Nmap Development mailing list archives
Re: [Patch] Ncat --ssl option when OpenSSL is not compiled in
From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 21 May 2014 09:13:32 -0500
Jay, List, This looks good, please commit it! On Mon, May 19, 2014 at 2:33 AM, Jay Bosamiya <jaybosamiya () gmail com> wrote:
Hi all! I noticed the following item in the todo list o When Ncat is compiled without OpenSSL, we should still accept the --ssl argument and just give an error message noting that SSL was not compiled in. This reduces confusion for users (e.g. http://seclists.org/nmap-dev/2013/q3/579) In this respect, I would like to point out that if we just accept --ssl, show an error and then continue on, then at times, the user may unwittingly do something insecure. Hence the proper thing to do would be to show an error and terminate. Using the above idea, I have made a patch (attached). Note: You may notice that if HAVE_OPENSSL is not defined, then some options (--ssl-cert, --ssl-key, ssl-trustfile) are set to have optional arguments. This is because we want to show an error message even if the argument is missing. The rest of the patch is pretty self explanatory. Cheers Jay _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [Patch] Ncat --ssl option when OpenSSL is not compiled in Jay Bosamiya (May 19)
- Re: [Patch] Ncat --ssl option when OpenSSL is not compiled in Daniel Miller (May 21)