PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-31 03:49:01 +00:00
Code Issues Projects Releases Wiki Activity

Notify in -v mode if SSL verification fails, even if --ssl-verify was not requested. Fixes #30

Browse Source
This commit is contained in:
dmiller
2015-05-31 12:14:04 +00:00
parent 9e6008eb79
commit ef878ea895
1 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
ncat/ncat_connect.c
View File

@@ -210,20 +210,22 @@ static int verify_callback(int ok, X509_STORE_CTX *store)
static void set_ssl_ctx_options(SSL_CTX *ctx)
{
if (o.ssltrustfile == NULL) {
ssl_load_default_ca_certs(ctx);
} else {
if (o.debug)
logdebug("Using trusted CA certificates from %s.\n", o.ssltrustfile);
if (SSL_CTX_load_verify_locations(ctx, o.ssltrustfile, NULL) != 1) {
bye("Could not load trusted certificates from %s.\n%s",
o.ssltrustfile, ERR_error_string(ERR_get_error(), NULL));
}
}
if (o.sslverify) {
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_callback);
if (o.ssltrustfile == NULL) {
ssl_load_default_ca_certs(ctx);
} else {
if (o.debug)
logdebug("Using trusted CA certificates from %s.\n", o.ssltrustfile);
if (SSL_CTX_load_verify_locations(ctx, o.ssltrustfile, NULL) != 1) {
bye("Could not load trusted certificates from %s.\n%s",
o.ssltrustfile, ERR_error_string(ERR_get_error(), NULL));
}
}
} else {
/* Still check verification status and report it */
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
if (o.ssl && o.debug)
logdebug("Not doing certificate verification.\n");
}