marek/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

checkremotecerts.sh fix test logic

Browse Source 
Script would return 0 even connecting to the remote host failed.
This commit is contained in:
kytv
2014-05-15 03:38:29 +00:00
parent 06de347373
commit 5d04f8db89
1 changed files with 25 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
tests/scripts/checkremotecerts.sh
View File

@ -61,7 +61,7 @@ retry ()
i=1 i=1
while ! "$@" while ! "$@"
do do
echo "$0: try $i of $MAX failed for command $@" echo "try $i of $MAX failed for command $@" >&2
if [ $i -ge $MAX ] if [ $i -ge $MAX ]
then then
break break
@ -69,6 +69,9 @@ retry ()
i=$(expr $i + 1) i=$(expr $i + 1)
sleep 15 sleep 15
done done
if [ $i = $MAX ]; then
return 1
fi
} }
normalize(){ normalize(){
@ -78,9 +81,9 @@ normalize(){
connect() { connect() {
if [ $OPENSSL -eq 1 ]; then if [ $OPENSSL -eq 1 ]; then
retry $OPENSSL_BIN s_client -connect "$1:443" -no_ign_eof -CAfile $CACERTS -servername $1 < /dev/null 2>/dev/null $OPENSSL_BIN s_client -connect "$1:443" -CAfile $CACERTS -servername $1 < /dev/null 2> /dev/null
else else
retry $GNUTLS_BIN --insecure --print-cert --x509cafile "$CACERTS" "$1" < /dev/null 2>/dev/null $GNUTLS_BIN --insecure --print-cert --x509cafile "$CACERTS" "$1" < /dev/null 2>/dev/null
fi fi
} }
@ -117,26 +120,30 @@ cleanup() {
check_hosts() { check_hosts() {
for HOST in $RESEEDHOSTS; do for HOST in $RESEEDHOSTS; do
echo -n "Checking $HOST..." echo -n "Checking $HOST..."
connect "$HOST" < /dev/null > "$WORK/$HOST" if retry connect "$HOST" < /dev/null 1> "$WORK/$HOST"; then
# OpenSSL returns "return code: 0 (ok)" # OpenSSL returns "return code: 0 (ok)"
# GnuTLS returns "certificate is trusted" # GnuTLS returns "certificate is trusted"
# GnuTLS v2 has the word "Peer" before certificate, v3 has the word "The" before it # GnuTLS v2 has the word "Peer" before certificate, v3 has the word "The" before it
if ! grep -q 'Verify return code: 0 (ok)\|certificate is trusted' "$WORK/$HOST"; then if ! grep -q 'Verify return code: 0 (ok)\|certificate is trusted' "$WORK/$HOST"; then
# If we end up here it's for one of two probable reasons: # If we end up here it's for one of two probable reasons:
# 1) the the CN in the certificate doesn't match the hostname. # 1) the the CN in the certificate doesn't match the hostname.
# 2) the certificate is invalid # 2) the certificate is invalid
# OpenSSL returns code 21 with self-signed certs. # OpenSSL returns code 21 with self-signed certs.
# GnuTLS returns "certificate issuer is unknown" # GnuTLS returns "certificate issuer is unknown"
# As noted above, GnuTLS v2 has the word "Peer" before certificate, v3 has the word "The" before it # As noted above, GnuTLS v2 has the word "Peer" before certificate, v3 has the word "The" before it
# If the CN just doesn't match the hostname, pass # If the CN just doesn't match the hostname, pass
if ! grep -q 'Verify return code: 21\|certificate issuer is unknown' "$WORK/$HOST"; then : ;else if ! grep -q 'Verify return code: 21\|certificate issuer is unknown\|self signed' "$WORK/$HOST"; then : ;else
verify_fingerprint $HOST verify_fingerprint $HOST
fi
fi fi
echo
else
echo "failed to connect to $HOST" >&2
FAIL=1
fi fi
echo
done done
} }