Taras,
Code review for your changes:
* If we're not going to use openssl anymore, shouldn't we remove it
from the dependency check file?
try:
from OpenSSL import SSL
except:
packages.append('pyOpenSSL')
packages_debian.append('python-pyopenssl')
packages_mac_ports.extend(['py26-openssl'])
reasonForExit = True
#mem_test('after ssl import')
* "class sslCertificate2" , that won't work, the plugin filename and
the class should have the same name
* I recommend storing ca.pem in plugins/audit/sslCertificate/ca.pem
* What happens if the remote end uses a different version of SSL in
the line that says: "ssl_version=ssl.PROTOCOL_SSLv23" ?
* I think this is an info() "v.setName('Invalid SSL certificate/connection')"
* Not sure why we do this?
ssl_sock.write("""GET / HTTP/1.0\r\n\r\n""")
data = ssl_sock.read()
* We lost some features, right?
1)
# Print the SSL information to the log
desc = 'This is the information about the SSL certificate
used in the target site:'
...
2)
desc = 'The certificate is using an old version of SSL
3) And some other things that were in the previous version.
On Fri, Jun 1, 2012 at 3:00 PM, <ox...@users.sourceforge.net> wrote:
> Revision: 5038
> http://w3af.svn.sourceforge.net/w3af/?rev=5038&view=rev
> Author: oxdef
> Date: 2012-06-01 11:00:10 +0000 (Fri, 01 Jun 2012)
> Log Message:
> -----------
> migrated to built-in ssl module
>
> Modified Paths:
> --------------
> branches/ssl/core/controllers/dependency_check/dependency_check.py
> branches/ssl/plugins/audit/sslCertificate.py
>
> Added Paths:
> -----------
> branches/ssl/plugins/audit/ca.pem
>
> This was sent by the SourceForge.net collaborative development platform, the
> world's largest Open Source development site.
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> W3af-svn-notify mailing list
> w3af-svn-not...@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-svn-notify
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
