Land rapid7#6720, SSL scanner fixes

Author: wvu

modules/auxiliary/scanner/http/ssl.rb

@@ -38,56 +38,65 @@ def run_host(ip)
 
       connect(true, {"SSL" => true}) #Force SSL
 
-      cert = OpenSSL::X509::Certificate.new(sock.peer_cert)
+      if sock.respond_to? :peer_cert
+        cert = OpenSSL::X509::Certificate.new(sock.peer_cert)
+      end
 
       disconnect
 
       if cert
-        print_status("#{ip}:#{rport} Subject: #{cert.subject}")
-        print_status("#{ip}:#{rport} Issuer: #{cert.issuer}")
-        print_status("#{ip}:#{rport} Signature Alg: #{cert.signature_algorithm}")
-        public_key_size = cert.public_key.n.num_bytes * 8
-        print_status("#{ip}:#{rport} Public Key Size: #{public_key_size} bits")
-        print_status("#{ip}:#{rport} Not Valid Before: #{cert.not_before}")
-        print_status("#{ip}:#{rport} Not Valid After: #{cert.not_after}")
+        print_status("Subject: #{cert.subject}")
+        print_status("Issuer: #{cert.issuer}")
+        print_status("Signature Alg: #{cert.signature_algorithm}")
+
+        # If we use ECDSA rather than RSA, our metrics for key size are different
+        public_key_size = 0
+        if cert.public_key.respond_to? :n
+          public_key_size = cert.public_key.n.num_bytes * 8
+          print_status("Public Key Size: #{public_key_size} bits")
+        end
+        print_status("Not Valid Before: #{cert.not_before}")
+        print_status("Not Valid After: #{cert.not_after}")
 
         # Checks for common properties of self signed certificates
         caissuer = (/CA Issuers - URI:(.*?),/i).match(cert.extensions.to_s)
 
         if caissuer.to_s.empty?
-          print_good("#{ip}:#{rport} Certificate contains no CA Issuers extension... possible self signed certificate")
+          print_good("Certificate contains no CA Issuers extension... possible self signed certificate")
         else
-          print_status("#{ip}:#{rport} " +caissuer.to_s[0..-2])
+          print_status(caissuer.to_s[0..-2])
         end
 
         if cert.issuer.to_s == cert.subject.to_s
-          print_good("#{ip}:#{rport} Certificate Subject and Issuer match... possible self signed certificate")
+          print_good("Certificate Subject and Issuer match... possible self signed certificate")
         end
 
         alg = cert.signature_algorithm
 
         if alg.downcase.include? "md5"
-          print_status("#{ip}:#{rport} WARNING: Signature algorithm using MD5 (#{alg})")
+          print_status("WARNING: Signature algorithm using MD5 (#{alg})")
         end
 
         vhostn = nil
         cert.subject.to_a.each do |n|
           vhostn = n[1] if n[0] == 'CN'
         end
-        if public_key_size == 1024
-          print_status("#{ip}:#{rport} WARNING: Public Key only 1024 bits")
-        elsif public_key_size < 1024
-          print_status("#{ip}:#{rport} WARNING: Weak Public Key: #{public_key_size} bits")
+        if public_key_size > 0
+          if public_key_size == 1024
+            print_status("WARNING: Public Key only 1024 bits")
+          elsif public_key_size < 1024
+            print_status("WARNING: Weak Public Key: #{public_key_size} bits")
+          end
         end
         if cert.not_after < Time.now
-          print_status("#{ip}:#{rport} WARNING: Certificate not valid anymore")
+          print_status("WARNING: Certificate not valid anymore")
         end
         if cert.not_before > Time.now
-          print_status("#{ip}:#{rport} WARNING: Certificate not valid yet")
+          print_status("WARNING: Certificate not valid yet")
         end
 
         if vhostn
-          print_status("#{ip}:#{rport} has common name #{vhostn}")
+          print_status("Has common name #{vhostn}")
 
           # Store the virtual hostname for HTTP
           report_note(
@@ -125,7 +134,7 @@ def run_host(ip)
 
         end
       else
-        print_status("#{ip}:#{rport}] No certificate subject or common name found")
+        print_status("No certificate subject or common name found")
       end
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
     rescue ::Timeout::Error, ::Errno::EPIPE