Re: Implementing nsock server mode

[David Fifield <david () bamsoftware com>]

On Sun, Sep 23, 2012 at 09:58:58PM +0200, Henri Doreau wrote:
> 2012/9/23 David Fifield <david () bamsoftware com>:
> > I like this idea and I like that the patch is so concise. I'm tempted to
> > just merge the patch so we can easily begin working on it.
> >
> > To me, a goal for listening sockets in Nsock is to replace the the
> > handcrafted loop in ncat_listen.c. For that, it may be that all that's
> > needed is SSL support. In ncat_listen.c, we apparently found it
> > necessary to have an fd_set of sslpending_fds, separate from the listen
> > set and the read set. Probably Nsock will need some special handling
> > like the condition in ncat_listen_stream:
> >
> >             /* Is this an ssl socket pending a handshake? If so handle * it. */
> >             if (o.ssl && FD_ISSET(i, &sslpending_fds)) {
> >
> > I bet we can have a listen call that takes an SSL_CTX (and requires the
> > caller to set it up with certificates and everything, like Ncat
> > setup_ssl_listen does).
> >
> > David Fifield
>
> Hi,
>
> thanks for the feedback. I agree about the ncat aim. I'm not 100% sure
> yet how to handle SSL best in the new API, so I see two options. If
> you have something clear in mind I can check the patch into trunk,
> otherwise I can open a branch on nmap-exp where to experiment. Just
> tell me what you think is best.

I don't have anything clear in mind.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/