Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ncat infinite loop on verify self signed certificate #1704

Open
slavkoja opened this issue Aug 21, 2019 · 0 comments

Comments

@slavkoja
Copy link

commented Aug 21, 2019

Hi

On playing with ncat's --ssl-verify i found a problem with self-signed certificate verification -- the verification fails with message about self signed cert, but ncat itself doesn't exits and continue with connection attempts in infinite loop (i killed it in finited time, of course).

To demonstrate the problem i setup openssl's test TLS server with Debian's snake oil certificate:

openssl s_server -accept 666 -cert /etc/ssl/certs/ssl-cert-snakeoil.pem -key /etc/ssl/privat
e/ssl-cert-snakeoil.key
Using default temp DH parameters
ACCEPT

And then i try to connect to it with ncat with certificate verification enabled (i use short excerpt for demonstration):

ncat -vz --ssl-verify servac.slavino.sk 666
Ncat: Version 7.80 ( https://nmap.org/ncat )
Ncat: Subject: CN=servac
Ncat: Issuer: CN=servac
Ncat: SHA-1 fingerprint: 5A4C 6610 0639 96B0 E7E4 8257 8864 EE1C 72EA 3173
Ncat: Certificate verification failed (self signed certificate).
Ncat: Subject: CN=servac
Ncat: Issuer: CN=servac
Ncat: SHA-1 fingerprint: 5A4C 6610 0639 96B0 E7E4 8257 8864 EE1C 72EA 3173
Ncat: Certificate verification failed (self signed certificate).
Ncat: Subject: CN=servac
Ncat: Issuer: CN=servac
Ncat: SHA-1 fingerprint: 5A4C 6610 0639 96B0 E7E4 8257 8864 EE1C 72EA 3173
Ncat: Certificate verification failed (self signed certificate).
...etc

Result is the same with or without -z option. I would expect, that ncat exits after first failed attempt.

regards

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.