[Plugins-writers] SSL Cert Expiry Plugin

From: George Theall (theall@private)
Date: Wed Oct 27 2004 - 09:55:08 PDT


I have written a plugin that checks the expiry dates of SSL
certificates.  While I've tested it on machines to which I have access,
I'd like to test it on a wider array of services before submitting it to
Renaud for general distribution.  If any of you have the time and
inclination, please see the attached plugin and try it out.  [Note: it
requires the localtime() function, which is rather new to NASL (
introduced on 9/15/2004) so if you have a version of Nessus before that,
it won't work for you.]

For each SSL-enabled service (SSLv2, SSLv3, or TLSv1) identified by
find_services, the plugin sends a Client Hello message, identifies the
expiry dates for the server's certificate returned as part of the Server
Hello, and compares the results with the current date as well as a date
60 days into the future.  It will produce a warning if the certificate
has expired and a note if the certificate is due to expire in 60 days. 

If you run into any trouble (eg, it can't get the expiry dates), set
debug_level to 1 in the global settings, rerun the scan, and send me the
debug output written to nessusd.dump.  If no big gotchas turn up, I hope
to submit the plugin to Renaud on Friday. 


George
-- 
theall@private




_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers



This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 09:55:54 PDT