diff options
Diffstat (limited to '')
-rw-r--r-- | ncat/ncat_ssl.h | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/ncat/ncat_ssl.h b/ncat/ncat_ssl.h new file mode 100644 index 0000000..e720749 --- /dev/null +++ b/ncat/ncat_ssl.h @@ -0,0 +1,101 @@ +/*************************************************************************** + * ncat_ssl.h * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * + * The Nmap Security Scanner is (C) 1996-2023 Nmap Software LLC ("The Nmap + * Project"). Nmap is also a registered trademark of the Nmap Project. + * + * This program is distributed under the terms of the Nmap Public Source + * License (NPSL). The exact license text applying to a particular Nmap + * release or source code control revision is contained in the LICENSE + * file distributed with that version of Nmap or source code control + * revision. More Nmap copyright/legal information is available from + * https://nmap.org/book/man-legal.html, and further information on the + * NPSL license itself can be found at https://nmap.org/npsl/ . This + * header summarizes some key points from the Nmap license, but is no + * substitute for the actual license text. + * + * Nmap is generally free for end users to download and use themselves, + * including commercial use. It is available from https://nmap.org. + * + * The Nmap license generally prohibits companies from using and + * redistributing Nmap in commercial products, but we sell a special Nmap + * OEM Edition with a more permissive license and special features for + * this purpose. See https://nmap.org/oem/ + * + * If you have received a written Nmap license agreement or contract + * stating terms other than these (such as an Nmap OEM license), you may + * choose to use and redistribute Nmap under those terms instead. + * + * The official Nmap Windows builds include the Npcap software + * (https://npcap.com) for packet capture and transmission. It is under + * separate license terms which forbid redistribution without special + * permission. So the official Nmap Windows builds may not be redistributed + * without special permission (such as an Nmap OEM license). + * + * Source is provided to this software because we believe users have a + * right to know exactly what a program is going to do before they run it. + * This also allows you to audit the software for security holes. + * + * Source code also allows you to port Nmap to new platforms, fix bugs, and add + * new features. You are highly encouraged to submit your changes as a Github PR + * or by email to the dev@nmap.org mailing list for possible incorporation into + * the main distribution. Unless you specify otherwise, it is understood that + * you are offering us very broad rights to use your submissions as described in + * the Nmap Public Source License Contributor Agreement. This is important + * because we fund the project by selling licenses with various terms, and also + * because the inability to relicense code has caused devastating problems for + * other Free Software projects (such as KDE and NASM). + * + * The free version of Nmap is distributed in the hope that it will be + * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties, + * indemnification and commercial support are all available through the + * Npcap OEM program--see https://nmap.org/oem/ + * + ***************************************************************************/ + +/* $Id$ */ +#ifndef NCAT_SSL_H +#define NCAT_SSL_H + +#include "ncat_config.h" + +#ifdef HAVE_OPENSSL +#include <openssl/ssl.h> +#include <openssl/err.h> + +#define NCAT_CA_CERTS_FILE "ca-bundle.crt" + +enum { + SHA1_BYTES = 160 / 8, + /* 40 bytes for hex digits and 9 bytes for ' '. */ + SHA1_STRING_LENGTH = SHA1_BYTES * 2 + (SHA1_BYTES / 2 - 1) +}; + +/* These status variables are returned by ssl_handshake() to describe the + * status of a pending non-blocking ssl handshake(SSL_accept()). */ +enum { + NCAT_SSL_HANDSHAKE_COMPLETED = 0, + NCAT_SSL_HANDSHAKE_PENDING_READ = 1, + NCAT_SSL_HANDSHAKE_PENDING_WRITE = 2, + NCAT_SSL_HANDSHAKE_FAILED = 3 +}; + +extern SSL_CTX *setup_ssl_listen(const SSL_METHOD *method); + +extern SSL *new_ssl(int fd); + +extern int ssl_post_connect_check(SSL *ssl, const char *hostname); + +extern char *ssl_cert_fp_str_sha1(const X509 *cert, char *strbuf, size_t len); + +extern int ssl_load_default_ca_certs(SSL_CTX *ctx); + +/* Try to complete an ssl handshake in a non-blocking way for the socket given + * in sinfo. Initialize the socket too with new_ssl() if it hasn't been done + * already. */ +extern int ssl_handshake(struct fdinfo *sinfo); + +#endif +#endif |