diff options
| author |   David Spencer | 2016-04-26 23:04:17 +0200 |
|---|---|---|
| committer |   Willy Sudiarto Raharjo | 2016-04-27 13:16:06 +0200 |
| commit | e6a2a7937c43e96cbf20f22880056a266b5d938e (patch) | |
| tree | 43090f6a56aeffa0c2c6dbe2dcfa6fb8ac527008 /network/sslscan/add-checks-for-ssl3.patch | |
| parent | 15c65d39f2c812bedb61aa0e16d6e22905ad7a27 (diff) | |
| download | slackbuilds-e6a2a7937c43e96cbf20f22880056a266b5d938e.tar.gz | |
network/sslscan: Updated for version 1.10.2.
There are multiple forks of the original upstream (now dead and
fails to build). Arch uses this fork, but Debian and Fedora use
github.com/rbsec which is more active but wants a fresh git clone
of openssl for every build, so anyone who prefers rbsec is welcome
to fix that.
Actually, just use network/ssllabs-scan instead of this.
Signed-off-by: David Spencer <baildon.research@googlemail.com>
Diffstat (limited to 'network/sslscan/add-checks-for-ssl3.patch')
| -rw-r--r-- | network/sslscan/add-checks-for-ssl3.patch | 133 |
1 files changed, 133 insertions, 0 deletions
diff --git a/network/sslscan/add-checks-for-ssl3.patch b/network/sslscan/add-checks-for-ssl3.patch new file mode 100644 index 0000000000..61cbc38557 --- /dev/null +++ b/network/sslscan/add-checks-for-ssl3.patch @@ -0,0 +1,133 @@ +diff -uprb sslscan-1.10.2.orig/sslscan.c sslscan-1.10.2/sslscan.c +--- sslscan-1.10.2.orig/sslscan.c 2014-02-14 16:59:08.000000000 +0200 ++++ sslscan-1.10.2/sslscan.c 2016-03-02 22:24:34.714187733 +0200 +@@ -1083,8 +1083,9 @@ int testCipher(struct sslCheckOptions *o + } + if (options->xmlOutput != 0) + fprintf(options->xmlOutput, " sslversion=\""); ++ if (0) {} + #ifndef OPENSSL_NO_SSL2 +- if (sslCipherPointer->sslMethod == SSLv2_client_method()) ++ else if (sslCipherPointer->sslMethod == SSLv2_client_method()) + { + if (options->xmlOutput != 0) + fprintf(options->xmlOutput, "SSLv2\" bits=\""); +@@ -1093,10 +1094,9 @@ int testCipher(struct sslCheckOptions *o + else + printf("SSLv2 "); + } +- else if (sslCipherPointer->sslMethod == SSLv3_client_method()) +-#else +- if (sslCipherPointer->sslMethod == SSLv3_client_method()) + #endif ++#ifndef OPENSSL_NO_SSL3 ++ else if (sslCipherPointer->sslMethod == SSLv3_client_method()) + { + if (options->xmlOutput != 0) + fprintf(options->xmlOutput, "SSLv3\" bits=\""); +@@ -1105,6 +1105,7 @@ int testCipher(struct sslCheckOptions *o + else + printf("SSLv3 "); + } ++#endif + else if (sslCipherPointer->sslMethod == TLSv1_client_method()) + { + if (options->xmlOutput != 0) +@@ -1238,8 +1239,9 @@ int defaultCipher(struct sslCheckOptions + cipherStatus = SSL_connect(ssl); + if (cipherStatus == 0 || cipherStatus == 1) + { ++ if (0) {} + #ifndef OPENSSL_NO_SSL2 +- if (sslMethod == SSLv2_client_method()) ++ else if (sslMethod == SSLv2_client_method()) + { + if (options->xmlOutput != 0) + fprintf(options->xmlOutput, " <defaultcipher sslversion=\"SSLv2\" bits=\""); +@@ -1248,10 +1250,9 @@ int defaultCipher(struct sslCheckOptions + else + printf(" SSLv2 "); + } +- else if (sslMethod == SSLv3_client_method()) +-#else +- if (sslMethod == SSLv3_client_method()) + #endif ++#ifndef OPENSSL_NO_SSL3 ++ else if (sslMethod == SSLv3_client_method()) + { + if (options->xmlOutput != 0) + fprintf(options->xmlOutput, " <defaultcipher sslversion=\"SSLv3\" bits=\""); +@@ -1260,6 +1261,7 @@ int defaultCipher(struct sslCheckOptions + else + printf(" SSLv3 "); + } ++#endif + else if (sslMethod == TLSv1_client_method()) + { + if (options->xmlOutput != 0) +@@ -1937,8 +1939,10 @@ int testHost(struct sslCheckOptions *opt + if (status != false) + status = defaultCipher(options, SSLv2_client_method()); + #endif ++#ifndef OPENSSL_NO_SSL3 + if (status != false) + status = defaultCipher(options, SSLv3_client_method()); ++#endif + if (status != false) + status = defaultCipher(options, TLSv1_client_method()); + +@@ -1957,7 +1961,9 @@ int testHost(struct sslCheckOptions *opt + #endif + break; + case ssl_v3: ++#ifndef OPENSSL_NO_SSL3 + status = defaultCipher(options, SSLv3_client_method()); ++#endif + break; + case tls_v1: + status = defaultCipher(options, TLSv1_client_method()); +@@ -2142,9 +2148,11 @@ int main(int argc, char *argv[]) + options.sslVersion = ssl_v2; + #endif // #ifndef OPENSSL_NO_SSL2 + ++#ifndef OPENSSL_NO_SSL3 + // SSL v3 only... + else if (strcmp("--ssl3", argv[argLoop]) == 0) + options.sslVersion = ssl_v3; ++#endif // #ifndef OPENSSL_NO_SSL3 + + // TLS v1 only... + else if (strcmp("--tls1", argv[argLoop]) == 0) +@@ -2249,7 +2257,9 @@ int main(int argc, char *argv[]) + #ifndef OPENSSL_NO_SSL2 + printf(" %s--ssl2%s Only check SSLv2 ciphers.\n", COL_GREEN, RESET); + #endif // #ifndef OPENSSL_NO_SSL2 ++#ifndef OPENSSL_NO_SSL3 + printf(" %s--ssl3%s Only check SSLv3 ciphers.\n", COL_GREEN, RESET); ++#endif // #ifndef OPENSSL_NO_SSL3 + printf(" %s--tls1%s Only check TLSv1 ciphers.\n", COL_GREEN, RESET); + #if OPENSSL_VERSION_NUMBER >= 0x1000008fL || OPENSSL_VERSION_NUMBER >= 0x1000100fL + printf(" %s--tls11%s Only check TLSv11 ciphers.\n", COL_GREEN, RESET); +@@ -2299,7 +2309,10 @@ int main(int argc, char *argv[]) + populateCipherList(&options, SSLv2_client_method()); + #endif + ++#ifndef OPENSSL_NO_SSL3 + populateCipherList(&options, SSLv3_client_method()); ++#endif ++ + populateCipherList(&options, TLSv1_client_method()); + + #if OPENSSL_VERSION_NUMBER >= 0x1000008fL || OPENSSL_VERSION_NUMBER >= 0x1000100fL +@@ -2313,9 +2326,11 @@ int main(int argc, char *argv[]) + populateCipherList(&options, SSLv2_client_method()); + break; + #endif ++#ifndef OPENSSL_NO_SSL3 + case ssl_v3: + populateCipherList(&options, SSLv3_client_method()); + break; ++#endif + case tls_v1: + populateCipherList(&options, TLSv1_client_method()); + break; |