Nmap Development mailing list archives
Re: [NSE] Convert ssl-known-key to use sslcert.lua
From: Daniel Miller <bonsaiviking () gmail com>
Date: Sat, 7 Jul 2012 16:58:47 -0500
One more question before I commit this: Should ssl-known-key be in the default category? Network-wise, it's very minimal, especially after sslcert integration. The only limitation I'd think would be that it stores a fairly large table in the nmap.registry, which could increase memory usage somewhat. Any thoughts? Dan On Sat, Jul 7, 2012 at 6:04 AM, David Fifield <david () bamsoftware com> wrote:
On Fri, Jul 06, 2012 at 04:21:50PM -0500, Daniel Miller wrote:List, I'm about to commit this patch, which converts ssl-known-key.nse to use the sslcert library, which will allow it to use the cached certificate for a service, avoiding extra SSL connections. This will also allow it to get certificates for services that use STARTTLS or other methods that the sslcert library understands, instead of just a straight SSL-over-TCP connection.index bc65df8..7346fe7 100644 --- a/scripts/ssl-known-key.nse +++ b/scripts/ssl-known-key.nse @@ -2,6 +2,7 @@ local io = require "io" local nmap = require "nmap" local shortport = require "shortport" local stdnse = require "stdnse" +local sslcert = require "sslcert" -- -*- mode: lua -*- -- vim: set filetype=lua : @@ -112,17 +113,11 @@ action = function(host, port) end local fingerprints = result - -- Connect to host. - local sock = nmap.new_socket() - local status, err = sock:connect(host, port, "ssl") - if not status then - stdnse.print_debug(1, "Failed to connect: %s", err) - return - end - -- Get SSL certificate. - local cert = sock:get_ssl_certificate() - sock:close() + local status, cert = sslcert.getCertificate(host, port) + if not status then + stdnse.print_debug(2, "sslcert.getCertificate error: %s", cert) + end if not cert:digest("sha1") then stdnse.print_debug(2, "Certificate does not have a SHA-1 fingerprint.") returnAny thoughts or comments would be appreciated.Sounds like a good idea to me. David Fifield
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Convert ssl-known-key to use sslcert.lua Daniel Miller (Jul 06)
- Re: [NSE] Convert ssl-known-key to use sslcert.lua David Fifield (Jul 07)
- Re: [NSE] Convert ssl-known-key to use sslcert.lua Daniel Miller (Jul 07)
- Re: [NSE] Convert ssl-known-key to use sslcert.lua David Fifield (Jul 07)
- Re: [NSE] Convert ssl-known-key to use sslcert.lua Daniel Miller (Jul 07)
- Re: [NSE] Convert ssl-known-key to use sslcert.lua Daniel Miller (Jul 07)
- Re: [NSE] Convert ssl-known-key to use sslcert.lua David Fifield (Jul 07)