Nmap Development mailing list archives
Re: [Ncat] hang on ongoing ssl negotation in brokering mode
From: David Fifield <david () bamsoftware com>
Date: Mon, 13 Jun 2011 13:09:01 -0700
On Mon, Jun 13, 2011 at 09:24:27PM +0300, Shinnok wrote:
On 06/13/2011 06:56 PM, Shinnok wrote:On 06/11/2011 09:33 PM, David Fifield wrote:This patch looks very nice, Shinnok. Please change the name "ssldone" to something more descriptive; it doesn't mean "SSL done," it means "SSL accept done."Renamed to ssl_accept_done. Commited.I don't think the patch works when the server runs --sh-exec. For example ncat --ssl --sh-exec "date" -lk Connecting with a non-SSL client prevents SSL clients from receiving any data. I added a new test for this case. Would you look into it?Indeed it doesn't work with --exec modes, since they take a different path in code. Fixed for that path too in r23946.Argh, and there's ncat_exec_win.c that I have to handle too, if I'm not mistaken, since I only too cake of the netexec() in ncat_posix.c? Any special comments for that David? I see there's some playing around with blocking/unblocking of the remote socket(@420) which might interfere with making this work.
Yes, it should work for Windows too. You probably don't have to worry about that blocking detail. Please find a way to factor this code into its own function. It's too much to have it repeated in each read loop. if(o.ssl && info->ssl && !info->ssl_accept_done){ int ret = SSL_accept(info->ssl); int sslerr = 0; if(ret == 1){ info->ssl_accept_done = 1; continue; }else sslerr = SSL_get_error(info->ssl, ret); if(ret == -1 && (sslerr == SSL_ERROR_WANT_READ || sslerr == SSL_ERROR_WANT_WRITE)){ continue; }else { if (o.verbose) { loguser("Failed SSL connection from %s: %s\n", inet_socktop(&info->remoteaddr), ERR_error_string(ERR_get_error(), NULL)); } goto loop_end; } } David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [Ncat] hang on ongoing ssl negotation in brokering mode Shinnok (Jun 06)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode David Fifield (Jun 11)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode Shinnok (Jun 13)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode Shinnok (Jun 13)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode David Fifield (Jun 13)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode Shinnok (Jun 15)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode Shinnok (Jun 16)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode Shinnok (Jun 16)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode Shinnok (Jun 16)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode David Fifield (Jun 21)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode Shinnok (Jun 13)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode David Fifield (Jun 11)
- Re: [Ncat] hang on ongoing ssl negotation in brokering mode David Fifield (Jun 13)
- Ncat accepting connections without --keep-open David Fifield (Jun 13)
- Re: Ncat accepting connections without --keep-open Shinnok (Jun 18)
- Re: Ncat accepting connections without --keep-open Shinnok (Jun 20)
- Re: Ncat accepting connections without --keep-open Shinnok (Jun 22)