diff options
| author | Peter Wu <lekensteyn@gmail.com> | 2013-09-15 23:50:04 +0200 |
|---|---|---|
| committer | Peter Wu <lekensteyn@gmail.com> | 2013-09-15 23:50:04 +0200 |
| commit | 631742bed03305e45ec39b97905747aff5c17efc (patch) | |
| tree | e34abd669ca4bd17fab98591e275e674824fbd40 /openssl-connect | |
| parent | c2967ce76c95cc8fe11bb5d5af2e64b3212446c6 (diff) | |
| download | wireshark-notes-631742bed03305e45ec39b97905747aff5c17efc.tar.gz | |
openssl-connect: Parse certificate type from name
This allows for something like:
openssl ciphers -V | grep -v \ SRP- | ./openssl-connect /tmp/test-certs
Diffstat (limited to 'openssl-connect')
| -rwxr-xr-x | openssl-connect | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/openssl-connect b/openssl-connect index ceb24b2..d4e2689 100755 --- a/openssl-connect +++ b/openssl-connect @@ -46,25 +46,34 @@ s_client_client_random() { # When stdin is a TTY, try all ciphers if [ -t 0 ]; then - openssl ciphers -V | awk '{print $3, substr($5, 4), substr($6, 4)}' + openssl ciphers -V else - # otherwise if not TTY, pass-through + # otherwise if not TTY, pass-through (useful for grep) cat fi | -while read cipher keyex auth; do - case $keyex,$auth in - *,RSA) - port=$portbase ;; - ECDH/ECDSA,ECDH|*,ECDSA) +awk '# Look for something like ECDHE-RSA-AES256-SHA +{ + for (i = 1; i <= NF; i++) { + if ($i ~ /.-./) { + print $i; + break + } + } +}' | +while read cipher; do + case $cipher in + *-ECDSA-*) port=$((portbase+1)) ;; - ECDH/RSA,ECDH) + ECDH-RSA-*) port=$((portbase+2)) ;; - *,DSS) + *-DSS-*) port=$((portbase+3)) ;; - *,PSK|*) - echo "Skipping unsupported $auth" >&2 + PSK-*) + echo "Skipping unsupported PSK" >&2 continue ;; + *-RSA-*|*) # assume RSA (includes name like RC4-SHA) + port=$portbase ;; esac echo "# Cipher Suite $cipher" |