HAVE_OPENSSL_EC not set when building with local OpenSSL #2420
Comments
|
Thank you for reporting the issue, including the root cause, which is extremely helpful. I am in the middle of sketching a fix. |
|
If possible, please test the referenced PR (#2436) and report back. |
|
All good. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
HAVE_OPENSSL_EC doesn't get checked and set when building with a local version of OpenSSL, and the default is no EC support. As a consequence, scripts like ssl_cert.nse will display certs with elliptic curve keys as type "other" rather than as type "ec". This is becuase lua structures won't get populated in nse_ssl_cert.cc https://github.com/nmap/nmap/blob/e8df904e7e9455e0d8a246b40392c9766b2703eb/nse_ssl_cert.cc#L577 and hence won't be available in nse lua scripts.
The root cause appears to be that the check at https://github.com/nmap/nmap/blob/e8df904e7e9455e0d8a246b40392c9766b2703eb/configure.ac#L399 is not reached because it is inside the if at
https://github.com/nmap/nmap/blob/e8df904e7e9455e0d8a246b40392c9766b2703eb/configure.ac#L366 which requires that $specialssldir is zero length, but it would be non-zero length if "--with-openssl" is specified, for example as "--with-openssl=/usr/local".
This particularly applies if the desire is to build nmap with static libraries and hence not wanting to put the local libraries and includes into the system default serach paths.
A hacky workaround is to explicitly add
#define HAVE_OPENSSL_EC 1to nmap_config.h after running ./configure
Reproduction: Environment: Oracle Linux 7.9. Downloaded and built openssl 1.1.1m from openssl source tarball and "make install" to /usr/local. Downloaded nmap 7.92 source tarball,
$ ./configure --with-openssl=/usr/local --with-localdirs$ grep HAVE_OPENSSL_EC nmap_config.h/* #undef HAVE_OPENSSL_EC */'$ grep EVP_PKEY_get1_EC_KEY /usr/local/lib64/libcrypto.so000000000017be90 T EVP_PKEY_get1_EC_KEYThe text was updated successfully, but these errors were encountered: