metasploit-framework/lib/rex/socket/ssl_tcp.rb

176 lines
2.8 KiB
Ruby

require 'rex/socket'
###
#
# This class provides methods for interacting with an SSL TCP client
# connection.
#
###
module Rex::Socket::SslTcp
begin
@@loaded_openssl = false
begin
require 'openssl'
@@loaded_openssl = true
rescue ::Exception
end
include Rex::Socket::Tcp
##
#
# Factory
#
##
#
# Creates an SSL TCP instance.
#
def self.create(hash)
raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
self.create_param(Rex::Socket::Parameters.from_hash(hash))
end
#
# Set the SSL flag to true and call the base class's create_param routine.
#
def self.create_param(param)
param.ssl = true
Rex::Socket::Tcp.create_param(param)
end
##
#
# Class initialization
#
##
#
# Initializes the SSL socket.
#
def initsock(params = nil)
super
version = :SSLv3
if(params)
case params.ssl_version
when 'SSL2'
version = :SSLv2
when 'TLS1'
version = :TLSv1
end
end
# Build the SSL connection
self.sslctx = OpenSSL::SSL::SSLContext.new(version)
# Configure the SSL context
# TODO: Allow the user to specify the verify mode and callback
# Valid modes:
# VERIFY_CLIENT_ONCE
# VERIFY_FAIL_IF_NO_PEER_CERT
# VERIFY_NONE
# VERIFY_PEER
self.sslctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
self.sslctx.options = OpenSSL::SSL::OP_ALL
# Set the verification callback
self.sslctx.verify_callback = Proc.new do |valid, store|
self.peer_verified = valid
true
end
# Tie the context to a socket
self.sslsock = OpenSSL::SSL::SSLSocket.new(self, self.sslctx)
# XXX - enabling this causes infinite recursion, so disable for now
# self.sslsock.sync_close = true
# Negotiate the connection
self.sslsock.connect
end
##
#
# Stream mixin implementations
#
##
#
# Writes data over the SSL socket.
#
def write(buf, opts = {})
return sslsock.write(buf)
end
#
# Reads data from the SSL socket.
#
def read(length = nil, opts = {})
length = 16384 unless length
begin
return sslsock.sysread(length)
rescue EOFError, ::Errno::EPIPE
return nil
end
end
#
# Closes the SSL socket.
#
def close
sslsock.close
super
end
#
# Ignore shutdown requests
#
def shutdown(how=0)
# Calling shutdown() on an SSL socket can lead to bad things
# Cause of http://metasploit.com/dev/trac/ticket/102
end
#
# Access to peer cert
#
def peer_cert
sslsock.peer_cert if sslsock
end
#
# Access to peer cert chain
#
def peer_cert_chain
sslsock.peer_cert_chain if sslsock
end
#
# Access to the current cipher
#
def cipher
sslsock.cipher if sslsock
end
attr_reader :peer_verified # :nodoc:
attr_accessor :sslsock, :sslctx # :nodoc:
protected
attr_writer :peer_verified # :nodoc:
rescue LoadError
end
def type?
return 'tcp-ssl'
end
end