4) Handshake "headers" are omitted in the signature computation in both CertificateVerify and Finished messages. (RFC 4347 does not clearly state what is to be included. However, according to the TLS v1.1 (RFC 4346), it shall be the complete handshake message, starting from Handshake.msg_type. However, OpenSSL starts at Handshake.body)
4347 specifies that signature computation must be insensitive to fragmentation. Handshake header is not same as in TLS and payload is therefore natural choice for such invariant. Would you suggest to hash fictitious header with message type and length? Have you asked for comment on this elsewhere? A.
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
