From 8b6f08ab4d3db39aa31dc91fa09ea23b5b3cb98c Mon Sep 17 00:00:00 2001 From: Aeris Date: Sat, 19 Mar 2016 22:25:05 +0100 Subject: [PATCH] Activate sslv2 and sslv3 on openssl 1.0.2g --- .gitignore | 1 + Makefile | 58 ++++++++++++++++++++++++++---------------------- bin/supported | 1 + bin/supported.rb | 11 +++++++++ output/alexa.yml | 1 + output/xmpp.erb | 4 ++-- output/xmpp.yml | 44 ++++++++++++++++++------------------ 7 files changed, 71 insertions(+), 49 deletions(-) create mode 120000 bin/supported create mode 100755 bin/supported.rb diff --git a/.gitignore b/.gitignore index f5f470b..590791d 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ Gemfile.lock /db/schema.rb /lib/**/*.so /lib/**/*.so.1.0.0 +/build/ diff --git a/Makefile b/Makefile index aaec20e..5d8c0c3 100644 --- a/Makefile +++ b/Makefile @@ -1,11 +1,14 @@ PWD = $(shell pwd) export CPATH = $(PWD)/openssl/include export LIBRARY_PATH = $(PWD)/openssl -OPENSSL_VERSION = 1.0.2d -OPENSSL_DIR = openssl-$(OPENSSL_VERSION) +OPENSSL_VERSION = 1.0.2g +OPENSSL_NAME = openssl-$(OPENSSL_VERSION) +OPENSSL_DIR = build/$(OPENSSL_NAME) +#OPENSSL_DIR = openssl RUBY_MAJOR_VERSION = 2.3 RUBY_VERSION = $(RUBY_MAJOR_VERSION).0 -RUBY_DIR = ruby-$(RUBY_VERSION)-preview1 +RUBY_NAME = ruby-$(RUBY_VERSION) +RUBY_DIR = build/$(RUBY_NAME) RUBY_OPENSSL_EXT_DIR = $(RUBY_DIR)/ext/openssl export LIBRARY_PATH = $(PWD)/lib export C_INCLUDE_PATH = $(PWD)/$(OPENSSL_DIR)/include @@ -14,44 +17,47 @@ export C_INCLUDE_PATH = $(PWD)/$(OPENSSL_DIR)/include all: libs ext -clean: - rm -rf $(RUBY_DIR) $(OPENSSL_DIR) +clean: clean-libs clean-ext clean-libs: - find $(OPENSSL_DIR) \( -name "*.o" -o -name "*.so" \) -delete - rm -f lib/libcrypto.so lib/libssl.so lib/libcrypto.so.1.0.0 lib/libssl.so.1.0.0 + [ -d $(OPENSSL_DIR) ] \ + && find $(OPENSSL_DIR) \( -name "*.o" -o -name "*.so" \) -delete \ + || true + rm -f lib/libcrypto.so* lib/libssl.so* $(OPENSSL_DIR)/Makefile clean-ext: - find $(RUBY_OPENSSL_EXT_DIR) \( -name "*.o" -o -name "*.so" \) -delete + [ -d $(RUBY_OPENSSL_EXT_DIR) ] \ + && find $(RUBY_OPENSSL_EXT_DIR) \( -name "*.o" -o -name "*.so" \) -delete \ + || true rm -f lib/openssl.so +mr-proper: + rm -rf lib/libcrypto.so* lib/libssl.so* lib/openssl.so build -mr-proper: clean - rm -rf lib/libcrypto.so lib/libssl.so lib/libcrypto.so.1.0.0 lib/libssl.so.1.0.0 lib/openssl.so +build/: + mkdir $@ -$(OPENSSL_DIR)/: - wget https://www.openssl.org/source/$(OPENSSL_DIR).tar.gz - tar xf $(OPENSSL_DIR).tar.gz - rm -rf $(OPENSSL_DIR).tar.gz +$(OPENSSL_DIR)/: | build/ + cd build && \ + wget https://www.openssl.org/source/$(OPENSSL_NAME).tar.gz && \ + tar xf $(OPENSSL_NAME).tar.gz && \ + rm -rf $(OPENSSL_NAME).tar.gz $(OPENSSL_DIR)/Makefile: | $(OPENSSL_DIR)/ - cd $(OPENSSL_DIR); ./config shared + cd $(OPENSSL_DIR); ./Configure enable-ssl3 enable-ssl2 enable-shared linux-x86_64 $(OPENSSL_DIR)/libssl.so \ -$(OPENSSL_DIR)/libcrypto.so \ -$(OPENSSL_DIR)/libssl.so.1.0.0 \ -$(OPENSSL_DIR)/libcrypto.so.1.0.0: $(OPENSSL_DIR)/Makefile +$(OPENSSL_DIR)/libcrypto.so: $(OPENSSL_DIR)/Makefile $(MAKE) -C $(OPENSSL_DIR) depend build_libs lib/%.so: $(OPENSSL_DIR)/%.so cp $< $@ - -lib/%.so.1.0.0: $(OPENSSL_DIR)/%.so.1.0.0 - cp $< $@ - +lib/%.so.1.0.0: + ln -fs $(notdir $(subst .1.0.0,, $@)) $@ libs: lib/libssl.so lib/libcrypto.so lib/libssl.so.1.0.0 lib/libcrypto.so.1.0.0 -$(RUBY_DIR)/: - wget http://cache.ruby-lang.org/pub/ruby/$(RUBY_MAJOR_VERSION)/$(RUBY_DIR).tar.gz - tar xf $(RUBY_DIR).tar.gz - rm -f $(RUBY_DIR).tar.gz +$(RUBY_DIR)/: | build/ + cd build && \ + wget http://cache.ruby-lang.org/pub/ruby/$(RUBY_MAJOR_VERSION)/$(RUBY_NAME).tar.gz && \ + tar xf $(RUBY_NAME).tar.gz && \ + rm -f $(RUBY_NAME).tar.gz $(RUBY_OPENSSL_EXT_DIR)/Makefile: libs | $(RUBY_DIR)/ cd $(RUBY_OPENSSL_EXT_DIR); ruby extconf.rb diff --git a/bin/supported b/bin/supported new file mode 120000 index 0000000..22882cf --- /dev/null +++ b/bin/supported @@ -0,0 +1 @@ +runner \ No newline at end of file diff --git a/bin/supported.rb b/bin/supported.rb new file mode 100755 index 0000000..0782a9d --- /dev/null +++ b/bin/supported.rb @@ -0,0 +1,11 @@ +#!/usr/bin/env ruby +$:.unshift File.expand_path File.join File.dirname(__FILE__), '../lib' +require 'rubygems' +require 'bundler/setup' +require 'cryptcheck' + +puts 'Supported methods' +puts OpenSSL::SSL::SSLContext::METHODS.select { |m| CryptCheck::Tls::Server::EXISTING_METHODS.include? m }.sort.join ' ' + +puts 'Supported ciphers' +puts CryptCheck::Tls::Cipher.list.collect { |c| c.name }.sort.join ' ' diff --git a/output/alexa.yml b/output/alexa.yml index 4063d06..7935fd7 100644 --- a/output/alexa.yml +++ b/output/alexa.yml @@ -1,4 +1,5 @@ - description: Top 100 Alexa + hostnames: - google.com - facebook.com - youtube.com diff --git a/output/xmpp.erb b/output/xmpp.erb index 84db564..69cbb05 100644 --- a/output/xmpp.erb +++ b/output/xmpp.erb @@ -76,8 +76,8 @@ s = n.server %> - - <%= s.domain %> + + <%= s.hostname %> <% if s.is_a? Tls::TlsNotSupportedServer %> diff --git a/output/xmpp.yml b/output/xmpp.yml index 4c250b9..aaff615 100644 --- a/output/xmpp.yml +++ b/output/xmpp.yml @@ -1,21 +1,23 @@ -- imirhil.fr -- magicbox.okhin.fr -- cyphercat.eu -- jabber.ccc.de -- jbfavre.im -- axelsimon.net -- google.com -- ecuri.es -- dattaz.fr -- jabber.lqdn.fr -- mailfr.com -- arysthaar.pw -- startcom.org -- riseup.net -- citronna.de -- matlink.fr -- verry.org -- keuse.fr -- cappuccino.uk.to -- corzntin.fr -- fralef.me +- description: XMPP + hostnames: + - imirhil.fr + - magicbox.okhin.fr + - cyphercat.eu + - jabber.ccc.de + - jbfavre.im + - axelsimon.net + - google.com + - ecuri.es + - dattaz.fr + - jabber.lqdn.fr + - mailfr.com + - arysthaar.pw + - startcom.org + - riseup.net + - citronna.de + - matlink.fr + - verry.org + - keuse.fr + - cappuccino.uk.to + - corzntin.fr + - fralef.me