summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Palfrader <peter@palfrader.org>2013-09-07 07:44:54 +0000
committerweasel <weasel@bc3d92e2-beff-0310-a7cd-cc87d7ac0ede>2013-09-07 07:44:54 +0000
commitbf2463e7e64a94cc0aaad8a8247f5d0fc41f3dc8 (patch)
treed727d62c9e74ac484bcb714077542c932654bd5b
parent86c2c65f76cda8407d1a2e33f987d8f884e4a71d (diff)
Update cached direct cert when we find a mismatch
git-svn-id: svn+ssh://asteria.noreply.org/svn/weaselutils/trunk@646 bc3d92e2-beff-0310-a7cd-cc87d7ac0ede
-rwxr-xr-xtor-exit-ssl-check52
1 files changed, 43 insertions, 9 deletions
diff --git a/tor-exit-ssl-check b/tor-exit-ssl-check
index 31f8ebe..fb85011 100755
--- a/tor-exit-ssl-check
+++ b/tor-exit-ssl-check
@@ -74,6 +74,7 @@ fi
torserver="$1"; shift
declare -a targets=("$@")
+declare -a used_cache
mapaddr="192.0.2.1"
@@ -153,26 +154,55 @@ expect_ok() {
fi
}
-[ -n "$cachedir" ] && find "$cachedir" -name "tesc3-*" -mmin +1400 -exec rm '{}' '+'
+sanitize() {
+ egrep -v '(Session-ID:|Master-Key:|Start Time:|SSL handshake has read)'
+}
-for ((i=0; i < ${#targets[@]}; i++)); do
+direct_fetch_one() {
+ local i="$1"
+
+ local host
+ host="${targets[$i]}"
+
+ [ "$verbose" = 0 ] || echo "Directly to $host:"
+ openssl s_client -no_ticket -showcerts -connect "$host" < /dev/null 2>&1 | eatdata "$tmpdir/cert-direct-$i"
+ [ -n "$cachedir" ] && cp "$tmpdir/cert-direct-$i" "$cachedir/tesc3-$host"
+ used_cache[$i]=""
+}
+
+direct_fetch() {
+ local i="$1"
+
+ local host
host="${targets[$i]}"
- [ "${host%%+([0-9])}" = "$host" ] && host="$host:443"
if [ -n "$cachedir" ] && [ -e "$cachedir/tesc3-$host" ] ; then
[ "$verbose" = 0 ] || echo "Using cached certificate for $host."
cp "$cachedir/tesc3-$host" "$tmpdir/cert-direct-$i"
+ used_cache[$i]="1"
else
- [ "$verbose" = 0 ] || echo "Directly to $host:"
- openssl s_client -no_ticket -showcerts -connect "$host" < /dev/null 2>&1 | eatdata "$tmpdir/cert-direct-$i"
- [ -n "$cachedir" ] && cp "$tmpdir/cert-direct-$i" "$cachedir/tesc3-$host"
+ direct_fetch_one "$i"
fi
- egrep -v '(Session-ID:|Master-Key:|Start Time:|SSL handshake has read)' < "$tmpdir/cert-direct-$i" > "$tmpdir/cert-direct-$i.filtered"
+ sanitize < "$tmpdir/cert-direct-$i" > "$tmpdir/cert-direct-$i.filtered"
[ "$verbose" = 0 ] || echo "===="
+}
+
+
+# set default port
+for ((i=0; i < ${#targets[@]}; i++)); do
+ host="${targets[$i]}"
+ [ "${host%%+([0-9])}" = "$host" ] && targets[$i]="$host:443"
+done
+
+[ -n "$cachedir" ] && find "$cachedir" -name "tesc3-*" -mmin +1400 -exec rm '{}' '+'
+
+for ((i=0; i < ${#targets[@]}; i++)); do
+ direct_fetch "$i"
done
+
coproc socat UNIX-CONNECT:"$controlsocket" -
echo 'AUTHENTICATE' >&${COPROC[1]}
expect_ok
@@ -216,14 +246,18 @@ while : ; do
for ((i=0; i < ${#targets[@]}; i++)); do
host="${targets[$i]}"
- [ "${host%%+([0-9])}" = "$host" ] && host="$host:443"
rm -f "$tmpdir/cert-tor-$i" "$tmpdir/cert-tor-$i.filtered"
[ "$verbose" = 0 ] || echo "Via $server to $host:"
TORSOCKS_CONF_FILE="$tmpdir/torsocks.conf" torify openssl s_client -no_ticket -showcerts -connect "$host" < /dev/null 2>&1 | eatdata "$tmpdir/cert-tor-$i"
+ sanitize < "$tmpdir/cert-tor-$i" > "$tmpdir/cert-tor-$i.filtered"
- egrep -v '(Session-ID:|Master-Key:|Start Time:|SSL handshake has read)' < "$tmpdir/cert-tor-$i" > "$tmpdir/cert-tor-$i.filtered"
+ if [ -n "used_cache[$i]" ] && ! diff "$tmpdir/cert-direct-$i.filtered" "$tmpdir/cert-tor-$i.filtered" > /dev/null; then
+ [ "$verbose" = 0 ] || echo "Fetching a non-cached copy of $host's cert."
+ direct_fetch_one "$i"
+ sanitize < "$tmpdir/cert-direct-$i" > "$tmpdir/cert-direct-$i.filtered"
+ fi
if diff "$tmpdir/cert-direct-$i.filtered" "$tmpdir/cert-tor-$i.filtered" > /dev/null; then
echo "RESULT[$host]: $server: No real differences."