Skip to content

Commit edbec49

Browse files
drwetterdrwetter
authored
Merge pull request #2980 from testssl/OPENSSL2_hint
Suggest alternative $OPENSSL2 when $OPENSSL fails
2 parents 6a5a69f + 45b2787 commit edbec49

File tree

1 file changed

+12
-5
lines changed

1 file changed

+12
-5
lines changed

testssl.sh

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -17634,8 +17634,8 @@ run_ticketbleed() {
1763417634
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS $tls_proto -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>$ERRFILE </dev/null
1763517635
sclient_connect_successful $? "$TMPFILE"
1763617636
if [[ $? -ne 0 ]]; then
17637-
prln_warning "Cannot test for ticketbleed. Your OpenSSL cannot connect to $NODEIP:$PORT"
17638-
fileout "$jsonID" "WARN" "Cannot test for ticketbleed. Your OpenSSL cannot connect to $NODEIP:$PORT."
17637+
prln_warning "Cannot test for ticketbleed. $OPENSSL cannot connect to $NODEIP:$PORT"
17638+
fileout "$jsonID" "WARN" "Cannot test for ticketbleed as $OPENSSL cannot connect to $NODEIP:$PORT."
1763917639
return 1
1764017640
fi
1764117641
case "$(get_protocol $TMPFILE)" in
@@ -23224,9 +23224,16 @@ determine_optimal_proto() {
2322423224
[[ $? -ne 0 ]] && exit $ERR_CLUELESS
2322523225
MAX_OSSL_FAIL=10
2322623226
else
23227-
prln_warning " Your OpenSSL cannot connect to $NODEIP:$PORT"
23228-
fileout "$jsonID" "WARN" "Your OpenSSL cannot connect to $NODEIP:$PORT."
23229-
ignore_no_or_lame " The results might look ok but they could be nonsense. Really proceed ? (\"yes\" to continue)" "yes"
23227+
outln
23228+
prln_warning " Your $OPENSSL cannot connect to $NODEIP:$PORT."
23229+
if [[ -x $OPENSSL2 ]] ; then
23230+
outln " Restarting with --openssl=$OPENSSL2 likely helps"
23231+
fileout "$jsonID" "WARN" "$OPENSSL cannot connect to $NODEIP:$PORT. Recommended using --openssl=$OPENSSL2"
23232+
else
23233+
fileout "$jsonID" "WARN" "Your $OPENSSL cannot connect to $NODEIP:$PORT."
23234+
fi
23235+
outln
23236+
ignore_no_or_lame " If you continue the results are likely not correct. Really proceed ? (\"yes\" to continue)" "yes"
2323023237
[[ $? -ne 0 ]] && exit $ERR_CLUELESS
2323123238
fi
2323223239
elif "$all_failed"; then

0 commit comments

Comments
 (0)