rbsec
RHEL install with yum
Is there a RHEL based install for sslscan ? doesn't seem to work off the bat on my test RHEL machine - maybe a way to convert the apt based installer to a rpm based one ? thanks Tony
You should be able to compile it using make static on RHEL based distros as long as you have the required dependencies installed (whatever the distros equivalents of build-essential git zlib1g-dev are, plus the build dependencies of OpenSSL).
But in terms of an prebuilt RPM package, that would be up to the distro maintainers.
I made it far enough to get this error on a RHEL 9.1 install:
make[2]: Leaving directory '/root/sslscan/openssl'
make[1]: Leaving directory '/root/sslscan/openssl'
make -j `/usr/bin/nproc --all` sslscan STATIC_BUILD=TRUE
make[1]: Entering directory '/root/sslscan'
cc -o sslscan -Wall -Wformat=2 -Wformat-security -Wno-deprecated-declarations -pie -z relro -z now -L/root/sslscan/openssl/ -D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE -std=gnu11 -I/root/sslscan/openssl/include/ -I/root/sslscan/openssl/ -DVERSION=\"2.0.15-7-gbc46606-static\" sslscan.c -lssl -lcrypto -lz -lpthread -ldl
In file included from /usr/include/netdb.h:25,
from sslscan.c:90:
/usr/include/features.h:412:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp]
412 | # warning _FORTIFY_SOURCE requires compiling with optimization (-O)
| ^~~~~~~
make[1]: Leaving directory '/root/sslscan'
Which appears to match this issue and is caused by the gcc version according to the comments in the commit: https://github.com/znc/znc/issues/887 // https://github.com/znc/znc/commit/0734c6ac4d59bef9b785b73d80d8d0e63badd8a7
On my RHEL 9.1 server I needed to install make, perl, and zlib-devel to make it this far on top whatever was previously installed.
I also ran into the same error on an EL 8.7 server I had running. I needed to install gcc on that server in addition to the 3 above.
I ran into the same thing, trying to build an RPM for CentOS 7 (under Docker). I worked around this particular problem by adding a -O option to the line which sets _FORTIFY_SOURCE, but I ran into some other errors.
Host:
docker run -it --rm centos:7
Container:
yum -y update && yum -y install gcc git make perl-IPC-Cmd rpm-build zlib-devel zlib-static
git clone https://github.com/rbsec/sslscan
cd sslscan
sed -i '/_FORTIFY_SOURCE/s/$/ -O/' Makefile
make static
Errors:
...
make[1]: Entering directory `/root/sslscan'
cc -o sslscan -Wall -Wformat=2 -Wformat-security -Wno-deprecated-declarations -pie -z relro -z now -L/root/sslscan/openssl/ -D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE -O -std=gnu11 -I/root/sslscan/openssl/include/ -I/root/sslscan/openssl/ -DVERSION=\"2.1.1-wip-static\" sslscan.c -lssl -lcrypto -lz -lpthread -ldl
sslscan.c: In function 'readLine':
sslscan.c:251:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result]
fgets(lineFromFile, maxSize, input);
^
sslscan.c: In function 'testFallback':
sslscan.c:1254:21: warning: 'secondMethod' may be used uninitialized in this function [-Wmaybe-uninitialized]
testFallback(options, secondMethod);
^
sslscan.c: In function 'showCertificate':
sslscan.c:2902:59: warning: 'xml_bp' may be used uninitialized in this function [-Wmaybe-uninitialized]
if (BIO_printf(xml_bp,"</serial>\n") <= 0)
^
make[1]: Leaving directory `/root/sslscan'
[root@f78722357f70 sslscan]#
