[NSE] Convert ssl-known-key to use sslcert.lua

[Daniel Miller <bonsaiviking () gmail com>]

List,

I'm about to commit this patch, which converts ssl-known-key.nse to use 
the sslcert library, which will allow it to use the cached certificate 
for a service, avoiding extra SSL connections. This will also allow it 
to get certificates for services that use STARTTLS or other methods that 
the sslcert library understands, instead of just a straight SSL-over-TCP 
connection.

> index bc65df8..7346fe7 100644
> --- a/scripts/ssl-known-key.nse
> +++ b/scripts/ssl-known-key.nse
> @@ -2,6 +2,7 @@ local io = require "io"
>  local nmap = require "nmap"
>  local shortport = require "shortport"
>  local stdnse = require "stdnse"
> +local sslcert = require "sslcert"
>
>  -- -*- mode: lua -*-
>  -- vim: set filetype=lua :
> @@ -112,17 +113,11 @@ action = function(host, port)
>         end
>         local fingerprints = result
>
> -       -- Connect to host.
> -       local sock = nmap.new_socket()
> -       local status, err = sock:connect(host, port, "ssl")
> -       if not status then
> -               stdnse.print_debug(1, "Failed to connect: %s", err)
> -               return
> -       end
> -
>         -- Get SSL certificate.
> -       local cert = sock:get_ssl_certificate()
> -       sock:close()
> +       local status, cert = sslcert.getCertificate(host, port)
> +  if not status then
> +    stdnse.print_debug(2, "sslcert.getCertificate error: %s", cert)
> +  end
>         if not cert:digest("sha1") then
>                 stdnse.print_debug(2, "Certificate does not have a 
> SHA-1 fingerprint.")
>                 return

Any thoughts or comments would be appreciated.

Dan

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/