> From: MacDermid, Kenny > Sent: Wednesday, November 24, 2004 8:33 AM > To: [EMAIL PROTECTED] > Subject: RE: Reverse engineering program protocol under ssl > > > > From: Peter Sylvester > > > > http://www.rtfm.com/ssldump/ > > Thank you for your reply Peter, > > Unfortunately I already looked into this, and found that I > would need the > server keys. All I have is the client application, and a production > server that it communicates back to.
I would assume the client is simply checking that the server certificate matches the hostname and is properly signed by a trusted root. My application performs a man in the middle by first examining known root stores and adding its own CA. The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]