Skip to content

Commit 26a3a8f

Browse files
author
David Cooper
authored
Fix #2599
This commit fixes #2599 by not wrapping fileout() messages in a "clientProblem" wrapper if TLS13_ONLY is set. The TLS13_ONLY flag being set is an indicator that fileout_banner() has already been called.
1 parent 65c463f commit 26a3a8f

1 file changed

Lines changed: 6 additions & 2 deletions

File tree

testssl.sh

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1371,13 +1371,17 @@ fileout_insert_warning() {
13711371
[[ "$CMDLINE=" =~ -iL ]] && return 0
13721372
# Note we still have the message on screen + in HTML which is not as optimal as it could be
13731373

1374-
if "$do_pretty_json" && "$JSONHEADER"; then
1374+
# See #2599. The "clientProblem" wrapper should only be added if fileout_insert_warning()
1375+
# is called before fileout_banner(). The only instance in which this function is called
1376+
# after fileout_banner() is in the case of a TLS 1.3 only server when $OPENSSL does not
1377+
# support TLS 1.3.
1378+
if "$do_pretty_json" && "$JSONHEADER" && ! "$TLS13_ONLY"; then
13751379
echo -e " \"clientProblem${CLIENT_PROB_NO}\" : [" >>"$JSONFILE"
13761380
CLIENT_PROB_NO=$((CLIENT_PROB_NO + 1))
13771381
FIRST_FINDING=true # make sure we don't have a comma here
13781382
fi
13791383
fileout "$1" "$2" "$3"
1380-
if "$do_pretty_json"; then
1384+
if "$do_pretty_json" && ! "$TLS13_ONLY"; then
13811385
if "$JSONHEADER"; then
13821386
echo -e "\n ]," >>"$JSONFILE"
13831387
else

0 commit comments

Comments
 (0)