search

rapid7 / rex-socket

The Rex Socket Abstraction Library
Other
12 stars 33 forks source link

SSL handlers occasionally generating expired certs #20

Closed bcoles closed 4 years ago

bcoles commented 4 years ago

Reposting issue https://github.com/rapid7/metasploit-framework/issues/12634

SSL handlers are occasionally generating expired certs.

[1] pry(#<Msf::Framework>)> Rex::Socket::Ssl.ssl_generate_certificate
=> [#<OpenSSL::PKey::RSA:0x00007feb6a3361b8>,
 #<OpenSSL::X509::Certificate
  subject=#<OpenSSL::X509::Name emailAddress=program@friesen.trantow.turner.com,CN=friesen.trantow.turner.com,OU=program,O=Friesen\, Trantow and Turner,ST=NH,C=US>,
  issuer=#<OpenSSL::X509::Name emailAddress=program@friesen.trantow.turner.com,CN=friesen.trantow.turner.com,OU=program,O=Friesen\, Trantow and Turner,ST=NH,C=US>,
  serial=#<OpenSSL::BN 1673454316309889817>,
  not_before=2017-05-02 06:13:53 UTC,
  not_after=2018-05-02 06:13:53 UTC>,
 nil]
[2] pry(#<Msf::Framework>)> Rex::Socket::Ssl.ssl_generate_certificate
=> [#<OpenSSL::PKey::RSA:0x00007feb6a3fced0>,
 #<OpenSSL::X509::Certificate
  subject=#<OpenSSL::X509::Name emailAddress=hack@volkman.muller.zemlak.name,CN=volkman.muller.zemlak.name,OU=hack,O=Volkman\, Muller and Zemlak,ST=NM,C=US>,
  issuer=#<OpenSSL::X509::Name emailAddress=hack@volkman.muller.zemlak.name,CN=volkman.muller.zemlak.name,OU=hack,O=Volkman\, Muller and Zemlak,ST=NM,C=US>,
  serial=#<OpenSSL::BN 3779413464661440061>,
  not_before=2016-04-03 23:28:45 UTC,
  not_after=2021-04-02 23:28:45 UTC>,
 nil]
[3] pry(#<Msf::Framework>)> Rex::Socket::Ssl.ssl_generate_certificate
=> [#<OpenSSL::PKey::RSA:0x00007feb606f2450>,
 #<OpenSSL::X509::Certificate
  subject=#<OpenSSL::X509::Name emailAddress=parse@harris.sons.io,CN=harris.sons.io,OU=parse,O=Harris and Sons,ST=UT,C=US>,
  issuer=#<OpenSSL::X509::Name emailAddress=parse@harris.sons.io,CN=harris.sons.io,OU=parse,O=Harris and Sons,ST=UT,C=US>,
  serial=#<OpenSSL::BN 15653015134888559974>,
  not_before=2018-05-07 11:37:44 UTC,
  not_after=2023-05-06 11:37:44 UTC>,
 nil]
[4] pry(#<Msf::Framework>)> Rex::Socket::Ssl.ssl_generate_certificate
=> [#<OpenSSL::PKey::RSA:0x00007feb681e7958>,
 #<OpenSSL::X509::Certificate
  subject=#<OpenSSL::X509::Name emailAddress=system@macejkovic.inc.net,CN=macejkovic.inc.net,OU=system,O=Macejkovic Inc,ST=CT,C=US>,
  issuer=#<OpenSSL::X509::Name emailAddress=system@macejkovic.inc.net,CN=macejkovic.inc.net,OU=system,O=Macejkovic Inc,ST=CT,C=US>,
  serial=#<OpenSSL::BN 15576981342803357212>,
  not_before=2017-03-31 23:38:21 UTC,
  not_after=2018-03-31 23:38:21 UTC>,
 nil]
[5] pry(#<Msf::Framework>)>

https://github.com/rapid7/rex-socket/blob/master/lib/rex/socket/ssl.rb#L36-L38

sempervictus commented 4 years ago

mea culpa, and thank you for catching/fixing this.