mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-22 06:13:42 +01:00
Merge pull request #90 from jvehent/snidefault
Enable Server Name Indication by default
This commit is contained in:
commit
4ffd2de58d
22
cipherscan
22
cipherscan
@ -204,6 +204,7 @@ SAVECRT=""
|
|||||||
TEST_CURVES="True"
|
TEST_CURVES="True"
|
||||||
has_curves="False"
|
has_curves="False"
|
||||||
TEST_TOLERANCE="True"
|
TEST_TOLERANCE="True"
|
||||||
|
SNI="True"
|
||||||
# openssl formated list of curves that will cause server to select ECC suite
|
# openssl formated list of curves that will cause server to select ECC suite
|
||||||
ecc_ciphers=""
|
ecc_ciphers=""
|
||||||
unset known_certs
|
unset known_certs
|
||||||
@ -248,6 +249,7 @@ Use one of the options below:
|
|||||||
--savecrt path where to save untrusted and leaf certificates
|
--savecrt path where to save untrusted and leaf certificates
|
||||||
--[no-]curves test ECC curves supported by server (req. OpenSSL 1.0.2)
|
--[no-]curves test ECC curves supported by server (req. OpenSSL 1.0.2)
|
||||||
--[no-]tolerance test TLS tolerance
|
--[no-]tolerance test TLS tolerance
|
||||||
|
--no-sni don't use Server Name Indication
|
||||||
--no-colors don't use terminal colors
|
--no-colors don't use terminal colors
|
||||||
-v | --verbose Increase verbosity.
|
-v | --verbose Increase verbosity.
|
||||||
|
|
||||||
@ -1426,6 +1428,10 @@ do
|
|||||||
USECOLORS="False"
|
USECOLORS="False"
|
||||||
shift 1
|
shift 1
|
||||||
;;
|
;;
|
||||||
|
--no-sni)
|
||||||
|
SNI="False"
|
||||||
|
shift 1
|
||||||
|
;;
|
||||||
--) # End of all options
|
--) # End of all options
|
||||||
shift
|
shift
|
||||||
break
|
break
|
||||||
@ -1470,7 +1476,13 @@ if [[ -z $TARGET || $TARGET =~ ^[-:] || $TARGET =~ :.*[^0-9] ]]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
if ! [[ $TARGET =~ : ]]; then
|
if ! [[ $TARGET =~ : ]]; then
|
||||||
|
sni_target=$TARGET
|
||||||
TARGET="${TARGET}:443"
|
TARGET="${TARGET}:443"
|
||||||
|
else
|
||||||
|
# strip the port for the sni_target
|
||||||
|
if [[ "$TARGET" =~ (.*):([0-9]{1,5}) ]]; then
|
||||||
|
sni_target="${BASH_REMATCH[1]}"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
debug "target: $TARGET"
|
debug "target: $TARGET"
|
||||||
@ -1519,6 +1531,16 @@ if [[ $VERBOSE != 0 ]] ; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
SCLIENTARGS="${PARAMS[*]}"
|
SCLIENTARGS="${PARAMS[*]}"
|
||||||
|
# only append the SNI:
|
||||||
|
# if the target is a hostname by validating the tld
|
||||||
|
# if -servername was not supplied by the user
|
||||||
|
if [[ $SNI == "True" && ! $SCLIENTARGS =~ servername ]]; then
|
||||||
|
if [[ $sni_target =~ \.[a-zA-Z]{1,20}$ ]]; then
|
||||||
|
SCLIENTARGS="$SCLIENTARGS -servername $sni_target"
|
||||||
|
else
|
||||||
|
echo "Warning: target is not a FQDN. SNI was disabled. Use a FQDN or '-servername <fqdn>'" 1>&2
|
||||||
|
fi
|
||||||
|
fi
|
||||||
debug "sclientargs: $SCLIENTARGS"
|
debug "sclientargs: $SCLIENTARGS"
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user