mirrors/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 23:30:59 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into openss2rfc_rfc2openssl

Browse Source
This commit is contained in:
David Cooper 2016-09-26 17:01:46 -04:00
commit ee0279edd7
2 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
bin/openssl.Darwin.x86_64
View File

Binary file not shown.

17
testssl.sh
View File

@ -4019,8 +4019,17 @@ determine_tls_extensions() {
# alpn: echo | openssl s_client -connect google.com:443 -tlsextdebug -alpn h2-14 -servername google.com <-- suport needs to be checked b4 -- see also: ssl/t1_trce.c # alpn: echo | openssl s_client -connect google.com:443 -tlsextdebug -alpn h2-14 -servername google.com <-- suport needs to be checked b4 -- see also: ssl/t1_trce.c
addcmd="" addcmd=""
[[ ! "$proto" =~ ssl ]] && addcmd="$SNI" [[ ! "$proto" =~ ssl ]] && addcmd="$SNI"
$OPENSSL s_client $STARTTLS $BUGS $1 -showcerts -connect $NODEIP:$PORT $PROXY $addcmd -$proto -tlsextdebug $alpn_params -status </dev/null 2>$ERRFILE >$TMPFILE
if sclient_connect_successful $? $TMPFILE; then
success=0
grep -a 'TLS server extension' $TMPFILE >$TEMPDIR/tlsext-alpn.txt
fi
$OPENSSL s_client $STARTTLS $BUGS $1 -showcerts -connect $NODEIP:$PORT $PROXY $addcmd -$proto -tlsextdebug $npn_params -status </dev/null 2>$ERRFILE >$TMPFILE $OPENSSL s_client $STARTTLS $BUGS $1 -showcerts -connect $NODEIP:$PORT $PROXY $addcmd -$proto -tlsextdebug $npn_params -status </dev/null 2>$ERRFILE >$TMPFILE
sclient_connect_successful $? $TMPFILE && success=0 && break if sclient_connect_successful $? $TMPFILE ; then
success=0
grep -a 'TLS server extension' $TMPFILE >$TEMPDIR/tlsext-npn.txt
break
fi
done # this loop is needed for IIS6 and others which have a handshake size limitations done # this loop is needed for IIS6 and others which have a handshake size limitations
if [[ $success -eq 7 ]]; then if [[ $success -eq 7 ]]; then
# "-status" above doesn't work for GOST only servers, so we do another test without it and see whether that works then: # "-status" above doesn't work for GOST only servers, so we do another test without it and see whether that works then:
@ -4039,8 +4048,8 @@ determine_tls_extensions() {
# #
# this is not beautiful (grep+sed) # this is not beautiful (grep+sed)
# but maybe we should just get the ids and do a private matching, according to # but maybe we should just get the ids and do a private matching, according to
# https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml <-- ALPN is missing # https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
TLS_EXTENSIONS=$(grep -a 'TLS server extension ' $TMPFILE | sed -e 's/TLS server extension //g' -e 's/\" (id=/\/#/g' -e 's/,.*$/,/g' -e 's/),$/\"/g') TLS_EXTENSIONS=$(cat $TEMPDIR/tlsext-alpn.txt $TEMPDIR/tlsext-npn.txt | sed -e 's/TLS server extension //g' -e 's/\" (id=/\/#/g' -e 's/,.*$/,/g' -e 's/),$/\"/g')
TLS_EXTENSIONS=$(echo $TLS_EXTENSIONS) # into one line TLS_EXTENSIONS=$(echo $TLS_EXTENSIONS) # into one line
# Place the server's certificate in $HOSTCERT and any intermediate # Place the server's certificate in $HOSTCERT and any intermediate
@ -9235,4 +9244,4 @@ fi
exit $? exit $?
# $Id: testssl.sh,v 1.548 2016/09/24 14:59:26 dirkw Exp $ # $Id: testssl.sh,v 1.549 2016/09/26 19:47:56 dirkw Exp $