1 month ago · 33e84e4762
--- a/Makefile
+++ b/Makefile
@@ -5,11 +5,7 @@ OPENSSL_NAME = openssl-$(OPENSSL_VERSION)
 OPENSSL_DIR = build/$(OPENSSL_NAME)
 RUBY_MAJOR_VERSION = 2.3
 RUBY_VERSION = $(RUBY_MAJOR_VERSION).8
 RUBY_NAME = ruby-$(RUBY_VERSION)
 RUBY_DIR = build/$(RUBY_NAME)
 RUBY_OPENSSL_EXT_DIR = $(RUBY_DIR)/ext/openssl
 RBENV_DIR = $(RBENV_ROOT)/versions/$(RUBY_VERSION)-cryptcheck
 RUBY_LIB_DIR = $(RBENV_DIR)/lib/ruby/$(RUBY_MAJOR_VERSION).0
 RBENV_ROOT ?= ~/.rbenv
 export LIBRARY_PATH ?= $(PWD)/lib
 export C_INCLUDE_PATH ?= $(PWD)/build/openssl/include
@@ -18,19 +14,14 @@ export LD_LIBRARY_PATH ?= $(PWD)/lib
 .SECONDARY:
 .SUFFIXES:

 all: libs ext
 all: libs rbenv

 clean: clean-libs clean-ext
 clean: clean-libs
 clean-libs:
 	[ -d "build/openssl/" ] \
 		&& find "build/openssl/" \( -name "*.o" -o -name "*.so" \) -delete \
 		|| true
 	rm -f lib/libcrypto.so* lib/libssl.so* "build/openssl//Makefile"
 clean-ext:
 	[ -d "$(RUBY_OPENSSL_EXT_DIR)" ] \
 		&& find "$(RUBY_OPENSSL_EXT_DIR)" \( -name "*.o" -o -name "*.so" \) -delete \
 		|| true
 	rm -f lib/openssl.so
 mr-proper:
 	rm -rf lib/libcrypto.so* lib/libssl.so* lib/openssl.so build

@@ -49,20 +40,15 @@ build/openssl/: | $(OPENSSL_DIR)/
 $(OPENSSL_DIR)/: build/$(OPENSSL_NAME).tar.gz build/chacha-poly.patch
 	tar -C build -xf "build/$(OPENSSL_NAME).tar.gz"
 	patch -d "$(OPENSSL_DIR)" -p1 < build/chacha-poly.patch
 	patch -d "$(OPENSSL_DIR)" -p1 < patches/openssl/00_disable_digest_check.patch
 	for p in patches/openssl/*.patch; do patch -d "$@" -p1 < "$$p"; done

 build/openssl/Makefile: | build/openssl/
 	#cd $(OPENSSL_DIR) && ./Configure enable-ssl2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib enable-rc5 enable-rc2 enable-gost enable-md2 enable-mdc2 enable-shared linux-x86_64
 	#cd $(OPENSSL_DIR) && ./config enable-ssl2 enable-ssl3 enable-md2 enable-rc5 enable-weak-ssl-ciphers shared
 	cd build/openssl/ && ./config enable-ssl2 enable-ssl3 enable-ssl3-method enable-md2 enable-rc5 enable-weak-ssl-ciphers enable-shared

 build/openssl/libssl.so \
 build/openssl/libcrypto.so: build/openssl/Makefile
 	$(MAKE) -C build/openssl/

 install-openssl: build/openssl/Makefile
 	$(MAKE) -C build/openssl/ install

 LIBS = lib/libssl.so lib/libcrypto.so lib/libssl.so.$(OPENSSL_LIB_VERSION) lib/libcrypto.so.$(OPENSSL_LIB_VERSION)
 lib/%.so: build/openssl/%.so
 	cp "$<" "$@"
@@ -79,53 +65,22 @@ $(RBENV_ROOT)/plugins/ruby-build/: | $(RBENV_ROOT)/
 $(RBENV_ROOT)/plugins/ruby-build/share/ruby-build/$(RUBY_VERSION): | $(RBENV_ROOT)/plugins/ruby-build/

 build/$(RUBY_VERSION)-cryptcheck: $(RBENV_ROOT)/plugins/ruby-build/share/ruby-build/$(RUBY_VERSION)
 	cp "$<" "$@"
 	cp $< $@

 install-rbenv: build/$(RUBY_VERSION)-cryptcheck

 install-rbenv-cryptcheck: build/$(RUBY_VERSION)-cryptcheck $(LIBS) | build/openssl/
 rbenv: build/$(RUBY_VERSION)-cryptcheck $(LIBS) | $(OPENSSL_DIR)/
 	cat patches/ruby/*.patch | \
 	RUBY_BUILD_CACHE_PATH="$(PWD)/build" \
 	RUBY_BUILD_DEFINITIONS="$(PWD)/build" \
 	rbenv install -fp "$(RUBY_VERSION)-cryptcheck"
 	rbenv local "$(RUBY_VERSION)-cryptcheck"
 	gem update --system
 	RUBY_BUILD_CACHE_PATH=$(PWD)/build \
 	RUBY_BUILD_DEFINITIONS=$(PWD)/build \
 	MAKE_OPTS="-j $(shell nproc)" rbenv install -fp $(RUBY_VERSION)-cryptcheck
 	# rbenv sequester $(RUBY_VERSION)-cryptcheck
 	rbenv local $(RUBY_VERSION)-cryptcheck
 	gem install bundler
 	# bundle install --without test development

 $(RUBY_LIB_DIR)/openssl/ssl.rb: $(RUBY_OPENSSL_EXT_DIR)/lib/openssl/ssl.rb
 	cp "$<" "$@"

 $(RUBY_LIB_DIR)/x86_64-linux/openssl.so: $(RUBY_OPENSSL_EXT_DIR)/openssl.so
 	cp "$<" "$@"

 sync-ruby: $(RUBY_LIB_DIR)/openssl/ssl.rb $(RUBY_LIB_DIR)/x86_64-linux/openssl.so

 build/$(RUBY_NAME).tar.xz: | build/
 	wget "http://cache.ruby-lang.org/pub/ruby/$(RUBY_MAJOR_VERSION)/$(RUBY_NAME).tar.xz" -O "$@"

 $(RUBY_DIR)/: build/$(RUBY_NAME).tar.xz
 	tar -C build -xf "$<"
 	for p in patches/ruby/*.patch; do patch -d "$@" -p1 < $i; done

 $(RUBY_OPENSSL_EXT_DIR)/Makefile: libs | $(RUBY_DIR)/
 	cd "$(RUBY_OPENSSL_EXT_DIR)" && ruby extconf.rb

 $(RUBY_OPENSSL_EXT_DIR)/openssl.so: $(LIBS) $(RUBY_OPENSSL_EXT_DIR)/Makefile
 	top_srcdir=../.. $(MAKE) -C "$(RUBY_OPENSSL_EXT_DIR)"

 lib/openssl.so: $(RUBY_OPENSSL_EXT_DIR)/openssl.so
 	cp "$<" "$@"

 ext: lib/openssl.so

 install-ruby: $(RUBY_DIR)/
 	cd "$(RUBY_DIR)/" && ./configure --enable-shared --disable-install-rdoc && make install
 	bundle install

 spec/faketime/libfaketime.so: spec/faketime/faketime.c spec/faketime/faketime.h
 	$(CC) "$^" -o "$@" -shared -fPIC -ldl -std=c99 -Werror -Wall
 	$(CC) $^ -o $@ -shared -fPIC -ldl -std=c99 -Werror -Wall
 lib/libfaketime.so: spec/faketime/libfaketime.so
 	ln -fs "../$<" "$@"
 	ln -fs ../$< $@
 faketime: lib/libfaketime.so

 test-material:
--- a/bin/cryptcheck
+++ b/bin/cryptcheck
@@ -0,0 +1,25 @@
 #!/usr/bin/env ruby
 require 'rubygems'
 require 'bundler/setup'
 require 'thor'
 require 'awesome_print'
 require 'cryptcheck'

 class CLI < Thor
 	option :'no-ipv4', type: :boolean, default: false, aliases: :'4'
 	option :'no-ipv6', type: :boolean, default: false, aliases: :'6'
 	option :json, type: :boolean, default: false, aliases: :j
 	option :quiet, type: :boolean, default: false, aliases: :q

 	desc 'https HOST [PORT]', 'Analyze HTTPS configuration for HOST:PORT'

 	def https(host, port = 443)
 		ENV['DISABLE_IPv4']        = 'true' if options[:'no-ipv4']
 		ENV['DISABLE_IPv6']        = 'true' if options[:'no-ipv6']
 		::CryptCheck::Logger.level = options[:quiet] ? :none : :info
 		result                     = ::CryptCheck::Tls::Https.analyze host, port
 		$stdout.isatty ? ap(result) : puts(JSON.pretty_generate(result)) if options[:json]
 	end
 end

 CLI.start ARGV
--- a/cryptcheck.gemspec
+++ b/cryptcheck.gemspec
@@ -40,4 +40,5 @@ Gem::Specification.new do |spec|
 	spec.add_dependency 'ruby-progressbar'
 	spec.add_dependency 'colorize'
 	spec.add_dependency 'awesome_print'
 	spec.add_dependency 'thor'
 end
--- a/lib/cryptcheck/tls/host.rb
+++ b/lib/cryptcheck/tls/host.rb
@@ -78,12 +78,12 @@ module CryptCheck
 								port:     port
 						}
 						case server
 							when Server
 								host[:handshakes] = server.to_h
 								host[:states]     = server.states
 								host[:grade]     = server.grade
 							else
 								host[:error] = server.to_s
 						when Server
 							host[:handshakes] = server.to_h
 							host[:states]     = server.states
 							host[:grade]      = server.grade
 						else
 							host[:error] = server.to_s
 						end
 						host
 					end
@@ -95,12 +95,17 @@ module CryptCheck

 			def resolve
 				begin
 					ip = IPAddr.new @hostname
 					return [[nil, ip.to_s, ip.family, @port]]
 				rescue IPAddr::InvalidAddressError
 					begin
 						ip = IPAddr.new @hostname
 						return [[nil, ip.to_s, ip.family, @port]]
 					rescue IPAddr::InvalidAddressError
 					end
 					::Addrinfo.getaddrinfo(@hostname, nil, nil, :STREAM)
 							.collect { |a| [@hostname, a.ip_address, a.afamily, @port] }
 				end.reject do |family, *_|
 					(ENV['DISABLE_IPv6'] && family == Socket::AF_INET6) ||
 							(ENV['DISABLE_IPv4'] && family == Socket::AF_INET)
 				end
 				::Addrinfo.getaddrinfo(@hostname, nil, nil, :STREAM)
 						.collect { |a| [@hostname, a.ip_address, a.afamily, @port] }
 			end

 			def server(*args)