Add X509v3 extension parsing to NSE's sslcert code. Show Subject Alternative Name.

2026-01-30 01:59:02 +00:00 · 2016-09-17 01:54:03 +00:00
parent 0bb1dc6dc2
commit 087fb7be04
2 changed files with 66 additions and 0 deletions
--- a/nse_ssl_cert.cc
+++ b/nse_ssl_cert.cc
@@ -137,6 +137,7 @@
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
 #include <openssl/x509.h>
+#include <openssl/x509v3.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>

@@ -271,6 +272,54 @@ static void x509_name_to_table(lua_State *L, X509_NAME *name)
  }
 }

+static bool x509_extensions_to_table(lua_State *L, const STACK_OF(X509_EXTENSION) *exts)
+{
+  if (sk_X509_EXTENSION_num(exts) <= 0)
+    return false;
+
+  lua_newtable(L);
+
+  for (int i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+    ASN1_OBJECT *obj;
+    X509_EXTENSION *ext;
+    char *value = NULL;
+    BIO *out;
+
+    ext = sk_X509_EXTENSION_value(exts, i);
+    obj = X509_EXTENSION_get_object(ext);
+
+    lua_newtable(L);
+    char objname[256];
+    long len = 0;
+    len = OBJ_obj2txt(objname, 256, obj, 0);
+    lua_pushlstring(L, objname, MIN(len, 256));
+    lua_setfield(L, -2, "name");
+
+
+    if (X509_EXTENSION_get_critical(ext)) {
+      lua_pushboolean(L, true);
+      lua_setfield(L, -2, "critical");
+    }
+
+    out = BIO_new(BIO_s_mem());
+    if (!X509V3_EXT_print(out, ext, 0, 0)) {
+      lua_pushboolean(L, true);
+      lua_setfield(L, -2, "error");
+    }
+    else {
+      len = BIO_get_mem_data(out, &value);
+      lua_pushlstring(L, value, len);
+      lua_setfield(L, -2, "value");
+    }
+    BIO_free_all(out);
+
+    lua_seti(L, -2, i+1);
+  }
+
+  return true;
+
+}
+
 /* Parse as a decimal integer the len characters starting at s. This function
   can only process positive numbers; if the return value is negative then a
   parsing error occurred. */
@@ -559,6 +608,14 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
  cert_pem_to_string(L, cert);
  lua_setfield(L, -2, "pem");

+#if HAVE_OPAQUE_STRUCTS
+  if (x509_extensions_to_table(L, X509_get0_extensions(cert))) {
+#else
+  if (x509_extensions_to_table(L, cert->cert_info->extensions)) {
+#endif
+    lua_setfield(L, -2, "extensions");
+  }
+
  pubkey = X509_get_pubkey(cert);
  if (pubkey == NULL) {
    lua_pushnil(L);
--- a/scripts/ssl-cert.nse
+++ b/scripts/ssl-cert.nse
@@ -208,6 +208,7 @@ local function output_tab(cert)
  o.subject = name_to_table(cert.subject)
  o.issuer = name_to_table(cert.issuer)
  o.pubkey = cert.pubkey
+  o.extensions = cert.extensions
  o.sig_algo = cert.sig_algorithm
  o.validity = {}
  for k, v in pairs(cert.validity) do
@@ -227,6 +228,14 @@ local function output_str(cert)
  local lines = {}

  lines[#lines + 1] = "Subject: " .. stringify_name(cert.subject)
+  if cert.extensions then
+    for _, e in ipairs(cert.extensions) do
+      if e.name == "X509v3 Subject Alternative Name" then
+        lines[#lines + 1] = "Subject Alternative Name: " .. e.value
+        break
+      end
+    end
+  end

  if nmap.verbosity() > 0 then
    lines[#lines + 1] = "Issuer: " .. stringify_name(cert.issuer)