From e0c147ec86932535670aee085ac3c26f5a54523d Mon Sep 17 00:00:00 2001
From: David Cooper <dcooper16@gmail.com>
Date: Tue, 24 May 2016 13:57:47 -0400
Subject: [PATCH] run_pfs() and run_rc4() show each fixes

When run_rc4() is run with the "--show-each" option, but without the "--wide" option, a list of all RC4 ciphers is printed, without any distinction between those that are supported by the server and those that are not. This is the same issue I noted in #332 for run_pfs().

In run_pfs(), the displayed output was corrected, but all ciphers were still being added to $pfs_ciphers, so the list of supported PFS ciphers sent to fileout() was incorrect.

This PR fixes both issues.
---
 testssl.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 8869b8a..6ba1ff9 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -3679,7 +3679,7 @@ run_pfs() {
                          out "$pfs_cipher "
                     fi
                fi
-               pfs_ciphers+="$pfs_cipher "
+               [[ $sclient_success -eq 0 ]] && pfs_ciphers+="$pfs_cipher "
                debugme rm $tmpfile
           done < <($OPENSSL ciphers -V "$pfs_cipher_list" 2>$ERRFILE)      # -V doesn't work with openssl < 1.0
           debugme echo $pfs_offered
@@ -5586,9 +5586,9 @@ run_rc4() {
                     fi
                     outln
                else
-                    pr_svrty_high "$rc4_cipher "
+                    [[ $sclient_success -eq 0 ]] && pr_svrty_high "$rc4_cipher "
                fi
-               rc4_detected+="$rc4_cipher "
+               [[ $sclient_success -eq 0 ]] && rc4_detected+="$rc4_cipher "
           done < <($OPENSSL ciphers -V $rc4_ciphers_list:@STRENGTH)
           outln
           "$WIDE" && pr_svrty_high "VULNERABLE (NOT ok)"