[[EMAIL PROTECTED] - Wed Dec 4 09:59:14 2002]:
> Hi,
>
> While using openssl to test caching of session id's, I noticed that
the
> session id of SSLv2 is not being extracted out of the message
correctly.
>
> The spec (http://wp.netscape.com/eng/security/SSL_2.html) says that
the
> server_finished message is of the following format:
>
> char MSG-SERVER-FINISHED
> char SESSION-ID-DATA[N-1]
>
> Where MSG-SERVER-FINISHED is specified as 0x06.
>
> When I do
>
> $ openssl s_client -ssl2 -connect www.openssl.org:443
>
> then the openssl _always_ reports the session id as starting with
0x06,
> which is clearly not correct.
>
> It would appear that the SSLv2 code is not correctly skipping over
the
> MSG-SERVER-FINISHED char.
Thanks. Your analysis is correct. I have just checked in an according
patch, resolving the ticket.
Best regards,
Lutz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]