Negative flow in the sense, checking the behaviour of client when the server sends wrong messages, changes the sequence of messages while sending or sends HelloRequest message at different levels etc.
Using openssl server i can test things like expired certificate, backward compatibility etc.....but not the one i have mentioned above i think :-(
Regarding ssleay.c, I doubt if it says anything related to formatting of handshake messages!
anyways my research is on and will update u if m thru in this.
Thanks a lot for the help
regards girish
From: Gilad Finkelstein <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,[EMAIL PROTECTED]
Subject: RE: Configuring SSL Handshake
Date: Mon, 11 Aug 2003 18:13:03 +0200
Hi girish, As I said I am no wizard in ssl internals :-( however what do you mean in negative flow ? do you refer ssl handshake failure ?
I am now trying using the libwww-perl with the SSLeay for client authentication against an apache server running mod_ssl (something like the s_server util) and it should work (alas it is for https connections) I think you should look at the SSleay.c code that comes with CRypt-SSleay-0.5.1 it is generated by the Ssleay.xs perl wrapper and should give you good idea on how things are done in a web application which should not be to hard to copy into any other server.
Actually I need to learn that my self since I am now trying to enable ENGINE
openssl concept in the perl library (so that one can use hardware keys for
perl client authentication)
Sorry for not being able to be more specific but this stuff is new for me too :-)
Gilad
-----Original Message----- From: Girish Hegde [mailto:[EMAIL PROTECTED] Sent: Monday, August 11, 2003 4:52 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Configuring SSL Handshake
Hi Gilad,
First of all let me thank you for the kind positive response.
Yes, I am using the SSLeay libraries for the handshake thing to be done, to test the positive flow.
But by using those APIs i cannot do the testing for negtive flow, i started writing a TCP/IP server(non SSL) and tried to send the messages( like ServerHello, ServerHelloDone etc) mannually. I created the structures as defined in the SSL drafts in perl and tried to send them to the SSL Client.
But it always says 1344:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:.\ssl\s23_clnt.c:475:
I even tweeked into the ssl/s23_clnt.c code, which gave me no proper reason why is it failing :(
I have also used the s_server.exe provided with Openssl to test some of the negative flows, but even that has no option to configure the handshake messages, like changing the sequence of messages, changing the format of messages, not sending some of the messages etc.
I am not using HTTPS as it is not a web application!
Can you pls let me know if i can do anything other than this to format the messages and send the same to the SSL client?
Thanks a lot regards girish
>From: Gilad Finkelstein <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: "'[EMAIL PROTECTED]'"
><[EMAIL PROTECTED]>,[EMAIL PROTECTED]
>Subject: RE: Configuring SSL Handshake
>Date: Mon, 11 Aug 2003 13:24:33 +0200
>
>Hi Girish,
>I do not now if you can change / configure the SSL Handshake message and
>there is probably no need to do so anyway.
>There is a perl library for html (if that is your final goal) called
>libwww-perl and it uses openssl as it's crypto and ssl engine for https
>connections
>I use it to do things like connecting to an ssl server (letting the library
>do the hard work of ssl handshake)
>The code that translate things from perl to openssl C (actually it is
>Crypt-SSLeay-05.51 but there are other alternatives) can help you figure
>out
>how to write your own ssl handshake for non web servers (like your echo
>server).
>
>Gilad
>
>-----Original Message-----
>From: Girish Hegde [mailto:[EMAIL PROTECTED]
>Sent: Monday, August 11, 2003 7:17 AM
>To: [EMAIL PROTECTED]
>Cc: [EMAIL PROTECTED]
>Subject: Configuring SSL Handshake
>
>
>Hello there,
>
>This is my 3rd or 4th request for the group. Pls if any one has any clue
>about this, reply me.
>
>I am trying to test an SSL compliant Client application with a dummy echo
>server i have written in PERL.
>Is there any way to configure the SSL Handshake messages, change the
>sequences etc?
>
>Since all these are done internally by OpenSSL, how can acheive this in
>PERL?
>
>
>Pls reply me as soon as possible......I m in a DARK ROOM AT PRESENT :((
>
>Thanks and regards
>Girish
>
>_________________________________________________________________
>Dress up your desktop! Get the best wallpapers.
>http://server1.msn.co.in/msnchannels/Entertainment/wallpaperhome.asp Just
>click here!
>
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>Development Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>Development Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
_________________________________________________________________ Dress up your desktop! Get the best wallpapers. http://server1.msn.co.in/msnchannels/Entertainment/wallpaperhome.asp Just click here!
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
_________________________________________________________________
The Six Sigma edge. Give it to your business. http://server1.msn.co.in/features/6sigma Stay ahead!
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
