summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Palfrader <peter@palfrader.org>2013-03-06 13:30:50 +0000
committerweasel <weasel@bc3d92e2-beff-0310-a7cd-cc87d7ac0ede>2013-03-06 13:30:50 +0000
commit4002470ede339765b8af3074e1ee728c086eea1a (patch)
tree59c05da08b3534628c0f0d413f9cf604d13e72ed
parent948e8bed4029b9dcedc6e7c73daae37def43f020 (diff)
Allow testing multiple destinations in one go
git-svn-id: svn+ssh://asteria.noreply.org/svn/weaselutils/trunk@589 bc3d92e2-beff-0310-a7cd-cc87d7ac0ede
-rwxr-xr-xtor-exit-ssl-check76
1 files changed, 43 insertions, 33 deletions
diff --git a/tor-exit-ssl-check b/tor-exit-ssl-check
index 38807d7..dafccf5 100755
--- a/tor-exit-ssl-check
+++ b/tor-exit-ssl-check
@@ -24,8 +24,10 @@
set -e
set -u
+shopt -s extglob
+
usage() {
- echo "Usage: $0 [-v [-v]] [-d <datadir>] <torserver-fpr> <targethost> [<targetport>]"
+ echo "Usage: $0 [-v [-v]] [-d <datadir>] <torserver-fpr> <targethost>[:<targetport>] [<targethost>[:<targetport>] [...]]"
echo " If torserver-fpr is -, a list of fingerprints is read from stdin"
}
@@ -61,8 +63,7 @@ fi
torserver="$1"; shift
-hostname="$1"; shift
-port="${1:-443}"
+declare -a targets=("$@")
socksport=$((RANDOM % 40000 + 20000))
mapaddr="192.0.2.1"
@@ -111,7 +112,6 @@ SocksPort $socksport
PidFile $pidfile
Log $loglevel file $torlog
SafeLogging 0
-# MapAddress $mapaddr $hostname.\$$torserver.exit
ControlSocket $tmpdir/sock
StrictNodes 1
EOF
@@ -145,10 +145,15 @@ expect_ok() {
fi
}
-[ "$verbose" = 0 ] || echo "Directly:"
-openssl s_client -no_ticket -showcerts -connect "$hostname":"$port" < /dev/null 2>&1 | eatdata "$tmpdir/cert-direct"
-egrep -v '(Session-ID|Master-Key|Start Time):' < "$tmpdir/cert-direct" > "$tmpdir/cert-direct.filtered"
-[ "$verbose" = 0 ] || echo "===="
+for ((i=0; i < ${#targets[@]}; i++)); do
+ host="${targets[$i]}"
+ [ "${host%%+([0-9])}" = "$host" ] && host="$host:443"
+
+ [ "$verbose" = 0 ] || echo "Directly to $host:"
+ openssl s_client -no_ticket -showcerts -connect "$host" < /dev/null 2>&1 | eatdata "$tmpdir/cert-direct-$i"
+ egrep -v '(Session-ID|Master-Key|Start Time):' < "$tmpdir/cert-direct-$i" > "$tmpdir/cert-direct-$i.filtered"
+ [ "$verbose" = 0 ] || echo "===="
+done
coproc socat UNIX-CONNECT:"$tmpdir/sock" -
@@ -176,31 +181,36 @@ while : ; do
echo "SETCONF ExitNodes=\$$server" >&${COPROC[1]}
expect_ok
- rm -f "$tmpdir/cert-tor" "$tmpdir/cert-tor.filtered"
-
- [ "$verbose" = 0 ] || echo "Via $server:"
- TORSOCKS_CONF_FILE="$tmpdir/torsocks.conf" torify openssl s_client -no_ticket -showcerts -connect "$hostname":"$port" < /dev/null 2>&1 | eatdata "$tmpdir/cert-tor"
-
- egrep -v '(Session-ID|Master-Key|Start Time):' < "$tmpdir/cert-tor" > "$tmpdir/cert-tor.filtered"
-
- if diff "$tmpdir/cert-tor.filtered" "$tmpdir/cert-direct.filtered" > /dev/null; then
- echo "RESULT: $server: No real differences."
- [ "$verbose" = 0 ] || diff -U100 "$tmpdir/cert-tor" "$tmpdir/cert-direct" || true
- elif egrep '^connect:errno=' "$tmpdir/cert-tor" > /dev/null; then
- [ "$verbose" -lt 1 ] || diff -U100 "$tmpdir/cert-tor" "$tmpdir/cert-direct" || true
- echo "RESULT: $server: Connect failed"
- errors=$((errors | 0x02))
- elif egrep '^[0-9]*:error:.*:ssl handshake failure:' "$tmpdir/cert-tor" > /dev/null; then
- [ "$verbose" -lt 1 ] || diff -U100 "$tmpdir/cert-tor" "$tmpdir/cert-direct" || true
- echo "RESULT: $server: SSL Handshake failed"
- errors=$((errors | 0x04))
- else
- echo "RESULT: $server: differences!"
- [ "$verbose" = 0 ] || echo "===="
- [ "$verbose" = 0 ] || echo "Diff:"
- diff -U100 "$tmpdir/cert-tor" "$tmpdir/cert-direct" || true
- errors=$((errors | 0x08))
- fi
+ for ((i=0; i < ${#targets[@]}; i++)); do
+ host="${targets[$i]}"
+ [ "${host%%+([0-9])}" = "$host" ] && host="$host:443"
+
+ rm -f "$tmpdir/cert-tor-$i" "$tmpdir/cert-tor-$i.filtered"
+
+ [ "$verbose" = 0 ] || echo "Via $server to $host:"
+ TORSOCKS_CONF_FILE="$tmpdir/torsocks.conf" torify openssl s_client -no_ticket -showcerts -connect "$host" < /dev/null 2>&1 | eatdata "$tmpdir/cert-tor-$i"
+
+ egrep -v '(Session-ID|Master-Key|Start Time):' < "$tmpdir/cert-tor-$i" > "$tmpdir/cert-tor-$i.filtered"
+
+ if diff "$tmpdir/cert-tor-$i.filtered" "$tmpdir/cert-direct-$i.filtered" > /dev/null; then
+ echo "RESULT: $server: No real differences."
+ [ "$verbose" = 0 ] || diff -U100 "$tmpdir/cert-tor-$i" "$tmpdir/cert-direct-$i" || true
+ elif egrep '^connect:errno=' "$tmpdir/cert-tor-$i" > /dev/null; then
+ [ "$verbose" -lt 1 ] || diff -U100 "$tmpdir/cert-tor-$i" "$tmpdir/cert-direct-$i" || true
+ echo "RESULT: $server: Connect failed"
+ errors=$((errors | 0x02))
+ elif egrep '^[0-9]*:error:.*:ssl handshake failure:' "$tmpdir/cert-tor-$i" > /dev/null; then
+ [ "$verbose" -lt 1 ] || diff -U100 "$tmpdir/cert-tor-$i" "$tmpdir/cert-direct-$i" || true
+ echo "RESULT: $server: SSL Handshake failed"
+ errors=$((errors | 0x04))
+ else
+ echo "RESULT: $server: differences!"
+ [ "$verbose" = 0 ] || echo "===="
+ [ "$verbose" = 0 ] || echo "Diff:"
+ diff -U100 "$tmpdir/cert-tor-$i" "$tmpdir/cert-direct-$i" || true
+ errors=$((errors | 0x08))
+ fi
+ done
[ "$torserver" = "-" ] || break
done