summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xtor-exit-ssl-check52
1 files changed, 43 insertions, 9 deletions
diff --git a/tor-exit-ssl-check b/tor-exit-ssl-check
index 31f8ebe..fb85011 100755
--- a/tor-exit-ssl-check
+++ b/tor-exit-ssl-check
@@ -74,6 +74,7 @@ fi
torserver="$1"; shift
declare -a targets=("$@")
+declare -a used_cache
mapaddr="192.0.2.1"
@@ -153,26 +154,55 @@ expect_ok() {
fi
}
-[ -n "$cachedir" ] && find "$cachedir" -name "tesc3-*" -mmin +1400 -exec rm '{}' '+'
+sanitize() {
+ egrep -v '(Session-ID:|Master-Key:|Start Time:|SSL handshake has read)'
+}
-for ((i=0; i < ${#targets[@]}; i++)); do
+direct_fetch_one() {
+ local i="$1"
+
+ local host
+ host="${targets[$i]}"
+
+ [ "$verbose" = 0 ] || echo "Directly to $host:"
+ openssl s_client -no_ticket -showcerts -connect "$host" < /dev/null 2>&1 | eatdata "$tmpdir/cert-direct-$i"
+ [ -n "$cachedir" ] && cp "$tmpdir/cert-direct-$i" "$cachedir/tesc3-$host"
+ used_cache[$i]=""
+}
+
+direct_fetch() {
+ local i="$1"
+
+ local host
host="${targets[$i]}"
- [ "${host%%+([0-9])}" = "$host" ] && host="$host:443"
if [ -n "$cachedir" ] && [ -e "$cachedir/tesc3-$host" ] ; then
[ "$verbose" = 0 ] || echo "Using cached certificate for $host."
cp "$cachedir/tesc3-$host" "$tmpdir/cert-direct-$i"
+ used_cache[$i]="1"
else
- [ "$verbose" = 0 ] || echo "Directly to $host:"
- openssl s_client -no_ticket -showcerts -connect "$host" < /dev/null 2>&1 | eatdata "$tmpdir/cert-direct-$i"
- [ -n "$cachedir" ] && cp "$tmpdir/cert-direct-$i" "$cachedir/tesc3-$host"
+ direct_fetch_one "$i"
fi
- egrep -v '(Session-ID:|Master-Key:|Start Time:|SSL handshake has read)' < "$tmpdir/cert-direct-$i" > "$tmpdir/cert-direct-$i.filtered"
+ sanitize < "$tmpdir/cert-direct-$i" > "$tmpdir/cert-direct-$i.filtered"
[ "$verbose" = 0 ] || echo "===="
+}
+
+
+# set default port
+for ((i=0; i < ${#targets[@]}; i++)); do
+ host="${targets[$i]}"
+ [ "${host%%+([0-9])}" = "$host" ] && targets[$i]="$host:443"
+done
+
+[ -n "$cachedir" ] && find "$cachedir" -name "tesc3-*" -mmin +1400 -exec rm '{}' '+'
+
+for ((i=0; i < ${#targets[@]}; i++)); do
+ direct_fetch "$i"
done
+
coproc socat UNIX-CONNECT:"$controlsocket" -
echo 'AUTHENTICATE' >&${COPROC[1]}
expect_ok
@@ -216,14 +246,18 @@ while : ; do
for ((i=0; i < ${#targets[@]}; i++)); do
host="${targets[$i]}"
- [ "${host%%+([0-9])}" = "$host" ] && host="$host:443"
rm -f "$tmpdir/cert-tor-$i" "$tmpdir/cert-tor-$i.filtered"
[ "$verbose" = 0 ] || echo "Via $server to $host:"
TORSOCKS_CONF_FILE="$tmpdir/torsocks.conf" torify openssl s_client -no_ticket -showcerts -connect "$host" < /dev/null 2>&1 | eatdata "$tmpdir/cert-tor-$i"
+ sanitize < "$tmpdir/cert-tor-$i" > "$tmpdir/cert-tor-$i.filtered"
- egrep -v '(Session-ID:|Master-Key:|Start Time:|SSL handshake has read)' < "$tmpdir/cert-tor-$i" > "$tmpdir/cert-tor-$i.filtered"
+ if [ -n "used_cache[$i]" ] && ! diff "$tmpdir/cert-direct-$i.filtered" "$tmpdir/cert-tor-$i.filtered" > /dev/null; then
+ [ "$verbose" = 0 ] || echo "Fetching a non-cached copy of $host's cert."
+ direct_fetch_one "$i"
+ sanitize < "$tmpdir/cert-direct-$i" > "$tmpdir/cert-direct-$i.filtered"
+ fi
if diff "$tmpdir/cert-direct-$i.filtered" "$tmpdir/cert-tor-$i.filtered" > /dev/null; then
echo "RESULT[$host]: $server: No real differences."