This PR fixes an error when early data was empty
which caused testssl.sh to exit instead of marking
that there was no file returned.
Also it changes HEAD to GET as the latter is probably
more often supported.
There needs to be a unit test for 0-RTT / early data!
- URI is now example.com bc Akamai doesn't block too many checks
(MacOS runner was delayed and often hiccuped here)
- failed to flush message --prevention
- term pattern seems better than the "colorized list"
There seem to be some server who don't provide proper handshake
results when we send the whole handshake data to them, including
ALPN.
So, what we do is removing the ALPN extension from the stream of
heax bytes when we test STARTTLS host. Plan is to do that for all
in `client_simulation_sockets()` also probably this won't be needed
for firefox and friends.
The approach is following:
We need to find the proper hexcode string in the passed data. Proper way would be going from
extension to extension with the top level length of each extension until we reach ALPN (0x10).
That seemed to difficult. We do that differently which has a threoretic catch as we might also
similar patterns -- but as we have the handshake data as hex we can make sure. What we do is
finding the leading bytes of the ALPN extension and concatenate all byte string we know of,
and match that. In addition we have the alpn+= text in the client simulation data to check against.
Scheme is alpn_ext, then come three lengths. We know each length so we can concatenate
all values and search for them, and additionally match the extensions with the text form
in TESTSSL_INSTALL_DIR/etc/client-simulation.txt.
The lengths are
- \#1: total length of extension
- \#2: same as above but minus 2
- \#3: the first extension length, i.e. 02 for h2 and 08 for http/1.1x"
also: next one is always an h (0x68).
This is a WIP.
It would fix#2410 when finished.
Under some circumstances the opossum vulnerability check got stuck
because the cat commdn was waiting for reading from the descriptor.
In some case like #2950 this happened when the HTTP head command
was incorrectly send in the first place.
This PR makes sure that the HTTP head is correct and it replaces
cat by read in a loop so that the HTTP response is read without
being blocked.
Also for http_head_printf() the argumensats passed were cleaned up.
