Nmap Development mailing list archives
Minor patch to ncat to support chained certs with --ssl option
From: Greg Bailey <gbailey () lxpro com>
Date: Mon, 03 Jun 2013 14:31:01 -0700
Hi,I'm a relatively new ncat user, and recently needed to set up a man-in-the-middle scenario so that I could log traffic protected by HTTPS.
However, I needed to use a chained certificate, but ncat_ssl.c only loads a single certificate that's specified.
With the following minor patch to ncat/ncat_ssl.c, I was able to chain my certificates together, and ncat used them when setting up the SSL listener:
Index: ncat/ncat_ssl.c =================================================================== --- ncat/ncat_ssl.c (revision 30914) +++ ncat/ncat_ssl.c (working copy) @@ -173,8 +173,8 @@ } else { if (o.sslcert == NULL || o.sslkey == NULL)bye("The --ssl-key and --ssl-cert options must be used together."); - if (SSL_CTX_use_certificate_file(sslctx, o.sslcert, SSL_FILETYPE_PEM) != 1) - bye("SSL_CTX_use_certificate_file(): %s.", ERR_error_string(ERR_get_error(), NULL));
+ if (SSL_CTX_use_certificate_chain_file(sslctx, o.sslcert) != 1)+ bye("SSL_CTX_use_certificate_chain_file(): %s.", ERR_error_string(ERR_get_error(), NULL)); if (SSL_CTX_use_PrivateKey_file(sslctx, o.sslkey, SSL_FILETYPE_PEM) != 1) bye("SSL_CTX_use_Privatekey_file(): %s.", ERR_error_string(ERR_get_error(), NULL));
}Could this type of change be made? I don't think it would break compatibility with the existing usage of a single cert.
Regards, Greg Bailey _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Minor patch to ncat to support chained certs with --ssl option Greg Bailey (Jun 03)