Hi,
I've been struggling with what looks like crazy behaviour with SSL today. I'm probably doing something really wrong, but I can't for the life of me work it out. The code is trying to use the api as trivially as possible, but I can't see anything obviously wrong with it either(?).
Basically I can open an SSL connection fine to a host, but if I try to open another one to a different host, it fails, always. If i swap the site i'm connecting to, then the roles are swapped. I can connect any number of times to any given site without problems.
Its using the NSS libs that came with mozilla 1.0.0, but one of our developers is having a problem with some other version, probably 1.3.x.
The courier imap server at my end spits out the following error when it fails (it uses openssl, with some simple locally generated key).
Jun 19 13:24:06 zZedZone imapd-ssl: starttls: accept: error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02
I get the error code SSL_ERROR_HANDSHAKE_FAILURE_ALERT when it fails.
Output of program:
bash$ ./test-ssl a
looking up host 'imap.ximian.com:993'
connect ok
got 'bad cert', returning 'ok'
got server greeting: '* OK Courier-IMAP ready. Copyright 1998-2002 Double Precision, Inc. See COPYING for distribution information.
'
done ?
looking up host 'localhost:1924'
connect ok
got 'bad cert', returning 'ok'
forcehandshake failed: Unknown code ___P 95
The matching trace from ssltap is trace.fail.
Or if it swaps the connections:
bash$ ./test-ssl
looking up host 'localhost:1924'
connect ok
got 'bad cert', returning 'ok'
got server greeting: '* OK Courier-IMAP ready. Copyright 1998-2002 Double Precision, Inc. See COPYING for distribution information.
'
done ?
looking up host 'imap.ximian.com:993'
connect ok
got 'bad cert', returning 'ok'
forcehandshake failed: Unknown code ___P 16
The matching trace is trace.ok.
In each case, the saved cert.001 from ssltap is the same.
I've done a quick peruse of some of the documentation and examples, but nothing jumps out as being wrong with the test code, although surely something is.
Thanks, Michael Zucchi
PS i hope attachments are ok.
Connected to localhost:994
--> [
0: 80 46 01 03 01 00 2d 00 00 00 10 01 00 80 03 00 | .F....-.........
10: 80 07 00 c0 06 00 40 02 00 80 04 00 80 00 00 04 | [EMAIL PROTECTED]
20: 00 fe ff 00 00 0a 00 fe fe 00 00 09 00 00 64 00 | ..............d.
30: 00 62 00 00 03 00 00 06 6f f0 20 5b 49 a1 d1 f3 | .b......o. [I...
40: f9 60 54 6a 7c 05 df f7 |.`Tj|...
alloclen = 72 bytes
(72 bytes of 72)
[Thu Jun 19 17:15:09 2003] [ssl2] ClientHelloV2 {
version = {0x03, 0x01}
cipher-specs-length = 45 (0x2d)
sid-length = 0 (0x00)
challenge-length = 16 (0x10)
cipher-suites = {
(0x010080) SSL2/RSA/RC4-128/MD5
(0x030080) SSL2/RSA/RC2CBC128/MD5
(0x0700c0) SSL2/RSA/3DES192EDE-CBC/MD5
(0x060040) SSL2/RSA/DES56-CBC/MD5
(0x020080) SSL2/RSA/RC4-40/MD5
(0x040080) SSL2/RSA/RC2CBC40/MD5
(0x000004) SSL3/RSA/RC4-128/MD5
(0x00feff) ????/????????/?????????/???
(0x00000a) SSL3/RSA/3DES192EDE-CBC/SHA
(0x00fefe) ????/????????/?????????/???
(0x000009) SSL3/RSA/DES56-CBC/SHA
(0x000064) TLS/RSA_EXPORT1024/RC4-56/SHA
(0x000062) TLS/RSA_EXPORT1024/DES56_CBC/SHA
(0x000003) SSL3/RSA/RC4-40/MD5
(0x000006) SSL3/RSA/RC2CBC40/MD5
}
session-id = { }
challenge = { 0x6ff0 0x205b 0x49a1 0xd1f3 0xf960 0x546a 0x7c05 0xdff7 }
}
]
<-- [
0: 16 03 01 00 4a 02 00 00 46 03 01 3e f1 6a 05 70 | ....J...F..>.j.p
10: 45 b8 10 ab 1e 28 83 a5 ac 49 9a a5 57 87 67 e8 | E....(...I..W.g.
20: 79 24 57 a8 49 12 02 cf 38 59 13 20 57 1f 8a 87 | y$W.I...8Y. W...
30: 3f e0 cc 1d 58 1c ee fe 33 bf ce af d8 9e ae 27 | ?...X...3......'
40: d7 ee dc 31 33 bc 99 6f 6c c4 07 89 00 04 00 16 | ...13..ol.......
50: 03 01 03 05 0b 00 03 01 00 02 fe 00 02 fb 30 82 | ..............0.
60: 02 f7 30 82 02 60 a0 03 02 01 02 02 01 00 30 0d | ..0..`........0.
70: 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 81 b5 | ..*.H........0..
80: 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0b 30 | 1.0...U....US1.0
90: 09 06 03 55 04 08 13 02 4e 59 31 11 30 0f 06 03 | ...U....NY1.0...
a0: 55 04 07 13 08 4e 65 77 20 59 6f 72 6b 31 1c 30 | U....New York1.0
b0: 1a 06 03 55 04 0a 13 13 43 6f 75 72 69 65 72 20 | ...U....Courier
c0: 4d 61 69 6c 20 53 65 72 76 65 72 31 2d 30 2b 06 | Mail Server1-0+.
d0: 03 55 04 0b 13 24 41 75 74 6f 6d 61 74 69 63 61 | .U...$Automatica
e0: 6c 6c 79 2d 67 65 6e 65 72 61 74 65 64 20 49 4d | lly-generated IM
f0: 41 50 20 53 53 4c 20 6b 65 79 31 12 30 10 06 03 | AP SSL key1.0...
100: 55 04 03 13 09 6c 6f 63 61 6c 68 6f 73 74 31 25 | U....localhost1%
110: 30 23 06 09 2a 86 48 86 f7 0d 01 09 01 16 16 70 | 0#..*.H........p
120: 6f 73 74 6d 61 73 74 65 72 40 65 78 61 6d 70 6c | [EMAIL PROTECTED]
130: 65 2e 63 6f 6d 30 1e 17 0d 30 33 30 36 31 38 32 | e.com0...0306182
140: 33 35 37 32 30 5a 17 0d 30 34 30 36 31 37 32 33 | 35720Z..04061723
150: 35 37 32 30 5a 30 81 b5 31 0b 30 09 06 03 55 04 | 5720Z0..1.0...U.
160: 06 13 02 55 53 31 0b 30 09 06 03 55 04 08 13 02 | ...US1.0...U....
170: 4e 59 31 11 30 0f 06 03 55 04 07 13 08 4e 65 77 | NY1.0...U....New
180: 20 59 6f 72 6b 31 1c 30 1a 06 03 55 04 0a 13 13 | York1.0...U....
190: 43 6f 75 72 69 65 72 20 4d 61 69 6c 20 53 65 72 | Courier Mail Ser
1a0: 76 65 72 31 2d 30 2b 06 03 55 04 0b 13 24 41 75 | ver1-0+..U...$Au
1b0: 74 6f 6d 61 74 69 63 61 6c 6c 79 2d 67 65 6e 65 | tomatically-gene
1c0: 72 61 74 65 64 20 49 4d 41 50 20 53 53 4c 20 6b | rated IMAP SSL k
1d0: 65 79 31 12 30 10 06 03 55 04 03 13 09 6c 6f 63 | ey1.0...U....loc
1e0: 61 6c 68 6f 73 74 31 25 30 23 06 09 2a 86 48 86 | alhost1%0#..*.H.
1f0: f7 0d 01 09 01 16 16 70 6f 73 74 6d 61 73 74 65 | .......postmaste
200: 72 40 65 78 61 6d 70 6c 65 2e 63 6f 6d 30 81 9f | [EMAIL PROTECTED]
210: 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 | 0...*.H.........
220: 81 8d 00 30 81 89 02 81 81 00 be 4d 1b 55 73 aa | ...0.......M.Us.
230: 11 4e ca c3 fb 0b 13 98 f8 c0 44 97 42 d3 ae f0 | .N........D.B...
240: f2 33 12 e9 76 7e 29 3c e1 a4 4c 8d 69 ae 81 7f | .3..v~)<..L.i...
250: 88 c7 bb 0c c9 11 db 92 8c 97 60 8d bd 6a 96 10 | ..........`..j..
260: 43 96 6d 3a 05 0c e4 52 de a5 97 b6 1d fb 85 9e | C.m:...R........
270: 7d ca 8f 58 b2 9a 91 06 e6 1c e2 4e 6b 4f 72 7a | }..X.......NkOrz
280: 9e 38 2f a7 da b3 17 bd 42 d9 9b 7c b0 ca a5 32 | .8/.....B..|...2
290: 5f 7d 8a 8f 72 ed f5 38 bb 54 ed 13 22 27 c7 09 | _}..r..8.T.."'..
2a0: 0a 3c 89 fa 39 95 74 42 c1 49 02 03 01 00 01 a3 | .<..9.tB.I......
2b0: 15 30 13 30 11 06 09 60 86 48 01 86 f8 42 01 01 | .0.0...`.H...B..
2c0: 04 04 03 02 06 40 30 0d 06 09 2a 86 48 86 f7 0d | [EMAIL PROTECTED]
2d0: 01 01 04 05 00 03 81 81 00 7b 09 c1 82 9d 67 17 | .........{....g.
2e0: 4e 28 96 17 8e f3 42 19 b3 c8 02 91 1b 68 1d 76 | N(....B......h.v
2f0: c5 02 05 cc 93 44 85 59 79 8c 62 e8 0d 0c 52 f3 | .....D.Yy.b...R.
300: 64 a4 e2 11 a1 9b f1 fd 03 07 1b 7f d6 87 8f c8 | d...............
310: 1f ac cd 71 d0 09 3b d9 c2 34 f3 0d af 6d 75 c7 | ...q..;..4...mu.
320: 3e 14 ef dd 0f ec 43 73 b2 2a 15 7d 72 92 c1 bd | >.....Cs.*.}r...
330: 8c 52 c1 a1 96 ed 73 e1 aa d1 4b 6c 22 04 94 38 | .R....s...Kl"..8
340: c4 c0 09 6e dc f6 79 73 03 fe 85 54 24 46 78 85 | ...n..ys...T$Fx.
350: 62 ef 99 96 58 f7 61 36 3d 16 03 01 00 04 0e 00 | b...X.a6=.......
360: 00 00 |..
(866 bytes of 74, with 787 left over)
SSLRecord { [Thu Jun 19 17:15:09 2003]
type = 22 (handshake)
version = { 3,1 }
length = 74 (0x4a)
handshake {
type = 2 (server_hello)
length = 70 (0x000046)
ServerHello {
server_version = {3, 1}
random = {...}
session ID = {
length = 32
contents = {..}
}
cipher_suite = (0x0004) SSL3/RSA/RC4-128/MD5
}
}
}
(866 bytes of 773, with 9 left over)
SSLRecord { [Thu Jun 19 17:15:09 2003]
type = 22 (handshake)
version = { 3,1 }
length = 773 (0x305)
handshake {
type = 11 (certificate)
length = 769 (0x000301)
CertificateChain {
chainlength = 766 (0x02fe)
Certificate {
size = 763 (0x02fb)
data = { saved in file 'cert.001' }
}
}
}
}
(866 bytes of 4)
SSLRecord { [Thu Jun 19 17:15:09 2003]
type = 22 (handshake)
version = { 3,1 }
length = 4 (0x4)
handshake {
type = 14 (server_hello_done)
length = 0 (0x000000)
}
}
]
--> [
0: 16 03 01 00 86 10 00 00 82 00 80 16 63 38 d4 45 | ............c8.E
10: 2b 3c ea a1 c5 ee e1 97 63 f7 53 0d 6e 95 70 ba | +<......c.S.n.p.
20: 9c 16 6b 6d ea bd e0 d5 ef 36 8e 8b 49 48 3a 4d | ..km.....6..IH:M
30: 7c 66 ce b5 73 ee 25 21 7c 6a 06 8d 79 30 89 51 | |f..s.%!|j..y0.Q
40: 88 66 f9 59 45 85 f6 a3 b2 c4 c6 87 09 1c ed 83 | .f.YE...........
50: ba a1 51 9d bb ef 2c 07 44 61 84 87 88 5c b3 11 | ..Q...,.Da...\..
60: fc 6d 42 77 35 2a c9 d3 e2 ba 6c 8c 35 0a 49 76 | .mBw5*....l.5.Iv
70: 2b a0 6e 0f fc f1 f5 34 f1 b4 bb 4a cc d5 07 47 | +.n....4...J...G
80: c6 85 ce df 93 d1 5a 22 62 3f f0 14 03 01 00 01 | ......Z"b?......
90: 01 16 03 01 00 20 b3 9c e5 6b 72 6c 46 14 c3 f8 | ..... ...krlF...
a0: 14 2a cd 88 56 9a 7c 65 08 6e bc 63 d3 b4 c7 04 | .*..V.|e.n.c....
b0: 31 00 2b fe 95 6e |1.+..n
(182 bytes of 134, with 43 left over)
SSLRecord { [Thu Jun 19 17:15:09 2003]
type = 22 (handshake)
version = { 3,1 }
length = 134 (0x86)
handshake {
type = 16 (client_key_exchange)
length = 130 (0x000082)
ClientKeyExchange {
message = {...}
}
}
}
(182 bytes of 1, with 37 left over)
SSLRecord { [Thu Jun 19 17:15:09 2003]
type = 20 (change_cipher_spec)
version = { 3,1 }
length = 1 (0x1)
}
(182 bytes of 32)
SSLRecord { [Thu Jun 19 17:15:09 2003]
type = 22 (handshake)
version = { 3,1 }
length = 32 (0x20)
< encrypted >
}
]
<-- [
0: 15 03 01 00 02 02 32 |......2
(7 bytes of 2)
SSLRecord { [Thu Jun 19 17:15:09 2003]
type = 21 (alert)
version = { 3,1 }
length = 2 (0x2)
fatal: decode error
}
]
Connected to localhost:994
--> [
0: 80 46 01 03 01 00 2d 00 00 00 10 01 00 80 03 00 | .F....-.........
10: 80 07 00 c0 06 00 40 02 00 80 04 00 80 00 00 04 | [EMAIL PROTECTED]
20: 00 fe ff 00 00 0a 00 fe fe 00 00 09 00 00 64 00 | ..............d.
30: 00 62 00 00 03 00 00 06 7f 9c 09 e2 da f5 95 57 | .b.............W
40: 5a fe b5 23 0e f4 b6 3c |Z..#...<
alloclen = 72 bytes
(72 bytes of 72)
[Thu Jun 19 17:14:51 2003] [ssl2] ClientHelloV2 {
version = {0x03, 0x01}
cipher-specs-length = 45 (0x2d)
sid-length = 0 (0x00)
challenge-length = 16 (0x10)
cipher-suites = {
(0x010080) SSL2/RSA/RC4-128/MD5
(0x030080) SSL2/RSA/RC2CBC128/MD5
(0x0700c0) SSL2/RSA/3DES192EDE-CBC/MD5
(0x060040) SSL2/RSA/DES56-CBC/MD5
(0x020080) SSL2/RSA/RC4-40/MD5
(0x040080) SSL2/RSA/RC2CBC40/MD5
(0x000004) SSL3/RSA/RC4-128/MD5
(0x00feff) ????/????????/?????????/???
(0x00000a) SSL3/RSA/3DES192EDE-CBC/SHA
(0x00fefe) ????/????????/?????????/???
(0x000009) SSL3/RSA/DES56-CBC/SHA
(0x000064) TLS/RSA_EXPORT1024/RC4-56/SHA
(0x000062) TLS/RSA_EXPORT1024/DES56_CBC/SHA
(0x000003) SSL3/RSA/RC4-40/MD5
(0x000006) SSL3/RSA/RC2CBC40/MD5
}
session-id = { }
challenge = { 0x7f9c 0x09e2 0xdaf5 0x9557 0x5afe 0xb523 0x0ef4 0xb63c }
}
]
<-- [
0: 16 03 01 00 4a 02 00 00 46 03 01 3e f1 69 f3 70 | ....J...F..>.i.p
10: 74 46 cd f1 f7 60 02 96 0a 94 f7 34 82 76 3b 64 | tF...`.....4.v;d
20: 3c 1f 7b 68 00 06 9c d0 a0 30 1a 20 f7 10 c5 c0 | <.{h.....0. ....
30: d0 d3 03 d8 5b ff 99 95 b4 6f 3b d5 69 cd 46 a5 | ....[....o;.i.F.
40: a3 70 41 9d 38 17 aa 47 ae f5 de 89 00 04 00 16 | .pA.8..G........
50: 03 01 03 05 0b 00 03 01 00 02 fe 00 02 fb 30 82 | ..............0.
60: 02 f7 30 82 02 60 a0 03 02 01 02 02 01 00 30 0d | ..0..`........0.
70: 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 81 b5 | ..*.H........0..
80: 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0b 30 | 1.0...U....US1.0
90: 09 06 03 55 04 08 13 02 4e 59 31 11 30 0f 06 03 | ...U....NY1.0...
a0: 55 04 07 13 08 4e 65 77 20 59 6f 72 6b 31 1c 30 | U....New York1.0
b0: 1a 06 03 55 04 0a 13 13 43 6f 75 72 69 65 72 20 | ...U....Courier
c0: 4d 61 69 6c 20 53 65 72 76 65 72 31 2d 30 2b 06 | Mail Server1-0+.
d0: 03 55 04 0b 13 24 41 75 74 6f 6d 61 74 69 63 61 | .U...$Automatica
e0: 6c 6c 79 2d 67 65 6e 65 72 61 74 65 64 20 49 4d | lly-generated IM
f0: 41 50 20 53 53 4c 20 6b 65 79 31 12 30 10 06 03 | AP SSL key1.0...
100: 55 04 03 13 09 6c 6f 63 61 6c 68 6f 73 74 31 25 | U....localhost1%
110: 30 23 06 09 2a 86 48 86 f7 0d 01 09 01 16 16 70 | 0#..*.H........p
120: 6f 73 74 6d 61 73 74 65 72 40 65 78 61 6d 70 6c | [EMAIL PROTECTED]
130: 65 2e 63 6f 6d 30 1e 17 0d 30 33 30 36 31 38 32 | e.com0...0306182
140: 33 35 37 32 30 5a 17 0d 30 34 30 36 31 37 32 33 | 35720Z..04061723
150: 35 37 32 30 5a 30 81 b5 31 0b 30 09 06 03 55 04 | 5720Z0..1.0...U.
160: 06 13 02 55 53 31 0b 30 09 06 03 55 04 08 13 02 | ...US1.0...U....
170: 4e 59 31 11 30 0f 06 03 55 04 07 13 08 4e 65 77 | NY1.0...U....New
180: 20 59 6f 72 6b 31 1c 30 1a 06 03 55 04 0a 13 13 | York1.0...U....
190: 43 6f 75 72 69 65 72 20 4d 61 69 6c 20 53 65 72 | Courier Mail Ser
1a0: 76 65 72 31 2d 30 2b 06 03 55 04 0b 13 24 41 75 | ver1-0+..U...$Au
1b0: 74 6f 6d 61 74 69 63 61 6c 6c 79 2d 67 65 6e 65 | tomatically-gene
1c0: 72 61 74 65 64 20 49 4d 41 50 20 53 53 4c 20 6b | rated IMAP SSL k
1d0: 65 79 31 12 30 10 06 03 55 04 03 13 09 6c 6f 63 | ey1.0...U....loc
1e0: 61 6c 68 6f 73 74 31 25 30 23 06 09 2a 86 48 86 | alhost1%0#..*.H.
1f0: f7 0d 01 09 01 16 16 70 6f 73 74 6d 61 73 74 65 | .......postmaste
200: 72 40 65 78 61 6d 70 6c 65 2e 63 6f 6d 30 81 9f | [EMAIL PROTECTED]
210: 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 | 0...*.H.........
220: 81 8d 00 30 81 89 02 81 81 00 be 4d 1b 55 73 aa | ...0.......M.Us.
230: 11 4e ca c3 fb 0b 13 98 f8 c0 44 97 42 d3 ae f0 | .N........D.B...
240: f2 33 12 e9 76 7e 29 3c e1 a4 4c 8d 69 ae 81 7f | .3..v~)<..L.i...
250: 88 c7 bb 0c c9 11 db 92 8c 97 60 8d bd 6a 96 10 | ..........`..j..
260: 43 96 6d 3a 05 0c e4 52 de a5 97 b6 1d fb 85 9e | C.m:...R........
270: 7d ca 8f 58 b2 9a 91 06 e6 1c e2 4e 6b 4f 72 7a | }..X.......NkOrz
280: 9e 38 2f a7 da b3 17 bd 42 d9 9b 7c b0 ca a5 32 | .8/.....B..|...2
290: 5f 7d 8a 8f 72 ed f5 38 bb 54 ed 13 22 27 c7 09 | _}..r..8.T.."'..
2a0: 0a 3c 89 fa 39 95 74 42 c1 49 02 03 01 00 01 a3 | .<..9.tB.I......
2b0: 15 30 13 30 11 06 09 60 86 48 01 86 f8 42 01 01 | .0.0...`.H...B..
2c0: 04 04 03 02 06 40 30 0d 06 09 2a 86 48 86 f7 0d | [EMAIL PROTECTED]
2d0: 01 01 04 05 00 03 81 81 00 7b 09 c1 82 9d 67 17 | .........{....g.
2e0: 4e 28 96 17 8e f3 42 19 b3 c8 02 91 1b 68 1d 76 | N(....B......h.v
2f0: c5 02 05 cc 93 44 85 59 79 8c 62 e8 0d 0c 52 f3 | .....D.Yy.b...R.
300: 64 a4 e2 11 a1 9b f1 fd 03 07 1b 7f d6 87 8f c8 | d...............
310: 1f ac cd 71 d0 09 3b d9 c2 34 f3 0d af 6d 75 c7 | ...q..;..4...mu.
320: 3e 14 ef dd 0f ec 43 73 b2 2a 15 7d 72 92 c1 bd | >.....Cs.*.}r...
330: 8c 52 c1 a1 96 ed 73 e1 aa d1 4b 6c 22 04 94 38 | .R....s...Kl"..8
340: c4 c0 09 6e dc f6 79 73 03 fe 85 54 24 46 78 85 | ...n..ys...T$Fx.
350: 62 ef 99 96 58 f7 61 36 3d 16 03 01 00 04 0e 00 | b...X.a6=.......
360: 00 00 |..
(866 bytes of 74, with 787 left over)
SSLRecord { [Thu Jun 19 17:14:51 2003]
type = 22 (handshake)
version = { 3,1 }
length = 74 (0x4a)
handshake {
type = 2 (server_hello)
length = 70 (0x000046)
ServerHello {
server_version = {3, 1}
random = {...}
session ID = {
length = 32
contents = {..}
}
cipher_suite = (0x0004) SSL3/RSA/RC4-128/MD5
}
}
}
(866 bytes of 773, with 9 left over)
SSLRecord { [Thu Jun 19 17:14:51 2003]
type = 22 (handshake)
version = { 3,1 }
length = 773 (0x305)
handshake {
type = 11 (certificate)
length = 769 (0x000301)
CertificateChain {
chainlength = 766 (0x02fe)
Certificate {
size = 763 (0x02fb)
data = { saved in file 'cert.001' }
}
}
}
}
(866 bytes of 4)
SSLRecord { [Thu Jun 19 17:14:51 2003]
type = 22 (handshake)
version = { 3,1 }
length = 4 (0x4)
handshake {
type = 14 (server_hello_done)
length = 0 (0x000000)
}
}
]
--> [
0: 16 03 01 00 86 10 00 00 82 00 80 1a cf 13 a0 61 | ...............a
10: 29 57 04 09 d6 e0 21 3a 9d 23 72 62 41 bc 92 f6 | )W....!:.#rbA...
20: 3f 94 7c c7 ba d8 1f b1 61 62 16 75 ce a3 8d df | ?.|.....ab.u....
30: d4 0f b8 2a b4 95 55 0f ed c5 d0 2c 92 b9 a4 e7 | ...*..U....,....
40: 87 45 f4 4b 30 9d 90 92 3c 20 8a 38 eb f5 e0 83 | .E.K0...< .8....
50: 4e 10 34 ab 01 35 cf 8a 65 ce 8a 6c 10 18 57 7c | N.4..5..e..l..W|
60: 25 91 fc 2b ce 38 bd b5 91 41 8b 95 76 03 79 3c | %..+.8...A..v.y<
70: fb 30 a7 e5 b5 8c 02 94 4a 2f d6 d3 20 1c 87 d7 | .0......J/.. ...
80: 9c 61 10 5e 7b bd 8f f7 0d 33 79 14 03 01 00 01 | .a.^{....3y.....
90: 01 16 03 01 00 20 d2 52 65 f9 08 03 0e 8f 9f 5b | ..... .Re......[
a0: f1 43 ca 44 b4 b4 dc 07 12 69 22 57 58 4d 85 f8 | .C.D.....i"WXM..
b0: 65 29 ef be d0 f4 |e)....
(182 bytes of 134, with 43 left over)
SSLRecord { [Thu Jun 19 17:14:51 2003]
type = 22 (handshake)
version = { 3,1 }
length = 134 (0x86)
handshake {
type = 16 (client_key_exchange)
length = 130 (0x000082)
ClientKeyExchange {
message = {...}
}
}
}
(182 bytes of 1, with 37 left over)
SSLRecord { [Thu Jun 19 17:14:51 2003]
type = 20 (change_cipher_spec)
version = { 3,1 }
length = 1 (0x1)
}
(182 bytes of 32)
SSLRecord { [Thu Jun 19 17:14:51 2003]
type = 22 (handshake)
version = { 3,1 }
length = 32 (0x20)
< encrypted >
}
]
<-- [
0: 14 03 01 00 01 01 16 03 01 00 20 93 d8 67 af 49 | .......... ..g.I
10: 8f d5 a9 e8 cd 23 c8 63 b4 e5 2b d6 2d f5 b7 6a | .....#.c..+.-..j
20: 95 06 01 05 85 c4 d0 79 7f 9f c3 |.......y...
(43 bytes of 1, with 37 left over)
SSLRecord { [Thu Jun 19 17:14:51 2003]
type = 20 (change_cipher_spec)
version = { 3,1 }
length = 1 (0x1)
}
(43 bytes of 32)
SSLRecord { [Thu Jun 19 17:14:51 2003]
type = 22 (handshake)
version = { 3,1 }
length = 32 (0x20)
< encrypted >
}
]
<-- [
0: 17 03 01 00 80 65 3b bb c2 6d 4d 8a 97 0f f3 60 | .....e;..mM....`
10: 72 b8 84 07 47 c3 81 b3 6e 34 66 2e 9a 82 74 55 | r...G...n4f...tU
20: c6 0c f6 80 1e 16 eb d4 6c 46 e3 e7 61 81 ed cf | ........lF..a...
30: 01 d2 81 bc 29 bf 01 af ba 6f 81 10 74 00 f2 69 | ....)....o..t..i
40: 95 79 e4 3e 42 b9 d6 6e 42 26 06 eb a7 0e 26 e7 | .y.>B..nB&....&.
50: 94 43 96 10 77 5a f2 aa b5 40 ab a5 2b e8 9a de | [EMAIL PROTECTED]
60: 29 9e d4 54 ad a2 5c 0d 3a c8 3d f7 0f 8e 2f 49 | )..T..\.:.=.../I
70: f1 ef 25 10 44 39 9b 2e e6 6d 06 b9 58 78 11 c8 | ..%.D9...m..Xx..
80: cb 79 85 94 df |.y...
(133 bytes of 128)
SSLRecord { [Thu Jun 19 17:14:51 2003]
type = 23 (application_data)
version = { 3,1 }
length = 128 (0x80)
< encrypted >
}
]
Read EOF on Client socket. [Thu Jun 19 17:14:53 2003]
Read EOF on Server socket. [Thu Jun 19 17:14:53 2003]
#include <stdio.h>
#include <nspr.h>
#include <prthread.h>
#include "nss.h" /* Don't use <> here or it will include the system nss.h instead
*/
#include <ssl.h>
#include <glib.h>
struct _info {
char *host;
int port;
};
static SECStatus
ssl_bad_cert (void *data, PRFileDesc *sockfd)
{
printf("got 'bad cert', returning 'ok'\n");
return SECSuccess;
}
static void child(struct _info *info)
{
PRNetAddr netaddr;
PRFileDesc *fd;
PRFileDesc *ssl_fd;
char buffer[1024];
int len;
PRHostEnt hostEntry;
PRSocketOptionData socketOption;
printf("looking up host '%s:%d'\n", info->host, info->port);
if (PR_GetHostByName(info->host, buffer, sizeof(buffer), &hostEntry) ==
PR_FAILURE) {
printf("gethostbyname failed: '%s'\n", PR_ErrorToString(PR_GetError(),
0));
return;
}
if (PR_EnumerateHostEnt(0, &hostEntry, info->port, &netaddr) == PR_FAILURE) {
printf("enumeratehostent failed: '%s'\n",
PR_ErrorToString(PR_GetError(), 0));
return;
}
fd = PR_OpenTCPSocket (netaddr.inet.family);
if (fd == NULL) {
printf("opentcpsocket failed '%s'\n", PR_ErrorToString(PR_GetError(),
0));
return;
}
socketOption.option = PR_SockOpt_Nonblocking;
socketOption.value.non_blocking = PR_FALSE;
if (PR_SetSocketOption(fd, &socketOption) == PR_FAILURE)
printf("setsocketoption failed: '%s'\n",
PR_ErrorToString(PR_GetError(), 0));
ssl_fd = SSL_ImportFD (NULL, fd);
SSL_OptionSet(ssl_fd, SSL_SECURITY, PR_TRUE);
SSL_OptionSet(ssl_fd, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
SSL_OptionSet(ssl_fd, SSL_ENABLE_TLS, PR_TRUE);
SSL_OptionSet(ssl_fd, SSL_ENABLE_SSL2, PR_TRUE);
SSL_OptionSet(ssl_fd, SSL_ENABLE_SSL3, PR_TRUE);
SSL_SetURL(ssl_fd, info->host);
SSL_BadCertHook (ssl_fd, ssl_bad_cert, info);
if (PR_Connect (fd, &netaddr, PR_INTERVAL_NO_TIMEOUT) == PR_FAILURE) {
printf("connection failed: %s\n", PR_ErrorToString(PR_GetError(), 0));
return;
} else {
printf("connect ok\n");
}
if (SSL_ResetHandshake (ssl_fd, FALSE) == SECFailure) {
printf("reset handshake failed: %s\n", PR_ErrorToString(PR_GetError(),
0));
return;
}
if (SSL_ForceHandshake (ssl_fd) == SECFailure) {
printf("forcehandshake failed: %s\n", PR_ErrorToString(PR_GetError(),
0));
return;
}
len = PR_Read(ssl_fd, buffer, sizeof(buffer));
if (len == -1)
printf("read failed: %s\n", PR_ErrorToString(PR_GetError(), 0));
else
printf("got server greeting: '%.*s'\n", len, buffer);
printf("done ?\n");
}
int main(int argc, char **argv)
{
struct _info ximian = { "imap.ximian.com", 993 };
struct _info local = { "localhost", 1924 };
PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 10);
if (NSS_InitReadWrite ("/home/notzed/evolution") == SECFailure) {
/* fall back on using volatile dbs? */
if (NSS_NoDB_Init ("/home/notzed/evolution") == SECFailure) {
printf("Failed to initialize NSS");
return -1;
}
}
NSS_SetDomesticPolicy ();
/*SSL_OptionSetDefault (SSL_ENABLE_SSL2, PR_TRUE);*/
SSL_OptionSetDefault (SSL_ENABLE_SSL3, PR_TRUE);
/*SSL_OptionSetDefault (SSL_ENABLE_TLS, PR_TRUE);
SSL_OptionSetDefault (SSL_V2_COMPATIBLE_HELLO, PR_TRUE maybe?);*/
if (argc > 1) {
child(&ximian);
child(&local);
} else {
child(&local);
child(&ximian);
}
}
