@@ -197,7 +197,11 @@ TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}" # If you run testssl.sh and it
197197CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}" # You can have your CA stores some place else
198198EXPERIMENTAL=${EXPERIMENTAL:-false} # a development hook which allows us to disable code
199199PROXY_WAIT=${PROXY_WAIT:-20} # waiting at max 20 seconds for socket reply through proxy
200+ <<<<<<< HEAD
200201DNS_VIA_PROXY=${DNS_VIA_PROXY:-false} # do DNS lookups via proxy. --ip=proxy reverses this
202+ =======
203+ DNS_VIA_PROXY=${DNS_VIA_PROXY:-true} # do DNS lookups via proxy. --ip=* reverses this
204+ >>>>>>> 283c66f (fixed DNS via Proxy)
201205IGN_OCSP_PROXY=${IGN_OCSP_PROXY:-false} # Also when --proxy is supplied it is ignored when testing for revocation via OCSP via --phone-out
202206HEADER_MAXSLEEP=${HEADER_MAXSLEEP:-5} # we wait this long before killing the process to retrieve a service banner / http header
203207MAX_SOCKET_FAIL=${MAX_SOCKET_FAIL:-2} # If this many failures for TCP socket connects are reached we terminate
@@ -22085,11 +22089,16 @@ determine_ip_addresses() {
2208522089 local ip4=""
2208622090 local ip6=""
2208722091
22092+ if [[ -n "$PROXY" ]] && $DNS_VIA_PROXY; then
22093+ IPADDRs="$NODE"
22094+ return 0
22095+ fi
22096+
2208822097 ip4="$(get_a_record "$NODE")"
2208922098 ip6="$(get_aaaa_record "$NODE")"
2209022099 IP46ADDRs=$(newline_to_spaces "$ip4 $ip6")
2209122100
22092- if [[ -n "$CMDLINE_IP" ]]; then
22101+ if [[ -n "$CMDLINE_IP" ]] && [[ "$CMDLINE_IP" != "all" ]] ; then
2209322102 # command line has supplied an IP address or "one"
2209422103 if [[ "$CMDLINE_IP" == one ]]; then
2209522104 # use first IPv6 or IPv4 address
@@ -22981,11 +22990,19 @@ display_rdns_etc() {
2298122990datebanner() {
2298222991 local scan_time_f=""
2298322992 local node_banner=""
22993+ <<<<<<< HEAD
2298422994
2298522995 if [[ -n "$PROXY" ]] && "$DNS_VIA_PROXY"; then
2298622996 node_banner="$NODE:$PORT"
2298722997 else
2298822998 node_banner="$NODEIP:$PORT ($NODE)"
22999+ =======
23000+
23001+ if [[ -n "PROXY" ]] && $DNS_VIA_PROXY;then
23002+ node_banner="$NODE:$PORT"
23003+ else
23004+ node_banner="$NODEIP:$PORT ($NODE)"
23005+ >>>>>>> 283c66f (fixed DNS via Proxy)
2298923006 fi
2299023007
2299123008 if [[ "$1" =~ Done ]] ; then
@@ -24061,10 +24078,8 @@ parse_cmd_line() {
2406124078 --ip|--ip=*)
2406224079 CMDLINE_IP="$(parse_opt_equal_sign "$1" "$2")"
2406324080 [[ $? -eq 0 ]] && shift
24064- if [[ "$CMDLINE_IP" == proxy ]]; then
24065- DNS_VIA_PROXY=true
24066- unset CMDLINE_IP
24067- fi
24081+ DNS_VIA_PROXY=false
24082+
2406824083 # normalize any IPv6 address
2406924084 CMDLINE_IP="${CMDLINE_IP//[/}" # fix vim syntax highlighting "]
2407024085 CMDLINE_IP="${CMDLINE_IP//]/}"
@@ -24950,6 +24965,7 @@ lets_roll() {
2495024965 [[ -z "$NODE" ]] && parse_hn_port "${URI}" # NODE, URL_PATH, PORT, IPADDRs and IP46ADDR is set now
2495124966 prepare_logging
2495224967
24968+ <<<<<<< HEAD
2495324969 if [[ -n "$PROXY" ]] && $DNS_VIA_PROXY; then
2495424970 NODEIP="$NODE"
2495524971 lets_roll "${STARTTLS_PROTOCOL}"
@@ -24974,6 +24990,26 @@ lets_roll() {
2497424990 lets_roll "${STARTTLS_PROTOCOL}"
2497524991 RET=$?
2497624992 fi
24993+ =======
24994+ determine_ip_addresses
24995+ if [[ $(count_words "$IPADDRs") -gt 1 ]]; then # we have more than one ipv4 address to check
24996+ MULTIPLE_CHECKS=true
24997+ pr_bold "Testing all IPv4 addresses (port $PORT): "; outln "$IPADDRs"
24998+ for ip in $IPADDRs; do
24999+ draw_line "-" $((TERM_WIDTH * 2 / 3))
25000+ outln
25001+ NODEIP="$ip"
25002+ lets_roll "${STARTTLS_PROTOCOL}"
25003+ RET=$((RET + $?)) # RET value per IP address
25004+ done
25005+ draw_line "-" $((TERM_WIDTH * 2 / 3))
25006+ outln
25007+ pr_bold "Done testing now all IP addresses (on port $PORT): "; outln "$IPADDRs"
25008+ else # Just 1x ip4v to check, applies also if CMDLINE_IP was supplied
25009+ NODEIP="$IPADDRs"
25010+ lets_roll "${STARTTLS_PROTOCOL}"
25011+ RET=$?
25012+ >>>>>>> 283c66f (fixed DNS via Proxy)
2497725013 fi
2497825014
2497925015exit $RET
0 commit comments