summaryrefslogtreecommitdiff
path: root/network/sslscan/add-checks-for-ssl3.patch
blob: 61cbc38557e8a6283a1795fc95beb1780494c9d2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
diff -uprb sslscan-1.10.2.orig/sslscan.c sslscan-1.10.2/sslscan.c
--- sslscan-1.10.2.orig/sslscan.c	2014-02-14 16:59:08.000000000 +0200
+++ sslscan-1.10.2/sslscan.c	2016-03-02 22:24:34.714187733 +0200
@@ -1083,8 +1083,9 @@ int testCipher(struct sslCheckOptions *o
                     }
                     if (options->xmlOutput != 0)
                         fprintf(options->xmlOutput, " sslversion=\"");
+                    if (0) {}
 #ifndef OPENSSL_NO_SSL2
-                    if (sslCipherPointer->sslMethod == SSLv2_client_method())
+                    else if (sslCipherPointer->sslMethod == SSLv2_client_method())
                     {
                         if (options->xmlOutput != 0)
                             fprintf(options->xmlOutput, "SSLv2\" bits=\"");
@@ -1093,10 +1094,9 @@ int testCipher(struct sslCheckOptions *o
                         else
                             printf("SSLv2  ");
                     }
-                    else if (sslCipherPointer->sslMethod == SSLv3_client_method())
-#else
-                    if (sslCipherPointer->sslMethod == SSLv3_client_method())
 #endif
+#ifndef OPENSSL_NO_SSL3
+                    else if (sslCipherPointer->sslMethod == SSLv3_client_method())
                     {
                         if (options->xmlOutput != 0)
                             fprintf(options->xmlOutput, "SSLv3\" bits=\"");
@@ -1105,6 +1105,7 @@ int testCipher(struct sslCheckOptions *o
                         else
                             printf("SSLv3  ");
                     }
+#endif
                     else if (sslCipherPointer->sslMethod == TLSv1_client_method())
                     {
                         if (options->xmlOutput != 0)
@@ -1238,8 +1239,9 @@ int defaultCipher(struct sslCheckOptions
                         cipherStatus = SSL_connect(ssl);
                         if (cipherStatus == 0 || cipherStatus == 1)
                         {
+                            if (0) {}
 #ifndef OPENSSL_NO_SSL2
-                            if (sslMethod == SSLv2_client_method())
+                            else if (sslMethod == SSLv2_client_method())
                             {
                                 if (options->xmlOutput != 0)
                                     fprintf(options->xmlOutput, "  <defaultcipher sslversion=\"SSLv2\" bits=\"");
@@ -1248,10 +1250,9 @@ int defaultCipher(struct sslCheckOptions
                                 else
                                     printf("    SSLv2  ");
                             }
-                            else if (sslMethod == SSLv3_client_method())
-#else
-                            if (sslMethod == SSLv3_client_method())
 #endif
+#ifndef OPENSSL_NO_SSL3
+                            else if (sslMethod == SSLv3_client_method())
                             {
                                 if (options->xmlOutput != 0)
                                     fprintf(options->xmlOutput, "  <defaultcipher sslversion=\"SSLv3\" bits=\"");
@@ -1260,6 +1261,7 @@ int defaultCipher(struct sslCheckOptions
                                 else
                                     printf("    SSLv3  ");
                             }
+#endif
                             else if (sslMethod == TLSv1_client_method())
                             {
                                 if (options->xmlOutput != 0)
@@ -1937,8 +1939,10 @@ int testHost(struct sslCheckOptions *opt
                 if (status != false)
                     status = defaultCipher(options, SSLv2_client_method());
 #endif
+#ifndef OPENSSL_NO_SSL3
                 if (status != false)
                     status = defaultCipher(options, SSLv3_client_method());
+#endif
                 if (status != false)
                     status = defaultCipher(options, TLSv1_client_method());
 
@@ -1957,7 +1961,9 @@ int testHost(struct sslCheckOptions *opt
 #endif
                 break;
             case ssl_v3:
+#ifndef OPENSSL_NO_SSL3
                 status = defaultCipher(options, SSLv3_client_method());
+#endif
                 break;
             case tls_v1:
                 status = defaultCipher(options, TLSv1_client_method());
@@ -2142,9 +2148,11 @@ int main(int argc, char *argv[])
             options.sslVersion = ssl_v2;
 #endif // #ifndef OPENSSL_NO_SSL2
 
+#ifndef OPENSSL_NO_SSL3
         // SSL v3 only...
         else if (strcmp("--ssl3", argv[argLoop]) == 0)
             options.sslVersion = ssl_v3;
+#endif // #ifndef OPENSSL_NO_SSL3
 
         // TLS v1 only...
         else if (strcmp("--tls1", argv[argLoop]) == 0)
@@ -2249,7 +2257,9 @@ int main(int argc, char *argv[])
 #ifndef OPENSSL_NO_SSL2
             printf("  %s--ssl2%s               Only check SSLv2 ciphers.\n", COL_GREEN, RESET);
 #endif // #ifndef OPENSSL_NO_SSL2
+#ifndef OPENSSL_NO_SSL3
             printf("  %s--ssl3%s               Only check SSLv3 ciphers.\n", COL_GREEN, RESET);
+#endif // #ifndef OPENSSL_NO_SSL3
             printf("  %s--tls1%s               Only check TLSv1 ciphers.\n", COL_GREEN, RESET);
 #if OPENSSL_VERSION_NUMBER >= 0x1000008fL || OPENSSL_VERSION_NUMBER >= 0x1000100fL
             printf("  %s--tls11%s              Only check TLSv11 ciphers.\n", COL_GREEN, RESET);
@@ -2299,7 +2309,10 @@ int main(int argc, char *argv[])
                     populateCipherList(&options, SSLv2_client_method());
 #endif
 
+#ifndef OPENSSL_NO_SSL3
                     populateCipherList(&options, SSLv3_client_method());
+#endif
+
                     populateCipherList(&options, TLSv1_client_method());
 
 #if OPENSSL_VERSION_NUMBER >= 0x1000008fL || OPENSSL_VERSION_NUMBER >= 0x1000100fL
@@ -2313,9 +2326,11 @@ int main(int argc, char *argv[])
                     populateCipherList(&options, SSLv2_client_method());
                     break;
 #endif
+#ifndef OPENSSL_NO_SSL3
                 case ssl_v3:
                     populateCipherList(&options, SSLv3_client_method());
                     break;
+#endif
                 case tls_v1:
                     populateCipherList(&options, TLSv1_client_method());
                     break;