Closed peternewman closed 2 years ago
Thanks, I completely forgot. There might be other places where I did not specify the proxy (I cannot easily test)
Thanks, I completely forgot. There might be other places where I did not specify the proxy
A low tech grep finds one other possible place:
grep -n -i "s_client " check_ssl_cert | grep -i host | grep -vi sclient_proxy
2146: exec_with_timeout "echo 'Q' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -showcerts -connect ${HOST_ADDR}:${XMPPPORT} ${XMPPHOST} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}"
4071: # Check if openssl s_client supports the -xmpphost option
4073: if ${OPENSSL} s_client -help 2>&1 | grep -F -q -- -xmpphost; then
Should/can xmpp go through a proxy?
Likewise:
grep -n -i "curl" check_ssl_cert | egrep -i "host|file|location" | grep -vi proxy
3564: debuglog "curl binary needed. SSL Labs = ${SSL_LAB_CRIT_ASSESSMENT}, OCSP = ${OCSP}, CURL = ${CRL}, IGNORE_CONNECTION_STATE=${IGNORE_CONNECTION_STATE}, FILE_URI=${FILE_URI}"
4272: debuglog "Executing: ${CURL_BIN} --silent --connect-timeout ${TIMEOUT} ${HOST}:${PORT}"
4274: "${CURL_BIN}" --silent --connect-timeout "${TIMEOUT}" "${HOST}":"${PORT}" >/dev/null
It looks like that curl connection test should probably have one?
(I cannot easily test)
It shouldn't be too hard to spin up a proxy, but I guess you've got to block your direct access too. I wonder if we could do it as part of the GitHub action tests somehow...
It's not difficult to install a proxy but I would need a network where a proxy is needed and where without a proxy the connections fail. Otherwise I will miss the problems.
xmpp should work with a proxy ...
I'm unclear if SERVERNAME is actually required or not, but I figured it might be...
Also FWIW I get the following:
I'm a bit unclear if that line should actually be matching the grep and counting as success rather than failure? Or maybe it's my proxy causing that issue anyway...
Run as: