RE: Nmap 4.23RC3 & SSL Tunnels

> -----Original Message-----
> From: nmap-dev-bounces_at_insecure.org
> [mailto:nmap-dev-bounces_at_insecure.org] On Behalf Of Lionel Cons
> Sent: Friday, December 07, 2007 4:46 AM
> To: Kris Katterjohn
> Cc: nmap-dev_at_insecure.org; Fyodor; Thomas Buchanan
> Subject: Re: Nmap 4.23RC3 & SSL Tunnels
>
> Kris Katterjohn writes:
> > What about something general like this:
> >
> > <linkedwith>
> > <library name="openssl" version="[version]" />
> > <library name="libpcap" version="[version]" />
> > <library name="libpcre" version="[version]" />
> > <!-- etc -->
> > </linkedwith>
>
> Fine by me.
>
> Lionel
>

How does the attached patch (against SVN r6441) look? It prints the
library versions for libpcap, libpcre, liblua (if included) and openssl
(if included).

Some questions that I had:

1. Where should the output go in the XML file? I put it right after
the verbosity / debugging information.

2. What level of verbosity / debugging should be required to include
this information? The patch reflects my opinion that it should be
included at debugging >=1.

3. I make no guarantees that the patch to nmap.dtd is even remotely
correct. I don't use the XML output on a regular basis, so that effort
was just best-guess.

4. Should any other library versions be reported? I thought maybe
libdnet, but I couldn't see a very clean way to do that. The library
version is defined in (autogenerated) config.h and Makefile, and to be
honest, I didn't feel like messing with it.

I have tested the attached patch on Windows and Linux, and it seems to
work for me.

Thomas

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org