mirror of
https://github.com/Ponce/slackbuilds
synced 2024-12-01 01:00:03 +01:00
e6a2a7937c
There are multiple forks of the original upstream (now dead and fails to build). Arch uses this fork, but Debian and Fedora use github.com/rbsec which is more active but wants a fresh git clone of openssl for every build, so anyone who prefers rbsec is welcome to fix that. Actually, just use network/ssllabs-scan instead of this. Signed-off-by: David Spencer <baildon.research@googlemail.com>
133 lines
6 KiB
Diff
133 lines
6 KiB
Diff
diff -uprb sslscan-1.10.2.orig/sslscan.c sslscan-1.10.2/sslscan.c
|
|
--- sslscan-1.10.2.orig/sslscan.c 2014-02-14 16:59:08.000000000 +0200
|
|
+++ sslscan-1.10.2/sslscan.c 2016-03-02 22:24:34.714187733 +0200
|
|
@@ -1083,8 +1083,9 @@ int testCipher(struct sslCheckOptions *o
|
|
}
|
|
if (options->xmlOutput != 0)
|
|
fprintf(options->xmlOutput, " sslversion=\"");
|
|
+ if (0) {}
|
|
#ifndef OPENSSL_NO_SSL2
|
|
- if (sslCipherPointer->sslMethod == SSLv2_client_method())
|
|
+ else if (sslCipherPointer->sslMethod == SSLv2_client_method())
|
|
{
|
|
if (options->xmlOutput != 0)
|
|
fprintf(options->xmlOutput, "SSLv2\" bits=\"");
|
|
@@ -1093,10 +1094,9 @@ int testCipher(struct sslCheckOptions *o
|
|
else
|
|
printf("SSLv2 ");
|
|
}
|
|
- else if (sslCipherPointer->sslMethod == SSLv3_client_method())
|
|
-#else
|
|
- if (sslCipherPointer->sslMethod == SSLv3_client_method())
|
|
#endif
|
|
+#ifndef OPENSSL_NO_SSL3
|
|
+ else if (sslCipherPointer->sslMethod == SSLv3_client_method())
|
|
{
|
|
if (options->xmlOutput != 0)
|
|
fprintf(options->xmlOutput, "SSLv3\" bits=\"");
|
|
@@ -1105,6 +1105,7 @@ int testCipher(struct sslCheckOptions *o
|
|
else
|
|
printf("SSLv3 ");
|
|
}
|
|
+#endif
|
|
else if (sslCipherPointer->sslMethod == TLSv1_client_method())
|
|
{
|
|
if (options->xmlOutput != 0)
|
|
@@ -1238,8 +1239,9 @@ int defaultCipher(struct sslCheckOptions
|
|
cipherStatus = SSL_connect(ssl);
|
|
if (cipherStatus == 0 || cipherStatus == 1)
|
|
{
|
|
+ if (0) {}
|
|
#ifndef OPENSSL_NO_SSL2
|
|
- if (sslMethod == SSLv2_client_method())
|
|
+ else if (sslMethod == SSLv2_client_method())
|
|
{
|
|
if (options->xmlOutput != 0)
|
|
fprintf(options->xmlOutput, " <defaultcipher sslversion=\"SSLv2\" bits=\"");
|
|
@@ -1248,10 +1250,9 @@ int defaultCipher(struct sslCheckOptions
|
|
else
|
|
printf(" SSLv2 ");
|
|
}
|
|
- else if (sslMethod == SSLv3_client_method())
|
|
-#else
|
|
- if (sslMethod == SSLv3_client_method())
|
|
#endif
|
|
+#ifndef OPENSSL_NO_SSL3
|
|
+ else if (sslMethod == SSLv3_client_method())
|
|
{
|
|
if (options->xmlOutput != 0)
|
|
fprintf(options->xmlOutput, " <defaultcipher sslversion=\"SSLv3\" bits=\"");
|
|
@@ -1260,6 +1261,7 @@ int defaultCipher(struct sslCheckOptions
|
|
else
|
|
printf(" SSLv3 ");
|
|
}
|
|
+#endif
|
|
else if (sslMethod == TLSv1_client_method())
|
|
{
|
|
if (options->xmlOutput != 0)
|
|
@@ -1937,8 +1939,10 @@ int testHost(struct sslCheckOptions *opt
|
|
if (status != false)
|
|
status = defaultCipher(options, SSLv2_client_method());
|
|
#endif
|
|
+#ifndef OPENSSL_NO_SSL3
|
|
if (status != false)
|
|
status = defaultCipher(options, SSLv3_client_method());
|
|
+#endif
|
|
if (status != false)
|
|
status = defaultCipher(options, TLSv1_client_method());
|
|
|
|
@@ -1957,7 +1961,9 @@ int testHost(struct sslCheckOptions *opt
|
|
#endif
|
|
break;
|
|
case ssl_v3:
|
|
+#ifndef OPENSSL_NO_SSL3
|
|
status = defaultCipher(options, SSLv3_client_method());
|
|
+#endif
|
|
break;
|
|
case tls_v1:
|
|
status = defaultCipher(options, TLSv1_client_method());
|
|
@@ -2142,9 +2148,11 @@ int main(int argc, char *argv[])
|
|
options.sslVersion = ssl_v2;
|
|
#endif // #ifndef OPENSSL_NO_SSL2
|
|
|
|
+#ifndef OPENSSL_NO_SSL3
|
|
// SSL v3 only...
|
|
else if (strcmp("--ssl3", argv[argLoop]) == 0)
|
|
options.sslVersion = ssl_v3;
|
|
+#endif // #ifndef OPENSSL_NO_SSL3
|
|
|
|
// TLS v1 only...
|
|
else if (strcmp("--tls1", argv[argLoop]) == 0)
|
|
@@ -2249,7 +2257,9 @@ int main(int argc, char *argv[])
|
|
#ifndef OPENSSL_NO_SSL2
|
|
printf(" %s--ssl2%s Only check SSLv2 ciphers.\n", COL_GREEN, RESET);
|
|
#endif // #ifndef OPENSSL_NO_SSL2
|
|
+#ifndef OPENSSL_NO_SSL3
|
|
printf(" %s--ssl3%s Only check SSLv3 ciphers.\n", COL_GREEN, RESET);
|
|
+#endif // #ifndef OPENSSL_NO_SSL3
|
|
printf(" %s--tls1%s Only check TLSv1 ciphers.\n", COL_GREEN, RESET);
|
|
#if OPENSSL_VERSION_NUMBER >= 0x1000008fL || OPENSSL_VERSION_NUMBER >= 0x1000100fL
|
|
printf(" %s--tls11%s Only check TLSv11 ciphers.\n", COL_GREEN, RESET);
|
|
@@ -2299,7 +2309,10 @@ int main(int argc, char *argv[])
|
|
populateCipherList(&options, SSLv2_client_method());
|
|
#endif
|
|
|
|
+#ifndef OPENSSL_NO_SSL3
|
|
populateCipherList(&options, SSLv3_client_method());
|
|
+#endif
|
|
+
|
|
populateCipherList(&options, TLSv1_client_method());
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x1000008fL || OPENSSL_VERSION_NUMBER >= 0x1000100fL
|
|
@@ -2313,9 +2326,11 @@ int main(int argc, char *argv[])
|
|
populateCipherList(&options, SSLv2_client_method());
|
|
break;
|
|
#endif
|
|
+#ifndef OPENSSL_NO_SSL3
|
|
case ssl_v3:
|
|
populateCipherList(&options, SSLv3_client_method());
|
|
break;
|
|
+#endif
|
|
case tls_v1:
|
|
populateCipherList(&options, TLSv1_client_method());
|
|
break;
|