git.lirion.de

Of git, get, and gud

aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHarald Pfeiffer <coding _ lirion.de> 2020-08-03 12:43:24 +0200
committerHarald Pfeiffer <coding _ lirion.de> 2020-08-03 12:43:24 +0200
commit4ae4a7573eb73e88846d5953af7d958bfba473c9 (patch)
tree34c75f0addc057d1c4d0100f4b325b69cd3ee7bf
parent160302a97bf721069174363c8b07582d70ebfa14 (diff)
downloadlinux-scripts-master.tar.bz2
Be more verbose about what failed when the reachable port does not correctly respond to TLS trafficHEADmaster
-rwxr-xr-xbin/sslcheck21
1 files changed, 15 insertions, 6 deletions
diff --git a/bin/sslcheck b/bin/sslcheck
index 26b72c0..0df8b27 100755
--- a/bin/sslcheck
+++ b/bin/sslcheck
@@ -83,9 +83,18 @@ if ! nc -zw3 "$TGTURL" "$TGTPORT"; then
fi
exit 1
fi
-echo '' | "${sslbin}" s_client -connect "$TGTURL":"$TGTPORT" "${sslinitparms[@]}" 2>&1 |\
- sed -n '/---BEGIN CERT/,/---END CERT/p' |\
- "${sslbin}" "${sslshowparms[@]}"|tr -s '\n'|sed 's/^\([0-9a-f]\{8\}\)$/issuerHash=\1/'
-
-printf "\\nTLS Ciphers:\\n"
-nmap --script ssl-enum-ciphers -p "$TGTPORT" "$TGTURL"|grep --color=never _|grep -v 'least strength'
+SSLINRET="$(echo '' | "${sslbin}" s_client -connect "$TGTURL":"$TGTPORT" "${sslinitparms[@]}" 2>&1)"
+case "$?" in
+ 0)
+ printf "%b\\n" "$SSLINRET" | sed -n '/---BEGIN CERT/,/---END CERT/p' |\
+ "${sslbin}" "${sslshowparms[@]}"|tr -s '\n'|sed 's/^\([0-9a-f]\{8\}\)$/issuerHash=\1/'
+ printf "\\nTLS Ciphers:\\n"
+ nmap --script ssl-enum-ciphers -p "$TGTPORT" "$TGTURL"|grep --color=never _|grep -v 'least strength'
+ ;;
+ *)
+ printf "Error establishing TLS connection to %b (%b/%b)!\\n" "$TGTURL" "$TGTPORT" "$SVCNM" >&2
+ printf "%b\\n" "$SSLINRET"|\
+ grep -P 'Secure Renegotiation|SSL routines|Early data|SSL handshake|peer certif|Cipher is|---'|uniq >&2
+ exit 1
+ ;;
+esac