Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 30 Jun 2017 15:15:59 +0000 (UTC)
From:      Tobias Kortkamp <tobik@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r444763 - in head/security: . testssl.sh
Message-ID:  <201706301515.v5UFFxmn071097@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: tobik
Date: Fri Jun 30 15:15:59 2017
New Revision: 444763
URL: https://svnweb.freebsd.org/changeset/ports/444763

Log:
  New port: security/testssl.sh
  
  testssl.sh is a command line tool which checks a server's service on
  any port for the support of TLS/SSL ciphers, protocols as well as some
  cryptographic flaws.  Key features:
  
  - Clear output: you can tell easily whether anything is good or bad
  - Flexibility: You can test any SSL/TLS enabled and STARTTLS service,
    not only webservers at port 443
  - Toolbox: Several command line options help you to run YOUR test and
    configure YOUR output
  - Reliability: features are tested thoroughly
  - Verbosity: If a particular check cannot be performed because of a
    missing capability on your client side, you'll get a warning
  - Privacy: It's only you who sees the result, not a third party
  
  WWW: https://github.com/drwetter/testssl.sh
  
  Approved by:	mat (mentor)
  Differential Revision:	https://reviews.freebsd.org/D11406

Added:
  head/security/testssl.sh/
  head/security/testssl.sh/Makefile   (contents, props changed)
  head/security/testssl.sh/distinfo   (contents, props changed)
  head/security/testssl.sh/pkg-descr   (contents, props changed)
  head/security/testssl.sh/pkg-plist   (contents, props changed)
Modified:
  head/security/Makefile

Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile	Fri Jun 30 15:11:54 2017	(r444762)
+++ head/security/Makefile	Fri Jun 30 15:15:59 2017	(r444763)
@@ -1178,6 +1178,7 @@
     SUBDIR += tclgpg
     SUBDIR += tclsasl
     SUBDIR += tcpcrypt
+    SUBDIR += testssl.sh
     SUBDIR += tinc
     SUBDIR += tinyca
     SUBDIR += titus

Added: head/security/testssl.sh/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/testssl.sh/Makefile	Fri Jun 30 15:15:59 2017	(r444763)
@@ -0,0 +1,74 @@
+# $FreeBSD$
+
+PORTNAME=	testssl.sh
+PORTVERSION=	2.8
+CATEGORIES=	security
+
+MAINTAINER=	tobik@FreeBSD.org
+COMMENT=	Test TLS/SSL encryption anywhere on any port
+
+LICENSE=	GPLv2
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+RUN_DEPENDS=	bash:shells/bash
+
+USES=		perl5 shebangfix ssl:build
+USE_GITHUB=	yes
+GH_ACCOUNT=	drwetter
+GH_TUPLE=	drwetter:openssl-pm-snapshot:a9396aaef81d5c1ed714fc625b593522d25914b1:openssl
+USE_PERL5=	build
+
+SHEBANG_FILES=	testssl.sh utils/*
+
+# We deliberately want to build an OpenSSL binary with the most
+# insecure and obsolete ciphers available for testing purposes!  See
+# ${WRKSRC_testssl}/bin/Readme.md and utils/make-openssl.sh for more
+# details.
+HAS_CONFIGURE=	yes
+CONFIGURE_ARGS=	--openssldir=${OPENSSLDIR} \
+		enable-zlib \
+		enable-ssl2 \
+		enable-ssl3 \
+		enable-ssl-trace \
+		enable-rc5 \
+		enable-rc2 \
+		enable-gost \
+		enable-cms \
+		enable-md2 \
+		enable-mdc2 \
+		enable-ec \
+		enable-ec2m \
+		enable-ecdh \
+		enable-ecdsa \
+		enable-seed \
+		enable-camellia \
+		enable-idea \
+		enable-rfc3779 \
+		enable-ec_nistp_64_gcc_128 \
+		experimental-jpake \
+		-DOPENSSL_USE_IPV6
+CONFIGURE_ENV=	PERL="${PERL}"
+CONFIGURE_SCRIPT=	config
+
+BUILD_WRKSRC=		${WRKSRC_openssl}
+CONFIGURE_WRKSRC=	${WRKSRC_openssl}
+
+# The build randomly fails sometimes when building in parallel for
+# unknown reasons.
+MAKE_JOBS_UNSAFE=	yes
+
+post-patch:
+	@${REINPLACE_CMD} -e '/elif test_openssl_suffix/d' \
+		-e 's@:    \# 5. we tried.*$$@else OPENSSL="${PREFIX}/libexec/openssl.testssl.sh"@' \
+		-e 's@$${TESTSSL_INSTALL_DIR:-""}@$${TESTSSL_INSTALL_DIR:-"${DATADIR}"}@' \
+		-e '/^check_bsd_mount$$/d' \
+		${WRKSRC}/testssl.sh
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC_openssl}/apps/openssl ${STAGEDIR}${PREFIX}/libexec/openssl.testssl.sh
+	${INSTALL_SCRIPT} ${WRKSRC}/testssl.sh ${STAGEDIR}${PREFIX}/bin
+	@${MKDIR} ${STAGEDIR}${DATADIR}/etc ${STAGEDIR}${DATADIR}/utils
+	@cd ${WRKSRC}/etc && ${COPYTREE_SHARE} . ${STAGEDIR}${DATADIR}/etc
+	@cd ${WRKSRC}/utils && ${COPYTREE_SHARE} . ${STAGEDIR}${DATADIR}/utils
+
+.include <bsd.port.mk>

Added: head/security/testssl.sh/distinfo
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/testssl.sh/distinfo	Fri Jun 30 15:15:59 2017	(r444763)
@@ -0,0 +1,5 @@
+TIMESTAMP = 1498752135
+SHA256 (drwetter-testssl.sh-2.8_GH0.tar.gz) = 76c1b21fcbaa4e625b77c9a9c7a137a2272cd84d07911fb213101aa6b9ce8cfa
+SIZE (drwetter-testssl.sh-2.8_GH0.tar.gz) = 8529555
+SHA256 (drwetter-openssl-pm-snapshot-a9396aaef81d5c1ed714fc625b593522d25914b1_GH0.tar.gz) = 798230c8dc8d7723fff5f6687b1150a3165254eb65c4f6875b7b6b66a53f9c47
+SIZE (drwetter-openssl-pm-snapshot-a9396aaef81d5c1ed714fc625b593522d25914b1_GH0.tar.gz) = 5491000

Added: head/security/testssl.sh/pkg-descr
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/testssl.sh/pkg-descr	Fri Jun 30 15:15:59 2017	(r444763)
@@ -0,0 +1,15 @@
+testssl.sh is a command line tool which checks a server's service on
+any port for the support of TLS/SSL ciphers, protocols as well as some
+cryptographic flaws.  Key features:
+
+- Clear output: you can tell easily whether anything is good or bad
+- Flexibility: You can test any SSL/TLS enabled and STARTTLS service,
+  not only webservers at port 443
+- Toolbox: Several command line options help you to run YOUR test and
+  configure YOUR output
+- Reliability: features are tested thoroughly
+- Verbosity: If a particular check cannot be performed because of a
+  missing capability on your client side, you'll get a warning
+- Privacy: It's only you who sees the result, not a third party
+
+WWW: https://github.com/drwetter/testssl.sh

Added: head/security/testssl.sh/pkg-plist
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/testssl.sh/pkg-plist	Fri Jun 30 15:15:59 2017	(r444763)
@@ -0,0 +1,20 @@
+bin/testssl.sh
+libexec/openssl.testssl.sh
+%%DATADIR%%/etc/Apple.pem
+%%DATADIR%%/etc/Linux.pem
+%%DATADIR%%/etc/Microsoft.pem
+%%DATADIR%%/etc/Mozilla.pem
+%%DATADIR%%/etc/README.md
+%%DATADIR%%/etc/ca_hashes.txt
+%%DATADIR%%/etc/curves.txt
+%%DATADIR%%/etc/mapping-rfc.txt
+%%DATADIR%%/etc/mapping.txt
+%%DATADIR%%/utils/ccs-injection.bash
+%%DATADIR%%/utils/checkcert.sh
+%%DATADIR%%/utils/create_ca_hashes.sh
+%%DATADIR%%/utils/curves.bash
+%%DATADIR%%/utils/heartbleed.bash
+%%DATADIR%%/utils/make-openssl.sh
+%%DATADIR%%/utils/parse_client_ciphers.pl
+%%DATADIR%%/utils/prototype.ssl2proto-check.bash
+%%DATADIR%%/utils/prototype.tls-protocol-checker.bash



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201706301515.v5UFFxmn071097>