mirror of
https://github.com/nmap/nmap.git
synced 2026-05-13 08:46:45 +00:00
Merge d6d5added4 into 082894dcad
This commit is contained in:
Gabriel Kihlman
GitHub
commit
2fb016dbcc
3 changed files with 18 additions and 18 deletions
|
|
@ -130,7 +130,7 @@ static int verify_callback(int ok, X509_STORE_CTX *store)
|
|||
/* Print the subject, issuer, and fingerprint depending on the verbosity
|
||||
level. */
|
||||
if ((!ok && o.verbose) || o.debug > 1) {
|
||||
char digest_buf[SHA1_STRING_LENGTH + 1];
|
||||
char digest_buf[SHA256_STRING_LENGTH + 1];
|
||||
char *fp;
|
||||
|
||||
loguser("Subject: ");
|
||||
|
|
@ -140,9 +140,9 @@ static int verify_callback(int ok, X509_STORE_CTX *store)
|
|||
X509_NAME_print_ex_fp(stderr, X509_get_issuer_name(cert), 0, XN_FLAG_COMPAT);
|
||||
loguser_noprefix("\n");
|
||||
|
||||
fp = ssl_cert_fp_str_sha1(cert, digest_buf, sizeof(digest_buf));
|
||||
fp = ssl_cert_fp_str_sha256(cert, digest_buf, sizeof(digest_buf));
|
||||
ncat_assert(fp == digest_buf);
|
||||
loguser("SHA-1 fingerprint: %s\n", digest_buf);
|
||||
loguser("SHA-256 fingerprint: %s\n", digest_buf);
|
||||
}
|
||||
|
||||
if (!ok && o.verbose) {
|
||||
|
|
@ -238,7 +238,7 @@ static void connect_report(nsock_iod nsi)
|
|||
if (nsock_iod_check_ssl(nsi)) {
|
||||
X509 *cert;
|
||||
X509_NAME *subject;
|
||||
char digest_buf[SHA1_STRING_LENGTH + 1];
|
||||
char digest_buf[SHA256_STRING_LENGTH + 1];
|
||||
char *fp;
|
||||
|
||||
loguser("SSL connection to %s.", peer_str);
|
||||
|
|
@ -258,9 +258,9 @@ static void connect_report(nsock_iod nsi)
|
|||
|
||||
loguser_noprefix("\n");
|
||||
|
||||
fp = ssl_cert_fp_str_sha1(cert, digest_buf, sizeof(digest_buf));
|
||||
fp = ssl_cert_fp_str_sha256(cert, digest_buf, sizeof(digest_buf));
|
||||
ncat_assert(fp == digest_buf);
|
||||
loguser("SHA-1 fingerprint: %s\n", digest_buf);
|
||||
loguser("SHA-256 fingerprint: %s\n", digest_buf);
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
|
|
|
|||
|
|
@ -158,7 +158,7 @@ SSL_CTX *setup_ssl_listen(const SSL_METHOD *method)
|
|||
if (o.sslcert == NULL && o.sslkey == NULL) {
|
||||
X509 *cert;
|
||||
EVP_PKEY *key;
|
||||
char digest_buf[SHA1_STRING_LENGTH + 1];
|
||||
char digest_buf[SHA256_STRING_LENGTH + 1];
|
||||
|
||||
if (o.verbose)
|
||||
loguser("Generating a temporary %d-bit RSA key. Use --ssl-key and --ssl-cert to use a permanent one.\n", DEFAULT_KEY_BITS);
|
||||
|
|
@ -166,9 +166,9 @@ SSL_CTX *setup_ssl_listen(const SSL_METHOD *method)
|
|||
bye("ssl_gen_cert(): %s.", ERR_error_string(ERR_get_error(), NULL));
|
||||
if (o.verbose) {
|
||||
char *fp;
|
||||
fp = ssl_cert_fp_str_sha1(cert, digest_buf, sizeof(digest_buf));
|
||||
fp = ssl_cert_fp_str_sha256(cert, digest_buf, sizeof(digest_buf));
|
||||
ncat_assert(fp == digest_buf);
|
||||
loguser("SHA-1 fingerprint: %s\n", digest_buf);
|
||||
loguser("SHA-256 fingerprint: %s\n", digest_buf);
|
||||
}
|
||||
if (SSL_CTX_use_certificate(sslctx, cert) != 1)
|
||||
bye("SSL_CTX_use_certificate(): %s.", ERR_error_string(ERR_get_error(), NULL));
|
||||
|
|
@ -602,19 +602,19 @@ err:
|
|||
return 0;
|
||||
}
|
||||
|
||||
/* Calculate a SHA-1 fingerprint of a certificate and format it as a
|
||||
/* Calculate a SHA-256 fingerprint of a certificate and format it as a
|
||||
human-readable string. Returns strbuf or NULL on error. */
|
||||
char *ssl_cert_fp_str_sha1(const X509 *cert, char *strbuf, size_t len)
|
||||
char *ssl_cert_fp_str_sha256(const X509 *cert, char *strbuf, size_t len)
|
||||
{
|
||||
unsigned char binbuf[SHA1_BYTES];
|
||||
unsigned char binbuf[SHA256_BYTES];
|
||||
unsigned int n;
|
||||
char *p;
|
||||
unsigned int i;
|
||||
|
||||
if (len < SHA1_STRING_LENGTH + 1)
|
||||
if (len < SHA256_STRING_LENGTH + 1)
|
||||
return NULL;
|
||||
n = sizeof(binbuf);
|
||||
if (X509_digest(cert, EVP_sha1(), binbuf, &n) != 1)
|
||||
if (X509_digest(cert, EVP_sha256(), binbuf, &n) != 1)
|
||||
return NULL;
|
||||
|
||||
p = strbuf;
|
||||
|
|
|
|||
|
|
@ -69,9 +69,9 @@
|
|||
#define NCAT_CA_CERTS_FILE "ca-bundle.crt"
|
||||
|
||||
enum {
|
||||
SHA1_BYTES = 160 / 8,
|
||||
/* 40 bytes for hex digits and 9 bytes for ' '. */
|
||||
SHA1_STRING_LENGTH = SHA1_BYTES * 2 + (SHA1_BYTES / 2 - 1)
|
||||
SHA256_BYTES = 256 / 8,
|
||||
/* 64 bytes for hex digits and 15 bytes for ' '. */
|
||||
SHA256_STRING_LENGTH = SHA256_BYTES * 2 + (SHA256_BYTES / 2 - 1)
|
||||
};
|
||||
|
||||
/* These status variables are returned by ssl_handshake() to describe the
|
||||
|
|
@ -89,7 +89,7 @@ extern SSL *new_ssl(int fd);
|
|||
|
||||
extern int ssl_post_connect_check(SSL *ssl, const char *hostname);
|
||||
|
||||
extern char *ssl_cert_fp_str_sha1(const X509 *cert, char *strbuf, size_t len);
|
||||
extern char *ssl_cert_fp_str_sha256(const X509 *cert, char *strbuf, size_t len);
|
||||
|
||||
extern int ssl_load_default_ca_certs(SSL_CTX *ctx);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue