diff options
Diffstat (limited to '')
| -rw-r--r-- | debian/patches/allow_loading_config.patch | 107 | ||||
| -rw-r--r-- | debian/patches/series | 1 |
2 files changed, 108 insertions, 0 deletions
diff --git a/debian/patches/allow_loading_config.patch b/debian/patches/allow_loading_config.patch new file mode 100644 index 0000000..1f66aae --- /dev/null +++ b/debian/patches/allow_loading_config.patch @@ -0,0 +1,107 @@ +Description: Config is presumed to be in the same dir as the script, or in ./etc/ +Author: Unit 193 <unit193@debian.org> +Origin: vendor +Forwarded: not-needed +Last-Update: 2019-10-01 + +--- + testssl.sh | 24 ++++++++++++------------ + 1 file changed, 12 insertions(+), 12 deletions(-) + +--- a/testssl.sh ++++ b/testssl.sh +@@ -192,7 +192,7 @@ ADDTL_CA_FILES="${ADDTL_CA_FILES:-""}" + + ########### Tuning vars which cannot be set by a cmd line switch. Use instead e.g "HEADER_MAXSLEEP=10 ./testssl.sh <your_args_here>" + # +-TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}" # If you run testssl.sh and it doesn't find it necessary file automagically set TESTSSL_INSTALL_DIR ++TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-"/etc/testssl"}" # If you run testssl.sh and it doesn't find it necessary file automagically set TESTSSL_INSTALL_DIR + CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}" # You can have your CA stores some place else + EXPERIMENTAL=${EXPERIMENTAL:-false} # a development hook which allows us to disable code + PROXY_WAIT=${PROXY_WAIT:-20} # waiting at max 20 seconds for socket reply through proxy +@@ -2792,7 +2792,7 @@ run_hpkp() { + local -i i nrsaved + local first_hpkp_header + local spki +- local ca_hashes="$TESTSSL_INSTALL_DIR/etc/ca_hashes.txt" ++ local ca_hashes="$TESTSSL_INSTALL_DIR/ca_hashes.txt" + + if [[ ! -s $HEADERFILE ]]; then + run_http_header "$1" || return 1 +@@ -5029,9 +5029,9 @@ run_client_simulation() { + local client_service="" + + # source the external file +- . "$TESTSSL_INSTALL_DIR/etc/client-simulation.txt" 2>/dev/null ++ . "$TESTSSL_INSTALL_DIR/client-simulation.txt" 2>/dev/null + if [[ $? -ne 0 ]]; then +- prln_local_problem "couldn't find client simulation data in $TESTSSL_INSTALL_DIR/etc/client-simulation.txt" ++ prln_local_problem "couldn't find client simulation data in $TESTSSL_INSTALL_DIR/client-simulation.txt" + return 1 + fi + +@@ -7614,7 +7614,7 @@ determine_trust() { + + # if you run testssl.sh from a different path /you can set either TESTSSL_INSTALL_DIR or CA_BUNDLES_PATH to find the CA BUNDLES + if [[ -z "$CA_BUNDLES_PATH" ]]; then +- ca_bundles="$TESTSSL_INSTALL_DIR/etc/*.pem" ++ ca_bundles="$TESTSSL_INSTALL_DIR/*.pem" + else + ca_bundles="$CA_BUNDLES_PATH/*.pem" + fi +@@ -8887,7 +8887,7 @@ certificate_info() { + local certificate_list_ordering_problem="${13}" + local cert_sig_algo cert_sig_hash_algo cert_key_algo cert_spki_info + local hostcert="" +- local common_primes_file="$TESTSSL_INSTALL_DIR/etc/common-primes.txt" ++ local common_primes_file="$TESTSSL_INSTALL_DIR/common-primes.txt" + local -i lineno_matched=0 + local cert_keyusage cert_ext_keyusage short_keyAlgo + local outok=true +@@ -17956,7 +17956,7 @@ get_common_prime() { + local spaces="$3" + local pubkey dh_p="" + local -i subret=0 +- local common_primes_file="$TESTSSL_INSTALL_DIR/etc/common-primes.txt" ++ local common_primes_file="$TESTSSL_INSTALL_DIR/common-primes.txt" + local -i lineno_matched=0 + + "$HAS_PKEY" || return 2 +@@ -19952,16 +19952,16 @@ get_install_dir() { + DISPLAY_CIPHERNAMES="openssl-only" + debugme echo "$CIPHERS_BY_STRENGTH_FILE" + prln_warning "\nATTENTION: No cipher mapping file found!" +- outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/etc/\" to function correctly." ++ outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/\" to function correctly." + outln + ignore_no_or_lame "Type \"yes\" to ignore this warning and proceed at your own risk" "yes" + [[ $? -ne 0 ]] && exit $ERR_RESOURCE + fi + +- TLS_DATA_FILE="$TESTSSL_INSTALL_DIR/etc/tls_data.txt" ++ TLS_DATA_FILE="$TESTSSL_INSTALL_DIR/tls_data.txt" + if [[ ! -r "$TLS_DATA_FILE" ]]; then + prln_warning "\nATTENTION: No TLS data file found -- needed for socket-based handshakes" +- outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/etc/\" to function correctly." ++ outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/\" to function correctly." + outln + ignore_no_or_lame "Type \"yes\" to ignore this warning and proceed at your own risk" "yes" + [[ $? -ne 0 ]] && exit $ERR_RESOURCE +@@ -20029,7 +20029,7 @@ find_openssl_binary() { + # couldn't be parsed by our openssl it bailed out here with a misleading error, see #1982. + # Now we try with another version of the config file and if it still fails we bail out. + if ! $OPENSSL version -d >/dev/null 2>&1 ; then +- export OPENSSL_CONF="$TESTSSL_INSTALL_DIR/etc/openssl.cnf" ++ export OPENSSL_CONF="$TESTSSL_INSTALL_DIR/openssl.cnf" + if ! $OPENSSL version -d >/dev/null 2>&1 ; then + fatal "cannot exec or find any openssl binary" $ERR_OSSLBIN + else +@@ -20850,7 +20850,7 @@ initialize_engine(){ + else + # we have engine support. But we want to check whether an external OPENSSL_CONF was supplied. + # $TESTSSL_INSTALL_DIR/etc/openssl.cnf is an internal presetting, see #1982 +- if [[ -n "$OPENSSL_CONF" ]] && [[ "$OPENSSL_CONF" != "$TESTSSL_INSTALL_DIR/etc/openssl.cnf" ]]; then ++ if [[ -n "$OPENSSL_CONF" ]] && [[ "$OPENSSL_CONF" != "$TESTSSL_INSTALL_DIR/openssl.cnf" ]]; then + prln_warning "For now I am providing the config file to have GOST support" + else + OPENSSL_CONF=$TEMPDIR/gost.conf diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..36269e1 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +allow_loading_config.patch |