Home page logo

nmap-dev logo Nmap Development mailing list archives

Minor patch to ncat to support chained certs with --ssl option
From: Greg Bailey <gbailey () lxpro com>
Date: Mon, 03 Jun 2013 14:31:01 -0700


I'm a relatively new ncat user, and recently needed to set up a man-in-the-middle scenario so that I could log traffic protected by HTTPS.

However, I needed to use a chained certificate, but ncat_ssl.c only loads a single certificate that's specified.

With the following minor patch to ncat/ncat_ssl.c, I was able to chain my certificates together, and ncat used them when setting up the SSL listener:

Index: ncat/ncat_ssl.c
--- ncat/ncat_ssl.c    (revision 30914)
+++ ncat/ncat_ssl.c    (working copy)
@@ -173,8 +173,8 @@
     } else {
         if (o.sslcert == NULL || o.sslkey == NULL)
bye("The --ssl-key and --ssl-cert options must be used together."); - if (SSL_CTX_use_certificate_file(sslctx, o.sslcert, SSL_FILETYPE_PEM) != 1) - bye("SSL_CTX_use_certificate_file(): %s.", ERR_error_string(ERR_get_error(), NULL));
+        if (SSL_CTX_use_certificate_chain_file(sslctx, o.sslcert) != 1)
+ bye("SSL_CTX_use_certificate_chain_file(): %s.", ERR_error_string(ERR_get_error(), NULL)); if (SSL_CTX_use_PrivateKey_file(sslctx, o.sslkey, SSL_FILETYPE_PEM) != 1) bye("SSL_CTX_use_Privatekey_file(): %s.", ERR_error_string(ERR_get_error(), NULL));

Could this type of change be made? I don't think it would break compatibility with the existing usage of a single cert.

Greg Bailey

Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
  • Minor patch to ncat to support chained certs with --ssl option Greg Bailey (Jun 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]