[NSE] ssl-enum-ciphers / ssl-poodle - incomplete debug msg

[Tom Sellers <nmap () fadedcode net>]

I am tossing this at the list instead of committing it directly since Dan
is working with this code quite a bit. 'ssl-enum-ciphers' and 'ssl-poodle'
have a few issues that result in incomplete debug messages when there
are problems negotiating SSL/TLS. In my case this was when trying use STARTTLS
against services already wrapped in TLS.

Pre-fix:
  NSE: [ssl-enum-ciphers W:1dc6af0 xx.xx.xx.xx:465] (TLSv1.1) Can't connect: nil

Post-fix"
  NSE: [ssl-enum-ciphers W:1dc6af0 xx.xx.xx.xx:465] (TLSv1.1) Can't connect: Failed to connect to SMTP server: 
connection timeout


snippet from ssl-enum-ciphers:

local specialized = sslcert.getPrepareTLSWithoutReconnect(port)
  if specialized then
    local status
    status, sock = specialized(host, port)
    if not status then
      ctx_log(1, t.protocol, "Can't connect: %s", err)
      return nil
    end


In the snippet above the problem is that if the call to 'specialized' fails
the error is placed in 'sock' but that isn't the variable that is returned
in the error message.  Simply renaming 'err' to 'sock' would work but looks
bad.

The second issue is a minor bug, just below the code above, where the 'err'
variable in the debug output was not included in the 'sock:connect' call and
will always be 'nil'

local status = sock:connect(host, port)
    if not status then
      ctx_log(1, t.protocol, "Can't connect: %s", err)


Two other scripts, ssl-ccs-injection and ssl-heartbleed, have similar code
but aren't affected because they return a generic error message instead
of including the error text returned from the functions.

A patch is attached.

Thanks much,

Tom Sellers

Attachment: ssl_err_msgs.patch
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/