rpm/sslscan
SHA256
1
0
Fork 0
forked from pool/sslscan
Code Pull Requests Activity

osc copypac from project:home:draht package:sslscan revision:1

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/security/sslscan?expand=0&rev=1
This commit is contained in:
Lars Vogdt 2014-04-27 17:31:55 +00:00 committed by Git OBS Bridge
commit e423dc0c52
10 changed files with 417 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

21
01-Makefile-binutils-gold.diff Normal file
View File

@ -0,0 +1,21 @@
# 01-Makefile-binutils-gold.diff
# Author: Marvin Stark <marv@der-marv.de>
# DP: Let sslscan build with binutils-gold
Index: sslscan/Makefile
===================================================================
--- sslscan.orig/Makefile 2009-12-08 21:48:23.000000000 +0100
+++ sslscan/Makefile 2009-12-08 21:56:33.000000000 +0100
@@ -3,11 +3,11 @@
MANPATH = /usr/share/man/
all:
- gcc -g -Wall -lssl -o sslscan $(SRCS) $(LDFLAGS) $(CFLAGS)
+ gcc -g -Wall -o sslscan $(SRCS) $(LDFLAGS) $(CFLAGS) -lssl -lcrypto
install:
cp sslscan $(BINPATH)
- cp sslscan.1 $(MANPATH)man1
+ cp sslscan.1 $(MANPATH)/man1/
uninstall:
rm -f $(BINPATH)sslscan

34
02-sslscan-spelling-mistake.diff Normal file
View File

@ -0,0 +1,34 @@
# 02-sslscan-spelling-mistake.diff
# Author: Marvin Stark <marv@der-marv.de>
# DP: Fix spelling errors
Index: sslscan/sslscan.c
===================================================================
--- sslscan.orig/sslscan.c 2010-01-25 19:26:03.000000000 +0100
+++ sslscan/sslscan.c 2010-01-25 19:26:27.000000000 +0100
@@ -644,7 +644,7 @@
}
-// Test for prefered ciphers
+// Test for preferred ciphers
int defaultCipher(struct sslCheckOptions *options, SSL_METHOD *sslMethod)
{
// Variables...
@@ -1185,7 +1185,7 @@
if (status == true)
{
- // Test prefered ciphers...
+ // Test preferred ciphers...
printf("\n %sPrefered Server Cipher(s):%s\n", COL_BLUE, RESET);
if (options->pout == true)
printf("|| Version || Bits || Cipher ||\n");
@@ -1367,7 +1367,7 @@
printf("%s%s%s\n", COL_BLUE, program_banner, RESET);
printf("SSLScan is a fast SSL port scanner. SSLScan connects to SSL\n");
printf("ports and determines what ciphers are supported, which are\n");
- printf("the servers prefered ciphers, which SSL protocols are\n");
+ printf("the servers preferred ciphers, which SSL protocols are\n");
printf("supported and returns the SSL certificate. Client\n");
printf("certificates / private key can be configured and output is\n");
printf("to text / XML.\n\n");

80
03-sslv2.diff Normal file
View File

@ -0,0 +1,80 @@
# Description: Fix build in case of disabled SSLv2. This is needed for build with OpenSSL 1.0.0.
# Author: Ilya Barygin <barygin@gmail.com>
--- sslscan.orig/sslscan.c
+++ sslscan/sslscan.c
@@ -563,6 +563,7 @@
}
if (options->xmlOutput != 0)
fprintf(options->xmlOutput, " sslversion=\"");
+#ifndef OPENSSL_NO_SSL2
if (sslCipherPointer->sslMethod == SSLv2_client_method())
{
if (options->xmlOutput != 0)
@@ -572,7 +573,9 @@
else
printf("SSLv2 ");
}
- else if (sslCipherPointer->sslMethod == SSLv3_client_method())
+ else
+#endif
+ if (sslCipherPointer->sslMethod == SSLv3_client_method())
{
if (options->xmlOutput != 0)
fprintf(options->xmlOutput, "SSLv3\" bits=\"");
@@ -688,6 +691,7 @@
cipherStatus = SSL_connect(ssl);
if (cipherStatus == 1)
{
+#ifndef OPENSSL_NO_SSL2
if (sslMethod == SSLv2_client_method())
{
if (options->xmlOutput != 0)
@@ -697,7 +701,9 @@
else
printf(" SSLv2 ");
}
- else if (sslMethod == SSLv3_client_method())
+ else
+#endif
+ if (sslMethod == SSLv3_client_method())
{
if (options->xmlOutput != 0)
fprintf(options->xmlOutput, " <defaultcipher sslversion=\"SSLv3\" bits=\"");
@@ -1192,15 +1198,19 @@
switch (options->sslVersion)
{
case ssl_all:
+#ifndef OPENSSL_NO_SSL2
status = defaultCipher(options, SSLv2_client_method());
if (status != false)
+#endif
status = defaultCipher(options, SSLv3_client_method());
if (status != false)
status = defaultCipher(options, TLSv1_client_method());
break;
+#ifndef OPENSSL_NO_SSL2
case ssl_v2:
status = defaultCipher(options, SSLv2_client_method());
break;
+#endif
case ssl_v3:
status = defaultCipher(options, SSLv3_client_method());
break;
@@ -1415,13 +1425,17 @@
switch (options.sslVersion)
{
case ssl_all:
+#ifndef OPENSSL_NO_SSL2
populateCipherList(&options, SSLv2_client_method());
+#endif
populateCipherList(&options, SSLv3_client_method());
populateCipherList(&options, TLSv1_client_method());
break;
+#ifndef OPENSSL_NO_SSL2
case ssl_v2:
populateCipherList(&options, SSLv2_client_method());
break;
+#endif
case ssl_v3:
populateCipherList(&options, SSLv3_client_method());
break;

20
fedora-sslscan-patents.patch Normal file
View File

@ -0,0 +1,20 @@
diff -ru sslscan-1.8.2/sslscan.c sslscan-1.8.2.fc12/sslscan.c
--- sslscan-1.8.2/sslscan.c 2009-09-01 14:35:59.000000000 +0200
+++ sslscan-1.8.2.fc12/sslscan.c 2010-01-29 01:59:02.000000000 +0100
@@ -985,6 +985,8 @@
fprintf(options->xmlOutput, " </pk>\n");
}
break;
+ /* Comment out patented technology not enabled in Fedora */
+ /*
case EVP_PKEY_EC:
printf(" EC Public Key:\n");
if (options->xmlOutput != 0)
@@ -996,6 +998,7 @@
fprintf(options->xmlOutput, " </pk>\n");
}
break;
+ */
default:
printf(" Public Key: Unknown\n");
if (options->xmlOutput != 0)

3
sslscan-1.8.2.tgz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3b728804456042d96d5c8ccd42326f8e5719d091986793bb7b852a36b50d2b3e
size 22176

16
sslscan.changes Normal file
View File

@ -0,0 +1,16 @@
-------------------------------------------------------------------
Tue Sep 11 14:16:02 UTC 2012 - frank.lichtenheld@sophos.com
- add TLSv1.1 and TLSv1.2 support for OpenSSL >= 1.0.1
-------------------------------------------------------------------
Fri Aug 10 21:09:50 UTC 2012 - frank.lichtenheld@sophos.com
- import patch from fedora to allow building on fedora
-------------------------------------------------------------------
Thu Aug 9 20:01:09 UTC 2012 - frank.lichtenheld@sophos.com
- initial packaging
* patches taken from Debian packaging

73
sslscan.spec Normal file
View File

@ -0,0 +1,73 @@
#
# spec file for package sslscan
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: sslscan
Version: 1.8.2
Release: 0
License: SUSE-GPL-3.0+-with-openssl-exception
Summary: SSL cipher scanning tool
Url: https://www.titania-security.com/labs/sslscan
Group: Productivity/Networking/Diagnostic
Source: %{name}-%{version}.tgz
#Patches copied from Debian package
Patch1: 01-Makefile-binutils-gold.diff
Patch2: 02-sslscan-spelling-mistake.diff
Patch3: 03-sslv2.diff
Patch4: fedora-sslscan-patents.patch
Patch5: tlsv1_2-support.diff
BuildRequires: openssl-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
SSLScan determines what ciphers are supported on SSL-based services,
such as HTTPS. Furthermore, SSLScan will determine the preferred
ciphers of the SSL service.
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%if %{defined fedora}
%patch4 -p1
%endif
# requires openssl 1.0.1
%if 0%{?suse_version} > 1220
%patch5 -p1
%endif
%build
make CFLAGS="%{optflags}"
%install
install -d "%{buildroot}%{_bindir}"
install -d "%{buildroot}%{_mandir}/man1"
make install BINPATH="%{buildroot}%{_bindir}" MANPATH="%{buildroot}%{_mandir}"
%clean
%{?buildroot:%__rm -rf "%{buildroot}"}
%files
%defattr(-,root,root)
%doc Changelog
%{_bindir}/sslscan
%{_mandir}/man1/sslscan.1.gz
%changelog

146
tlsv1_2-support.diff Normal file
View File

@ -0,0 +1,146 @@
Index: sslscan-1.8.2/sslscan.c
===================================================================
--- sslscan-1.8.2.orig/sslscan.c
+++ sslscan-1.8.2/sslscan.c
@@ -57,6 +57,8 @@
#define ssl_v2 1
#define ssl_v3 2
#define tls_v1 3
+#define tls_v1_1 4
+#define tls_v1_2 5
// Colour Console Output...
#if !defined(__WIN32__)
@@ -584,7 +586,7 @@ int testCipher(struct sslCheckOptions *o
else
printf("SSLv3 ");
}
- else
+ else if (sslCipherPointer->sslMethod == TLSv1_client_method())
{
if (options->xmlOutput != 0)
fprintf(options->xmlOutput, "TLSv1\" bits=\"");
@@ -593,6 +595,28 @@ int testCipher(struct sslCheckOptions *o
else
printf("TLSv1 ");
}
+ else if (sslCipherPointer->sslMethod == TLSv1_1_client_method())
+ {
+ if (options->xmlOutput != 0)
+ fprintf(options->xmlOutput, "TLSv1.1\" bits=\"");
+ if (options->pout == true)
+ printf("TLSv1.1 || ");
+ else
+ printf("TLSv1.1 ");
+ }
+ else if (sslCipherPointer->sslMethod == TLSv1_2_client_method())
+ {
+ if (options->xmlOutput != 0)
+ fprintf(options->xmlOutput, "TLSv1.2\" bits=\"");
+ if (options->pout == true)
+ printf("TLSv1.2 || ");
+ else
+ printf("TLSv1.2 ");
+ }
+ else
+ {
+ printf("%sERROR: Could not determine protocol.%s\n", COL_RED, RESET);
+ }
if (sslCipherPointer->bits < 10)
tempInt = 2;
else if (sslCipherPointer->bits < 100)
@@ -712,7 +736,7 @@ int defaultCipher(struct sslCheckOptions
else
printf(" SSLv3 ");
}
- else
+ else if (sslMethod == TLSv1_client_method())
{
if (options->xmlOutput != 0)
fprintf(options->xmlOutput, " <defaultcipher sslversion=\"TLSv1\" bits=\"");
@@ -721,6 +745,28 @@ int defaultCipher(struct sslCheckOptions
else
printf(" TLSv1 ");
}
+ else if (sslMethod == TLSv1_1_client_method())
+ {
+ if (options->xmlOutput != 0)
+ fprintf(options->xmlOutput, " <defaultcipher sslversion=\"TLSv1\" bits=\"");
+ if (options->pout == true)
+ printf("|| TLSv1.1 || ");
+ else
+ printf(" TLSv1.1 ");
+ }
+ else if (sslMethod == TLSv1_2_client_method())
+ {
+ if (options->xmlOutput != 0)
+ fprintf(options->xmlOutput, " <defaultcipher sslversion=\"TLSv1\" bits=\"");
+ if (options->pout == true)
+ printf("|| TLSv1.2 || ");
+ else
+ printf(" TLSv1.2 ");
+ }
+ else
+ {
+ printf("%sERROR: Could not determine protocol.%s\n", COL_RED, RESET);
+ }
if (SSL_get_cipher_bits(ssl, &tempInt2) < 10)
tempInt = 2;
else if (SSL_get_cipher_bits(ssl, &tempInt2) < 100)
@@ -1205,6 +1251,10 @@ int testHost(struct sslCheckOptions *opt
status = defaultCipher(options, SSLv3_client_method());
if (status != false)
status = defaultCipher(options, TLSv1_client_method());
+ if (status != false)
+ status = defaultCipher(options, TLSv1_1_client_method());
+ if (status != false)
+ status = defaultCipher(options, TLSv1_2_client_method());
break;
#ifndef OPENSSL_NO_SSL2
case ssl_v2:
@@ -1217,6 +1267,12 @@ int testHost(struct sslCheckOptions *opt
case tls_v1:
status = defaultCipher(options, TLSv1_client_method());
break;
+ case tls_v1_1:
+ status = defaultCipher(options, TLSv1_1_client_method());
+ break;
+ case tls_v1_2:
+ status = defaultCipher(options, TLSv1_2_client_method());
+ break;
}
}
@@ -1320,6 +1376,14 @@ int main(int argc, char *argv[])
else if (strcmp("--tls1", argv[argLoop]) == 0)
options.sslVersion = tls_v1;
+ // TLS v1.1 only...
+ else if (strcmp("--tls1_1", argv[argLoop]) == 0)
+ options.sslVersion = tls_v1_1;
+
+ // TLS v1 only...
+ else if (strcmp("--tls1_2", argv[argLoop]) == 0)
+ options.sslVersion = tls_v1_2;
+
// SSL Bugs...
else if (strcmp("--bugs", argv[argLoop]) == 0)
options.sslbugs = 1;
@@ -1392,6 +1456,8 @@ int main(int argc, char *argv[])
printf(" %s--ssl2%s Only check SSLv2 ciphers.\n", COL_GREEN, RESET);
printf(" %s--ssl3%s Only check SSLv3 ciphers.\n", COL_GREEN, RESET);
printf(" %s--tls1%s Only check TLSv1 ciphers.\n", COL_GREEN, RESET);
+ printf(" %s--tls1_1%s Only check TLSv1.1 ciphers.\n", COL_GREEN, RESET);
+ printf(" %s--tls1_2%s Only check TLSv1.2 ciphers.\n", COL_GREEN, RESET);
printf(" %s--pk=<file>%s A file containing the private key or\n", COL_GREEN, RESET);
printf(" a PKCS#12 file containing a private\n");
printf(" key/certificate pair (as produced by\n");
@@ -1430,6 +1496,8 @@ int main(int argc, char *argv[])
#endif
populateCipherList(&options, SSLv3_client_method());
populateCipherList(&options, TLSv1_client_method());
+ populateCipherList(&options, TLSv1_1_client_method());
+ populateCipherList(&options, TLSv1_2_client_method());
break;
#ifndef OPENSSL_NO_SSL2
case ssl_v2: