From bf2463e7e64a94cc0aaad8a8247f5d0fc41f3dc8 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Sat, 7 Sep 2013 07:44:54 +0000 Subject: Update cached direct cert when we find a mismatch git-svn-id: svn+ssh://asteria.noreply.org/svn/weaselutils/trunk@646 bc3d92e2-beff-0310-a7cd-cc87d7ac0ede --- tor-exit-ssl-check | 52 +++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 43 insertions(+), 9 deletions(-) (limited to 'tor-exit-ssl-check') diff --git a/tor-exit-ssl-check b/tor-exit-ssl-check index 31f8ebe..fb85011 100755 --- a/tor-exit-ssl-check +++ b/tor-exit-ssl-check @@ -74,6 +74,7 @@ fi torserver="$1"; shift declare -a targets=("$@") +declare -a used_cache mapaddr="192.0.2.1" @@ -153,26 +154,55 @@ expect_ok() { fi } -[ -n "$cachedir" ] && find "$cachedir" -name "tesc3-*" -mmin +1400 -exec rm '{}' '+' +sanitize() { + egrep -v '(Session-ID:|Master-Key:|Start Time:|SSL handshake has read)' +} -for ((i=0; i < ${#targets[@]}; i++)); do +direct_fetch_one() { + local i="$1" + + local host + host="${targets[$i]}" + + [ "$verbose" = 0 ] || echo "Directly to $host:" + openssl s_client -no_ticket -showcerts -connect "$host" < /dev/null 2>&1 | eatdata "$tmpdir/cert-direct-$i" + [ -n "$cachedir" ] && cp "$tmpdir/cert-direct-$i" "$cachedir/tesc3-$host" + used_cache[$i]="" +} + +direct_fetch() { + local i="$1" + + local host host="${targets[$i]}" - [ "${host%%+([0-9])}" = "$host" ] && host="$host:443" if [ -n "$cachedir" ] && [ -e "$cachedir/tesc3-$host" ] ; then [ "$verbose" = 0 ] || echo "Using cached certificate for $host." cp "$cachedir/tesc3-$host" "$tmpdir/cert-direct-$i" + used_cache[$i]="1" else - [ "$verbose" = 0 ] || echo "Directly to $host:" - openssl s_client -no_ticket -showcerts -connect "$host" < /dev/null 2>&1 | eatdata "$tmpdir/cert-direct-$i" - [ -n "$cachedir" ] && cp "$tmpdir/cert-direct-$i" "$cachedir/tesc3-$host" + direct_fetch_one "$i" fi - egrep -v '(Session-ID:|Master-Key:|Start Time:|SSL handshake has read)' < "$tmpdir/cert-direct-$i" > "$tmpdir/cert-direct-$i.filtered" + sanitize < "$tmpdir/cert-direct-$i" > "$tmpdir/cert-direct-$i.filtered" [ "$verbose" = 0 ] || echo "====" +} + + +# set default port +for ((i=0; i < ${#targets[@]}; i++)); do + host="${targets[$i]}" + [ "${host%%+([0-9])}" = "$host" ] && targets[$i]="$host:443" +done + +[ -n "$cachedir" ] && find "$cachedir" -name "tesc3-*" -mmin +1400 -exec rm '{}' '+' + +for ((i=0; i < ${#targets[@]}; i++)); do + direct_fetch "$i" done + coproc socat UNIX-CONNECT:"$controlsocket" - echo 'AUTHENTICATE' >&${COPROC[1]} expect_ok @@ -216,14 +246,18 @@ while : ; do for ((i=0; i < ${#targets[@]}; i++)); do host="${targets[$i]}" - [ "${host%%+([0-9])}" = "$host" ] && host="$host:443" rm -f "$tmpdir/cert-tor-$i" "$tmpdir/cert-tor-$i.filtered" [ "$verbose" = 0 ] || echo "Via $server to $host:" TORSOCKS_CONF_FILE="$tmpdir/torsocks.conf" torify openssl s_client -no_ticket -showcerts -connect "$host" < /dev/null 2>&1 | eatdata "$tmpdir/cert-tor-$i" + sanitize < "$tmpdir/cert-tor-$i" > "$tmpdir/cert-tor-$i.filtered" - egrep -v '(Session-ID:|Master-Key:|Start Time:|SSL handshake has read)' < "$tmpdir/cert-tor-$i" > "$tmpdir/cert-tor-$i.filtered" + if [ -n "used_cache[$i]" ] && ! diff "$tmpdir/cert-direct-$i.filtered" "$tmpdir/cert-tor-$i.filtered" > /dev/null; then + [ "$verbose" = 0 ] || echo "Fetching a non-cached copy of $host's cert." + direct_fetch_one "$i" + sanitize < "$tmpdir/cert-direct-$i" > "$tmpdir/cert-direct-$i.filtered" + fi if diff "$tmpdir/cert-direct-$i.filtered" "$tmpdir/cert-tor-$i.filtered" > /dev/null; then echo "RESULT[$host]: $server: No real differences." -- cgit v1.2.3