LibreSSL support

[vaygr]

It'd be great to be able to build tls-scan with LibreSSL as it'll improve portability by a lot.

There are several things here:

1. There's no ASN1_TIME_diff() in LibreSSL. Some simply backport that function for compatibility.
2. For COMP_METHOD support it needs to have an additional <openssl/comp.h> include, but there's no SSL_COMP_free_compression_methods() though.
3. SSL_get_server_tmp_key() and X509_check_host() didn't exist in older versions, but as of 2.5.5 they're there.
4. SSLv2_client_method() was dropped long time ago as an insecure and is not present in any version whatsoever.

The most of these can be resolved by ifdef's I think.

[prbinu]

Thank you Vlad for the support request. The primary reason to use PeterMosmans openssl is to use deprecated/insecure ciphers and SSL versions for security scanning. New TLS libraries (e.g. golang) implementation doesn't support insecure cipher/ssl versions, and I believe the same with LibreSSL. Correct me if I'm wrong.

For portability, we tested it on MacOS and Linux natively and have Docker solution as well. Though not tested, i expect this tool to be easily be built on any platform supported by openssl.

[vaygr]

Ah, right, I suspected it was the reason. Thanks.

So for packaging for our distro, I can simply re-use that OpenSSL tarball, and as I tested zlib and libevent system libraries work just fine and can be linked against.

[prbinu]

Which distro are you referring?

[vaygr]

It's pretty specific, Source Mage.

[prbinu]

thanks!