Skip to content

Commit 1809595

Browse files
drwetterdrwetter
authored
Merge pull request #2082 from dcooper16/sclient_dev_null_30
Send /dev/null to s_client
2 parents 82f64a3 + a51dfcc commit 1809595

1 file changed

Lines changed: 14 additions & 14 deletions

File tree

testssl.sh

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -4810,7 +4810,7 @@ run_client_simulation() {
48104810
#
48114811
locally_supported() {
48124812
[[ -n "$2" ]] && out "$2 "
4813-
if $OPENSSL s_client "$1" 2>&1 | grep -aiq "unknown option"; then
4813+
if $OPENSSL s_client "$1" </dev/null 2>&1 | grep -aiq "unknown option"; then
48144814
prln_local_problem "$OPENSSL doesn't support \"s_client $1\""
48154815
return 7
48164816
fi
@@ -4832,7 +4832,7 @@ run_prototest_openssl() {
48324832
local protos proto
48334833
local passed_check=false
48344834

4835-
$OPENSSL s_client "$1" 2>&1 | grep -aiq "unknown option" && return 7
4835+
$OPENSSL s_client "$1" </dev/null 2>&1 | grep -aiq "unknown option" && return 7
48364836
case "$1" in
48374837
-ssl2) protos="-ssl2" ;;
48384838
-ssl3) protos="-ssl3" ;;
@@ -17138,40 +17138,40 @@ find_openssl_binary() {
1713817138
# This and all other occurrences we do a little trick using "invalid." to avoid plain and
1713917139
# link level DNS lookups. See issue #1418 and https://tools.ietf.org/html/rfc6761#section-6.4
1714017140

17141-
$OPENSSL s_client -ssl2 2>&1 | grep -aiq "unknown option" || HAS_SSL2=true
17142-
$OPENSSL s_client -ssl3 2>&1 | grep -aiq "unknown option" || HAS_SSL3=true
17143-
$OPENSSL s_client -tls1_3 2>&1 | grep -aiq "unknown option" || HAS_TLS13=true
17144-
$OPENSSL s_client -no_ssl2 2>&1 | grep -aiq "unknown option" || HAS_NO_SSL2=true
17141+
$OPENSSL s_client -ssl2 </dev/null 2>&1 | grep -aiq "unknown option" || HAS_SSL2=true
17142+
$OPENSSL s_client -ssl3 </dev/null 2>&1 | grep -aiq "unknown option" || HAS_SSL3=true
17143+
$OPENSSL s_client -tls1_3 </dev/null 2>&1 | grep -aiq "unknown option" || HAS_TLS13=true
17144+
$OPENSSL s_client -no_ssl2 </dev/null 2>&1 | grep -aiq "unknown option" || HAS_NO_SSL2=true
1714517145

1714617146
$OPENSSL genpkey -algorithm X448 2>&1 | grep -aq "not found" || HAS_X448=true
1714717147
$OPENSSL genpkey -algorithm X25519 2>&1 | grep -aq "not found" || HAS_X25519=true
1714817148

1714917149
$OPENSSL pkey -help 2>&1 | grep -q Error || HAS_PKEY=true
1715017150
$OPENSSL pkeyutl 2>&1 | grep -q Error || HAS_PKUTIL=true
1715117151

17152-
$OPENSSL s_client -noservername 2>&1 | grep -aiq "unknown option" || HAS_NOSERVERNAME=true
17153-
$OPENSSL s_client -ciphersuites 2>&1 | grep -aiq "unknown option" || HAS_CIPHERSUITES=true
17152+
$OPENSSL s_client -noservername </dev/null 2>&1 | grep -aiq "unknown option" || HAS_NOSERVERNAME=true
17153+
$OPENSSL s_client -ciphersuites </dev/null 2>&1 | grep -aiq "unknown option" || HAS_CIPHERSUITES=true
1715417154

17155-
$OPENSSL s_client -comp 2>&1 | grep -aiq "unknown option" || HAS_COMP=true
17156-
$OPENSSL s_client -no_comp 2>&1 | grep -aiq "unknown option" || HAS_NO_COMP=true
17155+
$OPENSSL s_client -comp </dev/null 2>&1 | grep -aiq "unknown option" || HAS_COMP=true
17156+
$OPENSSL s_client -no_comp </dev/null 2>&1 | grep -aiq "unknown option" || HAS_NO_COMP=true
1715717157

1715817158
OPENSSL_NR_CIPHERS=$(count_ciphers "$(actually_supported_osslciphers 'ALL:COMPLEMENTOFALL' 'ALL')")
1715917159

1716017160
# The following statement works with openssl 1.0.2, 1.1.1 and 3.0 as LibreSSL 3.4
17161-
if $OPENSSL s_client -curves 2>&1 | grep -aiq "unknown option"; then
17161+
if $OPENSSL s_client -curves </dev/null 2>&1 | grep -aiq "unknown option"; then
1716217162
# This is e.g. for LibreSSL (tested with version 3.4.1): WSL users will get "127.0.0.1:0" here,
1716317163
# All other "invalid.:0". We need a port here, in any case!
1716417164
# The $OPENSSL connect call deliberately fails: when the curve isn't available with
1716517165
# "getaddrinfo: Name or service not known", newer LibreSSL with "Failed to set groups".
1716617166
for curve in "${curves_ossl[@]}"; do
17167-
$OPENSSL s_client -groups $curve -connect ${NXCONNECT%:*}:0 2>&1 | grep -Eiaq "Error with command|unknown option|Failed to set groups"
17167+
$OPENSSL s_client -groups $curve -connect ${NXCONNECT%:*}:0 </dev/null 2>&1 | grep -Eiaq "Error with command|unknown option|Failed to set groups"
1716817168
[[ $? -ne 0 ]] && OSSL_SUPPORTED_CURVES+=" $curve "
1716917169
done
1717017170
else
1717117171
HAS_CURVES=true
1717217172
for curve in "${curves_ossl[@]}"; do
1717317173
# Same as above, we just don't need a port for invalid.
17174-
$OPENSSL s_client -curves $curve -connect $NXCONNECT 2>&1 | grep -Eiaq "Error with command|unknown option"
17174+
$OPENSSL s_client -curves $curve -connect $NXCONNECT </dev/null 2>&1 | grep -Eiaq "Error with command|unknown option"
1717517175
[[ $? -ne 0 ]] && OSSL_SUPPORTED_CURVES+=" $curve "
1717617176
done
1717717177
fi
@@ -17185,7 +17185,7 @@ find_openssl_binary() {
1718517185
grep -q '\-proxy' $s_client_has && HAS_PROXY=true
1718617186
grep -q '\-xmpp' $s_client_has && HAS_XMPP=true
1718717187

17188-
$OPENSSL s_client -starttls foo 2>$s_client_starttls_has
17188+
$OPENSSL s_client -starttls foo </dev/null 2>$s_client_starttls_has
1718917189
grep -q 'postgres' $s_client_starttls_has && HAS_POSTGRES=true
1719017190
grep -q 'mysql' $s_client_starttls_has && HAS_MYSQL=true
1719117191
grep -q 'lmtp' $s_client_starttls_has && HAS_LMTP=true

0 commit comments

Comments
 (0)