void-packages/srcpkgs/sslscan/patches/libressl.patch

134 lines
4.2 KiB
Diff

LibreSSL patch by xtraeme:
- SSLv2_client_method() completely removed; SSLv2 is unsupported.
- SSL_METHOD has been const'ified.
--- sslscan.1.orig 2014-08-04 18:31:56.219747964 +0200
+++ sslscan.1 2014-08-04 18:32:12.762885840 +0200
@@ -34,10 +34,6 @@ ports (i.e. host:port). One target per l
List only accepted ciphers
(default is to listing all ciphers).
.TP
-.B \-\-ssl2
-.br
-Only check SSLv2 ciphers.
-.TP
.B \-\-ssl3
.br
Only check SSLv3 ciphers.
--- sslscan.c.orig 2009-09-01 14:35:59.000000000 +0200
+++ sslscan.c 2014-08-04 18:38:11.405056914 +0200
@@ -91,7 +91,7 @@ struct sslCipher
char *version;
int bits;
char description[512];
- SSL_METHOD *sslMethod;
+ const SSL_METHOD *sslMethod;
struct sslCipher *next;
};
@@ -125,7 +125,7 @@ struct sslCheckOptions
// Adds Ciphers to the Cipher List structure
-int populateCipherList(struct sslCheckOptions *options, SSL_METHOD *sslMethod)
+int populateCipherList(struct sslCheckOptions *options, const SSL_METHOD *sslMethod)
{
// Variables...
int returnCode = true;
@@ -563,16 +563,7 @@ int testCipher(struct sslCheckOptions *o
}
if (options->xmlOutput != 0)
fprintf(options->xmlOutput, " sslversion=\"");
- if (sslCipherPointer->sslMethod == SSLv2_client_method())
- {
- if (options->xmlOutput != 0)
- fprintf(options->xmlOutput, "SSLv2\" bits=\"");
- if (options->pout == true)
- printf("SSLv2 || ");
- else
- printf("SSLv2 ");
- }
- else if (sslCipherPointer->sslMethod == SSLv3_client_method())
+ if (sslCipherPointer->sslMethod == SSLv3_client_method())
{
if (options->xmlOutput != 0)
fprintf(options->xmlOutput, "SSLv3\" bits=\"");
@@ -645,7 +636,7 @@ int testCipher(struct sslCheckOptions *o
// Test for prefered ciphers
-int defaultCipher(struct sslCheckOptions *options, SSL_METHOD *sslMethod)
+int defaultCipher(struct sslCheckOptions *options, const SSL_METHOD *sslMethod)
{
// Variables...
int cipherStatus;
@@ -688,16 +679,7 @@ int defaultCipher(struct sslCheckOptions
cipherStatus = SSL_connect(ssl);
if (cipherStatus == 1)
{
- if (sslMethod == SSLv2_client_method())
- {
- if (options->xmlOutput != 0)
- fprintf(options->xmlOutput, " <defaultcipher sslversion=\"SSLv2\" bits=\"");
- if (options->pout == true)
- printf("|| SSLv2 || ");
- else
- printf(" SSLv2 ");
- }
- else if (sslMethod == SSLv3_client_method())
+ if (sslMethod == SSLv3_client_method())
{
if (options->xmlOutput != 0)
fprintf(options->xmlOutput, " <defaultcipher sslversion=\"SSLv3\" bits=\"");
@@ -793,7 +775,7 @@ int getCertificate(struct sslCheckOption
BIO *fileBIO = NULL;
X509 *x509Cert = NULL;
EVP_PKEY *publicKey = NULL;
- SSL_METHOD *sslMethod = NULL;
+ const SSL_METHOD *sslMethod = NULL;
ASN1_OBJECT *asn1Object = NULL;
X509_EXTENSION *extension = NULL;
char buffer[1024];
@@ -1192,15 +1174,10 @@ int testHost(struct sslCheckOptions *opt
switch (options->sslVersion)
{
case ssl_all:
- status = defaultCipher(options, SSLv2_client_method());
- if (status != false)
status = defaultCipher(options, SSLv3_client_method());
if (status != false)
status = defaultCipher(options, TLSv1_client_method());
break;
- case ssl_v2:
- status = defaultCipher(options, SSLv2_client_method());
- break;
case ssl_v3:
status = defaultCipher(options, SSLv3_client_method());
break;
@@ -1298,10 +1275,6 @@ int main(int argc, char *argv[])
options.starttls = true;
}
- // SSL v2 only...
- else if (strcmp("--ssl2", argv[argLoop]) == 0)
- options.sslVersion = ssl_v2;
-
// SSL v3 only...
else if (strcmp("--ssl3", argv[argLoop]) == 0)
options.sslVersion = ssl_v3;
@@ -1415,13 +1388,9 @@ int main(int argc, char *argv[])
switch (options.sslVersion)
{
case ssl_all:
- populateCipherList(&options, SSLv2_client_method());
populateCipherList(&options, SSLv3_client_method());
populateCipherList(&options, TLSv1_client_method());
break;
- case ssl_v2:
- populateCipherList(&options, SSLv2_client_method());
- break;
case ssl_v3:
populateCipherList(&options, SSLv3_client_method());
break;