PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 12:41:29 +00:00
Code Issues Projects Releases Wiki Activity

Allow user to specify SSL ciphersuite choices

Browse Source 
Fixes #19
This commit is contained in:
dmiller
2014-12-11 19:07:04 +00:00
parent e81f9fba12
commit 2353d5a913
4 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ncat/ncat_core.c
View File

@@ -206,6 +206,7 @@ void options_init(void)
o.sslkey = NULL; o.sslkey = NULL;
o.sslverify = 0; o.sslverify = 0;
o.ssltrustfile = NULL; o.ssltrustfile = NULL;
o.sslciphers = NULL;
#endif #endif
} }

1
ncat/ncat_core.h
View File

@@ -200,6 +200,7 @@ struct options {
char *sslkey; char *sslkey;
int sslverify; int sslverify;
char *ssltrustfile; char *ssltrustfile;
char *sslciphers;
}; };
extern struct options o; extern struct options o;

7
ncat/ncat_main.c
View File

@@ -311,11 +311,13 @@ int main(int argc, char *argv[])
{"ssl-key", required_argument, NULL, 0}, {"ssl-key", required_argument, NULL, 0},
{"ssl-verify", no_argument, NULL, 0}, {"ssl-verify", no_argument, NULL, 0},
{"ssl-trustfile", required_argument, NULL, 0}, {"ssl-trustfile", required_argument, NULL, 0},
{"ssl-ciphers", required_argument, NULL, 0},
#else #else
{"ssl-cert", optional_argument, NULL, 0}, {"ssl-cert", optional_argument, NULL, 0},
{"ssl-key", optional_argument, NULL, 0}, {"ssl-key", optional_argument, NULL, 0},
{"ssl-verify", no_argument, NULL, 0}, {"ssl-verify", no_argument, NULL, 0},
{"ssl-trustfile", optional_argument, NULL, 0}, {"ssl-trustfile", optional_argument, NULL, 0},
{"ssl-ciphers", optional_argument, NULL, 0},
#endif #endif
{0, 0, 0, 0} {0, 0, 0, 0}
}; };
@@ -517,6 +519,9 @@ int main(int argc, char *argv[])
/* If they list a trustfile assume they want certificate /* If they list a trustfile assume they want certificate
verification. */ verification. */
o.sslverify = 1; o.sslverify = 1;
} else if (strcmp(long_options[option_index].name, "ssl-ciphers") == 0) {
o.ssl = 1;
o.sslciphers = Strdup(optarg);
} }
#else #else
else if (strcmp(long_options[option_index].name, "ssl-cert") == 0) { else if (strcmp(long_options[option_index].name, "ssl-cert") == 0) {
@@ -527,6 +532,8 @@ int main(int argc, char *argv[])
bye("OpenSSL isn't compiled in. The --ssl-verify option cannot be chosen."); bye("OpenSSL isn't compiled in. The --ssl-verify option cannot be chosen.");
} else if (strcmp(long_options[option_index].name, "ssl-trustfile") == 0) { } else if (strcmp(long_options[option_index].name, "ssl-trustfile") == 0) {
bye("OpenSSL isn't compiled in. The --ssl-trustfile option cannot be chosen."); bye("OpenSSL isn't compiled in. The --ssl-trustfile option cannot be chosen.");
} else if (strcmp(long_options[option_index].name, "ssl-ciphers") == 0) {
bye("OpenSSL isn't compiled in. The --ssl-ciphers option cannot be chosen.");
} }
#endif #endif
#ifdef HAVE_LUA #ifdef HAVE_LUA

6
ncat/ncat_ssl.c
View File

@@ -177,8 +177,14 @@ SSL_CTX *setup_ssl_listen(void)
SSL_CTX_set_options(sslctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); SSL_CTX_set_options(sslctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
/* Secure ciphers list taken from Nsock. */ /* Secure ciphers list taken from Nsock. */
if (o.sslciphers == NULL) {
if (!SSL_CTX_set_cipher_list(sslctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH")) if (!SSL_CTX_set_cipher_list(sslctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"))
bye("Unable to set OpenSSL cipher list: %s", ERR_error_string(ERR_get_error(), NULL)); bye("Unable to set OpenSSL cipher list: %s", ERR_error_string(ERR_get_error(), NULL));
}
else {
if (!SSL_CTX_set_cipher_list(sslctx, o.sslciphers))
bye("Unable to set OpenSSL cipher list: %s", ERR_error_string(ERR_get_error(), NULL));
}
if (o.sslcert == NULL && o.sslkey == NULL) { if (o.sslcert == NULL && o.sslkey == NULL) {
X509 *cert; X509 *cert;