Add handling for TLS-variant ticket hint value.

This, as previous commits, adds support for reporting the TLS ticket hint value per-protocol, which results in a lot of 'None' for SSLv3 (as expected).
2024-11-16 20:03:41 +01:00 · 2015-09-18 16:29:32 -07:00 · 2015-09-18 16:29:32 -07:00 · eb752c541c
commit eb752c541c
parent 638e0cbd10
1 changed files with 21 additions and 2 deletions
--- a/23
+++ b/23
@ -512,6 +512,7 @@ test_cipher_on_target() {
    certificates=""
    declare -A sigalgs=()
    declare -A pfses=()
+    declare -A tickethints=()
    for tls_version in "${TLS_VERSIONS_TO_TEST[@]}"; do
        # sslv2 client hello doesn't support SNI extension
        # in SSLv3 mode OpenSSL just ignores the setting so it's ok
@ -628,7 +629,7 @@ test_cipher_on_target() {
        pubkey=$current_pubkey
        sigalgs[$current_protocol]="$current_sigalg"
        trusted=$current_trusted
-        tickethint=$current_tickethint
+        tickethints[$current_protocol]=$current_tickethint
        ocspstaple=$current_ocspstaple
        certificates="$current_certificates"
        # grab the cipher and PFS key size
@ -677,6 +678,24 @@ test_cipher_on_target() {
        pfs="${pfses[@]}"
    fi

+    # Flatten the tickethints list to a single item if every entry is the same.
+    if (( ${#tickethints[*]} > 1 )); then
+        local tickethints_values=()
+        for each_protocol in "${protocols[@]}"; do
+            tickethints_values+=("${tickethints[$each_protocol]}")
+        done
+        if [[ $OUTPUTFORMAT == 'json' ]]; then
+            # Don't deduplicate for JSON.
+            join_array_by_char ',' "${tickethints_values[@]}"
+        else
+            flatten_or_join_array_by_char ',' "${tickethints_values[@]}"
+        fi
+        tickethint="$joined_array"
+    else
+        # Just extract the one value that's present and use it.
+        tickethint="${tickethints[@]}"
+    fi
+
    # Pre-join this, since we use it in a couple of places below.
    join_array_by_char ',' "${protocols[@]}"
    protocols_csv="$joined_array"
@ -1009,7 +1028,7 @@ display_results_in_json() {
        if [[ -n $CAPATH ]]; then
            echo -n "\"certificates\":[${ciphercertificates[$ctr]}],"
        fi
-        echo -n "\"ticket_hint\":\"${cipher_arr[5]}\","
+        echo -n "\"ticket_hint\":[\"${cipher_arr[5]//,/\",\"}\"],"
        echo -n "\"ocsp_stapling\":\"${cipher_arr[6]}\","
        echo -n "\"pfs\":[\"${cipher_arr[7]//\;/\",\"}\"]"
        if [[ "${cipher_arr[0]}" =~ ECDH ]]; then