You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
HAVE_OPENSSL_EC doesn't get checked and set when building with a local version of OpenSSL, and the default is no EC support. As a consequence, scripts like ssl_cert.nse will display certs with elliptic curve keys as type "other" rather than as type "ec". This is becuase lua structures won't get populated in nse_ssl_cert.cc
if test "$use_openssl" = "yes" -a -z "$specialssldir"; then
which requires that $specialssldir is zero length, but it would be non-zero length if "--with-openssl" is specified, for example as "--with-openssl=/usr/local".
This particularly applies if the desire is to build nmap with static libraries and hence not wanting to put the local libraries and includes into the system default serach paths.
A hacky workaround is to explicitly add #define HAVE_OPENSSL_EC 1
to nmap_config.h after running ./configure
Reproduction: Environment: Oracle Linux 7.9. Downloaded and built openssl 1.1.1m from openssl source tarball and "make install" to /usr/local. Downloaded nmap 7.92 source tarball, $ ./configure --with-openssl=/usr/local --with-localdirs $ grep HAVE_OPENSSL_EC nmap_config.h /* #undef HAVE_OPENSSL_EC */' $ grep EVP_PKEY_get1_EC_KEY /usr/local/lib64/libcrypto.so 000000000017be90 T EVP_PKEY_get1_EC_KEY
The text was updated successfully, but these errors were encountered:
All good.
I brought in that commit, make distclean, autoconf, ./configure with various options for local OpenSSL and they all resulted in HAVE_OPENSSL_EC being set correctly in nmap_config.h. Furthermore, the subsequent makes all worked as expected too.
Fix looks good to me. Thanks!
HAVE_OPENSSL_EC doesn't get checked and set when building with a local version of OpenSSL, and the default is no EC support. As a consequence, scripts like ssl_cert.nse will display certs with elliptic curve keys as type "other" rather than as type "ec". This is becuase lua structures won't get populated in nse_ssl_cert.cc
nmap/nse_ssl_cert.cc
Line 577 in e8df904
The root cause appears to be that the check at
nmap/configure.ac
Line 399 in e8df904
nmap/configure.ac
Line 366 in e8df904
This particularly applies if the desire is to build nmap with static libraries and hence not wanting to put the local libraries and includes into the system default serach paths.
A hacky workaround is to explicitly add
#define HAVE_OPENSSL_EC 1
to nmap_config.h after running ./configure
Reproduction: Environment: Oracle Linux 7.9. Downloaded and built openssl 1.1.1m from openssl source tarball and "make install" to /usr/local. Downloaded nmap 7.92 source tarball,
$ ./configure --with-openssl=/usr/local --with-localdirs
$ grep HAVE_OPENSSL_EC nmap_config.h
/* #undef HAVE_OPENSSL_EC */'
$ grep EVP_PKEY_get1_EC_KEY /usr/local/lib64/libcrypto.so
000000000017be90 T EVP_PKEY_get1_EC_KEY
The text was updated successfully, but these errors were encountered: