Nmap Developmentmailing list archives
Re: [NSE] Convert ssl-known-key to use sslcert.lua
From: Daniel Miller <bonsaiviking () gmail com>
Date: Sat, 7 Jul 2012 16:58:47 -0500
One more question before I commit this: Should ssl-known-key be in thedefault category? Network-wise, it's very minimal, especially aftersslcert integration. The only limitation I'd think would be that itstores a fairly large table in the nmap.registry, which could increasememory usage somewhat. Any thoughts?DanOn Sat, Jul 7, 2012 at 6:04 AM, David Fifield <david () bamsoftware com> wrote:
On Fri, Jul 06, 2012 at 04:21:50PM -0500, Daniel Miller wrote:List,I'm about to commit this patch, which converts ssl-known-key.nse touse the sslcert library, which will allow it to use the cachedcertificate for a service, avoiding extra SSL connections. This willalso allow it to get certificates for services that use STARTTLS orother methods that the sslcert library understands, instead of justa straight SSL-over-TCP connection.index bc65df8..7346fe7 100644--- a/scripts/ssl-known-key.nse+++ b/scripts/ssl-known-key.nse@@ -2,6 +2,7 @@ local io = require "io"local nmap = require "nmap"local shortport = require "shortport"local stdnse = require "stdnse"+local sslcert = require "sslcert"-- -*- mode: lua -*--- vim: set filetype=lua :@@ -112,17 +113,11 @@ action = function(host, port) end local fingerprints = result- -- Connect to host.- local sock = nmap.new_socket()- local status, err = sock:connect(host, port, "ssl")- if not status then- stdnse.print_debug(1, "Failed to connect: %s", err)- return- end- -- Get SSL certificate.- local cert = sock:get_ssl_certificate()- sock:close()+ local status, cert = sslcert.getCertificate(host, port)+ if not status then+ stdnse.print_debug(2, "sslcert.getCertificate error: %s", cert)+ end if not cert:digest("sha1") then stdnse.print_debug(2, "Certificate does not have aSHA-1 fingerprint.") returnAny thoughts or comments would be appreciated.Sounds like a good idea to me.David Fifield
_______________________________________________Sent through the nmap-dev mailing listhttp://cgi.insecure.org/mailman/listinfo/nmap-devArchived athttp://seclists.org/nmap-dev/
Current thread:
- [NSE] Convert ssl-known-key to use sslcert.luaDaniel Miller (Jul 06)
- Re: [NSE] Convert ssl-known-key to use sslcert.luaDavid Fifield (Jul 07)
- Re: [NSE] Convert ssl-known-key to use sslcert.luaDaniel Miller (Jul 07)
- Re: [NSE] Convert ssl-known-key to use sslcert.luaDavid Fifield (Jul 07)
- Re: [NSE] Convert ssl-known-key to use sslcert.luaDaniel Miller (Jul 07)
- Re: [NSE] Convert ssl-known-key to use sslcert.luaDaniel Miller (Jul 07)
- Re: [NSE] Convert ssl-known-key to use sslcert.luaDavid Fifield (Jul 07)