mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-20 23:49:30 +01:00
Don't write to /dev/stdout
As noted in #1273, there are some environments that will not allow writing to /dev/stdout. PR #1277 was an attempt to address that problem (along with an unrelated problem), but it appears that work on #1277 has been abandoned. At the moment, "/dev/stdout" is only used as a parameter to asciihex_to_binary_file (in fact, most calls to asciihex_to_binary_file specify "/dev/stdout" as the file parameter). This PR removes the file parameter from asciihex_to_binary_file (and so renames it asciihex_to_binary). In most cases, this just means removing "/dev/stdout" as a parameter to the function. In the few cases in which a parameter other than "/dev/stdout" was provided to asciihex_to_binary_file, this PR just uses a redirect (">" or ">>") to accomplish the same result as providing the output file to asciihex_to_binary_file(). Note that #1273 and #1277 raised the issue of trying to write to /tmp, and this PR does not attempt to address that.
This commit is contained in:
parent
be5a258383
commit
f181efb352
71
testssl.sh
71
testssl.sh
@ -1793,8 +1793,7 @@ check_revocation_ocsp() {
|
|||||||
grep -q "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TEMPDIR/intermediatecerts.pem || return 0
|
grep -q "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TEMPDIR/intermediatecerts.pem || return 0
|
||||||
tmpfile=$TEMPDIR/${NODE}-${NODEIP}.${uri##*\/} || exit $ERR_FCREATE
|
tmpfile=$TEMPDIR/${NODE}-${NODEIP}.${uri##*\/} || exit $ERR_FCREATE
|
||||||
if [[ -n "$stapled_response" ]]; then
|
if [[ -n "$stapled_response" ]]; then
|
||||||
> "$TEMPDIR/stapled_ocsp_response.dd"
|
asciihex_to_binary "$stapled_response" > "$TEMPDIR/stapled_ocsp_response.dd"
|
||||||
asciihex_to_binary_file "$stapled_response" "$TEMPDIR/stapled_ocsp_response.dd"
|
|
||||||
$OPENSSL ocsp -no_nonce -respin "$TEMPDIR/stapled_ocsp_response.dd" \
|
$OPENSSL ocsp -no_nonce -respin "$TEMPDIR/stapled_ocsp_response.dd" \
|
||||||
-issuer $TEMPDIR/hostcert_issuer.pem -verify_other $TEMPDIR/intermediatecerts.pem \
|
-issuer $TEMPDIR/hostcert_issuer.pem -verify_other $TEMPDIR/intermediatecerts.pem \
|
||||||
-CAfile <(cat $ADDITIONAL_CA_FILES "$GOOD_CA_BUNDLE") -cert $HOSTCERT -text &> "$tmpfile"
|
-CAfile <(cat $ADDITIONAL_CA_FILES "$GOOD_CA_BUNDLE") -cert $HOSTCERT -text &> "$tmpfile"
|
||||||
@ -1903,11 +1902,9 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# arg1: An ASCII-HEX string
|
# arg1: An ASCII-HEX string
|
||||||
# arg2: file name
|
# Print $arg1 in binary format
|
||||||
# Append $arg1 in binary format to $arg2
|
asciihex_to_binary() {
|
||||||
asciihex_to_binary_file(){
|
|
||||||
local string="$1"
|
local string="$1"
|
||||||
local file="$2"
|
|
||||||
local -i len
|
local -i len
|
||||||
local -i i ip2 ip4 ip6 ip8 ip10 ip12 ip14
|
local -i i ip2 ip4 ip6 ip8 ip10 ip12 ip14
|
||||||
local -i remainder
|
local -i remainder
|
||||||
@ -1916,20 +1913,20 @@ asciihex_to_binary_file(){
|
|||||||
[[ $len%2 -ne 0 ]] && return 1
|
[[ $len%2 -ne 0 ]] && return 1
|
||||||
|
|
||||||
for (( i=0; i <= len-16 ; i=i+16 )); do
|
for (( i=0; i <= len-16 ; i=i+16 )); do
|
||||||
ip2=$i+2; ip4=$i+4; ip6=$i+6; ip8=$i+8; ip10=$i+10; ip12=$i+12; ip14=$i+14
|
ip2=$((i+2)); ip4=$((i+4)); ip6=$((i+6)); ip8=$((i+8)); ip10=$((i+10)); ip12=$((i+12)); ip14=$((i+14))
|
||||||
printf -- "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}\x${string:ip8:2}\x${string:ip10:2}\x${string:ip12:2}\x${string:ip14:2}" >> "$file"
|
printf -- "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}\x${string:ip8:2}\x${string:ip10:2}\x${string:ip12:2}\x${string:ip14:2}"
|
||||||
done
|
done
|
||||||
|
|
||||||
ip2=$i+2; ip4=$i+4; ip6=$i+6; ip8=$i+8; ip10=$i+10; ip12=$i+12; ip14=$i+14
|
ip2=$((i+2)); ip4=$((i+4)); ip6=$((i+6)); ip8=$((i+8)); ip10=$((i+10)); ip12=$((i+12)); ip14=$((i+14))
|
||||||
remainder=$len-$i
|
remainder=$len-$i
|
||||||
case $remainder in
|
case $remainder in
|
||||||
2) printf -- "\x${string:i:2}" >> "$file" ;;
|
2) printf -- "\x${string:i:2}" ;;
|
||||||
4) printf -- "\x${string:i:2}\x${string:ip2:2}" >> "$file" ;;
|
4) printf -- "\x${string:i:2}\x${string:ip2:2}" ;;
|
||||||
6) printf -- "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}" >> "$file" ;;
|
6) printf -- "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}" ;;
|
||||||
8) printf -- "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}" >> "$file" ;;
|
8) printf -- "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}" ;;
|
||||||
10) printf -- "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}\x${string:ip8:2}" >> "$file" ;;
|
10) printf -- "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}\x${string:ip8:2}" ;;
|
||||||
12) printf -- "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}\x${string:ip8:2}\x${string:ip10:2}" >> "$file" ;;
|
12) printf -- "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}\x${string:ip8:2}\x${string:ip10:2}" ;;
|
||||||
14) printf -- "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}\x${string:ip8:2}\x${string:ip10:2}\x${string:ip12:2}" >> "$file" ;;
|
14) printf -- "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}\x${string:ip8:2}\x${string:ip10:2}\x${string:ip12:2}" ;;
|
||||||
esac
|
esac
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
@ -7743,7 +7740,7 @@ compare_server_name_to_cert() {
|
|||||||
j+=2
|
j+=2
|
||||||
fi
|
fi
|
||||||
if [[ $len1 -ne 0 ]]; then
|
if [[ $len1 -ne 0 ]]; then
|
||||||
san="$(asciihex_to_binary_file "${dercert:j:len1}" "/dev/stdout")"
|
san="$(asciihex_to_binary "${dercert:j:len1}")"
|
||||||
if [[ "${dercert:i:20}" == "06082B06010505070805" ]]; then
|
if [[ "${dercert:i:20}" == "06082B06010505070805" ]]; then
|
||||||
xmppaddr+="$san "
|
xmppaddr+="$san "
|
||||||
else
|
else
|
||||||
@ -7904,7 +7901,7 @@ etsi_etls_visibility_info() {
|
|||||||
# Next is the 10-byte fingerprint, encoded as an OCTET STRING (04)
|
# Next is the 10-byte fingerprint, encoded as an OCTET STRING (04)
|
||||||
[[ "${dercert:j:4}" == 040A ]] || continue
|
[[ "${dercert:j:4}" == 040A ]] || continue
|
||||||
j+=4
|
j+=4
|
||||||
fingerprint[nr_visnames]="$(asciihex_to_binary_file "${dercert:j:20}" "/dev/stdout")"
|
fingerprint[nr_visnames]="$(asciihex_to_binary "${dercert:j:20}")"
|
||||||
j+=20
|
j+=20
|
||||||
# Finally comes the access description, encoded as a UTF8String (0C).
|
# Finally comes the access description, encoded as a UTF8String (0C).
|
||||||
[[ "${dercert:j:2}" == 0C ]] || continue
|
[[ "${dercert:j:2}" == 0C ]] || continue
|
||||||
@ -7921,7 +7918,7 @@ etsi_etls_visibility_info() {
|
|||||||
len1=2*0x${dercert:j:2}
|
len1=2*0x${dercert:j:2}
|
||||||
j+=2
|
j+=2
|
||||||
fi
|
fi
|
||||||
access_description[nr_visnames]=""$(asciihex_to_binary_file "${dercert:j:len1}" "/dev/stdout")""
|
access_description[nr_visnames]=""$(asciihex_to_binary "${dercert:j:len1}")""
|
||||||
nr_visnames+=1
|
nr_visnames+=1
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
@ -10722,7 +10719,7 @@ get_dh_ephemeralkey() {
|
|||||||
len1="82$(printf "%04x" $((i/2)))"
|
len1="82$(printf "%04x" $((i/2)))"
|
||||||
fi
|
fi
|
||||||
key_bitstring="30${len1}${dh_param}${dh_y}"
|
key_bitstring="30${len1}${dh_param}${dh_y}"
|
||||||
key_bitstring="$(asciihex_to_binary_file "$key_bitstring" "/dev/stdout" | $OPENSSL pkey -pubin -inform DER 2> $ERRFILE)"
|
key_bitstring="$(asciihex_to_binary "$key_bitstring" | $OPENSSL pkey -pubin -inform DER 2> $ERRFILE)"
|
||||||
[[ -z "$key_bitstring" ]] && return 1
|
[[ -z "$key_bitstring" ]] && return 1
|
||||||
tm_out "$key_bitstring"
|
tm_out "$key_bitstring"
|
||||||
return 0
|
return 0
|
||||||
@ -10827,7 +10824,7 @@ parse_sslv2_serverhello() {
|
|||||||
certificate_len=2*$(hex2dec "$v2_hello_cert_length")
|
certificate_len=2*$(hex2dec "$v2_hello_cert_length")
|
||||||
|
|
||||||
if [[ "$v2_cert_type" == "01" ]] && [[ "$v2_hello_cert_length" != "00" ]]; then
|
if [[ "$v2_cert_type" == "01" ]] && [[ "$v2_hello_cert_length" != "00" ]]; then
|
||||||
asciihex_to_binary_file "${v2_hello_ascii:26:certificate_len}" "/dev/stdout" | \
|
asciihex_to_binary "${v2_hello_ascii:26:certificate_len}" | \
|
||||||
$OPENSSL x509 -inform DER -outform PEM -out $HOSTCERT 2>$ERRFILE
|
$OPENSSL x509 -inform DER -outform PEM -out $HOSTCERT 2>$ERRFILE
|
||||||
if [[ $? -ne 0 ]]; then
|
if [[ $? -ne 0 ]]; then
|
||||||
debugme echo "Malformed certificate in ServerHello."
|
debugme echo "Malformed certificate in ServerHello."
|
||||||
@ -10860,11 +10857,11 @@ hmac() {
|
|||||||
local -i ret
|
local -i ret
|
||||||
|
|
||||||
if [[ ! "$OSSL_NAME" =~ LibreSSL ]] && [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 3.0.0* ]]; then
|
if [[ ! "$OSSL_NAME" =~ LibreSSL ]] && [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 3.0.0* ]]; then
|
||||||
output="$(asciihex_to_binary_file "$text" "/dev/stdout" | $OPENSSL mac -macopt digest:"${hash_fn/-/}" -macopt hexkey:"$key" HMAC 2>/dev/null)"
|
output="$(asciihex_to_binary "$text" | $OPENSSL mac -macopt digest:"${hash_fn/-/}" -macopt hexkey:"$key" HMAC 2>/dev/null)"
|
||||||
ret=$?
|
ret=$?
|
||||||
tm_out "$(strip_lf "$output")"
|
tm_out "$(strip_lf "$output")"
|
||||||
else
|
else
|
||||||
output="$(asciihex_to_binary_file "$text" "/dev/stdout" | $OPENSSL dgst "$hash_fn" -mac HMAC -macopt hexkey:"$key" 2>/dev/null)"
|
output="$(asciihex_to_binary "$text" | $OPENSSL dgst "$hash_fn" -mac HMAC -macopt hexkey:"$key" 2>/dev/null)"
|
||||||
ret=$?
|
ret=$?
|
||||||
tm_out "$(awk '/=/ { print $2 }' <<< "$output")"
|
tm_out "$(awk '/=/ { print $2 }' <<< "$output")"
|
||||||
fi
|
fi
|
||||||
@ -10957,7 +10954,7 @@ derive-secret() {
|
|||||||
*) return 7
|
*) return 7
|
||||||
esac
|
esac
|
||||||
|
|
||||||
hash_messages="$(asciihex_to_binary_file "$messages" "/dev/stdout" | $OPENSSL dgst "$hash_fn" 2>/dev/null | awk '/=/ { print $2 }')"
|
hash_messages="$(asciihex_to_binary "$messages" | $OPENSSL dgst "$hash_fn" 2>/dev/null | awk '/=/ { print $2 }')"
|
||||||
hkdf-expand-label "$hash_fn" "$secret" "$label" "$hash_messages" "$hash_len"
|
hkdf-expand-label "$hash_fn" "$secret" "$label" "$hash_messages" "$hash_len"
|
||||||
return $?
|
return $?
|
||||||
}
|
}
|
||||||
@ -11090,7 +11087,7 @@ derive-handshake-traffic-keys() {
|
|||||||
if [[ -n "$hrr" ]] && [[ "${serverhello:8:4}" == "7F12" ]]; then
|
if [[ -n "$hrr" ]] && [[ "${serverhello:8:4}" == "7F12" ]]; then
|
||||||
derived_secret="$(derive-handshake-traffic-secret "$hash_fn" "$priv_file" "$pub_file" "$clienthello1$hrr$clienthello2$serverhello")"
|
derived_secret="$(derive-handshake-traffic-secret "$hash_fn" "$priv_file" "$pub_file" "$clienthello1$hrr$clienthello2$serverhello")"
|
||||||
elif [[ -n "$hrr" ]]; then
|
elif [[ -n "$hrr" ]]; then
|
||||||
hash_clienthello1="$(asciihex_to_binary_file "$clienthello1" "/dev/stdout" | $OPENSSL dgst "$hash_fn" 2>/dev/null | awk '/=/ { print $2 }')"
|
hash_clienthello1="$(asciihex_to_binary "$clienthello1" | $OPENSSL dgst "$hash_fn" 2>/dev/null | awk '/=/ { print $2 }')"
|
||||||
derived_secret="$(derive-handshake-traffic-secret "$hash_fn" "$priv_file" "$pub_file" "FE0000$(printf "%02x" $((${#hash_clienthello1}/2)))$hash_clienthello1$hrr$clienthello2$serverhello")"
|
derived_secret="$(derive-handshake-traffic-secret "$hash_fn" "$priv_file" "$pub_file" "FE0000$(printf "%02x" $((${#hash_clienthello1}/2)))$hash_clienthello1$hrr$clienthello2$serverhello")"
|
||||||
else
|
else
|
||||||
derived_secret="$(derive-handshake-traffic-secret "$hash_fn" "$priv_file" "$pub_file" "$clienthello2$serverhello")"
|
derived_secret="$(derive-handshake-traffic-secret "$hash_fn" "$priv_file" "$pub_file" "$clienthello2$serverhello")"
|
||||||
@ -11394,18 +11391,18 @@ sym-decrypt() {
|
|||||||
|
|
||||||
if [[ "$cipher" =~ CHACHA20_POLY1305 ]]; then
|
if [[ "$cipher" =~ CHACHA20_POLY1305 ]]; then
|
||||||
if "$HAS_CHACHA20"; then
|
if "$HAS_CHACHA20"; then
|
||||||
plaintext="$(asciihex_to_binary_file "${ciphertext:0:ciphertext_len}" "/dev/stdout" | \
|
plaintext="$(asciihex_to_binary "${ciphertext:0:ciphertext_len}" | \
|
||||||
$OPENSSL enc -chacha20 -K "$key" -iv "01000000$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
|
$OPENSSL enc -chacha20 -K "$key" -iv "01000000$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
|
||||||
plaintext="$(strip_spaces "$plaintext")"
|
plaintext="$(strip_spaces "$plaintext")"
|
||||||
else
|
else
|
||||||
plaintext="$(chacha20 "$key" "$nonce" "${ciphertext:0:ciphertext_len}")"
|
plaintext="$(chacha20 "$key" "$nonce" "${ciphertext:0:ciphertext_len}")"
|
||||||
fi
|
fi
|
||||||
elif [[ "$cipher" == TLS_AES_128_GCM_SHA256 ]] && "$HAS_AES128_GCM"; then
|
elif [[ "$cipher" == TLS_AES_128_GCM_SHA256 ]] && "$HAS_AES128_GCM"; then
|
||||||
plaintext="$(asciihex_to_binary_file "${ciphertext:0:ciphertext_len}" "/dev/stdout" | \
|
plaintext="$(asciihex_to_binary "${ciphertext:0:ciphertext_len}" | \
|
||||||
$OPENSSL enc -aes-128-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
|
$OPENSSL enc -aes-128-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
|
||||||
plaintext="$(strip_spaces "$plaintext")"
|
plaintext="$(strip_spaces "$plaintext")"
|
||||||
elif [[ "$cipher" == TLS_AES_256_GCM_SHA384 ]] && "$HAS_AES256_GCM"; then
|
elif [[ "$cipher" == TLS_AES_256_GCM_SHA384 ]] && "$HAS_AES256_GCM"; then
|
||||||
plaintext="$(asciihex_to_binary_file "${ciphertext:0:ciphertext_len}" "/dev/stdout" | \
|
plaintext="$(asciihex_to_binary "${ciphertext:0:ciphertext_len}" | \
|
||||||
$OPENSSL enc -aes-256-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
|
$OPENSSL enc -aes-256-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
|
||||||
plaintext="$(strip_spaces "$plaintext")"
|
plaintext="$(strip_spaces "$plaintext")"
|
||||||
else
|
else
|
||||||
@ -11952,7 +11949,7 @@ parse_tls_serverhello() {
|
|||||||
tls_certificate_ascii_len=2*0x${tls_handshake_ascii:offset:6}
|
tls_certificate_ascii_len=2*0x${tls_handshake_ascii:offset:6}
|
||||||
offset=$((i+16))
|
offset=$((i+16))
|
||||||
len1=$((msg_len-16))
|
len1=$((msg_len-16))
|
||||||
tls_certificate_ascii="$(asciihex_to_binary_file "${tls_handshake_ascii:offset:len1}" /dev/stdout | $OPENSSL zlib -d 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
|
tls_certificate_ascii="$(asciihex_to_binary "${tls_handshake_ascii:offset:len1}" | $OPENSSL zlib -d 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
|
||||||
tls_certificate_ascii="${tls_certificate_ascii%%[!0-9A-F]*}"
|
tls_certificate_ascii="${tls_certificate_ascii%%[!0-9A-F]*}"
|
||||||
if [[ ${#tls_certificate_ascii} -ne $tls_certificate_ascii_len ]]; then
|
if [[ ${#tls_certificate_ascii} -ne $tls_certificate_ascii_len ]]; then
|
||||||
debugme tmln_warning "Length of uncompressed certificates did not match specified length."
|
debugme tmln_warning "Length of uncompressed certificates did not match specified length."
|
||||||
@ -12139,7 +12136,7 @@ parse_tls_serverhello() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
offset=$((offset+2))
|
offset=$((offset+2))
|
||||||
asciihex_to_binary_file "${tls_serverhello_ascii:offset:j}" "$TMPFILE"
|
asciihex_to_binary "${tls_serverhello_ascii:offset:j}" >> "$TMPFILE"
|
||||||
echo "" >> $TMPFILE
|
echo "" >> $TMPFILE
|
||||||
echo "===============================================================================" >> $TMPFILE
|
echo "===============================================================================" >> $TMPFILE
|
||||||
fi
|
fi
|
||||||
@ -12235,7 +12232,7 @@ parse_tls_serverhello() {
|
|||||||
key_bitstring="3082${len1}$key_bitstring"
|
key_bitstring="3082${len1}$key_bitstring"
|
||||||
fi
|
fi
|
||||||
if [[ -n "$key_bitstring" ]]; then
|
if [[ -n "$key_bitstring" ]]; then
|
||||||
key_bitstring="$(asciihex_to_binary_file "$key_bitstring" "/dev/stdout" | $OPENSSL pkey -pubin -inform DER 2>$ERRFILE)"
|
key_bitstring="$(asciihex_to_binary "$key_bitstring" | $OPENSSL pkey -pubin -inform DER 2>$ERRFILE)"
|
||||||
if [[ -z "$key_bitstring" ]] && [[ $DEBUG -ge 2 ]]; then
|
if [[ -z "$key_bitstring" ]] && [[ $DEBUG -ge 2 ]]; then
|
||||||
if [[ -n "$named_curve_str" ]]; then
|
if [[ -n "$named_curve_str" ]]; then
|
||||||
prln_warning "Your $OPENSSL doesn't support $named_curve_str"
|
prln_warning "Your $OPENSSL doesn't support $named_curve_str"
|
||||||
@ -12282,7 +12279,7 @@ parse_tls_serverhello() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
offset=$((offset+2))
|
offset=$((offset+2))
|
||||||
asciihex_to_binary_file "${tls_serverhello_ascii:offset:protocol_len}" "$TMPFILE"
|
asciihex_to_binary "${tls_serverhello_ascii:offset:protocol_len}" >> "$TMPFILE"
|
||||||
offset=$((offset+protocol_len))
|
offset=$((offset+protocol_len))
|
||||||
[[ $j+$protocol_len+2 -lt $extension_len ]] && echo -n ", " >> $TMPFILE
|
[[ $j+$protocol_len+2 -lt $extension_len ]] && echo -n ", " >> $TMPFILE
|
||||||
done
|
done
|
||||||
@ -12539,7 +12536,7 @@ parse_tls_serverhello() {
|
|||||||
tmpfile_handle ${FUNCNAME[0]}.txt
|
tmpfile_handle ${FUNCNAME[0]}.txt
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
asciihex_to_binary_file "${tls_certificate_ascii:12:certificate_len}" "/dev/stdout" | \
|
asciihex_to_binary "${tls_certificate_ascii:12:certificate_len}" | \
|
||||||
$OPENSSL x509 -inform DER -outform PEM -out "$HOSTCERT" 2>$ERRFILE
|
$OPENSSL x509 -inform DER -outform PEM -out "$HOSTCERT" 2>$ERRFILE
|
||||||
if [[ $? -ne 0 ]]; then
|
if [[ $? -ne 0 ]]; then
|
||||||
debugme echo "Malformed certificate in Certificate Handshake message in ServerHello."
|
debugme echo "Malformed certificate in Certificate Handshake message in ServerHello."
|
||||||
@ -12573,7 +12570,7 @@ parse_tls_serverhello() {
|
|||||||
tmpfile_handle ${FUNCNAME[0]}.txt
|
tmpfile_handle ${FUNCNAME[0]}.txt
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
pem_certificate="$(asciihex_to_binary_file "${tls_certificate_ascii:i:certificate_len}" "/dev/stdout" | \
|
pem_certificate="$(asciihex_to_binary "${tls_certificate_ascii:i:certificate_len}" | \
|
||||||
$OPENSSL x509 -inform DER -outform PEM 2>$ERRFILE)"
|
$OPENSSL x509 -inform DER -outform PEM 2>$ERRFILE)"
|
||||||
if [[ $? -ne 0 ]]; then
|
if [[ $? -ne 0 ]]; then
|
||||||
debugme echo "Malformed certificate in Certificate Handshake message in ServerHello."
|
debugme echo "Malformed certificate in Certificate Handshake message in ServerHello."
|
||||||
@ -12641,10 +12638,10 @@ parse_tls_serverhello() {
|
|||||||
echo "OCSP response:" >> $TMPFILE
|
echo "OCSP response:" >> $TMPFILE
|
||||||
echo "===============================================================================" >> $TMPFILE
|
echo "===============================================================================" >> $TMPFILE
|
||||||
if [[ -n "$hostcert_issuer" ]]; then
|
if [[ -n "$hostcert_issuer" ]]; then
|
||||||
asciihex_to_binary_file "$STAPLED_OCSP_RESPONSE" "/dev/stdout" | \
|
asciihex_to_binary "$STAPLED_OCSP_RESPONSE" | \
|
||||||
$OPENSSL ocsp -no_nonce -CAfile $TEMPDIR/intermediatecerts.pem -issuer $hostcert_issuer -cert $HOSTCERT -respin /dev/stdin -resp_text >> $TMPFILE 2>$ERRFILE
|
$OPENSSL ocsp -no_nonce -CAfile $TEMPDIR/intermediatecerts.pem -issuer $hostcert_issuer -cert $HOSTCERT -respin /dev/stdin -resp_text >> $TMPFILE 2>$ERRFILE
|
||||||
else
|
else
|
||||||
asciihex_to_binary_file "$STAPLED_OCSP_RESPONSE" "/dev/stdout" | \
|
asciihex_to_binary "$STAPLED_OCSP_RESPONSE" | \
|
||||||
$OPENSSL ocsp -respin /dev/stdin -resp_text >> $TMPFILE 2>$ERRFILE
|
$OPENSSL ocsp -respin /dev/stdin -resp_text >> $TMPFILE 2>$ERRFILE
|
||||||
fi
|
fi
|
||||||
echo "===============================================================================" >> $TMPFILE
|
echo "===============================================================================" >> $TMPFILE
|
||||||
@ -16552,7 +16549,7 @@ run_robot() {
|
|||||||
esac
|
esac
|
||||||
|
|
||||||
# Encrypt the padded premaster secret using the server's public key.
|
# Encrypt the padded premaster secret using the server's public key.
|
||||||
encrypted_pms="$(asciihex_to_binary_file "$padded_pms" "/dev/stdout" | \
|
encrypted_pms="$(asciihex_to_binary "$padded_pms" | \
|
||||||
$OPENSSL pkeyutl -encrypt -certin -inkey $HOSTCERT -pkeyopt rsa_padding_mode:none 2>/dev/null | \
|
$OPENSSL pkeyutl -encrypt -certin -inkey $HOSTCERT -pkeyopt rsa_padding_mode:none 2>/dev/null | \
|
||||||
hexdump -v -e '16/1 "%02x"')"
|
hexdump -v -e '16/1 "%02x"')"
|
||||||
if [[ -z "$encrypted_pms" ]]; then
|
if [[ -z "$encrypted_pms" ]]; then
|
||||||
|
Loading…
Reference in New Issue
Block a user