summaryrefslogtreecommitdiffstats
path: root/src/jaegertracing/thrift/test/features/nosslv3.sh
diff options
context:
space:
mode:
Diffstat (limited to 'src/jaegertracing/thrift/test/features/nosslv3.sh')
-rwxr-xr-xsrc/jaegertracing/thrift/test/features/nosslv3.sh59
1 files changed, 59 insertions, 0 deletions
diff --git a/src/jaegertracing/thrift/test/features/nosslv3.sh b/src/jaegertracing/thrift/test/features/nosslv3.sh
new file mode 100755
index 000000000..38cca0786
--- /dev/null
+++ b/src/jaegertracing/thrift/test/features/nosslv3.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+#
+# Checks to make sure SSLv3 is not allowed by a server.
+#
+
+THRIFTHOST=localhost
+THRIFTPORT=9090
+
+while [[ $# -ge 1 ]]; do
+ arg="$1"
+ argIN=(${arg//=/ })
+
+ case ${argIN[0]} in
+ -h|--host)
+ THRIFTHOST=${argIN[1]}
+ shift # past argument
+ ;;
+ -p|--port)
+ THRIFTPORT=${argIN[1]}
+ shift # past argument
+ ;;
+ *)
+ # unknown option ignored
+ ;;
+ esac
+
+ shift # past argument or value
+done
+
+function nosslv3
+{
+ local nego
+ local negodenied
+ local opensslv
+
+ opensslv=$(openssl version | cut -d' ' -f2)
+ if [[ $opensslv > "1.0" ]]; then
+ echo "[pass] OpenSSL 1.1 or later - no need to check ssl3"
+ return 0
+ fi
+
+ # echo "openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -ssl3 2>&1 < /dev/null"
+ nego=$(openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -ssl3 2>&1 < /dev/null)
+ negodenied=$?
+
+ if [[ $negodenied -ne 0 ]]; then
+ echo "[pass] SSLv3 negotiation disabled"
+ echo $nego
+ return 0
+ fi
+
+ echo "[fail] SSLv3 negotiation enabled! stdout:"
+ echo $nego
+ return 1
+}
+
+nosslv3
+exit $?
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-28 20:03:15 +0000