Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Patch] Ncat --ssl option when OpenSSL is not compiled in

From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 21 May 2014 09:13:32 -0500
Jay, List,

This looks good, please commit it!


On Mon, May 19, 2014 at 2:33 AM, Jay Bosamiya <jaybosamiya () gmail com> wrote:


Hi all!

I noticed the following item in the todo list

o When Ncat is compiled without OpenSSL, we should still accept the
  --ssl argument and just give an error message noting that SSL was not
  compiled in.  This reduces confusion for users
  (e.g. http://seclists.org/nmap-dev/2013/q3/579)

In this respect, I would like to point out that if we just accept --ssl,
show an error and then continue on, then at times, the user may unwittingly
do something insecure. Hence the proper thing to do would be to show an
error and terminate.

Using the above idea, I have made a patch (attached).

Note: You may notice that if HAVE_OPENSSL is not defined, then some
options (--ssl-cert, --ssl-key, ssl-trustfile) are set to have optional
arguments. This is because we want to show an error message even if the
argument is missing.

The rest of the patch is pretty self explanatory.

Cheers
Jay

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: