From 22adaf188a51d99fcaaf77b0e07424ef99e8eb02 Mon Sep 17 00:00:00 2001
From: Richard Soderberg <rsoderberg@gmail.com>
Date: Thu, 3 Sep 2015 07:02:38 -0700
Subject: [PATCH] verify that the openssl binary is emitting a valid s_client
 -help.

This catches instances where the wrong openssl binary is selected (for
instance, if uname -s is neither Darwin nor Linux) and serves as a
simple up-front test to make sure that openssl is working before we
proceed further into the script.
---
 cipherscan | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cipherscan b/cipherscan
index defbf60..21d52c6 100755
--- a/cipherscan
+++ b/cipherscan
@@ -20,6 +20,10 @@ else
     OPENSSLBIN="${REALPATH}/openssl"
 fi
 OPENSSLBINHELP="$($OPENSSLBIN s_client -help 2>&1)"
+if ! [[ $OPENSSLBINHELP =~ -connect ]]; then
+    echo "$OPENSSLBIN s_client doesn't accept the -connect parameter, which is extremely strange; refusing to proceed." 1>&2
+    exit 1
+fi
 
 # cipherscan requires bash4, which doesn't come by default in OSX
 if [[ ${BASH_VERSINFO[0]} -lt 4 ]]; then