update to sslscan-1.11.11
This commit is contained in:
parent
a18189fddd
commit
509b551836
@ -1,9 +1,8 @@
|
||||
# $OpenBSD: Makefile,v 1.14 2017/09/22 21:30:32 sthen Exp $
|
||||
# $OpenBSD: Makefile,v 1.15 2018/01/01 14:35:24 sthen Exp $
|
||||
|
||||
COMMENT= SSL port scanner
|
||||
|
||||
V= 1.11.8
|
||||
REVISION= 0
|
||||
V= 1.11.11
|
||||
GH_ACCOUNT= rbsec
|
||||
GH_PROJECT= sslscan
|
||||
GH_TAGNAME= $V-rbsec
|
||||
@ -37,14 +36,15 @@ SUBST_VARS= SUFFIX
|
||||
BUILD_DEPENDS= security/openssl:patch
|
||||
SUFFIX= -openssl
|
||||
FULLPKGNAME= sslscan-openssl-$V
|
||||
STATIC_BUILD= TRUE
|
||||
ALL_TARGET= openssl/libcrypto.a sslscan
|
||||
MAKE_FLAGS+= STATIC_BUILD=TRUE
|
||||
ALL_TARGET= static
|
||||
#openssl/libcrypto.a sslscan
|
||||
#MAKE_FLAGS+= STATIC_BUILD=TRUE
|
||||
CFLAGS+= -nostdinc -I${WRKSRC}/openssl/include -I/usr/include
|
||||
WANTLIB += z
|
||||
|
||||
post-extract:
|
||||
ln -s ${WRKDIR}/security/openssl/openssl-* ${WRKSRC}/openssl
|
||||
mkdir -p ${WRKSRC}/openssl/.git
|
||||
rm -f ${WRKSRC}/openssl/Makefile
|
||||
.else
|
||||
WANTLIB += crypto ssl
|
||||
|
@ -1,2 +1,2 @@
|
||||
SHA256 (sslscan-1.11.8.tar.gz) = FEn4u0XTI7MiywcKdNjcxXtDyi26BWDnoWFR78iz2RE=
|
||||
SIZE (sslscan-1.11.8.tar.gz) = 51583
|
||||
SHA256 (sslscan-1.11.11.tar.gz) = k/vhVwBz37KJilRnWYNupN9QVOOo9tLj2kaO3ayLF2Q=
|
||||
SIZE (sslscan-1.11.11.tar.gz) = 53432
|
||||
|
@ -1,42 +1,43 @@
|
||||
$OpenBSD: patch-Makefile,v 1.6 2017/01/27 11:01:14 sthen Exp $
|
||||
--- Makefile.orig Sun Nov 6 13:27:11 2016
|
||||
+++ Makefile Fri Jan 27 10:45:15 2017
|
||||
@@ -24,9 +24,6 @@ DEFINES = -DVERSION=\"$(GIT_VERSION)\"
|
||||
|
||||
$OpenBSD: patch-Makefile,v 1.7 2018/01/01 14:35:24 sthen Exp $
|
||||
Index: Makefile
|
||||
--- Makefile.orig
|
||||
+++ Makefile
|
||||
@@ -25,8 +25,10 @@ DEFINES = -DVERSION=\"$(GIT_VERSION)\"
|
||||
# for dynamic linking
|
||||
LIBS = -lssl -lcrypto
|
||||
-ifneq ($(OS), FreeBSD)
|
||||
- LIBS += -ldl
|
||||
-endif
|
||||
ifneq ($(OS), FreeBSD)
|
||||
+ifneq ($(OS), OpenBSD)
|
||||
LIBS += -ldl
|
||||
endif
|
||||
+endif
|
||||
ifeq ($(OS), SunOS)
|
||||
CFLAGS += -m64
|
||||
LIBS += -lsocket -lnsl
|
||||
@@ -35,14 +37,16 @@ endif
|
||||
# Enable checks for buffer overflows, add stack protectors, generate position
|
||||
# independent code, mark the relocation table read-only, and mark the global
|
||||
# offset table read-only.
|
||||
-CFLAGS += -D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE
|
||||
+CFLAGS += -D_FORTIFY_SOURCE=2 -fstack-protector-all
|
||||
|
||||
# Don't enable some hardening flags on OS X because it uses an old version of Clang
|
||||
ifneq ($(OS), Darwin)
|
||||
ifneq ($(OS), SunOS)
|
||||
+ifneq ($(OS), OpenBSD)
|
||||
LDFLAGS += -pie -z relro -z now
|
||||
endif
|
||||
endif
|
||||
+endif
|
||||
|
||||
# for static linking
|
||||
ifeq ($(STATIC_BUILD), TRUE)
|
||||
@@ -34,9 +31,6 @@ PWD = $(shell pwd)/openssl
|
||||
LDFLAGS += -L${PWD}/
|
||||
@@ -51,7 +55,9 @@ LDFLAGS += -L${PWD}/
|
||||
CFLAGS += -I${PWD}/include/ -I${PWD}/
|
||||
LIBS = -lssl -lcrypto -lz
|
||||
-ifneq ($(OS), FreeBSD)
|
||||
- LIBS += -ldl
|
||||
-endif
|
||||
GIT_VERSION := $(GIT_VERSION)-static
|
||||
else
|
||||
# for dynamic linking
|
||||
@@ -82,16 +76,12 @@ uninstall:
|
||||
.openssl.is.fresh: opensslpull
|
||||
true
|
||||
opensslpull:
|
||||
- if [ -d openssl -a -d openssl/.git ]; then \
|
||||
- cd ./openssl && git checkout OpenSSL_1_0_2-stable && git pull | grep -q "Already up-to-date." && [ -e ../.openssl.is.fresh ] || touch ../.openssl.is.fresh ; \
|
||||
- else \
|
||||
- git clone --depth 1 -b OpenSSL_1_0_2-stable https://github.com/openssl/openssl ./openssl && cd ./openssl && touch ../.openssl.is.fresh ; \
|
||||
- fi
|
||||
+ touch .openssl.is.fresh
|
||||
# Re-enable SSLv2 EXPORT ciphers
|
||||
sed -i.bak 's/# if 0/# if 1/g' openssl/ssl/s2_lib.c
|
||||
rm openssl/ssl/s2_lib.c.bak
|
||||
# Re-enable weak (<1024 bit) DH keys
|
||||
- sed -i.bak 's/dh_size < [0-9]\+/dh_size < 512/g' openssl/ssl/s3_clnt.c
|
||||
+ sed -i.bak -E 's/dh_size < [0-9]\+/dh_size < 512/g' openssl/ssl/s3_clnt.c
|
||||
rm openssl/ssl/s3_clnt.c.bak
|
||||
# Break the weak DH key test so OpenSSL compiles
|
||||
sed -i.bak 's/dhe512/zzz/g' openssl/test/testssl
|
||||
ifneq ($(OS), FreeBSD)
|
||||
+ifneq ($(OS), OpenBSD)
|
||||
LIBS += -ldl
|
||||
+endif
|
||||
endif
|
||||
ifeq ($(OS), SunOS)
|
||||
LIBS += -lsocket -lnsl
|
||||
|
@ -1,23 +1,35 @@
|
||||
$OpenBSD: patch-sslscan_c,v 1.7 2017/01/27 11:01:14 sthen Exp $
|
||||
$OpenBSD: patch-sslscan_c,v 1.8 2018/01/01 14:35:24 sthen Exp $
|
||||
|
||||
use the accessor function; this struct member was made internal-only in libressl
|
||||
|
||||
--- sslscan.c.orig Fri Jan 27 10:55:06 2017
|
||||
+++ sslscan.c Fri Jan 27 10:56:26 2017
|
||||
@@ -1155,14 +1155,14 @@ int testRenegotiation(struct sslCheckOptions *options,
|
||||
printf_verbose("Attempting SSL_do_handshake(ssl)\n");
|
||||
SSL_do_handshake(ssl); // Send renegotiation request to server //TODO :: XXX hanging here
|
||||
Index: sslscan.c
|
||||
--- sslscan.c.orig
|
||||
+++ sslscan.c
|
||||
@@ -90,9 +90,7 @@
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/ocsp.h>
|
||||
-#ifdef __linux__
|
||||
- #include <arpa/inet.h>
|
||||
-#endif
|
||||
+#include <arpa/inet.h>
|
||||
#ifndef OPENSSL_NO_COMP
|
||||
#include <openssl/comp.h>
|
||||
#endif
|
||||
@@ -488,18 +486,10 @@ int tcpConnect(struct sslCheckOptions *options)
|
||||
if (!readOrLogAndClose(socketDescriptor, buffer, BUFFERSIZE, options))
|
||||
return 0;
|
||||
|
||||
- if (ssl->state == SSL_ST_OK)
|
||||
+ if (SSL_get_state(ssl) == SSL_ST_OK)
|
||||
{
|
||||
res = SSL_do_handshake(ssl); // Send renegotiation request to server
|
||||
if( res != 1 )
|
||||
{
|
||||
printf_error("\n\nSSL_do_handshake() call failed\n");
|
||||
}
|
||||
- if (ssl->state == SSL_ST_OK)
|
||||
+ if (SSL_get_state(ssl) == SSL_ST_OK)
|
||||
{
|
||||
/* our renegotiation is complete */
|
||||
renOut->supported = true;
|
||||
-#ifdef __USE_GNU
|
||||
if (memmem(buffer, BUFFERSIZE, ok, sizeof(ok))) {
|
||||
-#else
|
||||
- if (strnstr(buffer, ok, BUFFERSIZE)) {
|
||||
-#endif
|
||||
printf_verbose("STARTLS LDAP setup complete.\n");
|
||||
}
|
||||
-#ifdef __USE_GNU
|
||||
else if (memmem(buffer, BUFFERSIZE, unsupported, sizeof(unsupported))) {
|
||||
-#else
|
||||
- else if (strnstr(buffer, unsupported, BUFFERSIZE)) {
|
||||
-#endif
|
||||
printf_error("%sSTARTLS LDAP connection to %s:%d failed with '%s'.%s\n",
|
||||
COL_RED, options->host, options->port, unsupported, RESET);
|
||||
return 0;
|
||||
|
Loading…
Reference in New Issue
Block a user