HAVE_OPENSSL_EC not set when building with local OpenSSL

[andywebber]

HAVE_OPENSSL_EC doesn't get checked and set when building with a local version of OpenSSL, and the default is no EC support. As a consequence, scripts like ssl_cert.nse will display certs with elliptic curve keys as type "other" rather than as type "ec". This is becuase lua structures won't get populated in nse_ssl_cert.cc

nmap/nse_ssl_cert.cc

Line 577 in e8df904

#ifdef HAVE_OPENSSL_EC

and hence won't be available in nse lua scripts.
The root cause appears to be that the check at

nmap/configure.ac

Line 399 in e8df904

AC_CHECK_LIB(crypto, EVP_PKEY_get1_EC_KEY,

is not reached because it is inside the if at

nmap/configure.ac

Line 366 in e8df904

if test "$use_openssl" = "yes" -a -z "$specialssldir"; then

which requires that $specialssldir is zero length, but it would be non-zero length if "--with-openssl" is specified, for example as "--with-openssl=/usr/local".
This particularly applies if the desire is to build nmap with static libraries and hence not wanting to put the local libraries and includes into the system default serach paths.
A hacky workaround is to explicitly add
#define HAVE_OPENSSL_EC 1
to nmap_config.h after running ./configure
Reproduction: Environment: Oracle Linux 7.9. Downloaded and built openssl 1.1.1m from openssl source tarball and "make install" to /usr/local. Downloaded nmap 7.92 source tarball,
$ ./configure --with-openssl=/usr/local --with-localdirs
$ grep HAVE_OPENSSL_EC nmap_config.h
/* #undef HAVE_OPENSSL_EC */'
$ grep EVP_PKEY_get1_EC_KEY /usr/local/lib64/libcrypto.so
000000000017be90 T EVP_PKEY_get1_EC_KEY

[nnposter]

Thank you for reporting the issue, including the root cause, which is extremely helpful. I am in the middle of sketching a fix.

[nnposter]

If possible, please test the referenced PR (#2436) and report back.

[andywebber]

All good.
I brought in that commit, make distclean, autoconf, ./configure with various options for local OpenSSL and they all resulted in HAVE_OPENSSL_EC being set correctly in nmap_config.h. Furthermore, the subsequent makes all worked as expected too.
Fix looks good to me. Thanks!