Merge pull request #2107 from drwetter/fix_2096.3.0

Fix "ID resumption test failed" under Darwin (3.0)
This commit is contained in:
Dirk Wetter 2022-02-17 09:04:57 +01:00 committed by GitHub
commit f96df1138b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -6175,17 +6175,22 @@ sub_session_resumption() {
addcmd+=" $protocol" addcmd+=" $protocol"
fi fi
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $addcmd -sess_out $sess_data") </dev/null &>/dev/null $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $addcmd -sess_out $sess_data") </dev/null &>$tmpfile
ret1=$? ret1=$?
if [[ $ret1 -ne 0 ]]; then if [[ $ret1 -ne 0 ]]; then
debugme echo -n "Couldn't connect #1 " # MacOS and LibreSSL return 1 here, that's why we need to check whether the handshake contains e.g. a certificate
return 7 if [[ ! $(<$tmpfile) =~ -----.*\ CERTIFICATE----- ]]; then
debugme echo -n "Couldn't connect #1 "
return 7
fi
fi fi
if "$byID" && [[ ! "$OSSL_NAME" =~ LibreSSL ]] && \ if "$byID" && [[ ! "$OSSL_NAME" =~ LibreSSL ]] && \
( [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.1* ]] || [[ $OSSL_VER_MAJOR == 3 ]] ) && \ ( [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.1* ]] || [[ $OSSL_VER_MAJOR == 3 ]] ) && \
[[ ! -s "$sess_data" ]]; then [[ ! -s "$sess_data" ]]; then
# it seems OpenSSL indicates no Session ID resumption by just not generating output # it seems OpenSSL indicates no Session ID resumption by just not generating output
debugme echo -n "No session resumption byID (empty file)" debugme echo -n "No session resumption byID (empty file)"
# If we want to check the presence of session data:
# [[ ! $(<$sess_data) =~ -----.*\ SSL\ SESSION\ PARAMETERS----- ]]
ret=2 ret=2
else else
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $addcmd -sess_in $sess_data") </dev/null >$tmpfile 2>$ERRFILE $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $addcmd -sess_in $sess_data") </dev/null >$tmpfile 2>$ERRFILE
@ -6195,8 +6200,10 @@ sub_session_resumption() {
[[ -s "$sess_data" ]] && echo "not empty" || echo "empty" [[ -s "$sess_data" ]] && echo "not empty" || echo "empty"
fi fi
if [[ $ret2 -ne 0 ]]; then if [[ $ret2 -ne 0 ]]; then
debugme echo -n "Couldn't connect #2 " if [[ ! $(<$tmpfile) =~ -----.*\ CERTIFICATE----- ]]; then
return 7 debugme echo -n "Couldn't connect #2 "
return 7
fi
fi fi
# "Reused" indicates session material was reused, "New": not # "Reused" indicates session material was reused, "New": not
if grep -aq "^Reused" "$tmpfile"; then if grep -aq "^Reused" "$tmpfile"; then
@ -6208,7 +6215,7 @@ sub_session_resumption() {
not_new_reused=true not_new_reused=true
fi fi
# Now get the line and compare the numbers "read" and "written" as a second criteria. # Now get the line and compare the numbers "read" and "written" as a second criteria.
# If the "read" number is bigger: a new session ID was probably used # If the "read" number is bigger: a new session ID was probably used.
rw_line="$(awk '/^SSL handshake has read/ { print $5" "$(NF-1) }' "$tmpfile" )" rw_line="$(awk '/^SSL handshake has read/ { print $5" "$(NF-1) }' "$tmpfile" )"
rw_line=($rw_line) rw_line=($rw_line)
if [[ "${rw_line[0]}" -gt "${rw_line[1]}" ]]; then if [[ "${rw_line[0]}" -gt "${rw_line[1]}" ]]; then