Olga Kornievskaia wrote:
>
> Hi,
>
> I work at the Center for Information Technology Integration (CITI)
> (affiliated with the University of Michigan) and in the past year I've
> been working on a project that makes use of openssl. The results are
> reflected in the August 2001 USENIX Security paper ("Kerberized
> Credential Translation: A Solution to Web Access Control", available from
> USENIX web site: http://www.usenix.org/events/sec01). We modified the
> OpenSSL handshake code to get a transcript of an SSL handshake (no
> protocol modification were done) the reasons are stated in the paper.
> Modifications to the library are minimal (under 200 lines of code) and
> include a new data structure and calls to a function that saves the
> incoming and outgoing handshake messages. Files that are affected are:
> s23_srvr.c, s3_pkt.c, s3_srvr.c, ssl.h. You can look at the patch
> http://www.citi.umich.edu/u/aglo/code/openssl/patch-0.9.6a
> What I would like to know if it would be possible to incorporate these
> changes and make them a part of the default distribution.
This code doesn't clean up the memory it uses, nor does it use OpenSSL's
memory allocation.
It also appears to change the behaviour of OpenSSL (it sets renegotiate)
- why?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
