Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2026-02-01 18:55:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

Suggest alternative $OPENSSL2 when $OPENSSL fails

Browse Source 
.. as an UI improvement for the user.

Implemented for Ticketbleed and during startup in determine_optimal_proto() .
For the latter it could be considered later to automagically pick $OPENSSL2 .
This commit is contained in:
Dirk
2026-01-12 21:07:15 +01:00
parent 6a5a69fcfd
commit d360b27b83
1 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
testssl.sh
View File

@@ -17634,8 +17634,8 @@ run_ticketbleed() {
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS $tls_proto -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>$ERRFILE </dev/null $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS $tls_proto -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>$ERRFILE </dev/null
sclient_connect_successful $? "$TMPFILE" sclient_connect_successful $? "$TMPFILE"
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
prln_warning "Cannot test for ticketbleed. Your OpenSSL cannot connect to $NODEIP:$PORT" prln_warning "Cannot test for ticketbleed. $OPENSSL cannot connect to $NODEIP:$PORT"
fileout "$jsonID" "WARN" "Cannot test for ticketbleed. Your OpenSSL cannot connect to $NODEIP:$PORT." fileout "$jsonID" "WARN" "Cannot test for ticketbleed as $OPENSSL cannot connect to $NODEIP:$PORT."
return 1 return 1
fi fi
case "$(get_protocol $TMPFILE)" in case "$(get_protocol $TMPFILE)" in
@@ -23224,9 +23224,16 @@ determine_optimal_proto() {
[[ $? -ne 0 ]] && exit $ERR_CLUELESS [[ $? -ne 0 ]] && exit $ERR_CLUELESS
MAX_OSSL_FAIL=10 MAX_OSSL_FAIL=10
else else
prln_warning " Your OpenSSL cannot connect to $NODEIP:$PORT" outln
fileout "$jsonID" "WARN" "Your OpenSSL cannot connect to $NODEIP:$PORT." prln_warning " Your $OPENSSL cannot connect to $NODEIP:$PORT."
ignore_no_or_lame " The results might look ok but they could be nonsense. Really proceed ? (\"yes\" to continue)" "yes" if [[ -x $OPENSSL2 ]] ; then
outln " Restarting with --openssl=$OPENSSL2 likely helps"
fileout "$jsonID" "WARN" "$OPENSSL cannot connect to $NODEIP:$PORT. Recommended using --openssl=$OPENSSL2"
else
fileout "$jsonID" "WARN" "Your $OPENSSL cannot connect to $NODEIP:$PORT."
fi
outln
ignore_no_or_lame " If you continue the results are likely not corrrect. Really proceed ? (\"yes\" to continue)" "yes"
[[ $? -ne 0 ]] && exit $ERR_CLUELESS [[ $? -ne 0 ]] && exit $ERR_CLUELESS
fi fi
elif "$all_failed"; then elif "$all_failed"; then