Merge pull request #299 from jtesta/certificate_retrieval_fix

Fixed certificate parsing against some servers. (#298)
rbsec · Nov 14, 2023 · 6b6140d · 6b6140d
2 parents d84ca17 + 561591d
commit 6b6140d
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/sslscan.c b/sslscan.c
@@ -1869,6 +1869,9 @@ int testCipher(struct sslCheckOptions *options, const SSL_METHOD *sslMethod)
                 // This enables TLS SNI
                 SSL_set_tlsext_host_name (ssl, options->sniname);
 
+                // Against some servers, this is required for a successful SSL_connect(), below.
+                SSL_set_options(ssl, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
+
                 // Connect SSL over socket
                 cipherStatus = SSL_connect(ssl);
                 printf_verbose("SSL_connect() returned: %d\n", cipherStatus);
@@ -2033,6 +2036,9 @@ int checkCertificate(struct sslCheckOptions *options, const SSL_METHOD *sslMetho
                         SSL_set_tlsext_host_name (ssl, options->sniname);
 #endif
 
+                        // Against some servers, this is required for a successful SSL_connect(), below.
+                        SSL_set_options(ssl, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
+
                         // Connect SSL over socket
                         SSL_connect(ssl);
                         // Setup BIO's