Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[Patch] Ncat --ssl option when OpenSSL is not compiled in

From: Jay Bosamiya <jaybosamiya () gmail com>
Date: Mon, 19 May 2014 13:03:59 +0530
Hi all!

I noticed the following item in the todo list

o When Ncat is compiled without OpenSSL, we should still accept the
  --ssl argument and just give an error message noting that SSL was not
  compiled in.  This reduces confusion for users
  (e.g. http://seclists.org/nmap-dev/2013/q3/579)
In this respect, I would like to point out that if we just accept --ssl, show an error and then continue on, then at times, the user may unwittingly do something insecure. Hence the proper thing to do would be to show an error and terminate. 

Using the above idea, I have made a patch (attached).
Note: You may notice that if HAVE_OPENSSL is not defined, then some options (--ssl-cert, --ssl-key, ssl-trustfile) are set to have optional arguments. This is because we want to show an error message even if the argument is missing. 

The rest of the patch is pretty self explanatory.

Cheers
Jay

Attachment: openssl.patch
Description: 

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: