Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HAVE_OPENSSL_EC not set when building with local OpenSSL #2420

andywebber opened this issue Jan 5, 2022 · 3 comments

HAVE_OPENSSL_EC not set when building with local OpenSSL #2420

andywebber opened this issue Jan 5, 2022 · 3 comments


Copy link

HAVE_OPENSSL_EC doesn't get checked and set when building with a local version of OpenSSL, and the default is no EC support. As a consequence, scripts like ssl_cert.nse will display certs with elliptic curve keys as type "other" rather than as type "ec". This is becuase lua structures won't get populated in

and hence won't be available in nse lua scripts.
The root cause appears to be that the check at
is not reached because it is inside the if at
if test "$use_openssl" = "yes" -a -z "$specialssldir"; then
which requires that $specialssldir is zero length, but it would be non-zero length if "--with-openssl" is specified, for example as "--with-openssl=/usr/local".
This particularly applies if the desire is to build nmap with static libraries and hence not wanting to put the local libraries and includes into the system default serach paths.
A hacky workaround is to explicitly add
to nmap_config.h after running ./configure
Reproduction: Environment: Oracle Linux 7.9. Downloaded and built openssl 1.1.1m from openssl source tarball and "make install" to /usr/local. Downloaded nmap 7.92 source tarball,
$ ./configure --with-openssl=/usr/local --with-localdirs
$ grep HAVE_OPENSSL_EC nmap_config.h
/* #undef HAVE_OPENSSL_EC */'
$ grep EVP_PKEY_get1_EC_KEY /usr/local/lib64/
000000000017be90 T EVP_PKEY_get1_EC_KEY

@nnposter nnposter self-assigned this Jan 28, 2022
Copy link

Thank you for reporting the issue, including the root cause, which is extremely helpful. I am in the middle of sketching a fix.

Copy link

If possible, please test the referenced PR (#2436) and report back.

@nnposter nnposter added the Linux label Jan 31, 2022
Copy link

andywebber commented Feb 1, 2022

All good.
I brought in that commit, make distclean, autoconf, ./configure with various options for local OpenSSL and they all resulted in HAVE_OPENSSL_EC being set correctly in nmap_config.h. Furthermore, the subsequent makes all worked as expected too.
Fix looks good to me. Thanks!

@nmap nmap deleted a comment Apr 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet

Successfully merging a pull request may close this issue.

2 participants