From fb02ae87ace20cfb261bf9e08a1b0d2a2fb52469 Mon Sep 17 00:00:00 2001 From: Hubert Kario Date: Thu, 3 Jul 2014 19:09:55 +0200 Subject: [PATCH] add some comments, group related code --- cipherscan | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/cipherscan b/cipherscan index 75fcc99..5c74525 100755 --- a/cipherscan +++ b/cipherscan @@ -104,17 +104,21 @@ test_cipher_on_target() { fi # filter out the OCSP server certificate tmp=$(awk 'BEGIN { pr="yes" } /^======================================/ { if ( pr=="yes" ) pr="no"; else pr="yes" } { if ( pr == "yes" ) print }' <<<"$tmp") + + # session metadata current_cipher=$(grep "New, " <<<"$tmp"|awk '{print $5}') current_pfs=$(grep 'Server Temp Key' <<<"$tmp"|awk '{print $4$5$6$7}') current_protocol=$(egrep "^\s+Protocol\s+:" <<<"$tmp"|awk '{print $3}') - current_pubkey=$(grep 'Server public key is ' <<<"$tmp"|awk '{print $5}') - if [ -z $current_pubkey ]; then - current_pubkey=0 - fi current_tickethint=$(grep 'ticket lifetime hint' <<<"$tmp"|awk '{print $6 }') if [ -z $current_tickethint ]; then current_tickethint=None fi + + # certificate metadata + current_pubkey=$(grep 'Server public key is ' <<<"$tmp"|awk '{print $5}') + if [ -z $current_pubkey ]; then + current_pubkey=0 + fi current_sigalg=$(${OPENSSLBIN} x509 -noout -text 2>/dev/null <<<"$tmp"|grep Signature\ Algorithm | head -n 1 | awk '{print $3}') || current_sigalg="None" grep 'Verify return code: 0 ' <<<"$tmp" >/dev/null if [ $? -eq 0 ]; then @@ -125,6 +129,8 @@ test_cipher_on_target() { if [ -z $current_sigalg ]; then current_sigalg=None fi + + # parsing finished, report result if [[ -z "$current_protocol" || "$current_cipher" == '(NONE)' ]]; then # connection failed, try again with next TLS version continue