Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSL certificate key length in ssl-cert.nse

From: David Fifield <david () bamsoftware com>
Date: Mon, 4 Oct 2010 12:13:18 -0600
On Sat, Oct 02, 2010 at 12:43:45AM -0400, Matt Selsky wrote:

On Fri, 1 Oct 2010, David Fifield wrote:


Yes, you should just add whatever you need to l_get_ssl_certificate. It
will mean finding the appropriate OpenSSL function, then storing the
result of calling the function in the returned table.

You can see an example of getting a key size in the OpenSSL source code,
in the file apps/s_client.c. ("Server public key is %d bit\n".)


Thanks for the tips.  I got it working.  Patch is attached.

Is this something others would find useful?  If it needs to be cleaned up 
in order to be included upstream, let me know.


Excellent, that's just right. Your patch provides a new member of the
table, cert.pkey_bits. That's good, but I think we can provide even more
information with a uniform interface.

What I am thinking is this:

cert = {
  subject = ..., issuer = ..., validity = ..., pem = ...,
  pubkey = {
    type = "rsa",
    bits = 1024,
  }
}

Can you make a patch that does this? Looking at EVP_PKEY_type in
crypto/evp/p_lib.c it looks like the possible types are "rsa", "dsa",
"dh", and "ec".

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: