Extract and mixin cert ops from server module #8
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Generic SSL routines can be in their own module, for import by consumers without having to drag the entire server infrastructure in with it. This pulls the certificate methods into Rex::Socket::Ssl for use by consumers, and includes the module in Rex::Socket::SslTcpServer as the initial consumer.
busterb
reviewed
Dec 28, 2017
lib/rex/socket/ssl.rb
Outdated
| module Rex::Socket::Ssl | ||
|
|
||
| @@loaded_openssl = false | ||
|
|
There was a problem hiding this comment.
do you think we really need to continue pretending openssl is optional? I don't think Ruby even compiles without it anymore. I'd suggest removing this entire @@loaded_openssl path
added 2 commits
December 28, 2017 16:23
Rex utilizes a class variable in the ThreadFactory which permits passing a thread factory down from consumers so long as it matches the API. The benefit of such an arrangement is that the consumer is responsible for the dependencies of the provider object, which in turn lets Rex keep its deps to a minimum. Following that pattern, Rex::Socket::Ssl gets a @@cert_provider variable which by default uses the existing module methods now attached to a CertProvider namespace in order to create certs and attributes. Msf can now designate its own provider at runtime in order to give users greater control, entropy, etc, without weighing down this gem or obsoleting useful examples of how Rex::Text can be utilized by consumers. Also added minor cleanup of prior commit replacing instance method calls to the module methods referencing SslTcpServer with just the Ssl namespace (which in turn proxies calls to the @@cert_provider). Testing: None, this is part of a larger effort spanning a couple of repos.
MRI is compiled with OpenSSL by default, so the graceful failure to load OpenSSL is basically a dead codepath. Remove the openssl loading and checking blocks, and require it as a normal gem. Note: this might create problems with other interpreters, so we might need to revisit this approach as a way for them to load the runtime-specific ssl gems down the road.
|
Well, apprently New England and the midwest arent the only places frozen over. Hell's boiler must be broken because these all claim to pass CI. :) Think i'm done here for the time being, wiring up the provider in Msf currently so expect a related PR in that repo shortly. Probably alright to merge now if everyone with eyes on agrees. |
|
Yeah, that's a good sign Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Generic SSL routines can be in their own module, for import by
consumers without having to drag the entire server infrastructure
in with it.
This pulls the certificate methods into Rex::Socket::Ssl for use
by consumers, and includes the module in Rex::Socket::SslTcpServer
as the initial consumer.