Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 22:05:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Minor polish

Browse Source 
Typos, cleanup ec_nistp_64_gcc_128 (for 64 bit at least), add -DOPENSSL_TLS_SECURITY_LEVEL=0
This commit is contained in:
Dirk
2018-07-18 00:57:32 +02:00
parent 5f7f392e83
commit ee8c70bce3
1 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
utils/make-openssl111.sh
View File

@@ -1,15 +1,20 @@
#!/bin/bash #!/bin/bash
# #
# vim:tw=90:ts=5:sw=5 # vim:tw=90:ts=5:sw=5
#
# Script compiling OpenSSL 1.1.1 from github. Not yet particular sophisticated.
# Just meant to provide a help to get the compile job done
echo echo
echo "#####################################################" echo "#####################################################"
echo "####### Build script for openssl 1.1.1 #######" echo "####### Build script for openssl 1.1.1 #######"
echo "####### (contains some weak ryptography) #######" echo "####### (contains some weak cryptography) #######"
echo "#####################################################" echo "#####################################################"
echo echo
OPT11="enable-tls1_3 enable-tls13downgrade enable-ec_nistp_64_gcc_128 sctp enable-aria enable-asan enable-rc5 enable-ssl3 enable-ssl3-method enable-dynamic-engine enable-ssl-trace" OPT11="enable-tls1_3 enable-tls13downgrade enable-ec_nistp_64_gcc_128 sctp enable-aria \
enable-asan enable-rc5 enable-ssl3 enable-ssl3-method enable-dynamic-engine enable-ssl-trace \
-DOPENSSL_TLS_SECURITY_LEVEL=0 "
STDOPTIONS="--prefix=/usr/ --openssldir=/etc/ssl -DOPENSSL_USE_BUILD_DATE enable-zlib \ STDOPTIONS="--prefix=/usr/ --openssldir=/etc/ssl -DOPENSSL_USE_BUILD_DATE enable-zlib \
enable-heartbeats enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers zlib no-shared \ enable-heartbeats enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers zlib no-shared \
@@ -37,7 +42,7 @@ error() {
makeall() { makeall() {
make depend && make -j2 # && make report make depend && make -j2 # && make report
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
#FIXME: we need another error handler, as a failure doesb't mean a return status of 1 #FIXME: we need another error handler, as a failure doesn't mean here anymore a return status of 1
error "making" error "making"
return 1 return 1
fi fi
@@ -56,11 +61,11 @@ case $(uname -m) in
"i686") clean "i686") clean
if [[ "$1" = krb ]]; then if [[ "$1" = krb ]]; then
name2add=krb name2add=krb
./config $STDOPTIONS no-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT ./config $STDOPTIONS --with-krb5-flavor=MIT
else else
name2add=static name2add=static
#export CFLAGS='-fPIC' #export CFLAGS='-fPIC'
./config $STDOPTIONS no-ec_nistp_64_gcc_128 -static ./config $STDOPTIONS -static
fi fi
[ $? -ne 0 ] && error "configuring" [ $? -ne 0 ] && error "configuring"
makeall && copyfiles "$name2add" makeall && copyfiles "$name2add"
@@ -73,7 +78,7 @@ case $(uname -m) in
"x86_64") clean "x86_64") clean
if [[ "$1" = krb ]]; then if [[ "$1" = krb ]]; then
name2add=krb name2add=krb
./config $STDOPTIONS enable-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT ./config $STDOPTIONS --with-krb5-flavor=MIT
else else
#name2add=static #name2add=static
#./config $STDOPTIONS enable-ec_nistp_64_gcc_128 -static #./config $STDOPTIONS enable-ec_nistp_64_gcc_128 -static
@@ -84,7 +89,8 @@ case $(uname -m) in
[ $? -ne 0 ] && error "configuring" [ $? -ne 0 ] && error "configuring"
makeall && copyfiles "$name2add" makeall && copyfiles "$name2add"
[ $? -ne 0 ] && error "copying files" [ $? -ne 0 ] && error "copying files"
apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l # see ciphers(1), SSL_CTX_set_security_level(3)
apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL:@SECLEVEL=0' | wc -l
echo echo
echo "------------ all ok ------------" echo "------------ all ok ------------"
echo echo