Re: [nse] ssl-cert: add support for Google Certificate Catalog

[Vasiliy Kulikov <segooon () gmail com>]

Hi,

I've tried to address all issues in this version.  In particular:

1) the feature has moved to ssl-google-cert-catalog.nse, which belongs
to !default, external, discovery, and safe categories.

2) nmap.registry[host.ip][port.number]["ssl-cert"] is used to transfer
an SSL cert between scripts.  Unfortunately, there is no ssl.lua, only
openssl.luadoc, which contains no code.  So, I've moved add_cert() /
get_cert() to the NSE scripts themself.

3) NSEDOC is added.

4) %x lua date format is ambigious for some countries.  E.g. in Russia
we have day/month/year, but lua uses month/day/year.  To keep the script
nation'less and unambiguous, "21 Jun 2011" notation is used.

Index: ssl-cert.nse
===================================================================
--- ssl-cert.nse        (revision 26333)
+++ ssl-cert.nse        (working copy)
@@ -199,6 +221,8 @@
     if nmap.verbosity() > 1 then
         lines[#lines + 1] = cert.pem
     end
+    
+    add_cert(host, port.number, cert)
 
     return stdnse.strjoin("\n", lines)
 end
@@ -255,3 +279,14 @@
         return os.date("%Y-%m-%d %H:%M:%S", os.time(date))
     end
 end
+
+function add_cert(host, port, cert)
+  if not nmap.registry[host.ip] then
+    nmap.registry[host.ip] = {}
+  end
+  if not nmap.registry[host.ip][port] then
+    nmap.registry[host.ip][port] = {}
+  end
+
+  nmap.registry[host.ip][port]["ssl-cert"] = cert
+end

-- 
Vasiliy

Attachment: ssl-google-cert-catalog.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/