File: make-openssl111.sh

package info (click to toggle)
testssl.sh 3.0.8%2Bdfsg-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 4,868 kB
  • sloc: sh: 19,059; perl: 975; makefile: 10
file content (98 lines) | stat: -rwxr-xr-x 2,592 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
 
#!/bin/bash
#
#  vim:tw=90:ts=5:sw=5
#
# Script compiling OpenSSL 1.1.1 from github. Not yet particular sophisticated.
# Just meant to provide a help to get the compile job done

echo
echo "#####################################################"
echo "#######    Build script for openssl 1.1.1     #######"
echo "#######  (contains some weak cryptography)    #######"
echo "#####################################################"
echo

OPT11="enable-tls1_3 enable-ec_nistp_64_gcc_128 sctp enable-aria enable-asan enable-rc5 \
enable-ssl3 enable-ssl3-method enable-dynamic-engine enable-ssl-trace \
-DOPENSSL_TLS_SECURITY_LEVEL=0 "

STDOPTIONS="--prefix=/usr/ --openssldir=/etc/ssl -DOPENSSL_USE_BUILD_DATE enable-zlib \
enable-heartbeats enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers zlib no-shared \
enable-rc2 enable-gost enable-cms enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
enable-seed enable-camellia enable-idea enable-rfc3779"

grep OPENSSL_VERSION_TEXT include/openssl/opensslv.h | grep -q 1.1.1 && STDOPTIONS="$STDOPTIONS $OPT11"

clean() {
	case $NOCLEAN in
		yes|Y|YES) ;;
		*) make clean ;;
	esac
	#[ $? -ne 0 ] && error "no openssl directory"
	return 0
}

error() {
	tput bold
	echo "ERROR $1"
	tput sgr0
	exit 2
}

makeall() {
	make depend && make -j2 # && make report
	if [ $? -ne 0 ]; then
#FIXME: we need another error handler, as a failure doesn't mean here anymore a return status of 1
		error "making"
		return 1
	fi
	return 0
}

copyfiles() {
	echo; apps/openssl version -a; echo
	cp -p apps/openssl ../openssl.$(uname).$(uname -m).$1
	echo
	return $?
}


case $(uname -m) in
	"i686") clean
		if [[ "$1" = krb ]]; then
			name2add=krb
			./config $STDOPTIONS --with-krb5-flavor=MIT
		else
			name2add=static
			#export CFLAGS='-fPIC'
			./config $STDOPTIONS -static
		fi
		[ $? -ne 0 ] && error "configuring"
		makeall && copyfiles "$name2add"
		[ $? -ne 0 ] && error "copying files"
		apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l
		echo
		echo "------------ all ok ------------"
		echo
		;;
	"x86_64") clean
		if [[ "$1" = krb ]]; then
			name2add=krb
			./config $STDOPTIONS --with-krb5-flavor=MIT
		else
			name2add=static
			./config $STDOPTIONS -static
		fi
		[ $? -ne 0 ] && error "configuring"
		makeall && copyfiles "$name2add"
		[ $? -ne 0 ] && error "copying files"
		# see ciphers(1), SSL_CTX_set_security_level(3)
		apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL:@SECLEVEL=0' | wc -l
		echo
		echo "------------ all ok ------------"
		echo
		;;
	*)	echo " Sorry, don't know this architecture $(uname -m)"
		exit 1
		;;
esac