Jeffrey Altman <[EMAIL PROTECTED]>:
>> Without some alternative mode of server authentication, of course,
>> Anon DH remains a pretty scary proposition -- all the more so because it
>> implies a level of trustworthiness that it can not provide.
> In the telnet protocol we would like to use Anon-DH in conjunction
> with RFC 1416 based telnet authentication protocols that provide for
> mutual authentication. But in order to ensure that there is no MITM
> we need to verify during the authentication the finish messages of the
> client and server. Unfortunately, none of the SSL/TLS libraries
> provide a clean method for an application to retrieve this
> information. Nor do the authors appear to want to add such
> functionality as they believe it violates some architectural design.
I am willing to add such functions (or I wouldn't have proposed to use
the Finished message in the first place) and don't recall anyone
stating that it violates the, ahem, design of the library. This also
provides an opportunity to clean up the pertinent library internals
somewhat -- s->s3->tmp.finished_md is currently also abused for client
certificate verification (this contradicts source code comments
somewhere else); we could use separate buffers for such verification,
for the client finished message, and for the server finished message.
Then it would be easy to add functions
size_t SSL_get_client_finished(void *buf, size_t count);
size_t SSL_get_server_finished(void *buf, size_t count);
or something like that (I don't want to hand out pointers to the
internal buffers because their content may change if renegotiation
occurs, and application bugs related to this would likely stay
unnoticed).
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
