@@ -22455,13 +22455,14 @@ get_https_rrecord() {
2245522455 fi
2245622456 OPENSSL_CONF="$saved_openssl_conf" # see https://github.com/drwetter/testssl.sh/issues/134
2245722457
22458- # dig +short +search +timeout=3 +tries=3 +noidnout type65 dev.testssl.sh
22458+ # dig +short HTTPS dev.testssl.sh / dig +short type65 dev.testssl.sh
2245922459# 1 . alpn="h2" port=443 ipv6hint=2a01:238:4308:a920:1000:0:b:1337
2246022460#
2246122461# 36 000100000100030268320003000201BB000600102A0102384308A920 10000000000B1337
2246222462# alpn| L h 2 443 2a010238... L=len
22463-
22464- # dig +short +search +timeout=3 +tries=3 +noidnout HTTPS testssl.net (split over a couple of lines)
22463+ #
22464+ # -----------------
22465+ # testssl.net (split over a couple of lines)
2246522466#
2246622467# 1. alpn="h3,h2" ipv4hint=104.21.34.154,172.67.205.231
2246722468# 136 00010000010006026833026832000400086815229AAC43CDE7000500 470045FE0D0041F3002000202BD0935ED66980C1862F2570C0D6014D
@@ -22476,20 +22477,26 @@ get_https_rrecord() {
2247622477 elif [[ "$raw_https" =~ \#\ [0-9][0-9] ]]; then
2247722478 while read hash len line ;do
2247822479 # \# 10 00010000010003026832
22479- if [[ "${line:0:4}" == 0001 ]]; then # marker to proceed, belongs to SvcPriority, see rfc9460, 2.1
22480- svc_priority=$(printf "%0d" "$((10#${line:2:2}))") # 1 is most often, (probably not needed) type casting. 0 is alias
22481- if [[ ${line:8:2} != 01 ]]; then # Then comes SvcParamKeys, see rfc 14.3.2 which should be alpn=-1
22482- continue # If the first element is not alpn, next iteration of loop will fail.
22480+ if [[ "${line:0:4}" == 0001 ]]; then # marker to proceed, belongs to SvcPriority, see rfc9460, 2.4.3
22481+ svc_priority=$(printf "%0d" "$((10#${line:2:2}))") # 1 is most often, 0 is alias
22482+ if [[ $svc_priority == 1 ]]; then
22483+ # mock text representation
22484+ svc_priority="$svc_priority . "
22485+ https_property_name="${https_property_name}${svc_priority}"
22486+ fi
22487+ if [[ ${line:8:2} == 01 ]]; then # Then comes SvcParamKeys, see rfc 14.3.2 which should be alpn=-1
22488+ https_property_name="${https_property_name}alpn=\""
22489+ else
22490+ continue # If the 1st element is not alpn, next iteration of loop will fail.
2248322491 fi # Should we care as SvcParamKey!=alpn doesn't seems not very common?
22484-
2248522492 xlen_https_property=${line:12:2} # length of alpn entries
22486- https_property_value=${line:16:4}
22487- https_property_name=$(hex2ascii $https_property_value)
22493+ https_property_value=${line:16:4} # first value
22494+ https_property_name=${https_property_name}$ (hex2ascii $https_property_value)
2248822495 if [[ $xlen_https_property != 03 ]]; then # 06 would be another entry
2248922496 https_property_value=${line:22:4} #FIXME: we can't cope with three entries yet
2249022497 https_property_name="${https_property_name},$(hex2ascii $https_property_value)"
2249122498 fi
22492- echo $ https_property_name
22499+ [[ ${line:8:2} == 01 ]] && https_property_name="${https_property_name}\"" # if alpn add trailing double quote
2249322500
2249422501# len_https_property=$((len_https_property*2)) # =>word! Now get name from 4th and value from 4th+len position...
2249522502# line="${line/ /}" # especially with iodefs there's a blank in the string which we just skip
@@ -22500,12 +22507,8 @@ get_https_rrecord() {
2250022507 return 7
2250122508 fi
2250222509 done <<< "$raw_https"
22503- else
22504- safe_echo "$raw_https"
22510+ echo $https_property_name
2250522511 fi
22506-
22507- #set +x
22508-
2250922512 return 0
2251022513}
2251122514
0 commit comments