Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-02-27 10:01:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2659 from dcooper16/npn_sockets

Browse Source 
Enable run_npn() to use tls_sockets()
This commit is contained in:
Dirk Wetter 2025-02-15 13:47:13 +01:00 committed by GitHub
commit f085fd1880
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
testssl.sh
View File

@ -11253,7 +11253,7 @@ npn_pre(){
fileout "NPN" "WARN" "not tested as proxies do not support proxying it" fileout "NPN" "WARN" "not tested as proxies do not support proxying it"
return 1 return 1
fi fi
if ! "$HAS_NPN"; then if "$SSL_NATIVE" && ! "$HAS_NPN"; then
pr_local_problem "$OPENSSL doesn't support NPN/SPDY"; pr_local_problem "$OPENSSL doesn't support NPN/SPDY";
fileout "NPN" "WARN" "not tested $OPENSSL doesn't support NPN/SPDY" fileout "NPN" "WARN" "not tested $OPENSSL doesn't support NPN/SPDY"
return 7 return 7
@ -11299,6 +11299,7 @@ run_npn() {
return 0 return 0
fi fi
if "$HAS_NPN"; then
# TLS 1.3 s_client doesn't support -nextprotoneg when connecting with TLS 1.3. So we need to make sure it won't be used # TLS 1.3 s_client doesn't support -nextprotoneg when connecting with TLS 1.3. So we need to make sure it won't be used
# TLS13_ONLY is tested here again, just to be sure, see npn_pre # TLS13_ONLY is tested here again, just to be sure, see npn_pre
if "$HAS_TLS13" && ! $TLS13_ONLY ]] ; then if "$HAS_TLS13" && ! $TLS13_ONLY ]] ; then
@ -11306,6 +11307,16 @@ run_npn() {
fi fi
$OPENSSL s_client $(s_client_options "$proto -connect $NODEIP:$PORT $BUGS $SNI -nextprotoneg "$NPN_PROTOs"") </dev/null 2>$ERRFILE >$TMPFILE $OPENSSL s_client $(s_client_options "$proto -connect $NODEIP:$PORT $BUGS $SNI -nextprotoneg "$NPN_PROTOs"") </dev/null 2>$ERRFILE >$TMPFILE
[[ $? -ne 0 ]] && ret=1 [[ $? -ne 0 ]] && ret=1
else
tls_sockets "03" "$TLS12_CIPHER" "all"
ret=$?
if [[ $ret -eq 0 ]] || [[ $ret -eq 2 ]]; then
ret=0
else
ret=1
fi
mv "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" "$TMPFILE"
fi
tmpstr="$(grep -a '^Protocols' $TMPFILE | sed 's/Protocols.*: //')" tmpstr="$(grep -a '^Protocols' $TMPFILE | sed 's/Protocols.*: //')"
if [[ -z "$tmpstr" ]] || [[ "$tmpstr" == " " ]]; then if [[ -z "$tmpstr" ]] || [[ "$tmpstr" == " " ]]; then
outln "not offered" outln "not offered"