Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Current SVN fails to build / link on CentOS 5.5 (MD2)

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 18 Aug 2010 23:51:30 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 18 Aug 2010 17:49:45 -0600
David Fifield <david () bamsoftware com> wrote:


On Wed, Aug 18, 2010 at 04:36:57PM -0700, alexandru wrote:

I should also note that, by default, Nmap doesn't compile against a
'vanilla' installation of openssl-1, as new versions are compiled
without MD2 support by default. (hence the ./config enable-md2 line
above).

I see the Macports people have dealt with it by removing MD2 from
Nmap:

    patch:
https://trac.macports.org/attachment/ticket/25593/nse_openssl.cc.diff
ticket: https://trac.macports.org/ticket/25593

Seems like MD2 support should either be dropped from Nmap, offered
as a config option, or an implementation should be shipped with
Nmap itself, otherwise users would need to recompile OpenSSL-1.x.x


I'm fine with ripping out support for MD2. That's part of Vlatko's
Android patch too. Does anyone have a reason to keep it? If it's not
in OpenSSL, it's not going to be in a lot of software for very long.

David Fifield



Several months ago I tried and failed to find an SSL cert still signed
with MD2 in the wild.

Lets ax it.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)

iEYEARECAAYFAkxscgoACgkQqaGPzAsl94J76gCffEWi4WcSULx40dIQg9x7oZJ1
b4wAoIPn+BlximYfW0N8nYXOVDBazpJm
=1tHA
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: