | grep -aq "not found" || \ $OPENSSL genpkey -algorithm X25519 2>&1 | grep -aq "not found" || \
HAS_X25519=true HAS_X25519=true
if "$HAS_TLS13"; then
$OPENSSL s_client -tls1_3 -sigalgs PSS+SHA256:PSS+SHA384 -connect invalid. 2>&1 | grep -aiq "unknown option" || \
HAS_SIGALGS=true
fi
$OPENSSL s_client -no_ssl2 -connect invalid. 2>&1 | grep -aiq "unknown option" || \ $OPENSSL s_client -no_ssl2 -connect invalid. 2>&1 | grep -aiq "unknown option" || \
HAS_NO_SSL2=true HAS_NO_SSL2=true
@ -18684,6 +18690,7 @@ HAS_SSL3: $HAS_SSL3
HAS_TLS13: $HAS_TLS13 HAS_TLS13: $HAS_TLS13
HAS_X448: $HAS_X448 HAS_X448: $HAS_X448
HAS_X25519: $HAS_X25519 HAS_X25519: $HAS_X25519
HAS_SIGALGS: $HAS_SIGALGS
HAS_NO_SSL2: $HAS_NO_SSL2 HAS_NO_SSL2: $HAS_NO_SSL2
HAS_SPDY: $HAS_SPDY HAS_SPDY: $HAS_SPDY
HAS_ALPN: $HAS_ALPN HAS_ALPN: $HAS_ALPN