ceph/src/jaegertracing/thrift/test/features/nosslv3.sh

   1 #!/bin/bash
   2
   3 #
   4 # Checks to make sure SSLv3 is not allowed by a server.
   5 #
   6
   7 THRIFTHOST=localhost
   8 THRIFTPORT=9090
   9
  10 while [[ $# -ge 1 ]]; do
  11   arg="$1"
  12   argIN=(${arg//=/ })
  13
  14   case ${argIN[0]} in
  15     -h|--host)
  16     THRIFTHOST=${argIN[1]}
  17     shift # past argument
  18     ;;
  19     -p|--port)
  20     THRIFTPORT=${argIN[1]}
  21     shift # past argument
  22     ;;
  23     *)
  24           # unknown option ignored
  25     ;;
  26   esac
  27
  28   shift   # past argument or value
  29 done
  30
  31 function nosslv3
  32 {
  33   local nego
  34   local negodenied
  35   local opensslv
  36
  37   opensslv=$(openssl version | cut -d' ' -f2)
  38   if [[ $opensslv > "1.0" ]]; then
  39     echo "[pass] OpenSSL 1.1 or later - no need to check ssl3"
  40     return 0
  41   fi
  42
  43   # echo "openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -ssl3 2>&1 < /dev/null"
  44   nego=$(openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -ssl3 2>&1 < /dev/null)
  45   negodenied=$?
  46
  47   if [[ $negodenied -ne 0 ]]; then
  48     echo "[pass] SSLv3 negotiation disabled"
  49     echo $nego
  50     return 0
  51   fi
  52
  53   echo "[fail] SSLv3 negotiation enabled!  stdout:"
  54   echo $nego
  55   return 1
  56 }
  57
  58 nosslv3
  59 exit $?