From a288954d36f80f2745ccbf0af8a4d12b16ecc070 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Tue, 12 Jul 2016 15:59:24 +0200 Subject: [PATCH 1/2] Added --openssl-timeout parameter In some cases OpenSSL processes hanged indefinitely while scans. This new parameter allows to wrap the "timeout" tool around the openssl invocation. --- testssl.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index ea85fae..e1882300 100755 --- a/testssl.sh +++ b/testssl.sh @@ -134,7 +134,7 @@ TERM_CURRPOS=0 # custom line wrapping ne # following variables make use of $ENV, e.g. OPENSSL= ./testssl.sh # 0 means (normally) true here. Some of the variables are also accessible with a command line switch, see --help -declare -x OPENSSL +declare -x OPENSSL OPENSSL_TIMEOUT COLOR=${COLOR:-2} # 2: Full color, 1: b/w+positioning, 0: no ESC at all COLORBLIND=${COLORBLIND:-false} # if true, swap blue and green in the output SHOW_EACH_C=${SHOW_EACH_C:-false} # where individual ciphers are tested show just the positively ones tested @@ -6734,6 +6734,10 @@ find_openssl_binary() { $OPENSSL s_client -help 2>&1 | grep -qw '\-nextprotoneg' && \ HAS_SPDY=true + if [[ "$OPENSSL_TIMEOUT" != "" ]]; then + OPENSSL="timeout --preserve-status $OPENSSL_TIMEOUT $OPENSSL" + fi + return 0 } @@ -8076,6 +8080,10 @@ parse_cmd_line() { OPENSSL=$(parse_opt_equal_sign "$1" "$2") [[ $? -eq 0 ]] && shift ;; + --openssl-timeout|--openssl-timeout=*) + OPENSSL_TIMEOUT=$(parse_opt_equal_sign "$1" "$2") + [[ $? -eq 0 ]] && shift + ;; --mapping|--mapping=*) local cipher_mapping cipher_mapping=$(parse_opt_equal_sign "$1" "$2") From be5004741c5abdc197014efeb974a1f12e848955 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Tue, 12 Jul 2016 16:06:50 +0200 Subject: [PATCH 2/2] Added port numbers to log and result output files --- testssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index e1882300..985bb41 100755 --- a/testssl.sh +++ b/testssl.sh @@ -7131,7 +7131,7 @@ parse_hn_port() { prepare_logging() { local fname_prefix="$1" - [[ -z "$fname_prefix" ]] && fname_prefix="$NODE" + [[ -z "$fname_prefix" ]] && fname_prefix="$NODE:$PORT" if "$do_logging"; then if [[ -z "$LOGFILE" ]]; then