Metasploit mailing list archives
http connect proxy support?
From: hdm at metasploit.com (H D Moore)
Date: Fri, 14 Mar 2008 14:22:21 -0500
The code should be allowing that (see below). I created ticket #213 to track it. # Build the SSL connection self.sslctx = OpenSSL::SSL::SSLContext.new # Configure the SSL context # TODO: Allow the user to specify the verify mode and callback # Valid modes: # VERIFY_CLIENT_ONCE # VERIFY_FAIL_IF_NO_PEER_CERT # VERIFY_NONE # VERIFY_PEER self.sslctx.verify_mode = OpenSSL::SSL::VERIFY_PEER self.sslctx.options = OpenSSL::SSL::OP_ALL # Set the verification callback self.sslctx.verify_callback = Proc.new do |valid, store| self.peer_verified = valid true end # Tie the context to a socket self.sslsock = OpenSSL::SSL::SSLSocket.new(self, self.sslctx) On Friday 14 March 2008, Tim Maletic wrote:
Now a new but related question: ?my testing seems to show that at least Exploit::Remote::HttpClient returns a failure condition if the target SSL server doesn't have a valid certificate. ?Is this true? ?If so, are there parameters available to force the framework to ignore bad certs (as in wget's "--no-check-certificate")?
Current thread:
- http connect proxy support? Tim Maletic (Mar 07)
- Message not available
- http connect proxy support? Patrick Webster (Mar 09)
- Message not available
- Message not available
- http connect proxy support? Tim Maletic (Mar 12)
- http connect proxy support? H D Moore (Mar 12)
- http connect proxy support? Tim Maletic (Mar 14)
- http connect proxy support? H D Moore (Mar 14)
- http connect proxy support? Thomas Werth (Mar 18)
- http connect proxy support? Tim Maletic (Mar 12)