Nmap Development mailing list archives
Re: [NSE][PATCH] OpenSSL bindings for NSE
From: Sven Klemm <sven () c3d2 de>
Date: Thu, 04 Sep 2008 23:26:52 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Fifield wrote: | On Wed, Sep 03, 2008 at 05:51:00PM -0600, Patrick Donnelly wrote: |> On Wed, Sep 3, 2008 at 5:07 PM, Fyodor <fyodor () insecure org> wrote: |>> I like Patrick's patch which prevents a missing OpenSSL from halting |>> all of NSE and prints a message instead. But we may also want to |>> modify at least some of the relevant scripts to just return "" at the |>> beginning if OpenSSL is missing. Particularly for any "default" |>> category scripts. People should not receive the same error message |>> every time they run nmap (with scripting) just because they don't have |>> the optional OpenSSL library. |> Perhaps the message should be printed if verbose is set? I don't see a |> cleaner way around this. I believe you meant to return "" in the |> action function? The problem is when the script is initially loaded |> (executed after compilation). The script could set placeholder |> hostrule and action functions which immediately return false and nil |> respectively. This seems like an ugly hack to me. | | Can you check for nmap.have_ssl before including the openssl module? Put | a check for have_ssl in two places: around the "require" line for | openssl and in the hostrule. The easiest solution is probably to move the require for openssl in the action function and check for have_ssl in the portrule function. Default scripts could do it that way so we can always show require errors, otherwise bugs might go unnoticed. | Woudl it be possible to compile a dummy openssl module when OpenSSL | isn't available or requested, one that could be loaded but didn't have | any functions? Then you would need only one have_ssl check per script. You can only have one check per script without a dummy module, see above. Cheers, Sven - -- Sven Klemm http://cthulhu.c3d2.de/~sven/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjAUpsACgkQevlgTHEIT4bVNACeL/wiAyXfYSkYRWAM8isR58lK i0kAn1ueHul8nAWKtK4gh5eBv1HdQKIY =N5mx -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Aug 31)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 01)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Sep 02)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Ron (Sep 02)
- Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Patrick Donnelly (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Patrick Donnelly (Sep 04)
- Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Sep 04)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 01)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 04)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Patrick Donnelly (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Patrick Donnelly (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Sep 03)