Getting the common name from the cert on SSL sites..

[Haroon Meer <haroon () sensepost com>]

Hi guys..

We used the following tiny patch to rip the CN from the certs of sites 
running SSL.. (arb'ly usefull for us on a mass -sV -p443 scan..)

Just throwing it here in-case anyone else ever needs it..

/mh

-snip-
its a tiny mode to nsock_core.c (and should probably be done elsewhere 
instead)

copy the attached file to $SRC_DIR/nsock/src/
then run: patch < mh.patch

then go back to $SRC_DIR and do a ./configure && make && make install

After that u should have :

[root@intercrastic]# nmap -sV site.running.ssl.com -p443 -P0

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-03-23 01:36
MH:SSL_Certificate_Common_Name:hackrack.co.za

Interesting ports on site.running.ssl.com (1.2.3.4):

PORT    STATE SERVICE  VERSION
443/tcp open  ssl/http Apache httpd 1.3.27 ((Unix) AuthMySQL/2.20)

Nmap finished: 1 IP address (1 host up) scanned in 10.792 seconds
-snip-

If it actually is of any use to anyone else, you would probably want to 
move the result to the per-service result line (and possibly only report 
if debug > x)

/mh

======================================================================
Haroon Meer                                                         MH
SensePost Information Security                          +27 83786 6637
PGP : http://www.sensepost.com/pgp/haroon.txt     haroon () sensepost com
======================================================================

--- nsock/src/nsock_core.orig   2005-03-23 01:28:44.999356384 +0200
+++ nsock/src/nsock_core.c      2005-03-23 01:30:52.343997056 +0200
@@ -213,6 +213,10 @@
   char buf[1024];
   msiod *iod = nse->iod;
 #if HAVE_OPENSSL
+//<MH-DBG>
+  X509 *peer;
+  char peer_CN[256];
+//</MH-DBG>
   struct NsockSSLInfo *sslnfo;
   int sslerr;
   int sslconnect_inprogress = nse->type == NSE_TYPE_CONNECT_SSL && iod->ssl;
@@ -327,6 +331,11 @@
     rc = SSL_connect(iod->ssl);
     /* printf("DBG: SSL_connect()=%d", rc); */
     if (rc == 1) {
+        //<MH-DBG>
+       peer=SSL_get_peer_certificate(iod->ssl);
+       X509_NAME_get_text_by_NID ( X509_get_subject_name (peer),  NID_commonName,  peer_CN, 255);
+       printf("MH:SSL_Certificate_Common_Name:%s\n",peer_CN);
+        //</MH-DBG>
       /* Woop!  Connect is done! */
       nse->event_done = 1;
       nse->status = NSE_STATUS_SUCCESS;

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org