diff --git a/cipherscan b/cipherscan index eb91255..2aef6e4 100755 --- a/cipherscan +++ b/cipherscan @@ -30,6 +30,27 @@ ALLCIPHERS=0 OUTPUTFORMAT="terminal" TIMEOUT=10 +# Error codes +E_MISSING_OPENSSL_PARAMETERS=113 # When we have valid cipherscan options, but are missing any parameters to pass to OpenSSL. +ERROR_MESSAGE[$E_MISSING_OPENSSL_PARAMETERS]="Missing any OpenSSL parameters" + +E_OPENSSL_NOT_FOUND=112 # Cound't find the specified OpenSSL binary. +ERROR_MESSAGE[$E_OPENSSL_NOT_FOUND]="openssl not found" + +E_OPENSSL_NOT_EXECUTABLE=111 # Specified OpenSSL has been found but is not executable for user. +ERROR_MESSAGE[$E_OPENSSL_NOT_EXECUTABLE]="openssl not executable" + +function error_exit { + local ERRORCODE=$1 + echo verbose=$VERBOSE + echo debug=$DEBUG + if [ $VERBOSE -gt 0 ] || [ $DEBUG -gt 0 ]; then + if [ -n $ERROR_MESSAGE[$ERRORCODE] ]; then + echo "${ERROR_MESSAGE[$ERRORCODE]}" >&2 + fi + fi + exit $ERRORCODE +} usage() { echo -e "usage: $0 [-a|--allciphers] [-b|--benchmark] [-d|--delay seconds] [-D|--debug] [-j|--json] [-v|--verbose] [-o|--openssl file] [openssl s_client args] @@ -364,6 +385,21 @@ do esac done +# Check OpenSSL +if [ ! -x "$OPENSSLBIN" ]; then + # openssl does not exist || is not executable + if [ -a "$OPENSSLBIN" ]; then + # openssl does exist, but is not executable + error_exit $E_OPENSSL_NOT_EXECUTABLE + else + # openssl does not exist + error_exit $E_OPENSSL_NOT_FOUND + fi +# else + # File exists and IS executable +fi + + if [ $VERBOSE != 0 ] ; then [ -n "$CACERTS" ] && echo "Using trust anchors from $CACERTS" echo "Loading $($OPENSSLBIN ciphers -v $CIPHERSUITE 2>/dev/null|grep Kx|wc -l) ciphersuites from $(echo -n $($OPENSSLBIN version 2>/dev/null))" @@ -371,6 +407,13 @@ if [ $VERBOSE != 0 ] ; then fi # echo paramters left: $@ +# Testing for existence of OpenSSL parameters +if [ -z "$1" ]; then + + usage + error_exit $E_MISSING_OPENSSL_PARAMETERS +fi + TEMPTARGET=$(sed -e 's/^.* //'<<<"${@}") HOST=$(sed -e 's/:.*//'<<<"${TEMPTARGET}")