Closed bcoles closed 4 years ago
Reposting issue https://github.com/rapid7/metasploit-framework/issues/12634
SSL handlers are occasionally generating expired certs.
[1] pry(#<Msf::Framework>)> Rex::Socket::Ssl.ssl_generate_certificate => [#<OpenSSL::PKey::RSA:0x00007feb6a3361b8>, #<OpenSSL::X509::Certificate subject=#<OpenSSL::X509::Name emailAddress=program@friesen.trantow.turner.com,CN=friesen.trantow.turner.com,OU=program,O=Friesen\, Trantow and Turner,ST=NH,C=US>, issuer=#<OpenSSL::X509::Name emailAddress=program@friesen.trantow.turner.com,CN=friesen.trantow.turner.com,OU=program,O=Friesen\, Trantow and Turner,ST=NH,C=US>, serial=#<OpenSSL::BN 1673454316309889817>, not_before=2017-05-02 06:13:53 UTC, not_after=2018-05-02 06:13:53 UTC>, nil] [2] pry(#<Msf::Framework>)> Rex::Socket::Ssl.ssl_generate_certificate => [#<OpenSSL::PKey::RSA:0x00007feb6a3fced0>, #<OpenSSL::X509::Certificate subject=#<OpenSSL::X509::Name emailAddress=hack@volkman.muller.zemlak.name,CN=volkman.muller.zemlak.name,OU=hack,O=Volkman\, Muller and Zemlak,ST=NM,C=US>, issuer=#<OpenSSL::X509::Name emailAddress=hack@volkman.muller.zemlak.name,CN=volkman.muller.zemlak.name,OU=hack,O=Volkman\, Muller and Zemlak,ST=NM,C=US>, serial=#<OpenSSL::BN 3779413464661440061>, not_before=2016-04-03 23:28:45 UTC, not_after=2021-04-02 23:28:45 UTC>, nil] [3] pry(#<Msf::Framework>)> Rex::Socket::Ssl.ssl_generate_certificate => [#<OpenSSL::PKey::RSA:0x00007feb606f2450>, #<OpenSSL::X509::Certificate subject=#<OpenSSL::X509::Name emailAddress=parse@harris.sons.io,CN=harris.sons.io,OU=parse,O=Harris and Sons,ST=UT,C=US>, issuer=#<OpenSSL::X509::Name emailAddress=parse@harris.sons.io,CN=harris.sons.io,OU=parse,O=Harris and Sons,ST=UT,C=US>, serial=#<OpenSSL::BN 15653015134888559974>, not_before=2018-05-07 11:37:44 UTC, not_after=2023-05-06 11:37:44 UTC>, nil] [4] pry(#<Msf::Framework>)> Rex::Socket::Ssl.ssl_generate_certificate => [#<OpenSSL::PKey::RSA:0x00007feb681e7958>, #<OpenSSL::X509::Certificate subject=#<OpenSSL::X509::Name emailAddress=system@macejkovic.inc.net,CN=macejkovic.inc.net,OU=system,O=Macejkovic Inc,ST=CT,C=US>, issuer=#<OpenSSL::X509::Name emailAddress=system@macejkovic.inc.net,CN=macejkovic.inc.net,OU=system,O=Macejkovic Inc,ST=CT,C=US>, serial=#<OpenSSL::BN 15576981342803357212>, not_before=2017-03-31 23:38:21 UTC, not_after=2018-03-31 23:38:21 UTC>, nil] [5] pry(#<Msf::Framework>)>
https://github.com/rapid7/rex-socket/blob/master/lib/rex/socket/ssl.rb#L36-L38
mea culpa, and thank you for catching/fixing this.
Reposting issue https://github.com/rapid7/metasploit-framework/issues/12634
SSL handlers are occasionally generating expired certs.
https://github.com/rapid7/rex-socket/blob/master/lib/rex/socket/ssl.rb#L36-L38