security/sslscan/files/patch-sslscan.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

--- sslscan.c.orig	2009-09-01 14:35:59.000000000 +0200
+++ sslscan.c	2015-03-07 23:26:34.286277205 +0100
@@ -41,6 +41,7 @@
 #include <openssl/pkcs12.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include <netinet/in.h>
 
 // Defines...
 #define false 0
@@ -563,6 +564,7 @@
 					}
 					if (options->xmlOutput != 0)
 						fprintf(options->xmlOutput, " sslversion=\"");
+#ifndef OPENSSL_NO_SSL2
 					if (sslCipherPointer->sslMethod == SSLv2_client_method())
 					{
 						if (options->xmlOutput != 0)
@@ -571,8 +573,11 @@
 							printf("SSLv2 || ");
 						else
 							printf("SSLv2  ");
-					}
-					else if (sslCipherPointer->sslMethod == SSLv3_client_method())
+					} 
+					else
+#endif
+#ifndef OPENSSL_NO_SSL3
+					if (sslCipherPointer->sslMethod == SSLv3_client_method())
 					{
 						if (options->xmlOutput != 0)
 							fprintf(options->xmlOutput, "SSLv3\" bits=\"");
@@ -582,6 +587,7 @@
 							printf("SSLv3  ");
 					}
 					else
+#endif
 					{
 						if (options->xmlOutput != 0)
 							fprintf(options->xmlOutput, "TLSv1\" bits=\"");
@@ -688,6 +694,7 @@
 						cipherStatus = SSL_connect(ssl);
 						if (cipherStatus == 1)
 						{
+#ifndef OPENSSL_NO_SSL2
 							if (sslMethod == SSLv2_client_method())
 							{
 								if (options->xmlOutput != 0)
@@ -697,7 +704,10 @@
 								else
 									printf("    SSLv2  ");
 							}
-							else if (sslMethod == SSLv3_client_method())
+							else 
+#endif
+#ifndef OPENSSL_NO_SSL3
+							if (sslMethod == SSLv3_client_method())
 							{
 								if (options->xmlOutput != 0)
 									fprintf(options->xmlOutput, "  <defaultcipher sslversion=\"SSLv3\" bits=\"");
@@ -707,6 +717,7 @@
 									printf("    SSLv3  ");
 							}
 							else
+#endif
 							{
 								if (options->xmlOutput != 0)
 									fprintf(options->xmlOutput, "  <defaultcipher sslversion=\"TLSv1\" bits=\"");
@@ -1192,18 +1203,26 @@
 		switch (options->sslVersion)
 		{
 			case ssl_all:
+#ifndef OPENSSL_NO_SSL2
 				status = defaultCipher(options, SSLv2_client_method());
 				if (status != false)
+#endif
+#ifndef OPENSSL_NO_SSL3
 					status = defaultCipher(options, SSLv3_client_method());
 				if (status != false)
+#endif
 					status = defaultCipher(options, TLSv1_client_method());
 				break;
+#ifndef OPENSSL_NO_SSL2
 			case ssl_v2:
 				status = defaultCipher(options, SSLv2_client_method());
 				break;
+#endif
+#ifndef OPENSSL_NO_SSL3
 			case ssl_v3:
 				status = defaultCipher(options, SSLv3_client_method());
 				break;
+#endif
 			case tls_v1:
 				status = defaultCipher(options, TLSv1_client_method());
 				break;
@@ -1415,16 +1434,24 @@
 			switch (options.sslVersion)
 			{
 				case ssl_all:
+#ifndef OPENSSL_NO_SSL2
 					populateCipherList(&options, SSLv2_client_method());
+#endif
+#ifndef OPENSSL_NO_SSL3
 					populateCipherList(&options, SSLv3_client_method());
+#endif
 					populateCipherList(&options, TLSv1_client_method());
 					break;
+#ifndef OPENSSL_NO_SSL2
 				case ssl_v2:
 					populateCipherList(&options, SSLv2_client_method());
 					break;
+#endif
+#ifndef OPENSSL_NO_SSL3
 				case ssl_v3:
 					populateCipherList(&options, SSLv3_client_method());
 					break;
+#endif
 				case tls_v1:
 					populateCipherList(&options, TLSv1_client_method());
 					break;