Re: SGC support in OpenSSL

Christian Buysschaert Fri, 7 Jan 2000 14:58:23 -0800
Hello Bertie,

Oh, I already tried that... as you indicated this is about
the type of problem I still could understand ;-) but it didn't
worked. I haven't checked in detail how your patch differs from
Steve's patch included in OpenSSL v0.9.5 but the latter seems
to work for me. We're starting soon a semi-public test to see
if it works with most IEs (unfortunately our roots are only
SGC enabled for Microsoft since IE5.01, NTSP6 or Win2000 - yep,
Service Pack, browser update all sufficient to get new roots
stuffed in your browser... commercially pretty good, security-wise
pretty creepy ;-) ).

Christian.

_____________________________________________
Christian Buysschaert mailto:[EMAIL PROTECTED]
GlobalSign nv-sa      http://www.globalsign.net

Get Your FREE Class 1 Demo Certificate at
http://www.globalsign.net/wizard/index.htm

----- Original Message -----
From: "Adrian Peck" <[EMAIL PROTECTED]>
To: "Christian Buysschaert" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, January 05, 2000 4:59 PM
Subject: Re: SGC support in OpenSSL


> At 03:47 PM 1/1/00 +0100, Christian Buysschaert wrote:
> >Hello Bertie,
> >
> >Thanks for providing this patch!
> >
> >I've been testing it but have been unsuccessful in getting it
> >to work. I'll provide my setup here perhaps somebody could
> >point out some things I've been doing wrong?
> >
>
> There was a simple problem with the patch I provided in my initial mail. I
> was checking that the incoming packet was an SSL 3.0 packet, this worked
> for me as it was what my Explorer was setup to use, however if your
browser
> was using TLS 3.1 then my patch wouldn't come into effect.
>
> In short in ssl/s3_srvr.c change
>                           if ( b && b->length >= 6 && b->data[0] == 0x16
&&
> b->data[1] == 0x03 &&
>                                b->data[2] == 0x00 && b->data[5] == 0x01 )
>                           {
>        s->state=SSL_ST_ACCEPT;
>                             break;
>                           }
> to
>                           if ( b && b->length >= 6 && b->data[0] == 0x16
&&
> b->data[1] == 0x03 &&
>                                b->data[5] == 0x01 )
>                           {
>        s->state=SSL_ST_ACCEPT;
>                             break;
>                           }
>
> Note the removal of the b->data[2] == 0x00 condition. This was restricting
> the fix to SSL minor version 0
>
> Let me know if this helps.
>
> Bertie
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: SGC support in OpenSSL

Reply via email to
