Nmap Development mailing list archives
Re: Supporting SNI throughout NSE
From: Fyodor <fyodor () insecure org>
Date: Fri, 13 Aug 2010 16:11:12 -0700
On Fri, Aug 13, 2010 at 04:35:41PM -0600, David Fifield wrote:
What I propose is extending socket:connect to allow passing host and port tables as an alternative to a string and a number, like we do in lots of other places. If we get a table, we'll use host.targetname for SNI. If we get a host name, we'll resolve it and use it as the SNI. How does this sound? It won't break backward compatibility, but all code will have to be updated in order to support SNI.
It sounds good to me! I can think of many cases where we might want to use SNI against servers other than the listed targets (like for following redirects, or prerule scripts where we don't have a host structure), so I'd suggest that we just note the required table members (and note that the normal host/ports tables meet the requirements) rather than simply asking people to pass the host/port tables. Also, even if someone passes a table for the host (to enable SNI), I think they should still be allowed to pass a plain port number. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Supporting SNI throughout NSE David Fifield (Aug 13)
- Re: Supporting SNI throughout NSE Fyodor (Aug 13)
- Re: Supporting SNI throughout NSE David Fifield (Aug 16)
- Re: Supporting SNI throughout NSE David Fifield (Aug 16)
- Re: Supporting SNI throughout NSE David Fifield (Aug 16)
- Re: Supporting SNI throughout NSE Fyodor (Aug 13)