Nmap Development mailing list archives

Re: [NSE][PATCH] OpenSSL bindings for NSE

From: Sven Klemm <sven () c3d2 de>
Date: Thu, 04 Sep 2008 23:26:52 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Fifield wrote:
| On Wed, Sep 03, 2008 at 05:51:00PM -0600, Patrick Donnelly wrote:
|> On Wed, Sep 3, 2008 at 5:07 PM, Fyodor <fyodor () insecure org> wrote:
|>> I like Patrick's patch which prevents a missing OpenSSL from halting
|>> all of NSE and prints a message instead.  But we may also want to
|>> modify at least some of the relevant scripts to just return "" at the
|>> beginning if OpenSSL is missing.  Particularly for any "default"
|>> category scripts.  People should not receive the same error message
|>> every time they run nmap (with scripting) just because they don't have
|>> the optional OpenSSL library.
|> Perhaps the message should be printed if verbose is set? I don't see a
|> cleaner way around this. I believe you meant to return "" in the
|> action function? The problem is when the script is initially loaded
|> (executed after compilation). The script could set placeholder
|> hostrule and action functions which immediately return false and nil
|> respectively. This seems like an ugly hack to me.
|
| Can you check for nmap.have_ssl before including the openssl module? Put
| a check for have_ssl in two places: around the "require" line for
| openssl and in the hostrule.

The easiest solution is probably to move the require for openssl in
the action function and check for have_ssl in the portrule function.
Default scripts could do it that way so we can always show require
errors, otherwise bugs might go unnoticed.

| Woudl it be possible to compile a dummy openssl module when OpenSSL
| isn't available or requested, one that could be loaded but didn't have
| any functions? Then you would need only one have_ssl check per script.

You can only have one check per script without a dummy module, see above.

Cheers,
Sven

- --
Sven Klemm
http://cthulhu.c3d2.de/~sven/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkjAUpsACgkQevlgTHEIT4bVNACeL/wiAyXfYSkYRWAM8isR58lK
i0kAn1ueHul8nAWKtK4gh5eBv1HdQKIY
=N5mx
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Aug 31)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 01)
  - Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Sep 02)
  - Re: [NSE][PATCH] OpenSSL bindings for NSE Ron (Sep 02)
  - Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Sep 03)
    - Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 03)
    - Re: [NSE][PATCH] OpenSSL bindings for NSE Patrick Donnelly (Sep 03)
    - Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 03)
    - Re: [NSE][PATCH] OpenSSL bindings for NSE Patrick Donnelly (Sep 04)
    - Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Sep 03)
    - Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Sep 04)
    - Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 04)
- Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Sep 03)
  - Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Sep 03)
    - Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Sep 03)
    - Re: [NSE][PATCH] OpenSSL bindings for NSE Patrick Donnelly (Sep 03)
    - Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Sep 03)
    - Re: [NSE][PATCH] OpenSSL bindings for NSE Patrick Donnelly (Sep 03)
    - Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Sep 03)
  - Re: [NSE][PATCH] OpenSSL bindings for NSE Patrick Donnelly (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Ron (Sep 04)

(Thread continues...)