Library sslcert
A library providing functions for collecting SSL certificates and storing them in the host-based registry.
The library is largely based on code (copy-pasted) from David Fifields ssl-cert script in an effort to allow certs to be cached and shared among other scripts.
STARTTLS functions are included for several protocols:
- FTP
- IMAP
- LDAP
- NNTP
- MySQL
- POP3
- PostgreSQL
- SMTP
- TDS (MS SQL Server)
- VNC (TLS and VeNCrypt auth types)
- XMPP
Author:
Source: https://svn.nmap.org/nmap/nselib/sslcert.lua
Functions
- getCertificate (host, port)
Gets a certificate for the given host and port The function will attempt to START-TLS for the ports known to require it.
- getPrepareTLSWithoutReconnect (port)
Get a specialized SSL connection function without starting SSL
- isPortSupported (port)
Get a specialized SSL connection function to create an SSL socket
- parse_ssl_certificate (der)
Parse an X.509 certificate from DER-encoded string
Functions
- getCertificate (host, port)
-
Gets a certificate for the given host and port The function will attempt to START-TLS for the ports known to require it.
Parameters
- host
- table as received by the script action function
- port
- table as received by the script action function
Return values:
- status true on success, false on failure
- cert userdata containing the SSL certificate, or error message on failure.
- getPrepareTLSWithoutReconnect (port)
-
Get a specialized SSL connection function without starting SSL
For protocols that require some sort of START-TLS setup, this function will return a function that can be used to produce a socket that is ready for SSL messages.
Parameters
- port
- A port table with 'number' and 'service' keys
Return value:
A STARTTLS function or nil - isPortSupported (port)
-
Get a specialized SSL connection function to create an SSL socket
For protocols that require some sort of START-TLS setup, this function will return a function that can be used to produce an SSL-connected socket.
Parameters
- port
- A port table with 'number' and 'service' keys
Return value:
A STARTTLS function or nil - parse_ssl_certificate (der)
-
Parse an X.509 certificate from DER-encoded string
This uses OpenSSL's X.509 parsing routines, so if OpenSSL support is not included, only the
pemkey of the returned table will be present.Parameters
- der
- DER-encoded certificate
Return values:
- table containing decoded certificate or nil on failure
- error string if parsing failed
See also: