I think I found the state callbacks and structure members I need. Sorry for the spam.
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On Behalf Of Rene Hollan Sent: Tuesday, September 01, 2009 2:59 PM To: openssl-dev@openssl.org Subject: getting/setting challenge bits from Client Hello? Hi, all. I have a need to retrieve the challenge bits from a Client Hello message I receive and set them in a Client Hello message I send. Why? I have an (intentional) MITM SSL proxy where two sessions (client->proxy and proxy->server) are set up so that traffic can be decrypted and examined before being sent to the real client. The proxy builds a new server cert chain by (re-)signing the server's cert with its own CA cert (that the client trusts - there is no tomfoolery here: the proxy serves to inspect encrypted traffic on the client's behalf). Here's the problem: sometimes we want to just stitch the client and server directly, without going through the proxy. Some clients do not offer the opportunity to import a new trusted CA cert (generally for specific applications communicating with application-specific servers, so they have hard-coded trusted certs). We'd like to do this AFTER receiving the Server Certificate, but BEFORE completing the DH exchange. The idea is as follows: 1) Accept the Client Hello from the client, with version, challenge bytes, and cipher suite. 2) Set the proxy Client Hello with the same version, challenge bytes, and cipher suite. 3) Have the proxy negotiate with the server until a server cert chain is received. Remember the Server Hello and Server Cert Chain. 4) Examine the Server Cert and decide to proxy (step 5) or bypass (step 6) 5) Proxy: operate as usual, resign received server cert and set it in client->proxy SSL session. Decrypt and Reencrypt traffic as normal. 6) The Proxy->Server SSL instance has sent the SAME Client Hello to the server that the Client->Proxy SSL instance received. The two SSL instances have the same internal state.[1] Send the remembered Server Hello and Server Cert Chain directly to the client and proxy at the TCP layer only. [1] This should work so long as no part of the Client Hello is cryptographically related to a "secret" that the Client has. If it were, the proxy would not know it and we could not proxy at the decrypted SSL layer. The general requirement is to be able to obtain the state of one SSL session and what received packet put it in that state and initialize another SSL session to the previous state necessary for it to advance to the same state after sending the same packet. Any ideas about where to look at hooking the necessary callbacks in to get such internal state changes and to set such internal states?
