From 0f7636b2a7bbf7c7e9f007669129be4f92f30355 Mon Sep 17 00:00:00 2001
From: Rok Zlender <rok.zlender@acquia.com>
Date: Wed, 2 Mar 2022 17:11:11 +0100
Subject: [PATCH 1/3] Provide support for customizable timeout

---
 ssl_checker.py | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/ssl_checker.py b/ssl_checker.py
index 58857e2..703d802 100755
--- a/ssl_checker.py
+++ b/ssl_checker.py
@@ -48,14 +48,21 @@ def get_cert(self, host, port, user_args):
             print('{}Connecting to socket{}\n'.format(Clr.YELLOW, Clr.RST))
 
         sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        osobj = SSL.Context(PROTOCOL_TLSv1)
-        sock.connect((host, int(port)))
-        oscon = SSL.Connection(osobj, sock)
-        oscon.set_tlsext_host_name(host.encode())
-        oscon.set_connect_state()
-        oscon.do_handshake()
-        cert = oscon.get_peer_certificate()
-        sock.close()
+        if user_args.timeout != False:
+            sock.settimeout(user_args.timeout)
+        try:
+            osobj = SSL.Context(PROTOCOL_TLSv1)
+            sock.connect((host, int(port)))
+            oscon = SSL.Connection(osobj, sock)
+            oscon.set_tlsext_host_name(host.encode())
+            oscon.set_connect_state()
+            oscon.setblocking(1)
+            oscon.do_handshake()
+            cert = oscon.get_peer_certificate()
+        except socket.timeout as e:
+            raise e
+        finally:
+            sock.close()
         if user_args.verbose:
             print('{}Closing socket{}\n'.format(Clr.YELLOW, Clr.RST))
 
@@ -250,6 +257,10 @@ def show_result(self, user_args):
                 if not user_args.json_true:
                     print('\t{}[-]{} {:<20s} Failed: Misconfigured SSL/TLS\n'.format(Clr.RED, Clr.RST, host))
                     self.total_failed += 1
+            except socket.timeout:
+                if not user_args.json_true:
+                    print('\t{}[-]{} {:<20s} Timeout: {}\n'.format(Clr.RED, Clr.RST, host, error))
+                    self.total_failed += 1
             except Exception as error:
                 if not user_args.json_true:
                     print('\t{}[-]{} {:<20s} Failed: {}\n'.format(Clr.RED, Clr.RST, host, error))
@@ -332,6 +343,7 @@ def get_args(self, json_args={}):
             setattr(args, 'socks', False)
             setattr(args, 'analyze', False)
             setattr(args, 'hosts', json_args['hosts'])
+            setattr(args, 'timeout', json_args.get('timeout', False))
             return args
 
         group = parser.add_mutually_exclusive_group(required=True)
@@ -360,6 +372,9 @@ def get_args(self, json_args={}):
         parser.add_argument('-a', '--analyze', dest='analyze',
                             default=False, action='store_true',
                             help='Enable SSL security analysis on the host')
+        parser.add_argument('-t', '--timeout', dest='timeout',
+                            default=False, actin='store_true',
+                            help='Enable timeout on the SSL connection.')
         parser.add_argument('-v', '--verbose', dest='verbose',
                             default=False, action='store_true',
                             help='Enable verbose to see what is going on')

From f4956c168ce2d943f16998190421d6c6ff9ef979 Mon Sep 17 00:00:00 2001
From: Rok Zlender <rok.zlender@acquia.com>
Date: Wed, 2 Mar 2022 17:19:13 +0100
Subject: [PATCH 2/3] Type fix

---
 ssl_checker.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl_checker.py b/ssl_checker.py
index 703d802..2492e4d 100755
--- a/ssl_checker.py
+++ b/ssl_checker.py
@@ -373,7 +373,7 @@ def get_args(self, json_args={}):
                             default=False, action='store_true',
                             help='Enable SSL security analysis on the host')
         parser.add_argument('-t', '--timeout', dest='timeout',
-                            default=False, actin='store_true',
+                            default=False, action='store_true',
                             help='Enable timeout on the SSL connection.')
         parser.add_argument('-v', '--verbose', dest='verbose',
                             default=False, action='store_true',

From eca2b2fd69529e47c8aec1bb76084f82fcbf784c Mon Sep 17 00:00:00 2001
From: Rok Zlender <rok.zlender@acquia.com>
Date: Fri, 4 Mar 2022 15:54:49 +0100
Subject: [PATCH 3/3] Fix the cli parameters and error log

---
 ssl_checker.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ssl_checker.py b/ssl_checker.py
index 2492e4d..2c9b485 100755
--- a/ssl_checker.py
+++ b/ssl_checker.py
@@ -257,7 +257,7 @@ def show_result(self, user_args):
                 if not user_args.json_true:
                     print('\t{}[-]{} {:<20s} Failed: Misconfigured SSL/TLS\n'.format(Clr.RED, Clr.RST, host))
                     self.total_failed += 1
-            except socket.timeout:
+            except socket.timeout as error:
                 if not user_args.json_true:
                     print('\t{}[-]{} {:<20s} Timeout: {}\n'.format(Clr.RED, Clr.RST, host, error))
                     self.total_failed += 1
@@ -373,7 +373,7 @@ def get_args(self, json_args={}):
                             default=False, action='store_true',
                             help='Enable SSL security analysis on the host')
         parser.add_argument('-t', '--timeout', dest='timeout',
-                            default=False, action='store_true',
+                            default=False, type=float,
                             help='Enable timeout on the SSL connection.')
         parser.add_argument('-v', '--verbose', dest='verbose',
                             default=False, action='store_true',