Nmap Development mailing list archives
Re: [NSE] XMPP support for ssl-cert.nse
From: Vasiliy Kulikov <segooon () gmail com>
Date: Wed, 10 Aug 2011 10:37:42 +0400
Hi David, On Tue, Aug 09, 2011 at 12:35 -0700, David Fifield wrote:
On Tue, Aug 09, 2011 at 01:28:08PM +0400, Vasiliy Kulikov wrote:+function xmpp_starttls(host, port) + local ls = xmpp.XMPP:new(host, port, { starttls = true } ) + ls.socket = s + ls.socket:set_timeout(ls.options.timeout * 1000) + + local status, err = ls.socket:connect(host, port) + if not status then + return nil + end + + status, err = ls:connect() + if status then + return "Connected" + end +end
...
- if ( start_tls == "required" ) then + if ( start_tls == "required" or self.options.starttls) then status, err = self:send("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>") if ( not(status) ) then return false, "ERROR: Failed to initiate STARTTLS" end local status, tag = self:receive_tag() if ( not(status) ) then return false, "ERROR: Failed to recevice from server" end if ( tag.name == "proceed" ) then status, err = self.socket:reconnect_ssl() + self.options.starttls = false return self:connect() end endCan you explain the self.options.starttls changes?
If set, it forces STARTTLS even if it is optional (current xmpp.lua does STARTTLS only if it is mandatory).
I would have expected you to set that option before calling ls:connect.
Hmm, the order is: set option, change socket pointer, connect. Am I missing something? Index: nselib/xmpp.lua =================================================================== --- nselib/xmpp.lua (revision 25685) +++ nselib/xmpp.lua (working copy) @@ -110,6 +110,7 @@ -- <code>timeout</code> - sets the socket timeout -- <code>servername</code> - sets the server name to use in -- communication with the server. + -- <code>starttls</code> - start TLS handshake even if it is optional. new = function(self, host, port, options) local o = { host = host, port = port, _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] XMPP support for ssl-cert.nse Vasiliy Kulikov (Aug 09)
- Re: [NSE] XMPP support for ssl-cert.nse David Fifield (Aug 09)
- Re: [NSE] XMPP support for ssl-cert.nse Vasiliy Kulikov (Aug 09)
- Re: [NSE] XMPP support for ssl-cert.nse David Fifield (Aug 09)