Date: Fri, 30 Jun 2017 15:15:59 +0000 (UTC) From: Tobias Kortkamp <tobik@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r444763 - in head/security: . testssl.sh Message-ID: <201706301515.v5UFFxmn071097@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tobik Date: Fri Jun 30 15:15:59 2017 New Revision: 444763 URL: https://svnweb.freebsd.org/changeset/ports/444763 Log: New port: security/testssl.sh testssl.sh is a command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. Key features: - Clear output: you can tell easily whether anything is good or bad - Flexibility: You can test any SSL/TLS enabled and STARTTLS service, not only webservers at port 443 - Toolbox: Several command line options help you to run YOUR test and configure YOUR output - Reliability: features are tested thoroughly - Verbosity: If a particular check cannot be performed because of a missing capability on your client side, you'll get a warning - Privacy: It's only you who sees the result, not a third party WWW: https://github.com/drwetter/testssl.sh Approved by: mat (mentor) Differential Revision: https://reviews.freebsd.org/D11406 Added: head/security/testssl.sh/ head/security/testssl.sh/Makefile (contents, props changed) head/security/testssl.sh/distinfo (contents, props changed) head/security/testssl.sh/pkg-descr (contents, props changed) head/security/testssl.sh/pkg-plist (contents, props changed) Modified: head/security/Makefile Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Fri Jun 30 15:11:54 2017 (r444762) +++ head/security/Makefile Fri Jun 30 15:15:59 2017 (r444763) @@ -1178,6 +1178,7 @@ SUBDIR += tclgpg SUBDIR += tclsasl SUBDIR += tcpcrypt + SUBDIR += testssl.sh SUBDIR += tinc SUBDIR += tinyca SUBDIR += titus Added: head/security/testssl.sh/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/testssl.sh/Makefile Fri Jun 30 15:15:59 2017 (r444763) @@ -0,0 +1,74 @@ +# $FreeBSD$ + +PORTNAME= testssl.sh +PORTVERSION= 2.8 +CATEGORIES= security + +MAINTAINER= tobik@FreeBSD.org +COMMENT= Test TLS/SSL encryption anywhere on any port + +LICENSE= GPLv2 +LICENSE_FILE= ${WRKSRC}/LICENSE + +RUN_DEPENDS= bash:shells/bash + +USES= perl5 shebangfix ssl:build +USE_GITHUB= yes +GH_ACCOUNT= drwetter +GH_TUPLE= drwetter:openssl-pm-snapshot:a9396aaef81d5c1ed714fc625b593522d25914b1:openssl +USE_PERL5= build + +SHEBANG_FILES= testssl.sh utils/* + +# We deliberately want to build an OpenSSL binary with the most +# insecure and obsolete ciphers available for testing purposes! See +# ${WRKSRC_testssl}/bin/Readme.md and utils/make-openssl.sh for more +# details. +HAS_CONFIGURE= yes +CONFIGURE_ARGS= --openssldir=${OPENSSLDIR} \ + enable-zlib \ + enable-ssl2 \ + enable-ssl3 \ + enable-ssl-trace \ + enable-rc5 \ + enable-rc2 \ + enable-gost \ + enable-cms \ + enable-md2 \ + enable-mdc2 \ + enable-ec \ + enable-ec2m \ + enable-ecdh \ + enable-ecdsa \ + enable-seed \ + enable-camellia \ + enable-idea \ + enable-rfc3779 \ + enable-ec_nistp_64_gcc_128 \ + experimental-jpake \ + -DOPENSSL_USE_IPV6 +CONFIGURE_ENV= PERL="${PERL}" +CONFIGURE_SCRIPT= config + +BUILD_WRKSRC= ${WRKSRC_openssl} +CONFIGURE_WRKSRC= ${WRKSRC_openssl} + +# The build randomly fails sometimes when building in parallel for +# unknown reasons. +MAKE_JOBS_UNSAFE= yes + +post-patch: + @${REINPLACE_CMD} -e '/elif test_openssl_suffix/d' \ + -e 's@: \# 5. we tried.*$$@else OPENSSL="${PREFIX}/libexec/openssl.testssl.sh"@' \ + -e 's@$${TESTSSL_INSTALL_DIR:-""}@$${TESTSSL_INSTALL_DIR:-"${DATADIR}"}@' \ + -e '/^check_bsd_mount$$/d' \ + ${WRKSRC}/testssl.sh + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC_openssl}/apps/openssl ${STAGEDIR}${PREFIX}/libexec/openssl.testssl.sh + ${INSTALL_SCRIPT} ${WRKSRC}/testssl.sh ${STAGEDIR}${PREFIX}/bin + @${MKDIR} ${STAGEDIR}${DATADIR}/etc ${STAGEDIR}${DATADIR}/utils + @cd ${WRKSRC}/etc && ${COPYTREE_SHARE} . ${STAGEDIR}${DATADIR}/etc + @cd ${WRKSRC}/utils && ${COPYTREE_SHARE} . ${STAGEDIR}${DATADIR}/utils + +.include <bsd.port.mk> Added: head/security/testssl.sh/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/testssl.sh/distinfo Fri Jun 30 15:15:59 2017 (r444763) @@ -0,0 +1,5 @@ +TIMESTAMP = 1498752135 +SHA256 (drwetter-testssl.sh-2.8_GH0.tar.gz) = 76c1b21fcbaa4e625b77c9a9c7a137a2272cd84d07911fb213101aa6b9ce8cfa +SIZE (drwetter-testssl.sh-2.8_GH0.tar.gz) = 8529555 +SHA256 (drwetter-openssl-pm-snapshot-a9396aaef81d5c1ed714fc625b593522d25914b1_GH0.tar.gz) = 798230c8dc8d7723fff5f6687b1150a3165254eb65c4f6875b7b6b66a53f9c47 +SIZE (drwetter-openssl-pm-snapshot-a9396aaef81d5c1ed714fc625b593522d25914b1_GH0.tar.gz) = 5491000 Added: head/security/testssl.sh/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/testssl.sh/pkg-descr Fri Jun 30 15:15:59 2017 (r444763) @@ -0,0 +1,15 @@ +testssl.sh is a command line tool which checks a server's service on +any port for the support of TLS/SSL ciphers, protocols as well as some +cryptographic flaws. Key features: + +- Clear output: you can tell easily whether anything is good or bad +- Flexibility: You can test any SSL/TLS enabled and STARTTLS service, + not only webservers at port 443 +- Toolbox: Several command line options help you to run YOUR test and + configure YOUR output +- Reliability: features are tested thoroughly +- Verbosity: If a particular check cannot be performed because of a + missing capability on your client side, you'll get a warning +- Privacy: It's only you who sees the result, not a third party + +WWW: https://github.com/drwetter/testssl.sh Added: head/security/testssl.sh/pkg-plist ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/testssl.sh/pkg-plist Fri Jun 30 15:15:59 2017 (r444763) @@ -0,0 +1,20 @@ +bin/testssl.sh +libexec/openssl.testssl.sh +%%DATADIR%%/etc/Apple.pem +%%DATADIR%%/etc/Linux.pem +%%DATADIR%%/etc/Microsoft.pem +%%DATADIR%%/etc/Mozilla.pem +%%DATADIR%%/etc/README.md +%%DATADIR%%/etc/ca_hashes.txt +%%DATADIR%%/etc/curves.txt +%%DATADIR%%/etc/mapping-rfc.txt +%%DATADIR%%/etc/mapping.txt +%%DATADIR%%/utils/ccs-injection.bash +%%DATADIR%%/utils/checkcert.sh +%%DATADIR%%/utils/create_ca_hashes.sh +%%DATADIR%%/utils/curves.bash +%%DATADIR%%/utils/heartbleed.bash +%%DATADIR%%/utils/make-openssl.sh +%%DATADIR%%/utils/parse_client_ciphers.pl +%%DATADIR%%/utils/prototype.ssl2proto-check.bash +%%DATADIR%%/utils/prototype.tls-protocol-checker.bash
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201706301515.v5UFFxmn071097>