- first prototype for using = in cmdline, see #108. Tests needed

- beautified big case loop
This commit is contained in:
Dirk 2015-06-01 12:01:38 +02:00
parent 452fd6762a
commit cac985967f

View File

@ -2940,8 +2940,8 @@ old_fart() {
find_openssl_binary() { find_openssl_binary() {
# 0. check environment variable whether it's executable # 0. check environment variable whether it's executable
if [ ! -z "$OPENSSL" ] && [ ! -x "$OPENSSL" ]; then if [ ! -z "$OPENSSL" ] && [ ! -x "$OPENSSL" ]; then
pr_redln "\ncannot find (\$OPENSSL=$OPENSSL) binary." pr_red "\ncannot find (\$OPENSSL=$OPENSSL) binary."
outln "continuing ..." outln " Looking some place else ..."
fi fi
if [ -x "$OPENSSL" ]; then if [ -x "$OPENSSL" ]; then
# 1. check environment variable # 1. check environment variable
@ -3539,6 +3539,18 @@ debug_globals() {
} }
# arg1+2 are just the options
parse_opt_equal_sign() {
if [[ "$1" == *=* ]]; then
echo "$1" | awk -F'=' '{ print $2 }'
return 1 # = means we don't need to shift args!
else
echo $2
return 0 # we need to shift
fi
}
# Parses options # Parses options
startup() { startup() {
@ -3547,56 +3559,73 @@ startup() {
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
case $1 in case $1 in
-h|--help)
help 0
;;
-b|--banner|-v|--version) -b|--banner|-v|--version)
find_openssl_binary find_openssl_binary
mybanner mybanner
exit 0;; exit 0
;;
--mx) --mx)
do_mx_all_ips=true;; do_mx_all_ips=true
;;
--mx465) # doesn't work with major ISPs --mx465) # doesn't work with major ISPs
do_mx_all_ips=true do_mx_all_ips=true
PORT=465 ;; PORT=465
;;
--mx587) # doesn't work with major ISPs --mx587) # doesn't work with major ISPs
do_mx_all_ips=true do_mx_all_ips=true
PORT=587 ;; PORT=587
--ip) ;;
CMDLINE_IP=$2 --ip|--ip=*)
shift ;; CMDLINE_IP=$(parse_opt_equal_sign "$1" "$2")
-V|--local) # this is only displaying local, thus we don't put it in the loop [ $? -eq 0 ] && shift
;;
-V|-V=*|--local|--local=*) # this is only displaying local ciphers, thus we don't put it in the loop
find_openssl_binary find_openssl_binary
mybanner mybanner
openssl_age openssl_age
maketempf maketempf
initialize_engine # GOST support- initialize_engine # for GOST support
prettyprint_local "$2" prettyprint_local $(parse_opt_equal_sign "$1" "$2")
exit $? ;; exit $?
-x|--single-cipher|--single_cipher) ;;
-x|-x=*|--single[-_]cipher|--single[-_]cipher=*)
do_test_just_one=true do_test_just_one=true
single_cipher=$2 single_cipher=$(parse_opt_equal_sign "$1" "$2")
shift;; [ $? -eq 0 ] && shift
-t|--starttls) ;;
STARTTLS_PROTOCOL=$2 -t|-t=*|--starttls|--starttls=*)
do_starttls=true do_starttls=true
shift;; STARTTLS_PROTOCOL=$(parse_opt_equal_sign "$1" "$2")
[ $? -eq 0 ] && shift
;;
-e|--each-cipher) -e|--each-cipher)
do_allciphers=true;; do_allciphers=true
;;
-E|--cipher-per-proto|--cipher_per_proto) -E|--cipher-per-proto|--cipher_per_proto)
do_cipher_per_proto=true;; do_cipher_per_proto=true
-h|--help) ;;
help 0 ;;
-p|--protocols) -p|--protocols)
do_protocols=true do_protocols=true
do_spdy=true;; do_spdy=true
;;
-y|--spdy|--npn) -y|--spdy|--npn)
do_spdy=true;; do_spdy=true
;;
-f|--ciphers) -f|--ciphers)
do_run_std_cipherlists=true;; do_run_std_cipherlists=true
-S|--server_defaults|--server-defaults) ;;
do_server_defaults=true;; -S|--server[-_]defaults)
-P|--server_preference|--server-preference) do_server_defaults=true
do_server_preference=true;; ;;
-P|--server[_-]preference)
do_server_preference=true
;;
-H|--header|--headers) -H|--header|--headers)
do_header=true;; do_header=true
;;
-U|--vulnerable) -U|--vulnerable)
do_vulnerabilities=true do_vulnerabilities=true
do_heartbleed=true do_heartbleed=true
@ -3609,39 +3638,51 @@ startup() {
do_beast=true do_beast=true
do_rc4=true do_rc4=true
do_logjam=true do_logjam=true
VULN_COUNT=10 ;; VULN_COUNT=10
;;
-B|--heartbleed) -B|--heartbleed)
do_heartbleed=true do_heartbleed=true
let "VULN_COUNT++" ;; let "VULN_COUNT++"
-I|--ccs|--ccs_injection|--ccs-injection) ;;
-I|--ccs|--ccs[-_]injection)
do_ccs_injection=true do_ccs_injection=true
let "VULN_COUNT++" ;; let "VULN_COUNT++"
;;
-R|--renegotiation) -R|--renegotiation)
do_renego=true do_renego=true
let "VULN_COUNT++" ;; let "VULN_COUNT++"
;;
-C|--compression|--crime) -C|--compression|--crime)
do_crime=true do_crime=true
let "VULN_COUNT++" ;; let "VULN_COUNT++"
;;
-T|--breach) -T|--breach)
do_breach=true do_breach=true
let "VULN_COUNT++" ;; let "VULN_COUNT++"
;;
-O|--poodle) -O|--poodle)
do_ssl_poodle=true do_ssl_poodle=true
let "VULN_COUNT++" ;; let "VULN_COUNT++"
;;
-F|--freak) -F|--freak)
do_freak=true do_freak=true
let "VULN_COUNT++" ;; let "VULN_COUNT++"
;;
-J|--logjam) -J|--logjam)
do_logjam=true do_logjam=true
let "VULN_COUNT++" ;; let "VULN_COUNT++"
;;
-A|--beast) -A|--beast)
do_beast=true do_beast=true
let "VULN_COUNT++" ;; let "VULN_COUNT++"
;;
-4|--rc4|--appelbaum) -4|--rc4|--appelbaum)
do_rc4=true do_rc4=true
let "VULN_COUNT++" ;; let "VULN_COUNT++"
;;
-s|--pfs|--fs|--nsa) -s|--pfs|--fs|--nsa)
do_pfs=true;; do_pfs=true
;;
-q) ### this is a development feature and will disappear: -q) ### this is a development feature and will disappear:
# DEBUG=3 ./testssl.sh -q 03 "cc, 13, c0, 13" google.de # DEBUG=3 ./testssl.sh -q 03 "cc, 13, c0, 13" google.de
# DEBUG=3 ./testssl.sh -q 01 yandex.ru # DEBUG=3 ./testssl.sh -q 01 yandex.ru
@ -3652,41 +3693,56 @@ startup() {
fi fi
shift shift
do_tls_sockets=true do_tls_sockets=true
outln "TLS_LOW_BYTE/HEX_CIPHER: ${TLS_LOW_BYTE}/${HEX_CIPHER}" ;; outln "TLS_LOW_BYTE/HEX_CIPHER: ${TLS_LOW_BYTE}/${HEX_CIPHER}"
--wide) WIDE=0 ;; ;;
--assuming-http|--assuming_http|--assume_http|--assume-http) --wide)
ASSUMING_HTTP=0 ;; WIDE=0
;;
--assuming[_-]http|--assume[-_]http)
ASSUMING_HTTP=0
;;
--sneaky) --sneaky)
SNEAKY=0 ;; SNEAKY=0
--warnings) ;;
case "$2" in --warnings|--warnings=*)
batch|off|false) WARNINGS="$2" ;; WARNINGS=$(parse_opt_equal_sign "$1" "$2")
[ $? -eq 0 ] && shift
case "$WARNING" in
batch|off|false) ;;
default) pr_magentaln "warnings can be either \"batch\", \"off\" or \"false\"" ;; default) pr_magentaln "warnings can be either \"batch\", \"off\" or \"false\"" ;;
esac esac
shift ;; ;;
--show-each|--show_each) --show[-_]each)
SHOW_EACH_C=1 ;; #FIXME: sense is vice versa SHOW_EACH_C=1 #FIXME: sense is vice versa
--debug) ;;
DEBUG="$2" --debug|--debug=*)
shift ;; DEBUG=$(parse_opt_equal_sign "$1" "$2")
--color) [ $? -eq 0 ] && shift
COLOR=$2 ;;
--color|--color=*)
COLOR=$(parse_opt_equal_sign "$1" "$2")
[ $? -eq 0 ] && shift
if [ $COLOR -ne 0 ] && [ $COLOR -ne 1 ] && [ $COLOR -ne 2 ] ; then if [ $COLOR -ne 0 ] && [ $COLOR -ne 1 ] && [ $COLOR -ne 2 ] ; then
COLOR=2 COLOR=2
pr_magentaln "$0: unrecognized color: $2" 1>&2 pr_magentaln "$0: unrecognized color: $2" 1>&2
help 1 help 1
fi fi
shift ;; ;;
--openssl) --openssl|--openssl=*)
OPENSSL="$2" OPENSSL=$(parse_opt_equal_sign "$1" "$2")
shift ;; [ $? -eq 0 ] && shift
;;
--ssl_native|--ssl-native) --ssl_native|--ssl-native)
SSL_NATIVE=0 ;; SSL_NATIVE=0
;;
(--) shift (--) shift
break ;; break
;;
(-*) pr_magentaln "$0: unrecognized option $1" 1>&2; (-*) pr_magentaln "$0: unrecognized option $1" 1>&2;
help 1 ;; help 1
(*) break ;; ;;
(*) break
;;
esac esac
shift shift
done done
@ -3783,6 +3839,6 @@ fi
exit $ret exit $ret
# $Id: testssl.sh,v 1.267 2015/05/31 12:40:11 dirkw Exp $ # $Id: testssl.sh,v 1.268 2015/06/01 10:01:37 dirkw Exp $
# vim:ts=5:sw=5 # vim:ts=5:sw=5
# ^^^ FYI: use vim and you will see everything beautifully indented with a 5 char tab # ^^^ FYI: use vim and you will see everything beautifully indented with a 5 char tab