diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 18:45:59 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 18:45:59 +0000 |
commit | 19fcec84d8d7d21e796c7624e521b60d28ee21ed (patch) | |
tree | 42d26aa27d1e3f7c0b8bd3fd14e7d7082f5008dc /src/jaegertracing/thrift/test/features/nosslv3.sh | |
parent | Initial commit. (diff) | |
download | ceph-6d07fdb6bb33b1af39833b850bb6cf8af79fe293.tar.xz ceph-6d07fdb6bb33b1af39833b850bb6cf8af79fe293.zip |
Adding upstream version 16.2.11+ds.upstream/16.2.11+dsupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rwxr-xr-x | src/jaegertracing/thrift/test/features/nosslv3.sh | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/src/jaegertracing/thrift/test/features/nosslv3.sh b/src/jaegertracing/thrift/test/features/nosslv3.sh new file mode 100755 index 000000000..38cca0786 --- /dev/null +++ b/src/jaegertracing/thrift/test/features/nosslv3.sh @@ -0,0 +1,59 @@ +#!/bin/bash + +# +# Checks to make sure SSLv3 is not allowed by a server. +# + +THRIFTHOST=localhost +THRIFTPORT=9090 + +while [[ $# -ge 1 ]]; do + arg="$1" + argIN=(${arg//=/ }) + + case ${argIN[0]} in + -h|--host) + THRIFTHOST=${argIN[1]} + shift # past argument + ;; + -p|--port) + THRIFTPORT=${argIN[1]} + shift # past argument + ;; + *) + # unknown option ignored + ;; + esac + + shift # past argument or value +done + +function nosslv3 +{ + local nego + local negodenied + local opensslv + + opensslv=$(openssl version | cut -d' ' -f2) + if [[ $opensslv > "1.0" ]]; then + echo "[pass] OpenSSL 1.1 or later - no need to check ssl3" + return 0 + fi + + # echo "openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -ssl3 2>&1 < /dev/null" + nego=$(openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -ssl3 2>&1 < /dev/null) + negodenied=$? + + if [[ $negodenied -ne 0 ]]; then + echo "[pass] SSLv3 negotiation disabled" + echo $nego + return 0 + fi + + echo "[fail] SSLv3 negotiation enabled! stdout:" + echo $nego + return 1 +} + +nosslv3 +exit $? |