mirrors/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-13 17:51:56 +02:00
Code Issues Projects Releases Wiki Activity

Exec IPv6 check in background

Browse Source 
... as it can get stuck.

Also reduce MAX_WAITSOCK to 5 instead of 10.
This commit is contained in:
Dirk 2025-07-29 15:36:23 +02:00
parent 8c1ade5e38
commit 2ce0110eee
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
testssl.sh
View File

@ -204,7 +204,7 @@ MAX_SOCKET_FAIL=${MAX_SOCKET_FAIL:-2} # If this many failures for TCP socket c
MAX_OSSL_FAIL=${MAX_OSSL_FAIL:-2} # If this many failures for s_client connects are reached we terminate MAX_OSSL_FAIL=${MAX_OSSL_FAIL:-2} # If this many failures for s_client connects are reached we terminate
MAX_STARTTLS_FAIL=${MAX_STARTTLS_FAIL:-2} # max number of STARTTLS handshake failures in plaintext phase MAX_STARTTLS_FAIL=${MAX_STARTTLS_FAIL:-2} # max number of STARTTLS handshake failures in plaintext phase
MAX_HEADER_FAIL=${MAX_HEADER_FAIL:-2} # If this many failures for HTTP GET are encountered we don't try again to get the header MAX_HEADER_FAIL=${MAX_HEADER_FAIL:-2} # If this many failures for HTTP GET are encountered we don't try again to get the header
MAX_WAITSOCK=${MAX_WAITSOCK:-10} # waiting at max 10 seconds for socket reply. There shouldn't be any reason to change this. MAX_WAITSOCK=${MAX_WAITSOCK:-5} # waiting at max 5 seconds for socket reply. There shouldn't be any reason to change this.
QUIC_WAIT=${QUIC_WAIT:-3} # QUIC is UDP. Thus we run the connect in the background. This is how long to wait QUIC_WAIT=${QUIC_WAIT:-3} # QUIC is UDP. Thus we run the connect in the background. This is how long to wait
CCS_MAX_WAITSOCK=${CCS_MAX_WAITSOCK:-5} # for the two CCS payload (each). There shouldn't be any reason to change this. CCS_MAX_WAITSOCK=${CCS_MAX_WAITSOCK:-5} # for the two CCS payload (each). There shouldn't be any reason to change this.
HEARTBLEED_MAX_WAITSOCK=${HEARTBLEED_MAX_WAITSOCK:-8} # for the heartbleed payload. There shouldn't be any reason to change this. HEARTBLEED_MAX_WAITSOCK=${HEARTBLEED_MAX_WAITSOCK:-8} # for the heartbleed payload. There shouldn't be any reason to change this.
@ -22376,24 +22376,26 @@ get_txt_record() {
# sets IPv6_OK if it works -- or not # sets IPv6_OK if it works -- or not
# #
shouldwedo_ipv6() { shouldwedo_ipv6() {
local i=0
"$do_ipv4_only" && return 0 "$do_ipv4_only" && return 0
while true; do bash -c "exec 5<>/dev/tcp/$1/$PORT" &>/dev/null &
wait_kill $! $MAX_WAITSOCK
if [[ $? -eq 3 ]]; then
# was killed, so this got stuck
IPv6_OK=false
"$do_ipv6_only" && connectivity_problem 1 1 "" "IPv6 connect got stuck when IPv6-only scan requested"
do_ipv6_only=false # this ensures we have round brackets and we don't try IPv6 anymore
else
# we're trying in the foreground again, only to get the return code
bash -c "exec 5<>/dev/tcp/$1/$PORT" &>/dev/null bash -c "exec 5<>/dev/tcp/$1/$PORT" &>/dev/null
if [[ $? -eq 0 ]]; then if [[ $? -eq 0 ]]; then
IPv6_OK=true IPv6_OK=true
break
fi
sleep 1
((i++))
[[ $i -ge $MAX_SOCKET_FAIL ]] && break
done
if ! "$IPv6_OK"; then
if "$do_ipv6_only"; then
connectivity_problem $i $MAX_SOCKET_FAIL "IPv6 connect problem" "repeated IPv6 connect problems when IPv6-only scan requested"
else else
IPv6_OK=false IPv6_OK=false
if "$do_ipv6_only"; then
connectivity_problem 2 2 $MAX_SOCKET_FAIL "" "repeated IPv6 connect problems when IPv6-only scan requested"
else
do_ipv6_only=false #FIXME: wrong variable. It ensures we have round brackets enclosing IPv6 addresses + we don't try it anymore
fi
fi fi
fi fi
} }