ncat --ssl -l: temporary certificate is only valid for 60 seconds #2167

girst · 2020-11-01T22:55:53Z

Describe the bug
The temporary certificates generated by --ssl are only valid for 60 seconds. they should be valid for 1 year.

It looks like the error is here

nmap/ncat/ncat_ssl.c

Line 533 in ef8213a

|| X509_gmtime_adj(ta, 60) == 0

, where the magic number 60 is used instead of the previously defined enum value.

To Reproduce

ncat --ssl -l 1234 & sleep 65; openssl s_client -quiet -connect localhost:1234

Expected behavior

The certificate should be valid for one year (or at least, more than 60 seconds).

Version info (please complete the following information):

OS: RHEL8, but using the nmap-ncat package from nmap.org/dist
Output of ncat --version: Ncat: Version 7.91 ( https://nmap.org/ncat )

Additional context

The text was updated successfully, but these errors were encountered:

Fixes nmap#2167.

girst added the Ncat label Nov 1, 2020

girst pushed a commit to fork-graveyard/nmap that referenced this issue Nov 1, 2020

Fix temporary TLS certificate expiry

ecc20f3

Fixes nmap#2167.

girst added a commit to fork-graveyard/nmap that referenced this issue Nov 1, 2020

Fix temporary TLS certificate expiry

7181bc5

Fixes nmap#2167.

girst mentioned this issue Nov 1, 2020

Fix temporary TLS certificate expiry #2168

Closed

girst pushed a commit to fork-graveyard/nmap that referenced this issue Nov 1, 2020

Fix temporary TLS certificate expiry

0e0d484

Fixes nmap#2167.

nnposter self-assigned this Dec 23, 2020

nnposter added the bug label Dec 23, 2020

nmap-bot closed this as completed in 9334c9f Dec 24, 2020

nmap deleted a comment Apr 11, 2022

ncat --ssl -l: temporary certificate is only valid for 60 seconds #2167

ncat --ssl -l: temporary certificate is only valid for 60 seconds #2167

Comments

girst commented Nov 1, 2020