Dirk-Willem van Gulik wrote: > we propably > only have the step up 'Server Gated Certs'* let to check. > > Does anyone have such a beast for testing ? >
There are two separate types used by Mozilla (Step up?) and Microsoft SSL/TLS (SGC?) implementations IIRC. One completes the handshake then starts a new session the second cuts it half way through. Been many years since I looked at those though. I recall having to alter the state machine to accommodate the Microsoft flavour. (Checks code, yes look for SGC comments in there) Steve. -- Dr Stephen N. Henson. Senior Technical/Cryptography Advisor, Open Source Software Institute: www.oss-institute.org OpenSSL Core team: www.openssl.org