]>
Commit | Line | Data |
---|---|---|
f67539c2 TL |
1 | #!/bin/bash |
2 | ||
3 | # | |
4 | # Checks to make sure TLSv1.0 or later is allowed by a server. | |
5 | # | |
6 | ||
7 | THRIFTHOST=localhost | |
8 | THRIFTPORT=9090 | |
9 | ||
10 | while [[ $# -ge 1 ]]; do | |
11 | arg="$1" | |
12 | argIN=(${arg//=/ }) | |
13 | ||
14 | case ${argIN[0]} in | |
15 | -h|--host) | |
16 | THRIFTHOST=${argIN[1]} | |
17 | shift # past argument | |
18 | ;; | |
19 | -p|--port) | |
20 | THRIFTPORT=${argIN[1]} | |
21 | shift # past argument | |
22 | ;; | |
23 | *) | |
24 | # unknown option ignored | |
25 | ;; | |
26 | esac | |
27 | ||
28 | shift # past argument or value | |
29 | done | |
30 | ||
31 | declare -A EXPECT_NEGOTIATE | |
32 | EXPECT_NEGOTIATE[tls1]=1 | |
33 | EXPECT_NEGOTIATE[tls1_1]=1 | |
34 | EXPECT_NEGOTIATE[tls1_2]=1 | |
35 | EXPECT_NEGOTIATE[tls1_3]=1 | |
36 | ||
37 | failures=0 | |
38 | ||
39 | function tls | |
40 | { | |
41 | for PROTO in "${!EXPECT_NEGOTIATE[@]}"; do | |
42 | ||
43 | local nego | |
44 | local negodenied | |
45 | local res | |
46 | ||
47 | echo "openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -$PROTO 2>&1 < /dev/null" | |
48 | nego=$(openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -$PROTO 2>&1 < /dev/null) | |
49 | negodenied=$? | |
50 | echo "result of command: $negodenied" | |
51 | ||
52 | res="enabled"; if [[ ${EXPECT_NEGOTIATE[$PROTO]} -eq 0 ]]; then res="disabled"; fi | |
53 | ||
54 | if [[ $negodenied -ne ${EXPECT_NEGOTIATE[$PROTO]} ]]; then | |
55 | echo "$PROTO negotiation allowed" | |
56 | else | |
57 | echo "[warn] $PROTO negotiation did not work" | |
58 | echo $nego | |
59 | ((failures++)) | |
60 | fi | |
61 | done | |
62 | } | |
63 | ||
64 | tls | |
65 | ||
66 | if [[ $failures -eq 4 ]]; then | |
67 | echo "[fail] At least one of TLSv1.0, TLSv1.1, TLSv1.2, or TLSv1.3 needs to work, but does not" | |
68 | exit $failures | |
69 | fi | |
70 | ||
71 | echo "[pass] At least one of TLSv1.0, TLSv1.1, TLSv1.2, or TLSv1.3 worked" | |
72 | exit 0 |