From nobody Wed Apr 23 10:49:32 2025
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZjG7w4mLgz5tCKW;
	Wed, 23 Apr 2025 10:49:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZjG7w3LWCz3MSg;
	Wed, 23 Apr 2025 10:49:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1745405372;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=uGDZOaubv/DWOpNAOtsh30mZQ7amyI7ErBGy9gj2QMQ=;
	b=eSt0O2D5A41s44AydbfNNqvYkrdVDwU+m44Htr8O7h24EIkQFRGUcjYzxJ+bGukL5Z3j/h
	HJsj+zvBXAKkKtCLMMhhR8mbaKFiWC0d0a1m7FThioWdDSG7yhGkworXrYjfnMApXT35S7
	1BBH3KwKjog8dpRO6ThipPYFuM6nkFwPssqQH6lT8RIe1ppiyuAxUlv7LaffA53IhV6pNh
	D79V9PlImKpW9Pspqd6cBYQinw+Jcvqe2tyV8bVZ4GKkjh8EBUZ8uNB8le6F+dYkRvjU0D
	EXxKEIzV7TA6wbebsTXk1DN43avsHxmCTE4nFaRg3pFOhFc+BA00aJlNZJE0tA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1745405372; a=rsa-sha256; cv=none;
	b=WuYhqBKLN2bye3O5ZGzVc4pV2eznqeGoMw8ro7hdhpaPwk7jaovYk9mDKExBQ09UYy89sj
	9moyA9bB46HVHfOAGrosZ5oLbnH62/X4dFvZrH8ZGCuQ+9nw/FEN32IzWZyyxzdByLN68p
	PNDlUNO3zuU6H9qAGnieoMew3dQDoiNxY+w9ZrvXUJ09nTvfjDFCa/6Z2c5BrhVQ7p2vYG
	i5Mwmg58BOY9XEVWh8xcpzuBxTTFgQI8DY0ZaMx/951QtCOF7CizKEvCfeR6KrtnAi1cU0
	ns5X4rmHvQmUCr4qPvxOViK5tnr6C13S+sT8D5+ygdlbRRhvPrMku+PB50OdtA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1745405372;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=uGDZOaubv/DWOpNAOtsh30mZQ7amyI7ErBGy9gj2QMQ=;
	b=uPxgppCzMXe8xB9NneEvry1pMD46yoX4irBhu/wRLaqQzNH1UpyqGgCsgEH1T+5kDQRW1R
	WTFQKalF8pLEwY4iP4+6L1acp1VvErobXFwMFEZy7hu3JkpIobbRA9n3n0TcboRKrBZE6t
	uQhUoCFlk2ca/p3XJsv6kH6ggrwY2NV778Mz1uP0Jvf073VOX/PjmwvukSzcK+7Tvb9/Qu
	BdSevvWyKqXo6w0GoF3EBRJmbxuHeD1QFtGBtN8ppbYSCCgplxAbk+ZQRQipse2dS3Yg5g
	ohZ5/gtwD5P9/fivZmmuE0CpIMbxQCm4caBwdBYCZzVSEDdgsqT3xedC70vlIg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZjG7w2xp6z11Rw;
	Wed, 23 Apr 2025 10:49:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 53NAnWfS045402;
	Wed, 23 Apr 2025 10:49:32 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 53NAnWK7045399;
	Wed, 23 Apr 2025 10:49:32 GMT
	(envelope-from git)
Date: Wed, 23 Apr 2025 10:49:32 GMT
Message-Id: <202504231049.53NAnWK7045399@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Adam Weinberger <adamw@FreeBSD.org>
Subject: git: 4e2974ebfe54 - main - security/testssl.sh: Update to
  3.2.0
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-all@freebsd.org
Sender: owner-dev-commits-ports-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: adamw
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 4e2974ebfe5404276997485ab857591b29d67644
Auto-Submitted: auto-generated

The branch main has been updated by adamw:

URL: https://cgit.FreeBSD.org/ports/commit/?id=4e2974ebfe5404276997485ab857591b29d67644

commit 4e2974ebfe5404276997485ab857591b29d67644
Author:     Adam Weinberger <adamw@FreeBSD.org>
AuthorDate: 2025-04-23 10:48:30 +0000
Commit:     Adam Weinberger <adamw@FreeBSD.org>
CommitDate: 2025-04-23 10:49:28 +0000

    security/testssl.sh: Update to 3.2.0
    
    The improvements are extensive, but operation remains the same.
    
    Changes: https://github.com/testssl/testssl.sh/blob/3.2/CHANGELOG.md
---
 security/testssl.sh/Makefile               |  8 ++++---
 security/testssl.sh/distinfo               |  6 ++---
 security/testssl.sh/files/patch-testssl.sh | 37 +++++++++++++++---------------
 security/testssl.sh/pkg-plist              |  2 ++
 4 files changed, 29 insertions(+), 24 deletions(-)

diff --git a/security/testssl.sh/Makefile b/security/testssl.sh/Makefile
index ed41867a525d..fcc86c2d296f 100644
--- a/security/testssl.sh/Makefile
+++ b/security/testssl.sh/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	testssl.sh
 DISTVERSIONPREFIX=	v
-DISTVERSION=	3.0.9
+DISTVERSION=	3.2.0
 CATEGORIES=	security
 
 MAINTAINER=	adamw@FreeBSD.org
@@ -14,11 +14,12 @@ RUN_DEPENDS=	openssl-unsafe>=1.0.1:security/openssl-unsafe \
 		bash:shells/bash
 TEST_DEPENDS=	p5-JSON>=0:converters/p5-JSON
 
-USES=		perl5 shebangfix
+USES=		perl5 shebangfix ssl
 USE_GITHUB=	yes
 GH_ACCOUNT=	testssl
 
 SHEBANG_FILES=	testssl.sh utils/*
+SUB_LIST+=	OPENSSLBASE="${OPENSSLBASE}"
 
 USE_PERL5=	test
 TEST_ENV=	TESTSSL_INSTALL_DIR=${WRKSRC}
@@ -41,4 +42,5 @@ do-test:
 # run.
 	cd ${WRKSRC} && ${SETENV} ${TEST_ENV} prove -v t/51_badssl.com.t
 
-.include <bsd.port.mk>
+.include <bsd.port.pre.mk>
+.include <bsd.port.post.mk>
diff --git a/security/testssl.sh/distinfo b/security/testssl.sh/distinfo
index af2c8757b2c1..8da804c605af 100644
--- a/security/testssl.sh/distinfo
+++ b/security/testssl.sh/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1737732228
-SHA256 (testssl-testssl.sh-v3.0.9_GH0.tar.gz) = 75ecbe4470e74f9ad17f4c4ac733be123b0f67d676ed24cc2b30adb41561e05f
-SIZE (testssl-testssl.sh-v3.0.9_GH0.tar.gz) = 9381651
+TIMESTAMP = 1745404098
+SHA256 (testssl-testssl.sh-v3.2.0_GH0.tar.gz) = f3969c152c0fe99a2a90e8c8675ab677d77608ac77c957a95497387c36363c32
+SIZE (testssl-testssl.sh-v3.2.0_GH0.tar.gz) = 6976478
diff --git a/security/testssl.sh/files/patch-testssl.sh b/security/testssl.sh/files/patch-testssl.sh
index 46ad2069d189..476e424b1f14 100644
--- a/security/testssl.sh/files/patch-testssl.sh
+++ b/security/testssl.sh/files/patch-testssl.sh
@@ -1,25 +1,26 @@
---- testssl.sh.orig	2022-02-19 20:34:21 UTC
+--- testssl.sh.orig	2025-04-23 10:29:50 UTC
 +++ testssl.sh
-@@ -132,7 +132,7 @@ declare -r RUN_DIR="$(dirname "$0")"
- declare -r SYSTEM="$(uname -s)"
- declare -r SYSTEMREV="$(uname -r)"
- SYSTEM2=""                                        # currently only being used for WSL = bash on windows
+@@ -193,7 +193,7 @@ ADDTL_CA_FILES="${ADDTL_CA_FILES:-""}"  # single file 
+ 
+ ########### Tuning vars which cannot be set by a cmd line switch. Use instead e.g "HEADER_MAXSLEEP=10 ./testssl.sh <your_args_here>"
+ #
 -TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}"  # If you run testssl.sh and it doesn't find it necessary file automagically set TESTSSL_INSTALL_DIR
 +TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-"%%DATADIR%%"}"  # If you run testssl.sh and it doesn't find it necessary file automagically set TESTSSL_INSTALL_DIR
- CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}"          # You can have your stores some place else
- ADDITIONAL_CA_FILES="${ADDITIONAL_CA_FILES:-""}"  # single file with a CA in PEM format or comma separated lists of them
+ CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}"          # You can have your CA stores some place else
+ EXPERIMENTAL=${EXPERIMENTAL:-false}     # a development hook which allows us to disable code
+ PROXY_WAIT=${PROXY_WAIT:-20}            # waiting at max 20 seconds for socket reply through proxy
+@@ -244,8 +244,8 @@ TLS_DATA_FILE=""                        # mandatory fi
+ PRINTF=""                               # which external printf to use. Empty presets the internal one, see #1130
  CIPHERS_BY_STRENGTH_FILE=""
-@@ -187,6 +187,9 @@ TERM_CURRPOS=0                                        
- ########### Defining (and presetting) variables which can be changed
- #
- # Following variables make use of $ENV and can be used like "OPENSSL=<myprivate_path_to_openssl> ./testssl.sh <URI>"
-+if [[ -z "$OPENSSL" ]]; then
-+     OPENSSL="%%PREFIX%%/openssl-unsafe/bin/openssl"
-+fi
- declare -x OPENSSL
- OPENSSL_TIMEOUT=${OPENSSL_TIMEOUT:-""}  # Default connect timeout with openssl before we call the server side unreachable
- CONNECT_TIMEOUT=${CONNECT_TIMEOUT:-""}  # Default connect timeout with sockets before we call the server side unreachable
-@@ -20345,7 +20348,6 @@ lets_roll() {
+ TLS_DATA_FILE=""                        # mandatory file for socket-based handshakes
+-OPENSSL=""                              # ~/bin/openssl.$(uname).$(uname -m) if you run this from GitHub. Linux otherwise probably /usr/bin/openssl
+-OPENSSL2=${OPENSSL2:-/usr/bin/openssl}  # This will be openssl version >=1.1.1 (auto determined) as opposed to openssl-bad (OPENSSL)
++OPENSSL="%%PREFIX%%/openssl-unsafe/bin/openssl"                              # ~/bin/openssl.$(uname).$(uname -m) if you run this from GitHub. Linux otherwise probably /usr/bin/openssl
++OPENSSL2=${OPENSSL2:-"%%OPENSSLBASE%%/bin/openssl"}  # This will be openssl version >=1.1.1 (auto determined) as opposed to openssl-bad (OPENSSL)
+ OPENSSL2_HAS_TLS_1_3=false              # If we run with supplied binary AND $OPENSSL2 supports TLS 1.3 this will be set to true
+ OPENSSL2_HAS_CHACHA20=false
+ OPENSSL2_HAS_AES128_GCM=false
+@@ -24940,7 +24940,6 @@ lets_roll() {
       mybanner
       check_proxy
       check4openssl_oldfarts
diff --git a/security/testssl.sh/pkg-plist b/security/testssl.sh/pkg-plist
index a87771213426..5649dbfaee77 100644
--- a/security/testssl.sh/pkg-plist
+++ b/security/testssl.sh/pkg-plist
@@ -7,6 +7,7 @@ share/man/man1/testssl.1.gz
 %%DATADIR%%/etc/Microsoft.pem
 %%DATADIR%%/etc/Mozilla.pem
 %%DATADIR%%/etc/README.md
+%%DATADIR%%/etc/SSLSocketClient.java
 %%DATADIR%%/etc/ca_hashes.txt
 %%DATADIR%%/etc/cipher-mapping.txt
 %%DATADIR%%/etc/client-simulation.txt
@@ -28,6 +29,7 @@ share/man/man1/testssl.1.gz
 %%DATADIR%%/utils/gmap2testssl.sh
 %%DATADIR%%/utils/heartbleed.bash
 %%DATADIR%%/utils/hexstream2cipher.sh
+%%DATADIR%%/utils/hexstream2curves.sh
 %%DATADIR%%/utils/make-openssl.sh
 %%DATADIR%%/utils/make-openssl111.sh
 %%DATADIR%%/utils/parse_client_ciphers.pl