133 lines
4.2 KiB
Diff
133 lines
4.2 KiB
Diff
LibreSSL patch by xtraeme:
|
|
|
|
- SSLv2_client_method() completely removed; SSLv2 is unsupported.
|
|
- SSL_METHOD has been const'ified.
|
|
|
|
--- sslscan.1.orig 2014-08-04 18:31:56.219747964 +0200
|
|
+++ sslscan.1 2014-08-04 18:32:12.762885840 +0200
|
|
@@ -34,10 +34,6 @@ ports (i.e. host:port). One target per l
|
|
List only accepted ciphers
|
|
(default is to listing all ciphers).
|
|
.TP
|
|
-.B \-\-ssl2
|
|
-.br
|
|
-Only check SSLv2 ciphers.
|
|
-.TP
|
|
.B \-\-ssl3
|
|
.br
|
|
Only check SSLv3 ciphers.
|
|
--- sslscan.c.orig 2009-09-01 14:35:59.000000000 +0200
|
|
+++ sslscan.c 2014-08-04 18:38:11.405056914 +0200
|
|
@@ -91,7 +91,7 @@ struct sslCipher
|
|
char *version;
|
|
int bits;
|
|
char description[512];
|
|
- SSL_METHOD *sslMethod;
|
|
+ const SSL_METHOD *sslMethod;
|
|
struct sslCipher *next;
|
|
};
|
|
|
|
@@ -125,7 +125,7 @@ struct sslCheckOptions
|
|
|
|
|
|
// Adds Ciphers to the Cipher List structure
|
|
-int populateCipherList(struct sslCheckOptions *options, SSL_METHOD *sslMethod)
|
|
+int populateCipherList(struct sslCheckOptions *options, const SSL_METHOD *sslMethod)
|
|
{
|
|
// Variables...
|
|
int returnCode = true;
|
|
@@ -563,16 +563,7 @@ int testCipher(struct sslCheckOptions *o
|
|
}
|
|
if (options->xmlOutput != 0)
|
|
fprintf(options->xmlOutput, " sslversion=\"");
|
|
- if (sslCipherPointer->sslMethod == SSLv2_client_method())
|
|
- {
|
|
- if (options->xmlOutput != 0)
|
|
- fprintf(options->xmlOutput, "SSLv2\" bits=\"");
|
|
- if (options->pout == true)
|
|
- printf("SSLv2 || ");
|
|
- else
|
|
- printf("SSLv2 ");
|
|
- }
|
|
- else if (sslCipherPointer->sslMethod == SSLv3_client_method())
|
|
+ if (sslCipherPointer->sslMethod == SSLv3_client_method())
|
|
{
|
|
if (options->xmlOutput != 0)
|
|
fprintf(options->xmlOutput, "SSLv3\" bits=\"");
|
|
@@ -645,7 +636,7 @@ int testCipher(struct sslCheckOptions *o
|
|
|
|
|
|
// Test for prefered ciphers
|
|
-int defaultCipher(struct sslCheckOptions *options, SSL_METHOD *sslMethod)
|
|
+int defaultCipher(struct sslCheckOptions *options, const SSL_METHOD *sslMethod)
|
|
{
|
|
// Variables...
|
|
int cipherStatus;
|
|
@@ -688,16 +679,7 @@ int defaultCipher(struct sslCheckOptions
|
|
cipherStatus = SSL_connect(ssl);
|
|
if (cipherStatus == 1)
|
|
{
|
|
- if (sslMethod == SSLv2_client_method())
|
|
- {
|
|
- if (options->xmlOutput != 0)
|
|
- fprintf(options->xmlOutput, " <defaultcipher sslversion=\"SSLv2\" bits=\"");
|
|
- if (options->pout == true)
|
|
- printf("|| SSLv2 || ");
|
|
- else
|
|
- printf(" SSLv2 ");
|
|
- }
|
|
- else if (sslMethod == SSLv3_client_method())
|
|
+ if (sslMethod == SSLv3_client_method())
|
|
{
|
|
if (options->xmlOutput != 0)
|
|
fprintf(options->xmlOutput, " <defaultcipher sslversion=\"SSLv3\" bits=\"");
|
|
@@ -793,7 +775,7 @@ int getCertificate(struct sslCheckOption
|
|
BIO *fileBIO = NULL;
|
|
X509 *x509Cert = NULL;
|
|
EVP_PKEY *publicKey = NULL;
|
|
- SSL_METHOD *sslMethod = NULL;
|
|
+ const SSL_METHOD *sslMethod = NULL;
|
|
ASN1_OBJECT *asn1Object = NULL;
|
|
X509_EXTENSION *extension = NULL;
|
|
char buffer[1024];
|
|
@@ -1192,15 +1174,10 @@ int testHost(struct sslCheckOptions *opt
|
|
switch (options->sslVersion)
|
|
{
|
|
case ssl_all:
|
|
- status = defaultCipher(options, SSLv2_client_method());
|
|
- if (status != false)
|
|
status = defaultCipher(options, SSLv3_client_method());
|
|
if (status != false)
|
|
status = defaultCipher(options, TLSv1_client_method());
|
|
break;
|
|
- case ssl_v2:
|
|
- status = defaultCipher(options, SSLv2_client_method());
|
|
- break;
|
|
case ssl_v3:
|
|
status = defaultCipher(options, SSLv3_client_method());
|
|
break;
|
|
@@ -1298,10 +1275,6 @@ int main(int argc, char *argv[])
|
|
options.starttls = true;
|
|
}
|
|
|
|
- // SSL v2 only...
|
|
- else if (strcmp("--ssl2", argv[argLoop]) == 0)
|
|
- options.sslVersion = ssl_v2;
|
|
-
|
|
// SSL v3 only...
|
|
else if (strcmp("--ssl3", argv[argLoop]) == 0)
|
|
options.sslVersion = ssl_v3;
|
|
@@ -1415,13 +1388,9 @@ int main(int argc, char *argv[])
|
|
switch (options.sslVersion)
|
|
{
|
|
case ssl_all:
|
|
- populateCipherList(&options, SSLv2_client_method());
|
|
populateCipherList(&options, SSLv3_client_method());
|
|
populateCipherList(&options, TLSv1_client_method());
|
|
break;
|
|
- case ssl_v2:
|
|
- populateCipherList(&options, SSLv2_client_method());
|
|
- break;
|
|
case ssl_v3:
|
|
populateCipherList(&options, SSLv3_client_method());
|
|
break;
|