diff options
| author | Elis Hirwing <elis@hirwing.se> | 2017-09-23 11:48:51 +0200 |
|---|---|---|
| committer | Elis Hirwing <elis@hirwing.se> | 2017-09-24 16:59:15 +0200 |
| commit | 02d9d40d99d5a47e5e252dfe51451fe445cd2459 (patch) | |
| tree | 50a9c392228343d8bd03228476158acbc00f376a /pkgs/applications/networking/testssl | |
| parent | 8525b78d054ac7ef2c43057d54403846b2d07ccc (diff) | |
testssl.sh: init at 2.9.5-1
Add testssl.sh which is a nice utility for testing TLS/SSL capabilities of servers without having to use any kind of web-service. It's very useful for testing setups of services before deployment and such.
Diffstat (limited to 'pkgs/applications/networking/testssl')
| -rw-r--r-- | pkgs/applications/networking/testssl/default.nix | 45 | ||||
| -rw-r--r-- | pkgs/applications/networking/testssl/testssl.patch | 10 |
2 files changed, 55 insertions, 0 deletions
diff --git a/pkgs/applications/networking/testssl/default.nix b/pkgs/applications/networking/testssl/default.nix new file mode 100644 index 0000000000000..dc7c961856d63 --- /dev/null +++ b/pkgs/applications/networking/testssl/default.nix @@ -0,0 +1,45 @@ +{ stdenv, fetchFromGitHub, pkgs }: + +stdenv.mkDerivation rec { + version = "2.9.5-1"; + name = "testssl.sh-${version}"; + + src = fetchFromGitHub { + owner = "drwetter"; + repo = "testssl.sh"; + rev = "v${version}"; + sha256 = "0hz6g685jwl0c0jrdca746425xpwiwc8lnlc2gigga5hkcq8qzl9"; + }; + + nativeBuildInputs = with pkgs; [ + makeWrapper + ]; + + patches = [ ./testssl.patch ]; + + pwdBinPath = "${stdenv.lib.makeBinPath (with pkgs; [ coreutils ])}/pwd"; + opensslBinPath = "${stdenv.lib.makeBinPath (with pkgs; [ openssl ])}/openssl"; + postPatch = '' + sed -i -e "s|/bin/pwd|${pwdBinPath}|g" \ + -e "s|TESTSSL_INSTALL_DIR:-\"\"|TESTSSL_INSTALL_DIR:-\"$out\"|g" \ + -e "s|OPENSSL:-\"\"|OPENSSL:-\"${opensslBinPath}\"|g" \ + testssl.sh + ''; + + installPhase = '' + mkdir -p $out/bin $out/etc + cp -r etc/ $out/ + cp testssl.sh $out/bin/testssl.sh + ''; + + meta = with stdenv.lib; { + description = "CLI tool to check a server's TLS/SSL capabilities"; + longDescription = '' + CLI tool which checks a server's service on any port for the support of + TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more. + ''; + homepage = https://testssl.sh/; + license = licenses.gpl2; + maintainers = [ maintainers.etu ]; + }; +} diff --git a/pkgs/applications/networking/testssl/testssl.patch b/pkgs/applications/networking/testssl/testssl.patch new file mode 100644 index 0000000000000..d5269c7370845 --- /dev/null +++ b/pkgs/applications/networking/testssl/testssl.patch @@ -0,0 +1,10 @@ +--- testssl/testssl.sh 2017-09-24 16:53:29.395263437 +0200 ++++ testssl-new/testssl.sh 2017-09-24 16:53:41.221154492 +0200 +@@ -165,6 +165,7 @@ + # following variables make use of $ENV, e.g. OPENSSL=<myprivate_path_to_openssl> ./testssl.sh <host> + # 0 means (normally) true here. Some of the variables are also accessible with a command line switch, see --help + declare -x OPENSSL OPENSSL_TIMEOUT ++OPENSSL=${OPENSSL:-""} + FAST_SOCKET=${FAST_SOCKET:-false} # EXPERIMENTAL feature to accelerate sockets -- DO NOT USE it for production + COLOR=${COLOR:-2} # 2: Full color, 1: b/w+positioning, 0: no ESC at all + COLORBLIND=${COLORBLIND:-false} # if true, swap blue and green in the output |