Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Ncat] hang on ongoing ssl negotation in brokering mode

From: David Fifield <david () bamsoftware com>
Date: Mon, 13 Jun 2011 12:48:52 -0700
On Mon, Jun 13, 2011 at 06:56:55PM +0300, Shinnok wrote:

On 06/11/2011 09:33 PM, David Fifield wrote:


This patch looks very nice, Shinnok. Please change the name "ssldone" to
something more descriptive; it doesn't mean "SSL done," it means "SSL
accept done."

Renamed to ssl_accept_done. Commited.


I don't think the patch works when the server runs --sh-exec. For
example
    ncat --ssl --sh-exec "date" -lk
Connecting with a non-SSL client prevents SSL clients from receiving any
data. I added a new test for this case. Would you look into it?

Indeed it doesn't work with --exec modes, since they take a different
path in code. Fixed for that path too in r23946.
As for the test case, both ssl blocking tests are wrong because they
don't specify neither brokering nor -k in order for the second connect
to be accepted. Revision r23947 fixes your test case and the previous
one by adding -k(--keep-open), as well as making your test case more
in-depth like the other exec tests.


Thanks, that looks good.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: