When Ncat is compiled without OpenSSL and if --ssl argument(s) are given, then show error message that OpenSSL was not compiled in.

2025-12-06 12:41:29 +00:00 · 2014-05-22 10:22:37 +00:00
parent cd3869baed
commit 742b267c67
2 changed files with 26 additions and 5 deletions
--- a/ncat/ncat_main.c
+++ b/ncat/ncat_main.c
@@ -306,12 +306,17 @@ int main(int argc, char *argv[])
        {"proxy-auth",      required_argument,  NULL,         0},
        {"nsock-engine",    required_argument,  NULL,         0},
        {"test",            no_argument,        NULL,         0},
-#ifdef HAVE_OPENSSL
        {"ssl",             no_argument,        &o.ssl,       1},
+#ifdef HAVE_OPENSSL
        {"ssl-cert",        required_argument,  NULL,         0},
        {"ssl-key",         required_argument,  NULL,         0},
        {"ssl-verify",      no_argument,        NULL,         0},
        {"ssl-trustfile",   required_argument,  NULL,         0},
+#else
+        {"ssl-cert",        optional_argument,  NULL,         0},
+        {"ssl-key",         optional_argument,  NULL,         0},
+        {"ssl-verify",      no_argument,        NULL,         0},
+        {"ssl-trustfile",   optional_argument,  NULL,         0},
 #endif
        {0, 0, 0, 0}
    };
@@ -514,6 +519,16 @@ int main(int argc, char *argv[])
                   verification. */
                o.sslverify = 1;
            }
+#else
+            else if (strcmp(long_options[option_index].name, "ssl-cert") == 0) {
+                bye("OpenSSL isn't compiled in. The --ssl-cert option cannot be chosen.");
+            } else if (strcmp(long_options[option_index].name, "ssl-key") == 0) {
+                bye("OpenSSL isn't compiled in. The --ssl-key option cannot be chosen.");
+            } else if (strcmp(long_options[option_index].name, "ssl-verify") == 0) {
+                bye("OpenSSL isn't compiled in. The --ssl-verify option cannot be chosen.");
+            } else if (strcmp(long_options[option_index].name, "ssl-trustfile") == 0) {
+                bye("OpenSSL isn't compiled in. The --ssl-trustfile option cannot be chosen.");
+            }
 #endif
 #ifdef HAVE_LUA
            else if (strcmp(long_options[option_index].name, "lua-exec") == 0) {
@@ -615,6 +630,11 @@ int main(int argc, char *argv[])
        }
    }

+#ifndef HAVE_OPENSSL
+    if (o.ssl)
+        bye("OpenSSL isn't compiled in. The --ssl option cannot be chosen.");
+#endif
+
    if (o.normlog)
        o.normlogfd = ncat_openlog(o.normlog, o.append);
    if (o.hexlog)
--- a/todo/nmap.txt
+++ b/todo/nmap.txt
@@ -148,10 +148,6 @@ o Some things that GSoC 2014 student Sriharsha is or is likely to soon
  be working on:
  o Setting up his dev environment, getting Nmap compiling on Linux +
    Win.
-  o When Ncat is compiled without OpenSSL, we should still accept the
-    --ssl argument and just give an error message noting that SSL was not
-    compiled in.  This reduces confusion for users
-    (e.g. http://seclists.org/nmap-dev/2013/q3/579)
  o Implement some improvements to dns-ip6-arpa.nse, as describe at
    http://seclists.org/nmap-dev/2012/q2/45.
    - Also consider a move to "fire and forget" logic.  Just blast out
@@ -841,6 +837,11 @@ o random tip database

 DONE:

+o When Ncat is compiled without OpenSSL, we should still accept the
+  --ssl argument and just give an error message noting that SSL was not
+  compiled in.  This reduces confusion for users
+  (e.g. http://seclists.org/nmap-dev/2013/q3/579)
+
 o We should update our OpenSSL Windows binaries from version 1.0.1c to
  something newer, like 1.01f