Nmap Development mailing list archives
[Patch] Ncat --ssl option when OpenSSL is not compiled in
From: Jay Bosamiya <jaybosamiya () gmail com>
Date: Mon, 19 May 2014 13:03:59 +0530
Hi all! I noticed the following item in the todo list o When Ncat is compiled without OpenSSL, we should still accept the --ssl argument and just give an error message noting that SSL was not compiled in. This reduces confusion for users (e.g. http://seclists.org/nmap-dev/2013/q3/579)In this respect, I would like to point out that if we just accept --ssl, show an error and then continue on, then at times, the user may unwittingly do something insecure. Hence the proper thing to do would be to show an error and terminate.
Using the above idea, I have made a patch (attached).Note: You may notice that if HAVE_OPENSSL is not defined, then some options (--ssl-cert, --ssl-key, ssl-trustfile) are set to have optional arguments. This is because we want to show an error message even if the argument is missing.
The rest of the patch is pretty self explanatory. Cheers Jay
Attachment:
openssl.patch
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [Patch] Ncat --ssl option when OpenSSL is not compiled in Jay Bosamiya (May 19)
- Re: [Patch] Ncat --ssl option when OpenSSL is not compiled in Daniel Miller (May 21)