Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: ssl-known-key.nse script error

From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 30 Aug 2012 12:42:20 -0500
FYI: Forgot to include list.


---------- Forwarded message ----------
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, Aug 30, 2012 at 12:37 PM
Subject: Re: ssl-known-key.nse script error
To: Christopher Clements <christopher.a.clements () gmail com>


Christopher,

It looks like the script failed to get a certificate for that service.
There should probably be a return within the error check just before
that line. Can you apply this patch:

diff --git a/scripts/ssl-known-key.nse b/scripts/ssl-known-key.nse
index 0f75fff..e912c07 100644
--- a/scripts/ssl-known-key.nse
+++ b/scripts/ssl-known-key.nse
@@ -118,6 +118,7 @@ action = function(host, port)
        local status, cert = sslcert.getCertificate(host, port)
        if not status then
                stdnse.print_debug(2, "sslcert.getCertificate error: %s", cert)
+    return
        end
        local fingerprint = cert:digest("sha1")
        local fingerprint_fmt = stdnse.tohex(fingerprint, {separator="
", group=4})

... and then run with -d2 to see if there is a "sslcert.getCertificate
error" output? Thanks.

Dan

On Wed, Aug 29, 2012 at 3:12 PM, Christopher Clements
<christopher.a.clements () gmail com> wrote:

Got this script error during a scan today with svn version 29697
(sanitized):

NSE: sslcert.getCertificate error: Failed to connect to server
NSE: 'ssl-known-key' (thread: 0x3ba4610) against xx.xx.xx.xx:443 threw an
error!
/usr/local/bin/../share/nmap/scripts/ssl-known-key.nse:122: attempt to call
method 'digest' (a nil value)
stack traceback:
/usr/local/bin/../share/nmap/scripts/ssl-known-key.nse:122: in function
</usr/local/bin/../share/nmap/scripts/ssl-known-key.nse:107>
(...tail calls...)
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: