第2回社内セキュリティ共有勉強会に参加した際に初めて知った単語
TLSのセッション情報を確認できるツールらしい
結論としてdebian8で使ってみようとしたが、できなかった話
以下を参考に実施してみた
サーバ側のSSL Session Cache状況を確認する「rfc5077」というツールが便利
rfc5077-clientをDebian上でビルドしたい
を参考に実施した
# git clone https://github.com/vincentbernat/rfc5077.git # aptitude install libnspr4-dev libev-dev libssl-dev libnss3-dev make gcc ... # git submodule init Submodule 'http-parser' (https://github.com/joyent/http-parser) registered for path 'http-parser' Submodule 'httpagentparser' (git://github.com/shon/httpagentparser.git) registered for path 'httpagentparser' # git submodule update Cloning into 'http-parser'... remote: Counting objects: 1460, done. remote: Total 1460 (delta 0), reused 0 (delta 0), pack-reused 1460 Receiving objects: 100% (1460/1460), 659.95 KiB | 341.00 KiB/s, done. Resolving deltas: 100% (897/897), done. Checking connectivity... done. Submodule path 'http-parser': checked out '1ca7de52587f19cb87a28b8ace2e0f2e6cfcde7f' Cloning into 'httpagentparser'... remote: Counting objects: 591, done. remote: Total 591 (delta 0), reused 0 (delta 0), pack-reused 591 Receiving objects: 100% (591/591), 630.40 KiB | 160.00 KiB/s, done. Resolving deltas: 100% (265/265), done. Checking connectivity... done. Submodule path 'httpagentparser': checked out '920af88989f6dd8eb6f628505d039df8b65c880e' # make cc -g -Werror -Wall -ansi -std=c99 -D_DEFAULT_SOURCE -D_GNU_SOURCE -c -o rfc5077-client.o rfc5077-client.c rfc5077-client.c: In function ‘resultinfo_display’: rfc5077-client.c:135:6: error: implicit declaration of function ‘SSL_SESSION_get0_cipher’ [-Werror=implicit-function-declaration] SSL_CIPHER_get_name(SSL_SESSION_get0_cipher(x)), ^ rfc5077-client.c:135:26: error: passing argument 1 of ‘SSL_CIPHER_get_name’ makes pointer from integer without a cast [-Werror] SSL_CIPHER_get_name(SSL_SESSION_get0_cipher(x)), ^ In file included from rfc5077-client.c:23:0: /usr/include/openssl/ssl.h:1834:13: note: expected ‘const struct SSL_CIPHER *’ but argument is of type ‘int’ const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); ^ rfc5077-client.c:154:5: error: implicit declaration of function ‘SSL_SESSION_get_master_key’ [-Werror=implicit-function-declaration] size_t master_key_len = SSL_SESSION_get_master_key(x, NULL, 0); ^ rfc5077-client.c:170:6: error: implicit declaration of function ‘SSL_SESSION_has_ticket’ [-Werror=implicit-function-declaration] SSL_SESSION_has_ticket(x)?"✔":"✘", ^ rfc5077-client.c: In function ‘resultinfo_write’: rfc5077-client.c:207:33: error: passing argument 1 of ‘SSL_CIPHER_get_name’ makes pointer from integer without a cast [-Werror] SSL_CIPHER_get_name(SSL_SESSION_get0_cipher(x)), ^ In file included from rfc5077-client.c:23:0: /usr/include/openssl/ssl.h:1834:13: note: expected ‘const struct SSL_CIPHER *’ but argument is of type ‘int’ const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); ^ rfc5077-client.c: In function ‘main’: rfc5077-client.c:381:3: error: implicit declaration of function ‘TLS_client_method’ [-Werror=implicit-function-declaration] if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) ^ rfc5077-client.c:381:26: error: passing argument 1 of ‘SSL_CTX_new’ makes pointer from integer without a cast [-Werror] if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) ^ In file included from rfc5077-client.c:23:0: /usr/include/openssl/ssl.h:1820:10: note: expected ‘const struct SSL_METHOD *’ but argument is of type ‘int’ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); ^ cc1: all warnings being treated as errors <builtin>: recipe for target 'rfc5077-client.o' failed make: *** [rfc5077-client.o] Error 1