Support chained certificate files with --ssl-cert.

Use the recommended SSL_CTX_use_certificate_chain_file over SSL_CTX_use_certificate_file. https://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html#NOTES Patch by Greg Bailey. http://seclists.org/nmap-dev/2013/q2/399
2026-01-20 05:09:02 +00:00 · 2013-06-29 22:33:56 +00:00
parent 1ebe659bd5
commit 9e82bb6c4e
2 changed files with 5 additions and 2 deletions
--- a/3
+++ b/3
@@ -1,5 +1,8 @@
 # Nmap Changelog ($Id$); -*-text-*-

+o [Ncat] Ncat now support chained certificates with the --ssl-cert
+  option. [Greg Bailey]
+
 o Stop parsing TCP options after reaching EOL in libnetutil. Bug reported
  by Gustavo Moreira. [Henri Doreau]

--- a/ncat/ncat_ssl.c
+++ b/ncat/ncat_ssl.c
@@ -173,8 +173,8 @@ SSL_CTX *setup_ssl_listen(void)
    } else {
        if (o.sslcert == NULL || o.sslkey == NULL)
            bye("The --ssl-key and --ssl-cert options must be used together.");
-        if (SSL_CTX_use_certificate_file(sslctx, o.sslcert, SSL_FILETYPE_PEM) != 1)
-            bye("SSL_CTX_use_certificate_file(): %s.", ERR_error_string(ERR_get_error(), NULL));
+        if (SSL_CTX_use_certificate_chain_file(sslctx, o.sslcert) != 1)
+            bye("SSL_CTX_use_certificate_chain_file(): %s.", ERR_error_string(ERR_get_error(), NULL));
        if (SSL_CTX_use_PrivateKey_file(sslctx, o.sslkey, SSL_FILETYPE_PEM) != 1)
            bye("SSL_CTX_use_Privatekey_file(): %s.", ERR_error_string(ERR_get_error(), NULL));
    }