rfc5077をインストールできなかった話

第2回社内セキュリティ共有勉強会に参加した際に初めて知った単語

TLSのセッション情報を確認できるツールらしい
結論としてdebian8で使ってみようとしたが、できなかった話

以下を参考に実施してみた
サーバ側のSSL Session Cache状況を確認する「rfc5077」というツールが便利
rfc5077-clientをDebian上でビルドしたい
を参考に実施した

# git clone https://github.com/vincentbernat/rfc5077.git
# aptitude install libnspr4-dev libev-dev libssl-dev libnss3-dev make gcc
...
# git submodule init
Submodule 'http-parser' (https://github.com/joyent/http-parser) registered for path 'http-parser'
Submodule 'httpagentparser' (git://github.com/shon/httpagentparser.git) registered for path 'httpagentparser'
# git submodule update
Cloning into 'http-parser'...
remote: Counting objects: 1460, done.
remote: Total 1460 (delta 0), reused 0 (delta 0), pack-reused 1460
Receiving objects: 100% (1460/1460), 659.95 KiB | 341.00 KiB/s, done.
Resolving deltas: 100% (897/897), done.
Checking connectivity... done.
Submodule path 'http-parser': checked out '1ca7de52587f19cb87a28b8ace2e0f2e6cfcde7f'
Cloning into 'httpagentparser'...
remote: Counting objects: 591, done.
remote: Total 591 (delta 0), reused 0 (delta 0), pack-reused 591
Receiving objects: 100% (591/591), 630.40 KiB | 160.00 KiB/s, done.
Resolving deltas: 100% (265/265), done.
Checking connectivity... done.
Submodule path 'httpagentparser': checked out '920af88989f6dd8eb6f628505d039df8b65c880e'
# make
cc -g -Werror -Wall -ansi -std=c99 -D_DEFAULT_SOURCE -D_GNU_SOURCE   -c -o rfc5077-client.o rfc5077-client.c
rfc5077-client.c: In function ‘resultinfo_display’:
rfc5077-client.c:135:6: error: implicit declaration of function ‘SSL_SESSION_get0_cipher’ [-Werror=implicit-function-declaration]
      SSL_CIPHER_get_name(SSL_SESSION_get0_cipher(x)),
      ^
rfc5077-client.c:135:26: error: passing argument 1 of ‘SSL_CIPHER_get_name’ makes pointer from integer without a cast [-Werror]
      SSL_CIPHER_get_name(SSL_SESSION_get0_cipher(x)),
                          ^
In file included from rfc5077-client.c:23:0:
/usr/include/openssl/ssl.h:1834:13: note: expected ‘const struct SSL_CIPHER *’ but argument is of type ‘int’
 const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
             ^
rfc5077-client.c:154:5: error: implicit declaration of function ‘SSL_SESSION_get_master_key’ [-Werror=implicit-function-declaration]
     size_t master_key_len = SSL_SESSION_get_master_key(x, NULL, 0);
     ^
rfc5077-client.c:170:6: error: implicit declaration of function ‘SSL_SESSION_has_ticket’ [-Werror=implicit-function-declaration]
      SSL_SESSION_has_ticket(x)?"✔":"✘",
      ^
rfc5077-client.c: In function ‘resultinfo_write’:
rfc5077-client.c:207:33: error: passing argument 1 of ‘SSL_CIPHER_get_name’ makes pointer from integer without a cast [-Werror]
             SSL_CIPHER_get_name(SSL_SESSION_get0_cipher(x)),
                                 ^
In file included from rfc5077-client.c:23:0:
/usr/include/openssl/ssl.h:1834:13: note: expected ‘const struct SSL_CIPHER *’ but argument is of type ‘int’
 const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
             ^
rfc5077-client.c: In function ‘main’:
rfc5077-client.c:381:3: error: implicit declaration of function ‘TLS_client_method’ [-Werror=implicit-function-declaration]
   if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL)
   ^
rfc5077-client.c:381:26: error: passing argument 1 of ‘SSL_CTX_new’ makes pointer from integer without a cast [-Werror]
   if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL)
                          ^
In file included from rfc5077-client.c:23:0:
/usr/include/openssl/ssl.h:1820:10: note: expected ‘const struct SSL_METHOD *’ but argument is of type ‘int’
 SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
          ^
cc1: all warnings being treated as errors
<builtin>: recipe for target 'rfc5077-client.o' failed
make: *** [rfc5077-client.o] Error 1

コメントを残す

メールアドレスが公開されることはありません。 * が付いている欄は必須項目です

CAPTCHA