Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSL certificate key length in ssl-cert.nse

From: David Fifield <david () bamsoftware com>
Date: Mon, 18 Oct 2010 20:12:34 -0700
On Mon, Oct 18, 2010 at 07:39:13PM -0400, Matt Selsky wrote:

On Oct 4, 2010, at 2:13 PM, David Fifield <david () bamsoftware com> wrote:


Excellent, that's just right. Your patch provides a new member of the
table, cert.pkey_bits. That's good, but I think we can provide even more
information with a uniform interface.

What I am thinking is this:

cert = {
 subject = ..., issuer = ..., validity = ..., pem = ...,
 pubkey = {
   type = "rsa",
   bits = 1024,
 }
}


Do you have an example I can follow to make a nested table?


I haven't tested this but it should be something like

/* Certificate table is at position -1 */
lua_newtable(L);                /* Table T at position -1 */
lua_pushstring(pkey_type);      /* T now at position -2 */
lua_setfield(L, -2, "type");    /* T now at position -1 */
lua_pushnumber(pkey_bits);      /* T now at position -2 */
lua_setfield(L, -2, "bits");    /* T now at position -1 */
lua_setfield(L, -2, "pubkey");  /* Assign T in the certificate table */

You don't need to add all those comments.


Can you make a patch that does this? Looking at EVP_PKEY_type in
crypto/evp/p_lib.c it looks like the possible types are "rsa", "dsa",
"dh", and "ec".


I've only seen keys of type RSA. Does SSL itself support non-RSA key-types?


Yes it does. But you don't have to worry about it. Just define a
function pkey_type_to_string that returns "rsa" for EVP_PKEY_RSA, "dsa"
for EVP_PKEY_DSA, and so on.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: