Add support to listsuites to list ciphers allowed by policy
This commit is contained in:
parent
e666a29edf
commit
90700e6be2
111
listsuites-do-queries.patch
Normal file
111
listsuites-do-queries.patch
Normal file
@ -0,0 +1,111 @@
|
||||
--- ./cmd/listsuites/listsuites.c.do_queries 2016-05-17 00:58:45.000000000 -0700
|
||||
+++ ./cmd/listsuites/listsuites.c 2016-06-23 09:39:10.563925342 -0700
|
||||
@@ -7,19 +7,48 @@
|
||||
*
|
||||
* Try: ./listsuites | grep -v : | sort -b +4rn -5 +1 -2 +2 -3 +3 -4 +5r -6
|
||||
*/
|
||||
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include "secport.h"
|
||||
#include "ssl.h"
|
||||
+#include "plgetopt.h"
|
||||
+#include "secutil.h"
|
||||
+#include "utilpars.h"
|
||||
+#include "nspr.h"
|
||||
+#include "nss.h"
|
||||
+
|
||||
+static const char *progName = "listsuites";
|
||||
+char *ignoreVar;
|
||||
+
|
||||
+static char *policy_file_path(char *path)
|
||||
+{
|
||||
+ return (PR_Access(path, PR_ACCESS_READ_OK) == PR_SUCCESS) ? path : "";
|
||||
+}
|
||||
+
|
||||
+static char *ignore_system_policy_value(char *var)
|
||||
+{
|
||||
+ ignoreVar = PR_GetEnvSecure(var);
|
||||
+ return ignoreVar != NULL ? ignoreVar : "";
|
||||
+}
|
||||
+
|
||||
+void Usage(const char *progName)
|
||||
+{
|
||||
+ fprintf(stderr,
|
||||
+ "\nList cipher suites or parse a policy file or query\n"
|
||||
+ "Usage: %s [-i policy_file] file to parse (default is list)\n",
|
||||
+ progName);
|
||||
+ exit(1);
|
||||
+}
|
||||
+
|
||||
|
||||
int
|
||||
-main(int argc, char **argv)
|
||||
+list_suites(void)
|
||||
{
|
||||
const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
|
||||
int i;
|
||||
int errCount = 0;
|
||||
|
||||
fputs("This version of libSSL supports these cipher suites:\n\n", stdout);
|
||||
|
||||
/* disable all the SSL3 cipher suites */
|
||||
@@ -56,8 +85,58 @@
|
||||
info.effectiveKeyBits, info.macAlgorithmName,
|
||||
enabled ? "Enabled" : "Disabled",
|
||||
info.isFIPS ? "FIPS" : "",
|
||||
info.isExportable ? "Export" : "Domestic",
|
||||
info.nonStandard ? "nonStandard" : "");
|
||||
}
|
||||
return errCount;
|
||||
}
|
||||
+
|
||||
+int
|
||||
+main(int argc, char **argv)
|
||||
+{
|
||||
+ PLOptState *optstate = NULL;
|
||||
+ PLOptStatus status;
|
||||
+ SECStatus rv;
|
||||
+ FILE *inFile;
|
||||
+ char *ev, *path;
|
||||
+
|
||||
+ optstate = PL_CreateOptState(argc, argv, "?hi:p:q:lL");
|
||||
+ while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
|
||||
+ switch (optstate->option) {
|
||||
+ case '?':
|
||||
+ case 'h':
|
||||
+ Usage(progName);
|
||||
+ break;
|
||||
+ case 'p':
|
||||
+ path = (char *)optstate->value;
|
||||
+ fprintf(stdout, "%s=%s\n", path, policy_file_path(path));
|
||||
+ break;
|
||||
+ case 'q':
|
||||
+ ev = (char *)optstate->value;
|
||||
+ fprintf(stdout, "%s=%s\n", ev, ignore_system_policy_value(ev));
|
||||
+ break;
|
||||
+ case 'i':
|
||||
+ rv = SECSuccess;
|
||||
+ inFile = fopen(optstate->value, "r");
|
||||
+ if (!inFile) {
|
||||
+ fprintf(stderr,
|
||||
+ "%s: unable to open \"%s\" for reading\n",
|
||||
+ progName, optstate->value);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ rv = SECFailure;/*ParseCryptoPolicy(optstate->value);*/
|
||||
+ fclose(inFile);
|
||||
+ return (rv == SECSuccess) ? 0 : 1;
|
||||
+ break;
|
||||
+ case 'l':
|
||||
+ case 'L':
|
||||
+ return list_suites();
|
||||
+ break;
|
||||
+ default:
|
||||
+ Usage(progName);
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
7
nss.spec
7
nss.spec
@ -21,7 +21,7 @@ Name: nss
|
||||
Version: 3.25.0
|
||||
# for Rawhide, please always use release >= 2
|
||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Group: System Environment/Libraries
|
||||
@ -100,6 +100,7 @@ Patch60: nss-conditionally-ignore-system-policy.patch
|
||||
Patch62: nss-skip-util-gtest.patch
|
||||
# TODO: file a bug upstream similar to the one for rsaperf
|
||||
Patch70: nss-skip-ecperf.patch
|
||||
Patch71: listsuites-do-queries.patch
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
@ -185,6 +186,7 @@ pushd nss
|
||||
%patch60 -p1 -b .cond_ignore
|
||||
%patch62 -p0 -b .skip_util_gtest
|
||||
%patch70 -p1 -b .skip_ecperf
|
||||
%patch71 -p1 -b .do_queries
|
||||
popd
|
||||
|
||||
#########################################################
|
||||
@ -794,6 +796,9 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Jul 08 2016 Elio Maldonado <emaldona@redhat.com> - 3.25.0-6
|
||||
- Add support to listsuites to list ciphers allowed by policy
|
||||
|
||||
* Fri Jul 01 2016 Elio Maldonado <emaldona@redhat.com> - 3.25.0-5
|
||||
- Add support for conditionally ignoring the system policy (#1157720)
|
||||
- Remove unneeded test scripts patches in order to run more tests
|
||||
|
Loading…
Reference in New Issue
Block a user