On Mon, 2015-02-16 at 20:23 +, Matt Caswell wrote:
I've updated
https://wiki.openssl.org/index.php/1.1_API_Changes#Things_that_Broke_in_OpenConnect
I can either update my code to create the ASN.1 for itself and use
d2i_SSL_SESSION() relying on the patch above, or I can implement
On Mon, 2015-02-16 at 13:25 +, Matt Caswell wrote:
That sounds like a bug. I can't think of a reason why this should
exclude DTLS.
This fixes it to work with DTLS1_BAD_VER too:
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 3eaee1d..6e20a1f 100644
--- a/ssl/ssl_asn1.c
+++
On 16/02/15 17:33, David Woodhouse wrote:
On Mon, 2015-02-16 at 13:25 +, Matt Caswell wrote:
That sounds like a bug. I can't think of a reason why this should
exclude DTLS.
This fixes it to work with DTLS1_BAD_VER too:
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index
The Cisco AnyConnect VPN protocol establishes a connection over HTTPS
and negotiates parameters (cipher, master secret session ID) for a
DTLS connection which is then resumed.
The OpenConnect VPN client handles this by using SSL_SESSION_new(),
manually setting the appropriate fields in the
On 16/02/15 12:45, David Woodhouse wrote:
The Cisco AnyConnect VPN protocol establishes a connection over HTTPS
and negotiates parameters (cipher, master secret session ID) for a
DTLS connection which is then resumed.
The OpenConnect VPN client handles this by using SSL_SESSION_new(),
I played with manually creating the ASN.1 representation of a session
and feeding it to d2i_SSL_SESSION() but that fails because ssl_version
is 0x100 (DTLS1_BAD_VER) and d2i_SSL_SESSION() only works if the SSL
version major is = SSL3_VERSION_MAJOR.
That sounds like a bug. I can't think of a
On Mon, Feb 16, 2015 at 02:16:15PM -, David Woodhouse wrote:
What fields do you need access to?
Basically just SSL version, cipher, master secret and session ID. Enough
to fake resuming a session that never really existed.
Does the constructed DTLS session re-use the parameters of the
On Mon, Feb 16, 2015 at 02:16:15PM -, David Woodhouse wrote:
What fields do you need access to?
Basically just SSL version, cipher, master secret and session ID. Enough
to fake resuming a session that never really existed.
Does the constructed DTLS session re-use the parameters of