mirror of
				https://github.com/drwetter/testssl.sh.git
				synced 2025-10-25 22:11:01 +02:00 
			
		
		
		
	* NEW: xmpphost support
* FIX for regression (80e26a75ef62885d9fd187ad3ffe2df259580ff1), config file GOST
This commit is contained in:
		
							parent
							
								
									016b488ae3
								
							
						
					
					
						commit
						179d8700d1
					
				
							
								
								
									
										42
									
								
								testssl.sh
									
									
									
									
									
								
							
							
						
						
									
										42
									
								
								testssl.sh
									
									
									
									
									
								
							| @ -149,6 +149,7 @@ NODE="" | |||||||
| NODEIP="" | NODEIP="" | ||||||
| IPADDRs="" | IPADDRs="" | ||||||
| IP46ADDRs="" | IP46ADDRs="" | ||||||
|  | XMPP_HOST="" | ||||||
| PROXY="" | PROXY="" | ||||||
| PROXYIP="" | PROXYIP="" | ||||||
| PROXYPORT="" | PROXYPORT="" | ||||||
| @ -3382,6 +3383,7 @@ $PROG_NAME <options> URI    ("$PROG_NAME URI" does everything except -E) | |||||||
|   special invocations: |   special invocations: | ||||||
| 
 | 
 | ||||||
|      -t, --starttls <protocol>     does a default run against a STARTTLS enabled <protocol> |      -t, --starttls <protocol>     does a default run against a STARTTLS enabled <protocol> | ||||||
|  |      --xmpphost <to_domain>        for STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed | ||||||
|      --mx <domain/host>            tests MX records from high to low priority (STARTTLS, port 25) |      --mx <domain/host>            tests MX records from high to low priority (STARTTLS, port 25) | ||||||
|      --ip <ipv4>                   a) tests the supplied <ipv4> instead of resolving host(s) in URI  |      --ip <ipv4>                   a) tests the supplied <ipv4> instead of resolving host(s) in URI  | ||||||
|                                    b) "one" means: just test the first DNS returns (useful for multiple IPs) |                                    b) "one" means: just test the first DNS returns (useful for multiple IPs) | ||||||
| @ -3547,7 +3549,7 @@ initialize_engine(){ | |||||||
| 		return 1 | 		return 1 | ||||||
| 	elif echo $osslver | grep -q LibreSSL; then | 	elif echo $osslver | grep -q LibreSSL; then | ||||||
| 		return 1 | 		return 1 | ||||||
| 	elif grep -q '^# testssl config file' "$OPENSSL_CONF"; then | 	elif grep -q '^# testssl config file' "$OPENSSL_CONF" 2>/dev/null; then | ||||||
| 		return 0 | 		return 0 | ||||||
| 	else | 	else | ||||||
| 		if [ -n "$OPENSSL_CONF" ]; then | 		if [ -n "$OPENSSL_CONF" ]; then | ||||||
| @ -3733,9 +3735,21 @@ determine_service() { | |||||||
| 	else | 	else | ||||||
| 		protocol=$(echo "$1" | sed 's/s$//')     # strip trailing s in ftp(s), smtp(s), pop3(s), imap(s), ldap(s), telnet(s) | 		protocol=$(echo "$1" | sed 's/s$//')     # strip trailing s in ftp(s), smtp(s), pop3(s), imap(s), ldap(s), telnet(s) | ||||||
| 		case "$protocol" in | 		case "$protocol" in | ||||||
|  | 			xmpp) # for XMPP, openssl has a problem using -connect $NODEIP:$PORT. thus we use -connect $NODE:$PORT instead! | ||||||
|  | 				 NODEIP="$NODE"  | ||||||
|  | 				 ;& | ||||||
| 			ftp|smtp|pop3|imap|xmpp|telnet|ldap) | 			ftp|smtp|pop3|imap|xmpp|telnet|ldap) | ||||||
| 				STARTTLS="-starttls $protocol"; export STARTTLS | 				STARTTLS="-starttls $protocol" | ||||||
| 				SNI="" | 				SNI="" | ||||||
|  | 				if [[ -n "$XMPP_HOST" ]] && [[ $protocol == "xmpp" ]] ; then | ||||||
|  | 					if ! $OPENSSL s_client --help 2>&1 | grep -q xmpphost; then | ||||||
|  | 						outln | ||||||
|  | 						pr_magentaln " Local problem: Your $OPENSSL does not support the \"-xmpphost\" option" | ||||||
|  | 						exit 1 | ||||||
|  | 					fi | ||||||
|  | 					STARTTLS="$STARTTLS -xmpphost $XMPP_HOST"		# it's a hack -- instead of changing calls all over the place | ||||||
|  | 					# see http://xmpp.org/rfcs/rfc3920.html | ||||||
|  | 				fi | ||||||
| 				$OPENSSL s_client -connect $NODEIP:$PORT $PROXY $STARTTLS 2>/dev/null >$TMPFILE </dev/null | 				$OPENSSL s_client -connect $NODEIP:$PORT $PROXY $STARTTLS 2>/dev/null >$TMPFILE </dev/null | ||||||
| 				if [ $? -ne 0 ]; then | 				if [ $? -ne 0 ]; then | ||||||
| 					pr_magentaln " $OPENSSL couldn't establish STARTTLS via $protocol to $NODEIP:$PORT" | 					pr_magentaln " $OPENSSL couldn't establish STARTTLS via $protocol to $NODEIP:$PORT" | ||||||
| @ -3743,7 +3757,9 @@ determine_service() { | |||||||
| 					exit 3 | 					exit 3 | ||||||
| 				fi | 				fi | ||||||
| 				out " Service set:            STARTTLS via " | 				out " Service set:            STARTTLS via " | ||||||
| 				echo $protocol | tr '[a-z]' '[A-Z]' | 				printf $protocol | tr '[a-z]' '[A-Z]' | ||||||
|  | 				[[ -n "$XMPP_HOST" ]] && printf " (with to=\'$XMPP_HOST\')" | ||||||
|  | 				outln | ||||||
| 				;; | 				;; | ||||||
| 			*)	pr_litemagentaln "momentarily only ftp, smtp, pop3, imap, xmpp and telnet, ldap allowed" >&2 | 			*)	pr_litemagentaln "momentarily only ftp, smtp, pop3, imap, xmpp and telnet, ldap allowed" >&2 | ||||||
| 				exit 1 | 				exit 1 | ||||||
| @ -3964,12 +3980,16 @@ parse_cmd_line() { | |||||||
| 			-x|-x=*|--single[-_]cipher|--single[-_]cipher=*) | 			-x|-x=*|--single[-_]cipher|--single[-_]cipher=*) | ||||||
| 				do_test_just_one=true | 				do_test_just_one=true | ||||||
| 				single_cipher=$(parse_opt_equal_sign "$1" "$2") | 				single_cipher=$(parse_opt_equal_sign "$1" "$2") | ||||||
| 				[ $? -eq 0 ] && shift | 				[[ $? -eq 0 ]] && shift | ||||||
| 				;; | 				;; | ||||||
| 			-t|-t=*|--starttls|--starttls=*) | 			-t|-t=*|--starttls|--starttls=*) | ||||||
| 				do_starttls=true | 				do_starttls=true | ||||||
| 				STARTTLS_PROTOCOL=$(parse_opt_equal_sign "$1" "$2") | 				STARTTLS_PROTOCOL=$(parse_opt_equal_sign "$1" "$2") | ||||||
| 				[ $? -eq 0 ] && shift | 				[[ $? -eq 0 ]] && shift | ||||||
|  | 				;; | ||||||
|  | 			--xmpphost|--xmpphost=*) | ||||||
|  | 				XMPP_HOST=$(parse_opt_equal_sign "$1" "$2") | ||||||
|  | 				[[ $? -eq 0 ]] && shift | ||||||
| 				;; | 				;; | ||||||
| 			-e|--each-cipher) | 			-e|--each-cipher) | ||||||
| 				do_allciphers=true | 				do_allciphers=true | ||||||
| @ -4083,7 +4103,7 @@ parse_cmd_line() { | |||||||
| 				;; | 				;; | ||||||
| 			--warnings|--warnings=*) | 			--warnings|--warnings=*) | ||||||
| 				WARNINGS=$(parse_opt_equal_sign "$1" "$2")  | 				WARNINGS=$(parse_opt_equal_sign "$1" "$2")  | ||||||
| 				[ $? -eq 0 ] && shift  | 				[[ $? -eq 0 ]] && shift | ||||||
| 				case "$WARNING" in | 				case "$WARNING" in | ||||||
| 					batch|off|false) ;; | 					batch|off|false) ;; | ||||||
| 					default) pr_magentaln "warnings can be either \"batch\", \"off\" or \"false\"" ;; | 					default) pr_magentaln "warnings can be either \"batch\", \"off\" or \"false\"" ;; | ||||||
| @ -4094,11 +4114,11 @@ parse_cmd_line() { | |||||||
| 				;;  | 				;;  | ||||||
| 			--debug|--debug=*) | 			--debug|--debug=*) | ||||||
| 				DEBUG=$(parse_opt_equal_sign "$1" "$2") | 				DEBUG=$(parse_opt_equal_sign "$1" "$2") | ||||||
| 				[ $? -eq 0 ] && shift | 				[[ $? -eq 0 ]] && shift | ||||||
| 				;; | 				;; | ||||||
| 			--color|--color=*) | 			--color|--color=*) | ||||||
| 				COLOR=$(parse_opt_equal_sign "$1" "$2") | 				COLOR=$(parse_opt_equal_sign "$1" "$2") | ||||||
| 				[ $? -eq 0 ] && shift | 				[[ $? -eq 0 ]] && shift | ||||||
| 				if [ $COLOR -ne 0 ] && [ $COLOR -ne 1 ] && [ $COLOR -ne 2 ] ; then | 				if [ $COLOR -ne 0 ] && [ $COLOR -ne 1 ] && [ $COLOR -ne 2 ] ; then | ||||||
| 					COLOR=2 | 					COLOR=2 | ||||||
| 					pr_magentaln "$0: unrecognized color: $2" 1>&2 | 					pr_magentaln "$0: unrecognized color: $2" 1>&2 | ||||||
| @ -4107,11 +4127,11 @@ parse_cmd_line() { | |||||||
| 				;; | 				;; | ||||||
| 			--openssl|--openssl=*) | 			--openssl|--openssl=*) | ||||||
| 				OPENSSL=$(parse_opt_equal_sign "$1" "$2") | 				OPENSSL=$(parse_opt_equal_sign "$1" "$2") | ||||||
| 				[ $? -eq 0 ] && shift | 				[[ $? -eq 0 ]] && shift | ||||||
| 				;; | 				;; | ||||||
| 			--proxy|--proxy=*) | 			--proxy|--proxy=*) | ||||||
| 				PROXY=$(parse_opt_equal_sign "$1" "$2") | 				PROXY=$(parse_opt_equal_sign "$1" "$2") | ||||||
| 				[ $? -eq 0 ] && shift | 				[[ $? -eq 0 ]] && shift | ||||||
| 				;; | 				;; | ||||||
| 			--ssl_native|--ssl-native) | 			--ssl_native|--ssl-native) | ||||||
| 				SSL_NATIVE=true | 				SSL_NATIVE=true | ||||||
| @ -4256,4 +4276,4 @@ fi | |||||||
| exit $ret | exit $ret | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| #  $Id: testssl.sh,v 1.300 2015/07/06 08:10:45 dirkw Exp $ | #  $Id: testssl.sh,v 1.301 2015/07/06 18:42:42 dirkw Exp $ | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user