Overview

File sslscan.spec of Package sslscan

#
# spec file for package sslscan
#

# norootforbuild

Name:           sslscan
Version:        1.11.13.git20190724.55ec8c7
Release:        0
License:        SUSE-GPL-3.0+-with-openssl-exception
Summary:        SSL cipher scanning tool
Url:            https://github.com/rbsec/sslscan/
Group:          Productivity/Networking/Diagnostic
Source0:        %{name}-%{version}.tar.xz
Source100:      %{name}.changes
Source1000:     openssl-1.0.2t.tar.gz
Source2000:     openssl-1.0.2t.tar.gz.asc
BuildRequires:  pkg-config
BuildRequires:  pkgconfig(zlib)
BuildRoot:      %{_tmppath}/%{name}-%{version}-build

%description
SSLScan determines what ciphers are supported on SSL-based services, such as HTTPS.
Furthermore, SSLScan will determine the preferred ciphers of the SSL service.

This version of sslscan is statically linked against a deliberately "misconfigured" openssl
library with weak ciphers and protocols enabled in order to enable scanning for those weaknesses.

%debug_package

%prep
%setup -q
mkdir weak_openssl
pushd weak_openssl
tar xf %{SOURCE1000} --strip-components=1
# Re-enable SSLv2 EXPORT ciphers
sed -i.bak 's/# if 0/# if 1/g' ssl/s2_lib.c
rm ssl/s2_lib.c.bak
# Re-enable weak (<1024 bit) DH keys
sed -i.bak 's/dh_size < [0-9]\+/dh_size < 512/g' ssl/s3_clnt.c
rm ssl/s3_clnt.c.bak
# Break the weak DH key test so OpenSSL compiles
sed -i.bak 's/dhe512/zzz/g' test/testssl
rm test/testssl.bak
popd

%build

pushd weak_openssl
./config \
	enable-weak-ssl-ciphers \
	no-dso no-shared \
	enable-ssl2 enable-ssl3 \
	zlib
make CC="gcc $RPM_OPT_FLAGS" depend %{?_smp_flags}

make CC="gcc $RPM_OPT_FLAGS" build_libs %{?_smp_flags}
popd

# set version according to Changelog
export GIT_VERSION="$(grep -E -o -m 1 "[0-9]+\.[0-9]+\.[0-9]+" Changelog)-rbsec"

make \
	CFLAGS="%{optflags} -D__USE_GNU -I$(pwd)/weak_openssl/include" \
	LDFLAGS="-L$(pwd)/weak_openssl" \
	LIBS=" -lssl -lcrypto -lz" \
	GIT_VERSION="$GIT_VERSION" %{?_smp_flags}

%install
%makeinstall

chmod -x %{buildroot}/%{_mandir}/man1/%{name}.1

%clean
%{?buildroot:%__rm -rf "%{buildroot}"}

%files
%defattr(-,root,root)
%doc Changelog TODO README.md
%{_bindir}/sslscan
%{_mandir}/man1/sslscan.1.gz

%changelog
openSUSE Build Service is sponsored by
Places