let this work if sslv2 is disabled, from Brad

2012-06-26 10:12:21 +00:00 · 2012-06-26 10:12:21 +00:00 · 7ce355632a
commit 7ce355632a
parent c4ca0038b2
3 changed files with 107 additions and 4 deletions
--- a/security/sslscan/Makefile
+++ b/security/sslscan/Makefile
@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.1.1.1 2011/06/21 21:05:48 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.2 2012/06/26 10:12:21 jasper Exp $

 COMMENT=	SSL port scanner

 DISTNAME=	sslscan-1.8.2
+REVISION=	0
 EXTRACT_SUFX=	.tgz

 CATEGORIES=	security net
--- a/security/sslscan/patches/patch-sslscan_1
+++ b/security/sslscan/patches/patch-sslscan_1
@ -0,0 +1,14 @@
+$OpenBSD: patch-sslscan_1,v 1.1 2012/06/26 10:12:21 jasper Exp $
+--- sslscan.1.orig	Fri Jun 22 20:14:29 2012
+++ sslscan.1	Fri Jun 22 20:14:41 2012
+@@ -34,10 +34,6 @@ ports (i.e. host:port). One target per line.
+ List only accepted ciphers
+ (default is to listing all ciphers).
+ .TP
+-.B \-\-ssl2
+-.br
+-Only check SSLv2 ciphers.
+-.TP
+ .B \-\-ssl3
+ .br
+ Only check SSLv3 ciphers.
--- a/security/sslscan/patches/patch-sslscan_c
+++ b/security/sslscan/patches/patch-sslscan_c
@ -1,6 +1,6 @@
-$OpenBSD: patch-sslscan_c,v 1.1.1.1 2011/06/21 21:05:48 ajacoutot Exp $
--- sslscan.c.orig	Tue Sep  1 14:35:59 2009
-+++ sslscan.c	Tue Jun 21 23:03:21 2011
+$OpenBSD: patch-sslscan_c,v 1.2 2012/06/26 10:12:21 jasper Exp $
+--- sslscan.c.orig	Tue Sep  1 08:35:59 2009
+++ sslscan.c	Fri Jun 22 20:14:18 2012
@@ -41,6 +41,7 @@
 #include <openssl/pkcs12.h>
 #include <openssl/x509.h>
@ -18,3 +18,91 @@ $OpenBSD: patch-sslscan_c,v 1.1.1.1 2011/06/21 21:05:48 ajacoutot Exp $
 const char *RESET = "[0m";			// DEFAULT
 const char *COL_RED = "[31m";		// RED
 const char *COL_BLUE = "[34m";		// BLUE
+@@ -563,6 +564,7 @@ int testCipher(struct sslCheckOptions *options, struct
+ 					}
+ 					if (options->xmlOutput != 0)
+ 						fprintf(options->xmlOutput, " sslversion=\"");
+#ifndef OPENSSL_NO_SSL2
+ 					if (sslCipherPointer->sslMethod == SSLv2_client_method())
+ 					{
+ 						if (options->xmlOutput != 0)
+@@ -572,7 +574,9 @@ int testCipher(struct sslCheckOptions *options, struct
+ 						else
+ 							printf("SSLv2  ");
+ 					}
+-					else if (sslCipherPointer->sslMethod == SSLv3_client_method())
+					else
+#endif
+					if (sslCipherPointer->sslMethod == SSLv3_client_method())
+ 					{
+ 						if (options->xmlOutput != 0)
+ 							fprintf(options->xmlOutput, "SSLv3\" bits=\"");
+@@ -688,6 +692,7 @@ int defaultCipher(struct sslCheckOptions *options, SSL
+ 						cipherStatus = SSL_connect(ssl);
+ 						if (cipherStatus == 1)
+ 						{
+#ifndef OPENSSL_NO_SSL2
+ 							if (sslMethod == SSLv2_client_method())
+ 							{
+ 								if (options->xmlOutput != 0)
+@@ -697,7 +702,9 @@ int defaultCipher(struct sslCheckOptions *options, SSL
+ 								else
+ 									printf("    SSLv2  ");
+ 							}
+-							else if (sslMethod == SSLv3_client_method())
+							else
+#endif
+							if (sslMethod == SSLv3_client_method())
+ 							{
+ 								if (options->xmlOutput != 0)
+ 									fprintf(options->xmlOutput, "  <defaultcipher sslversion=\"SSLv3\" bits=\"");
+@@ -1192,15 +1199,19 @@ int testHost(struct sslCheckOptions *options)
+ 		switch (options->sslVersion)
+ 		{
+ 			case ssl_all:
+#ifndef OPENSSL_NO_SSL2
+ 				status = defaultCipher(options, SSLv2_client_method());
+ 				if (status != false)
+#endif
+ 					status = defaultCipher(options, SSLv3_client_method());
+ 				if (status != false)
+ 					status = defaultCipher(options, TLSv1_client_method());
+ 				break;
+#ifndef OPENSSL_NO_SSL2
+ 			case ssl_v2:
+ 				status = defaultCipher(options, SSLv2_client_method());
+ 				break;
+#endif
+ 			case ssl_v3:
+ 				status = defaultCipher(options, SSLv3_client_method());
+ 				break;
+@@ -1298,9 +1309,11 @@ int main(int argc, char *argv[])
+ 			options.starttls = true;
+ 		}
+ 
+#ifndef OPENSSL_NO_SSL2
+ 		// SSL v2 only...
+ 		else if (strcmp("--ssl2", argv[argLoop]) == 0)
+ 			options.sslVersion = ssl_v2;
+#endif
+ 
+ 		// SSL v3 only...
+ 		else if (strcmp("--ssl3", argv[argLoop]) == 0)
+@@ -1415,13 +1428,17 @@ int main(int argc, char *argv[])
+ 			switch (options.sslVersion)
+ 			{
+ 				case ssl_all:
+#ifndef OPENSSL_NO_SSL2
+ 					populateCipherList(&options, SSLv2_client_method());
+#endif
+ 					populateCipherList(&options, SSLv3_client_method());
+ 					populateCipherList(&options, TLSv1_client_method());
+ 					break;
+#ifndef OPENSSL_NO_SSL2
+ 				case ssl_v2:
+ 					populateCipherList(&options, SSLv2_client_method());
+ 					break;
+#endif
+ 				case ssl_v3:
+ 					populateCipherList(&options, SSLv3_client_method());
+ 					break;