Paper sounds interesting, but unfortunately one has to be a usenix member to read it. Any other url?
Rather then changes to SSL, did you look at using a BIO to push onto the SSL BIO so you could trap the handshake without modifications? Not clear from your patch if this was good enough, or if you really needed additional modifications to the handshake. How does this relate to: Addition of Kerberos Cipher Suites to Transport Layer Security (TLS) (RFC 2712) http://www.ietf.org/rfc/rfc2712.txt Olga Kornievskaia wrote: > > Hi, > > I work at the Center for Information Technology Integration (CITI) > (affiliated with the University of Michigan) and in the past year I've > been working on a project that makes use of openssl. The results are > reflected in the August 2001 USENIX Security paper ("Kerberized > Credential Translation: A Solution to Web Access Control", available from > USENIX web site: http://www.usenix.org/events/sec01). We modified the > OpenSSL handshake code to get a transcript of an SSL handshake (no > protocol modification were done) the reasons are stated in the paper. > Modifications to the library are minimal (under 200 lines of code) and > include a new data structure and calls to a function that saves the > incoming and outgoing handshake messages. Files that are affected are: > s23_srvr.c, s3_pkt.c, s3_srvr.c, ssl.h. You can look at the patch > http://www.citi.umich.edu/u/aglo/code/openssl/patch-0.9.6a > What I would like to know if it would be possible to incorporate these > changes and make them a part of the default distribution. > > Thank you, > > -Olga > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
