From cd7a8878789a8e0fc096af83e679074fc7acf692 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Fri, 18 Jul 2025 18:18:30 +0200
Subject: [PATCH] Fix port problem for Opossum

This fixes #2847 .

It was falsely assumed that the http head command blocks when port 80 is not available but
actucally the exec for the socket is the culprit.

This PR changes that so that the exec is put in the background.

Another change is that $node is still used but the port is stripped of which
lead to the problem raised in #2847. We use $node instead of $NODE has we
can recycle the `http_head[er]_printf()` later.

`http_header_printf()`was renamed to `http_head_printf()` as there's also an `http_head()`
and an `http_get()`
---
 testssl.sh | 46 +++++++++++++++++++++++-----------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index b4cf211..c4f9fe6 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -1922,40 +1922,43 @@ http_head() {
 #    arg2: extra http header
 #
 # return codes:
-#    0: all fine
-#    1: server dind't respond within HEADER_MAXSLEEP
-#    3: server dind't respond within HEADER_MAXSLEEP and PROXY was defined
+#    0: all fine (response header is returned as string)
+#    1: server didn't respond within HEADER_MAXSLEEP
+#    3: server didn't respond within HEADER_MAXSLEEP and PROXY was defined
 #
-http_header_printf() {
+http_head_printf() {
      local request_header="$2"
      local useragent="$UA_STD"
-     local tmpfile=$TEMPDIR/$NODE.$NODEIP.http_header_printf.log
-     local errfile=$TEMPDIR/$NODE.$NODEIP.http_header_printf-err.log
+     local tmpfile=$TEMPDIR/$NODE.$NODEIP.http_head_printf.log
+     local errfile=$TEMPDIR/$NODE.$NODEIP.http_head_printf-err.log
      local -i ret=0
      local proto="" foo="" node="" query=""
 
      [[ $DEBUG -eq 0 ]] && errfile=/dev/null
 
      IFS=/ read -r proto foo node query <<< "$1"
-     exec 33<>/dev/tcp/$node/80
-     printf -- "%b" "HEAD ${proto}//${node}/${query} HTTP/1.1\r\nUser-Agent: ${useragent}\r\nHost: ${node}\r\n${request_header}\r\nAccept: */*\r\n\r\n\r\n" >&33 2>$errfile &
+     node=${node%:*}
+     # $node works here good as it connects via IPv6 first, then IPv4
+     bash -c "exec 33<>/dev/tcp/$node/80" >/dev/null &
      wait_kill $! $HEADER_MAXSLEEP
      if [[ $? -ne 0 ]]; then
-          # not killed
+          # not killed --> socket open. Now we connect to the virtual host "$node"
+          printf -- "%b" "HEAD ${proto}//${node}/${query} HTTP/1.1\r\nUser-Agent: ${useragent}\r\nHost: ${node}\r\n${request_header}\r\nAccept: */*\r\n\r\n\r\n" >&33 2>$errfile
+          ret=0
+          if [[ $DEBUG -eq 0 ]] ; then
+               cat <&33
+          else
+               cat <&33 >$tmpfile
+               cat $tmpfile
+          fi
+     else
           if [[ -n "$PROXY" ]]; then
                ret=3
+          else
+               ret=1
           fi
-          ret=1
-     else
-          ret=0
      fi
-     if [[ $DEBUG -eq 0 ]] ; then
-          cat <&33
-     else
-          cat <&33 >$tmpfile
-          cat $tmpfile
-     fi
-     exec 33<&-
+          exec 33<&-
      exec 33>&-
      return $ret
 }
@@ -1963,9 +1966,6 @@ http_header_printf() {
 
 ldap_get() {
      local ldif
-     local -i success
-     local crl="$1"
-     local tmpfile="$2"
      local jsonID="$3"
 
      if type -p curl &>/dev/null; then
@@ -17703,7 +17703,7 @@ run_opossum() {
      case $service in
           HTTP)
                uri=${URI/https:\/\//}
-               response=$(http_header_printf http://${uri} 'Upgrade: TLS/1.0\r\n\r\nClose\r\n')
+               response=$(http_head_printf http://${uri} 'Upgrade: TLS/1.0\r\n\r\nClose\r\n')
                # In any case we use $response but we handle the return codes
                case $? in
                     0)   ret=0 ;;