Actually, I'm trying to do this very thing. I had not heard of ssldump
and now I'm kicking myself. You should definitely use this ssldump
thing. What I was eventually going to do, which you could do also, is
find out what address is the call to SSL_verify or whatever that checks
the integrity of signed certificates, and replace it with a move
$1,%eax or something... you get the point. Or search for certificate
like strings in the executable or use something like pedump. (I"m
assuming this is a windows program, linux programmers don't encrypt
their protocols), and then you can pull out the certificate that the
client uses to make sure its talking to the right server instead of to,
in this case, ssldump.
Unfortunately, I'm too far gone to use ssldump, I already have a
complete TCP stack and though it annoys me to find out that yes, such a
program like I am writing exists, it can't be quite as hardcore can it?
Good luck though.
- Peter
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
