From 3e6b1b971a93f9e71247d50fc14ecb99b5d78cad Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Wed, 2 Sep 2020 17:35:42 +0200
Subject: [PATCH] Make Travis work again (STARTTLS injection)

For not vulnerable hosts the low level starttls_* functions
returned an error when the STARTTLS injection was tested which
confused Travis/CI ( "Oops: STARTTLS handshake failed (code: 2)" )
---
 testssl.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index 2a8c925..72f7ecc 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -10775,7 +10775,11 @@ fd_socket() {
           case $ret in
                0)   return 0 ;;
                3)   fatal "No STARTTLS found in handshake" $ERR_CONNECT ;;
-               *)   ((NR_STARTTLS_FAIL++))
+               *)   if [[ $ret -eq 2 ]] && [[ -n "$payload" ]]; then
+                         # We don't want this handling for STARTTLS injection
+                         return 0
+                    fi
+                    ((NR_STARTTLS_FAIL++))
                     # This are mostly timeouts here (code >=128). We give the client a chance to try again later. For cases
                     # where we have no STARTTLS in the server banner however - ret code=3 - we don't neet to try again
                     connectivity_problem $NR_STARTTLS_FAIL $MAX_STARTTLS_FAIL "STARTTLS handshake failed (code: $ret)" "repeated STARTTLS problems, giving up ($ret)"