Check stderr for "no cipher list"

run_prototest_openssl() currently checks only stdout for the string "no cipher list", which is an indication that the server supports SSLv2, but no ciphers for that protocol. However, the output that includes "no cipher list" is sent to stderr.
This commit is contained in:
David Cooper 2019-11-07 13:01:21 -05:00 committed by GitHub
parent 9d97db85fc
commit c607bf4d92
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -4798,12 +4798,12 @@ run_prototest_openssl() {
# check whether the protocol being tested is supported by $OPENSSL
$OPENSSL s_client "$1" -connect x 2>&1 | grep -aq "unknown option" && return 7
$OPENSSL s_client $(s_client_options "-state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>$ERRFILE </dev/null
$OPENSSL s_client $(s_client_options "-state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>&1 </dev/null
sclient_connect_successful $? $TMPFILE
ret=$?
debugme grep -E "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error"
# try again without $PROXY
$OPENSSL s_client $(s_client_options "-state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $SNI") >$TMPFILE 2>$ERRFILE </dev/null
$OPENSSL s_client $(s_client_options "-state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $SNI") >$TMPFILE 2>&1 </dev/null
sclient_connect_successful $? $TMPFILE
ret=$?
debugme grep -E "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error"