mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-10-30 21:35:26 +01:00
- ease of making openssl binary with make-openssl.sh
- Hint where the Readme is - removal of old binaries
This commit is contained in:
Dirk
6
openssl-bins/Readme.md
Normal file
6
openssl-bins/Readme.md
Normal file
@@ -0,0 +1,6 @@
|
||||
|
||||
Compiling and Usage Instructions
|
||||
================================
|
||||
|
||||
see Readme.md in bin directory
|
||||
|
||||
79
openssl-bins/make-openssl.sh
Executable file
79
openssl-bins/make-openssl.sh
Executable file
@@ -0,0 +1,79 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo
|
||||
echo "have you patched yet?"
|
||||
read a
|
||||
|
||||
STDOPTIONS="--prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \
|
||||
enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
|
||||
enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake"
|
||||
|
||||
clean() {
|
||||
make clean
|
||||
#[ $? -ne 0 ] && error "no openssl directory"
|
||||
return 0
|
||||
}
|
||||
|
||||
error() {
|
||||
tput bold
|
||||
echo "ERROR $1"
|
||||
tput sgr0
|
||||
exit 2
|
||||
}
|
||||
|
||||
makeall() {
|
||||
make depend && make && make report
|
||||
if [ $? -ne 0 ]; then
|
||||
error "making"
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
copyfiles() {
|
||||
echo; apps/openssl version -a; echo
|
||||
cp -p apps/openssl ../openssl$1
|
||||
echo
|
||||
return $?
|
||||
}
|
||||
|
||||
case `uname -m` in
|
||||
"i686") clean ;
|
||||
if [[ "$1" = krb ]]; then
|
||||
name2add=krb
|
||||
./config $STDOPTIONS no-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT
|
||||
else
|
||||
name2add=static
|
||||
./config $STDOPTIONS no-ec_nistp_64_gcc_128 -static
|
||||
fi
|
||||
[ $? -ne 0 ] && error "configuring"
|
||||
makeall && copyfiles "32-$name2add"
|
||||
[ $? -ne 0 ] && error "copying files"
|
||||
apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l
|
||||
echo
|
||||
echo "------------ all ok ------------"
|
||||
echo
|
||||
;;
|
||||
"x86_64") clean;
|
||||
if [[ "$1" = krb ]]; then
|
||||
name2add=krb
|
||||
./config $STDOPTIONS enable-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT
|
||||
else
|
||||
name2add=static
|
||||
./config $STDOPTIONS enable-ec_nistp_64_gcc_128 -static
|
||||
fi
|
||||
[ $? -ne 0 ] && error "configuring"
|
||||
makeall && copyfiles "64-$name2add"
|
||||
[ $? -ne 0 ] && error "copying files"
|
||||
apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l
|
||||
echo
|
||||
echo "------------ all ok ------------"
|
||||
echo
|
||||
;;
|
||||
*) echo "architecture ???"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
# vim:tw=90:ts=5:sw=5
|
||||
# $Id: make-openssl.sh,v 1.6 2015/04/02 07:39:27 dirkw Exp $
|
||||
|
||||
@@ -1,32 +0,0 @@
|
||||
|
||||
Instructions
|
||||
----
|
||||
|
||||
Both versions here are compiled from OpenSSL 1.0.2-beta1. The
|
||||
|
||||
* 64 bit version was compiled under Opensuse 12.3
|
||||
* 32 bit version was compiled under Ubuntu 12.04 LTS
|
||||
|
||||
Both are statically linked, except a few libraries which are nowadays sometimes
|
||||
hard to link in, i.e. the dynamic loader (libdl) and glibc (libc).
|
||||
|
||||
If you want to compile OpenSSL yourself, here are my configure options:
|
||||
|
||||
### for 32 Bit:
|
||||
> --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 enable-gost enable-cms enable-md2 enable-mdc2 enable-rc5 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-idea -Wa,--noexecstack no-dane no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-multiblock no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-zlib-dynamic static-engine
|
||||
|
||||
### for 64Bit:
|
||||
> --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-ec_nistp_64_gcc_128 enable-rc5 enable-rc2 enable-gost enable-cms enable-md2 enable-mdc2 enable-rc5 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-idea -Wa,--noexecstack no-dane no-gmp no-jpake no-krb5 no-libunbound no-multiblock no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-zlib-dynamic static-engine
|
||||
|
||||
And: You have to patch the sources, see file vanilla.patch otherwise you miss the experimental
|
||||
and some RC4/MD5 cipher suites. "openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l" lists for me 150
|
||||
ciphers as opposed to 109 from Ubuntu or Opensuse. More soon to come!
|
||||
|
||||
**Don't use them for other purposes except testing!**
|
||||
|
||||
|
||||
Enjoy,
|
||||
|
||||
Dirk
|
||||
|
||||
|
||||
Binary file not shown.
@@ -1,7 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.0.19 (GNU/Linux)
|
||||
|
||||
iD8DBQBTtWqtWZzt6LgYwDkRAh66AKDPH+8Z96WkGMY37JQ660TdCuiuNACfY6wi
|
||||
RAhPwM6AiWqkJfcnltSJ9kc=
|
||||
=eyei
|
||||
-----END PGP SIGNATURE-----
|
||||
Binary file not shown.
@@ -1,7 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.0.19 (GNU/Linux)
|
||||
|
||||
iD8DBQBTtWqzWZzt6LgYwDkRAgXhAKCSnhieSIzcIxUSUlHThrLLmXp71QCg0K9e
|
||||
bvp1NF/9InyxgD53PXddEA4=
|
||||
=/OeI
|
||||
-----END PGP SIGNATURE-----
|
||||
@@ -1,29 +0,0 @@
|
||||
Both versions here are compiled from OpenSSL 1.0.2-beta1. The
|
||||
|
||||
64 bit version was compiled under Opensuse 12.3
|
||||
32 bit version was compiled under Ubuntu 12.04 LTS
|
||||
|
||||
Both are statically linked, except a few libraries which
|
||||
are nowadays sometimes hard to link in, i.e. the dynamic
|
||||
loader (libdl) and glibc (libc).
|
||||
|
||||
If you want to compile OpenSSL yourself, here are my configure options:
|
||||
|
||||
for 32 Bit:
|
||||
--prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 enable-gost enable-cms enable-md2 enable-mdc2 enable-rc5 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-idea -Wa,--noexecstack no-dane no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-multiblock no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-zlib-dynamic static-engine
|
||||
|
||||
for 64Bit:
|
||||
--prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-ec_nistp_64_gcc_128 enable-rc5 enable-rc2 enable-gost enable-cms enable-md2 enable-mdc2 enable-rc5 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-idea -Wa,--noexecstack no-dane no-gmp no-jpake no-krb5 no-libunbound no-multiblock no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-zlib-dynamic static-engine
|
||||
|
||||
And: You have to patch the sources, see file vanilla.patch otherwise you miss the experimental
|
||||
and some RC4/MD5 cipher suites. "openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l" lists for me 150
|
||||
ciphers as opposed to 109 from Ubuntu or Opensuse. More soon to come!
|
||||
|
||||
Don't use them for other purposes except testing!
|
||||
|
||||
|
||||
Enjoy,
|
||||
|
||||
Dirk
|
||||
|
||||
|
||||
@@ -1,31 +0,0 @@
|
||||
--- ./ssl/tls1.h.orig 2014-03-03 20:43:11.535295959 +0100
|
||||
+++ ./ssl/tls1.h 2014-03-03 20:43:25.911430196 +0100
|
||||
@@ -157,7 +157,7 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
-#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
|
||||
+#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1
|
||||
|
||||
#define TLS1_2_VERSION 0x0303
|
||||
#define TLS1_2_VERSION_MAJOR 0x03
|
||||
--- ./ssl/s2_lib.c.orig 2014-03-05 18:16:40.966589866 +0100
|
||||
+++ ./ssl/s2_lib.c 2014-03-05 18:17:36.572043680 +0100
|
||||
@@ -122,7 +122,7 @@
|
||||
|
||||
/* list of available SSLv2 ciphers (sorted by id) */
|
||||
OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={
|
||||
-#if 0
|
||||
+#if 1
|
||||
/* NULL_WITH_MD5 v3 */
|
||||
{
|
||||
1,
|
||||
@@ -254,7 +254,7 @@
|
||||
168,
|
||||
},
|
||||
|
||||
-#if 0
|
||||
+#if 1
|
||||
/* RC4_64_WITH_MD5 */
|
||||
{
|
||||
1,
|
||||
Reference in New Issue
Block a user