mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-12-26 12:43:42 +01:00
fix custom openssl with GOST config incompatibility
fixes two issues 1). -help message is used from the openssl set with the -o option 2). doesn't use GOST config unconditionally - verifies that it works first based partially off of Greg Owen <gowen@swynwyr.com> work in #67 fixes #86
This commit is contained in:
parent
67c2a7cfe4
commit
2ba7dc6dbf
52
cipherscan
52
cipherscan
@ -80,30 +80,6 @@ fi
|
||||
|
||||
DIRNAMEPATH=$(dirname "$0")
|
||||
|
||||
if [[ -z $OPENSSLBIN ]]; then
|
||||
readlink_result=$("$READLINKBIN" -f "$0")
|
||||
if [[ -z $readlink_result ]]; then
|
||||
echo "$READLINKBIN -f $0 failed, aborting." 1>&2
|
||||
exit 1
|
||||
fi
|
||||
REALPATH=$(dirname "$readlink_result")
|
||||
if [[ -z $REALPATH ]]; then
|
||||
echo "dirname $REALPATH failed, aborting." 1>&2
|
||||
exit 1
|
||||
fi
|
||||
OPENSSLBIN="${REALPATH}/${opensslbin_name}"
|
||||
fi
|
||||
OPENSSLBINHELP="$($OPENSSLBIN s_client -help 2>&1)"
|
||||
if ! [[ $OPENSSLBINHELP =~ -connect ]]; then
|
||||
echo "$OPENSSLBIN s_client doesn't accept the -connect parameter, which is extremely strange; refusing to proceed." 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# use custom config file to enable GOST ciphers
|
||||
if [[ -e $DIRNAMEPATH/openssl.cnf ]]; then
|
||||
export OPENSSL_CONF="$DIRNAMEPATH/openssl.cnf"
|
||||
fi
|
||||
|
||||
join_array_by_char() {
|
||||
# Two or less parameters (join + 0 or 1 value), then no need to set IFS because no join occurs.
|
||||
if (( $# >= 3 )); then
|
||||
@ -1457,6 +1433,34 @@ do
|
||||
esac
|
||||
done
|
||||
|
||||
if [[ -z $OPENSSLBIN ]]; then
|
||||
readlink_result=$("$READLINKBIN" -f "$0")
|
||||
if [[ -z $readlink_result ]]; then
|
||||
echo "$READLINKBIN -f $0 failed, aborting." 1>&2
|
||||
exit 1
|
||||
fi
|
||||
REALPATH=$(dirname "$readlink_result")
|
||||
if [[ -z $REALPATH ]]; then
|
||||
echo "dirname $REALPATH failed, aborting." 1>&2
|
||||
exit 1
|
||||
fi
|
||||
OPENSSLBIN="${REALPATH}/${opensslbin_name}"
|
||||
fi
|
||||
# use custom config file to enable GOST ciphers
|
||||
if [[ -e $DIRNAMEPATH/openssl.cnf ]]; then
|
||||
export OPENSSL_CONF="$DIRNAMEPATH/openssl.cnf"
|
||||
fi
|
||||
OPENSSLBINHELP="$($OPENSSLBIN s_client -help 2>&1)"
|
||||
if [[ $OPENSSLBINHELP =~ :error: ]]; then
|
||||
verbose "$OPENSSLBIN can't handle GOST config, disabling"
|
||||
unset OPENSSL_CONF
|
||||
OPENSSLBINHELP="$($OPENSSLBIN s_client -help 2>&1)"
|
||||
fi
|
||||
if ! [[ $OPENSSLBINHELP =~ -connect ]]; then
|
||||
echo "$OPENSSLBIN s_client doesn't accept the -connect parameter, which is extremely strange; refusing to proceed." 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -n $CAPATH && -n $CACERTS ]]; then
|
||||
echo "Both directory and file with CA certificates specified" 1>&2
|
||||
exit 1
|
||||
|
Loading…
Reference in New Issue
Block a user