From 631742bed03305e45ec39b97905747aff5c17efc Mon Sep 17 00:00:00 2001
From: Peter Wu <lekensteyn@gmail.com>
Date: Sun, 15 Sep 2013 23:50:04 +0200
Subject: openssl-connect: Parse certificate type from name

This allows for something like:
openssl ciphers -V | grep -v \ SRP- | ./openssl-connect /tmp/test-certs
---
 openssl-connect | 31 ++++++++++++++++++++-----------
 1 file changed, 20 insertions(+), 11 deletions(-)

(limited to 'openssl-connect')

diff --git a/openssl-connect b/openssl-connect
index ceb24b2..d4e2689 100755
--- a/openssl-connect
+++ b/openssl-connect
@@ -46,25 +46,34 @@ s_client_client_random() {
 
 # When stdin is a TTY, try all ciphers
 if [ -t 0 ]; then
-    openssl ciphers -V | awk '{print $3, substr($5, 4), substr($6, 4)}'
+    openssl ciphers -V
 else
-    # otherwise if not TTY, pass-through
+    # otherwise if not TTY, pass-through (useful for grep)
     cat
 fi |
-while read cipher keyex auth; do
-    case $keyex,$auth in
-    *,RSA)
-        port=$portbase ;;
-    ECDH/ECDSA,ECDH|*,ECDSA)
+awk '# Look for something like ECDHE-RSA-AES256-SHA
+{
+    for (i = 1; i <= NF; i++) {
+        if ($i ~ /.-./) {
+            print $i;
+            break
+        }
+    }
+}' |
+while read cipher; do
+    case $cipher in
+    *-ECDSA-*)
         port=$((portbase+1)) ;;
-    ECDH/RSA,ECDH)
+    ECDH-RSA-*)
         port=$((portbase+2)) ;;
-    *,DSS)
+    *-DSS-*)
         port=$((portbase+3)) ;;
-    *,PSK|*)
-        echo "Skipping unsupported $auth" >&2
+    PSK-*)
+        echo "Skipping unsupported PSK" >&2
         continue
         ;;
+    *-RSA-*|*) # assume RSA (includes name like RC4-SHA)
+        port=$portbase ;;
     esac
 
     echo "# Cipher Suite $cipher"
-- 
cgit v1.2.1