Nmap Development mailing list archives
Re: Implementing nsock server mode
From: Henri Doreau <henri.doreau () gmail com>
Date: Sun, 23 Sep 2012 21:58:58 +0200
2012/9/23 David Fifield <david () bamsoftware com>:
I like this idea and I like that the patch is so concise. I'm tempted to just merge the patch so we can easily begin working on it. To me, a goal for listening sockets in Nsock is to replace the the handcrafted loop in ncat_listen.c. For that, it may be that all that's needed is SSL support. In ncat_listen.c, we apparently found it necessary to have an fd_set of sslpending_fds, separate from the listen set and the read set. Probably Nsock will need some special handling like the condition in ncat_listen_stream: /* Is this an ssl socket pending a handshake? If so handle * it. */ if (o.ssl && FD_ISSET(i, &sslpending_fds)) { I bet we can have a listen call that takes an SSL_CTX (and requires the caller to set it up with certificates and everything, like Ncat setup_ssl_listen does). David Fifield
Hi, thanks for the feedback. I agree about the ncat aim. I'm not 100% sure yet how to handle SSL best in the new API, so I see two options. If you have something clear in mind I can check the patch into trunk, otherwise I can open a branch on nmap-exp where to experiment. Just tell me what you think is best. Regards. -- Henri _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Implementing nsock server mode Henri Doreau (Sep 11)
- Re: Implementing nsock server mode David Fifield (Sep 22)
- Re: Implementing nsock server mode Henri Doreau (Sep 23)
- Re: Implementing nsock server mode David Fifield (Sep 23)
- Re: Implementing nsock server mode Henri Doreau (Sep 25)
- Re: Implementing nsock server mode Henri Doreau (Sep 23)
- Re: Implementing nsock server mode David Fifield (Sep 22)