From 3061833aa8f7a38cbb74fc82604e62097d6d1978 Mon Sep 17 00:00:00 2001
From: bol-van <k@vodka.home.kg>
Date: Sat, 11 Dec 2021 11:27:37 +0300
Subject: [PATCH] blockcheck: online test test for tls 1.3 presence

---
 blockcheck.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/blockcheck.sh b/blockcheck.sh
index 4d25930..f5d32be 100755
--- a/blockcheck.sh
+++ b/blockcheck.sh
@@ -119,7 +119,7 @@ check_prerequisites()
 	echo \* checking prerequisites
 
 	[ -x "$NFQWS" ] && [ -x "$TPWS" ] && [ -x "$MDIG" ] || {
-		echo $NFQWS or $MDIG or $TPWS is not available. run $ZAPRET_BASE/install_bin.sh
+		echo $NFQWS or $TPWS or $MDIG is not available. run $ZAPRET_BASE/install_bin.sh
 		exitp 6
 	}
 
@@ -135,7 +135,11 @@ curl_supports_tls13()
 {
 	curl --tlsv1.3 -Is -o /dev/null http://$LOCALHOST_IPT:65535 2>/dev/null
 	# return code 2 = init failed. likely bad command line options
-	[ $? != 2 ]
+	[ $? = 2 ] && return 1
+	# curl can have tlsv1.3 key present but ssl library without TLS 1.3 support
+	# this is online test because there's no other way to trigger library incompatibility case
+	curl --tlsv1.3 -Is -o /dev/null https://w3.org 2>/dev/null
+	[ $? != 4 ]
 }
 
 hdrfile_http_code()