svn commit: r444763 - in head/security: . testssl.sh
Tobias Kortkamp
tobik at FreeBSD.org
Fri Jun 30 15:16:01 UTC 2017
Author: tobik
Date: Fri Jun 30 15:15:59 2017
New Revision: 444763
URL: https://svnweb.freebsd.org/changeset/ports/444763
Log:
New port: security/testssl.sh
testssl.sh is a command line tool which checks a server's service on
any port for the support of TLS/SSL ciphers, protocols as well as some
cryptographic flaws. Key features:
- Clear output: you can tell easily whether anything is good or bad
- Flexibility: You can test any SSL/TLS enabled and STARTTLS service,
not only webservers at port 443
- Toolbox: Several command line options help you to run YOUR test and
configure YOUR output
- Reliability: features are tested thoroughly
- Verbosity: If a particular check cannot be performed because of a
missing capability on your client side, you'll get a warning
- Privacy: It's only you who sees the result, not a third party
WWW: https://github.com/drwetter/testssl.sh
Approved by: mat (mentor)
Differential Revision: https://reviews.freebsd.org/D11406
Added:
head/security/testssl.sh/
head/security/testssl.sh/Makefile (contents, props changed)
head/security/testssl.sh/distinfo (contents, props changed)
head/security/testssl.sh/pkg-descr (contents, props changed)
head/security/testssl.sh/pkg-plist (contents, props changed)
Modified:
head/security/Makefile
Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile Fri Jun 30 15:11:54 2017 (r444762)
+++ head/security/Makefile Fri Jun 30 15:15:59 2017 (r444763)
@@ -1178,6 +1178,7 @@
SUBDIR += tclgpg
SUBDIR += tclsasl
SUBDIR += tcpcrypt
+ SUBDIR += testssl.sh
SUBDIR += tinc
SUBDIR += tinyca
SUBDIR += titus
Added: head/security/testssl.sh/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/testssl.sh/Makefile Fri Jun 30 15:15:59 2017 (r444763)
@@ -0,0 +1,74 @@
+# $FreeBSD$
+
+PORTNAME= testssl.sh
+PORTVERSION= 2.8
+CATEGORIES= security
+
+MAINTAINER= tobik at FreeBSD.org
+COMMENT= Test TLS/SSL encryption anywhere on any port
+
+LICENSE= GPLv2
+LICENSE_FILE= ${WRKSRC}/LICENSE
+
+RUN_DEPENDS= bash:shells/bash
+
+USES= perl5 shebangfix ssl:build
+USE_GITHUB= yes
+GH_ACCOUNT= drwetter
+GH_TUPLE= drwetter:openssl-pm-snapshot:a9396aaef81d5c1ed714fc625b593522d25914b1:openssl
+USE_PERL5= build
+
+SHEBANG_FILES= testssl.sh utils/*
+
+# We deliberately want to build an OpenSSL binary with the most
+# insecure and obsolete ciphers available for testing purposes! See
+# ${WRKSRC_testssl}/bin/Readme.md and utils/make-openssl.sh for more
+# details.
+HAS_CONFIGURE= yes
+CONFIGURE_ARGS= --openssldir=${OPENSSLDIR} \
+ enable-zlib \
+ enable-ssl2 \
+ enable-ssl3 \
+ enable-ssl-trace \
+ enable-rc5 \
+ enable-rc2 \
+ enable-gost \
+ enable-cms \
+ enable-md2 \
+ enable-mdc2 \
+ enable-ec \
+ enable-ec2m \
+ enable-ecdh \
+ enable-ecdsa \
+ enable-seed \
+ enable-camellia \
+ enable-idea \
+ enable-rfc3779 \
+ enable-ec_nistp_64_gcc_128 \
+ experimental-jpake \
+ -DOPENSSL_USE_IPV6
+CONFIGURE_ENV= PERL="${PERL}"
+CONFIGURE_SCRIPT= config
+
+BUILD_WRKSRC= ${WRKSRC_openssl}
+CONFIGURE_WRKSRC= ${WRKSRC_openssl}
+
+# The build randomly fails sometimes when building in parallel for
+# unknown reasons.
+MAKE_JOBS_UNSAFE= yes
+
+post-patch:
+ @${REINPLACE_CMD} -e '/elif test_openssl_suffix/d' \
+ -e 's@: \# 5. we tried.*$$@else OPENSSL="${PREFIX}/libexec/openssl.testssl.sh"@' \
+ -e 's@$${TESTSSL_INSTALL_DIR:-""}@$${TESTSSL_INSTALL_DIR:-"${DATADIR}"}@' \
+ -e '/^check_bsd_mount$$/d' \
+ ${WRKSRC}/testssl.sh
+
+do-install:
+ ${INSTALL_PROGRAM} ${WRKSRC_openssl}/apps/openssl ${STAGEDIR}${PREFIX}/libexec/openssl.testssl.sh
+ ${INSTALL_SCRIPT} ${WRKSRC}/testssl.sh ${STAGEDIR}${PREFIX}/bin
+ @${MKDIR} ${STAGEDIR}${DATADIR}/etc ${STAGEDIR}${DATADIR}/utils
+ @cd ${WRKSRC}/etc && ${COPYTREE_SHARE} . ${STAGEDIR}${DATADIR}/etc
+ @cd ${WRKSRC}/utils && ${COPYTREE_SHARE} . ${STAGEDIR}${DATADIR}/utils
+
+.include <bsd.port.mk>
Added: head/security/testssl.sh/distinfo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/testssl.sh/distinfo Fri Jun 30 15:15:59 2017 (r444763)
@@ -0,0 +1,5 @@
+TIMESTAMP = 1498752135
+SHA256 (drwetter-testssl.sh-2.8_GH0.tar.gz) = 76c1b21fcbaa4e625b77c9a9c7a137a2272cd84d07911fb213101aa6b9ce8cfa
+SIZE (drwetter-testssl.sh-2.8_GH0.tar.gz) = 8529555
+SHA256 (drwetter-openssl-pm-snapshot-a9396aaef81d5c1ed714fc625b593522d25914b1_GH0.tar.gz) = 798230c8dc8d7723fff5f6687b1150a3165254eb65c4f6875b7b6b66a53f9c47
+SIZE (drwetter-openssl-pm-snapshot-a9396aaef81d5c1ed714fc625b593522d25914b1_GH0.tar.gz) = 5491000
Added: head/security/testssl.sh/pkg-descr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/testssl.sh/pkg-descr Fri Jun 30 15:15:59 2017 (r444763)
@@ -0,0 +1,15 @@
+testssl.sh is a command line tool which checks a server's service on
+any port for the support of TLS/SSL ciphers, protocols as well as some
+cryptographic flaws. Key features:
+
+- Clear output: you can tell easily whether anything is good or bad
+- Flexibility: You can test any SSL/TLS enabled and STARTTLS service,
+ not only webservers at port 443
+- Toolbox: Several command line options help you to run YOUR test and
+ configure YOUR output
+- Reliability: features are tested thoroughly
+- Verbosity: If a particular check cannot be performed because of a
+ missing capability on your client side, you'll get a warning
+- Privacy: It's only you who sees the result, not a third party
+
+WWW: https://github.com/drwetter/testssl.sh
Added: head/security/testssl.sh/pkg-plist
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/testssl.sh/pkg-plist Fri Jun 30 15:15:59 2017 (r444763)
@@ -0,0 +1,20 @@
+bin/testssl.sh
+libexec/openssl.testssl.sh
+%%DATADIR%%/etc/Apple.pem
+%%DATADIR%%/etc/Linux.pem
+%%DATADIR%%/etc/Microsoft.pem
+%%DATADIR%%/etc/Mozilla.pem
+%%DATADIR%%/etc/README.md
+%%DATADIR%%/etc/ca_hashes.txt
+%%DATADIR%%/etc/curves.txt
+%%DATADIR%%/etc/mapping-rfc.txt
+%%DATADIR%%/etc/mapping.txt
+%%DATADIR%%/utils/ccs-injection.bash
+%%DATADIR%%/utils/checkcert.sh
+%%DATADIR%%/utils/create_ca_hashes.sh
+%%DATADIR%%/utils/curves.bash
+%%DATADIR%%/utils/heartbleed.bash
+%%DATADIR%%/utils/make-openssl.sh
+%%DATADIR%%/utils/parse_client_ciphers.pl
+%%DATADIR%%/utils/prototype.ssl2proto-check.bash
+%%DATADIR%%/utils/prototype.tls-protocol-checker.bash
More information about the svn-ports-all
mailing list