From 77f34296ba090c7bfbcf5d0ca6a39c0923fce89a Mon Sep 17 00:00:00 2001
From: tfdl <dl+gh@techfak.net>
Date: Thu, 4 Jul 2019 13:07:34 +0200
Subject: [PATCH 1/2] Append TLSFLAGS for mail and ftp to array. Before they
 were overwritten and ignored.

---
 ssl-cert-check | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/ssl-cert-check b/ssl-cert-check
index 242e14d..0a44797 100755
--- a/ssl-cert-check
+++ b/ssl-cert-check
@@ -643,24 +643,22 @@ usage()
 ##########################################################################
 check_server_status() {
 
+    if [ "${TLSSERVERNAME}" = "FALSE" ]; then
+        TLSFLAG=(s_client -crlf -connect "${1}":"${2}")
+    else
+        TLSFLAG=(s_client -crlf -connect "${1}":"${2}" -servername "${1}")
+    fi
+
     if [ "_${2}" = "_smtp" ] || [ "_${2}" = "_25" ]; then
-        TLSFLAG="-starttls smtp"
+        TLSFLAG+=(-starttls smtp)
     elif [ "_${2}" = "_ftp" ] || [ "_${2}" = "_21" ]; then
-        TLSFLAG="-starttls ftp"
+        TLSFLAG+=(-starttls ftp)
     elif [ "_${2}" = "_pop3" ] || [ "_${2}" = "_110" ]; then
-        TLSFLAG="-starttls pop3"
+        TLSFLAG+=(-starttls pop3)
     elif [ "_${2}" = "_imap" ] || [ "_${2}" = "_143" ]; then
-        TLSFLAG="-starttls imap"
+        TLSFLAG+=(-starttls imap)
     elif [ "_${2}" = "_submission" ] || [ "_${2}" = "_587" ]; then
-        TLSFLAG="-starttls smtp -port ${2}"
-    else
-        TLSFLAG=""
-    fi
-
-    if [ "${TLSSERVERNAME}" = "FALSE" ]; then
-	TLSFLAG=(s_client -crlf -connect "${1}":"${2}")
-    else
-        TLSFLAG=(s_client -crlf -connect "${1}":"${2}" -servername "${1}")
+        TLSFLAG+=(-starttls smtp -port "${2}")
     fi
 
     echo "" | "${OPENSSL}" "${TLSFLAG[@]}" 2> "${ERROR_TMP}" 1> "${CERT_TMP}"

From 670d93e82fbb2b37ed486ebd7bd1d5a54b81774c Mon Sep 17 00:00:00 2001
From: tfdl <dl+gh@techfak.net>
Date: Thu, 4 Jul 2019 16:22:12 +0200
Subject: [PATCH 2/2] Catch openssl unsupported protocol error

---
 ssl-cert-check | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ssl-cert-check b/ssl-cert-check
index 0a44797..359f546 100755
--- a/ssl-cert-check
+++ b/ssl-cert-check
@@ -684,6 +684,9 @@ check_server_status() {
     elif "${GREP}" -i "Name or service not known" "${ERROR_TMP}" > /dev/null; then
         prints "${1}" "${2}" "Unable to resolve the DNS name ${1}" "Unknown"
         set_returncode 3
+    elif "${GREP}" -i "unsupported protocol" "${ERROR_TMP}" > /dev/null; then
+        prints "${1}" "${2}" "Unsupported SSL/TLS protocol" "Unknown"
+        set_returncode 3
     else
         check_file_status "${CERT_TMP}" "${1}" "${2}"
     fi