Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Current SVN fails to build / link on CentOS 5.5 (MD2)

From: David Fifield <david () bamsoftware com>
Date: Thu, 19 Aug 2010 17:19:37 -0600
On Wed, Aug 18, 2010 at 11:51:30PM +0000, Brandon Enright wrote:


On Wed, 18 Aug 2010 17:49:45 -0600
David Fifield <david () bamsoftware com> wrote:


On Wed, Aug 18, 2010 at 04:36:57PM -0700, alexandru wrote:

I should also note that, by default, Nmap doesn't compile against a
'vanilla' installation of openssl-1, as new versions are compiled
without MD2 support by default. (hence the ./config enable-md2 line
above).

I see the Macports people have dealt with it by removing MD2 from
Nmap:

    patch:
https://trac.macports.org/attachment/ticket/25593/nse_openssl.cc.diff
ticket: https://trac.macports.org/ticket/25593

Seems like MD2 support should either be dropped from Nmap, offered
as a config option, or an implementation should be shipped with
Nmap itself, otherwise users would need to recompile OpenSSL-1.x.x


I'm fine with ripping out support for MD2. That's part of Vlatko's
Android patch too. Does anyone have a reason to keep it? If it's not
in OpenSSL, it's not going to be in a lot of software for very long.


Several months ago I tried and failed to find an SSL cert still signed
with MD2 in the wild.


Do you mind taking care of this Alexandru? Just remove the md2 function
from nse_openssl.cc and nselib/openssl.luadoc, and note it in CHANGELOG.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: