From a7ae42b08e3ed331899df6bea82961bdca487bfd Mon Sep 17 00:00:00 2001
From: Hubert Kario <kario@wit.edu.pl>
Date: Mon, 30 Jun 2014 23:03:27 +0200
Subject: [PATCH] openssl in -ssl2 mode doesn't tolerate -servername option

when openssl is run in -ssl2 mode, it doesn't accept -servername
option and just aborts operation, it doesn't consider -status
to be special though.

Remove this option when running the SSLv2 portion of the test.
---
 cipherscan | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/cipherscan b/cipherscan
index d703849..61bd12e 100755
--- a/cipherscan
+++ b/cipherscan
@@ -78,13 +78,22 @@ debug(){
 test_cipher_on_target() {
     local sslcommand=$@
     cipher=""
+    local cmnd=""
     protocols=""
     pfs=""
     previous_cipher=""
     for tls_version in "-ssl2" "-ssl3" "-tls1" "-tls1_1" "-tls1_2"
     do
-        debug echo \"Q\" \| $sslcommand $tls_version
-        local tmp=$(echo "Q" | $sslcommand $tls_version 1>/dev/stdout 2>/dev/null)
+        # sslv2 client hello doesn't support SNI extension
+        # in SSLv3 mode OpenSSL just ignores the setting so it's ok
+        # -status exception is ignored in SSLv2, go figure
+        if [ "$tls_version" == "-ssl2" ]; then
+            cmnd=$(sed 's/-servername\ [^ ]*//'<<<$sslcommand)
+        else
+            cmnd=$sslcommand
+        fi
+        debug echo \"Q\" \| $cmnd $tls_version
+        local tmp=$(echo "Q" | $cmnd $tls_version 1>/dev/stdout 2>/dev/null)
         if grep 'OCSP Response Data' <<<"$tmp" >/dev/null; then
             current_ocspstaple="True"
         else