Fix determine_optimal_proto()

This PR fixes two bugs in determine_optimal_proto().

First, sslv2_sockets() returns 3 if the connection was successful.

Second, if all connection attempts using tls_sockets() were unsuccessful, it is possible that $TEMPDIR/$NODEIP.parse_tls_serverhello.txt will not exist, so copying it or grepping it will lead to an error. Checking that $proto is not 22 will fix this as $proto will be empty is $OPENSSL s_client was used and it will be 00, 01, 02, 03, or 04 if tls_sockets() was used and the connection was successful with some protocol higher than SSLv2.
This commit is contained in:
David Cooper 2019-02-12 11:27:49 -05:00 committed by GitHub
parent 5d1109a582
commit dd8ee06ca5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions

View File

@ -17161,11 +17161,11 @@ determine_optimal_proto() {
break break
fi ;; fi ;;
22) sslv2_sockets 22) sslv2_sockets
[[ $? -eq 0 ]] && all_failed=false && add_tls_offered ssl2 yes && OPTIMAL_PROTO="-ssl2" [[ $? -eq 3 ]] && all_failed=false && add_tls_offered ssl2 yes && OPTIMAL_PROTO="-ssl2"
;; ;;
esac esac
done done
cp $TEMPDIR/$NODEIP.parse_tls_serverhello.txt $TMPFILE [[ "$proto" != 22 ]] && cp $TEMPDIR/$NODEIP.parse_tls_serverhello.txt $TMPFILE
debugme echo "proto: $proto" debugme echo "proto: $proto"
else else
# no sockets # no sockets
@ -17210,7 +17210,7 @@ determine_optimal_proto() {
ignore_no_or_lame " Type \"yes\" to proceed and accept false negatives or positives" "yes" ignore_no_or_lame " Type \"yes\" to proceed and accept false negatives or positives" "yes"
[[ $? -ne 0 ]] && exit $ERR_CLUELESS [[ $? -ne 0 ]] && exit $ERR_CLUELESS
fi fi
grep -q '^Server Temp Key' $TMPFILE && HAS_DH_BITS=true # FIX #190 [[ "$proto" != 22 ]] && grep -q '^Server Temp Key' $TMPFILE && HAS_DH_BITS=true # FIX #190
fi fi
if "$all_failed"; then if "$all_failed"; then