I have an issue where I have an INTENTIONAL man in the middle: two SSL stacks, and the certificate provided by the server RESIGNED by a local CA (on the fly), WHICH THE CLIENT TRUSTS (there is no funny business going on: the client is intentionally using a MITM to inspect traffic on its behalf).
So far, I've just been setting up two SSL sessions: client to MITM, and MITM to server. Obviously the Client Hello challenges (client to MITM and MITM to server) will be different. Here's my issue, in some cases, after receiving the server certificate, I may want to simply stitch the two ends together and drop out of the communication. I figure I can do this if the MITM and client SSL state are identical up to this point. That requires using the same SSL version, certificate suite, session ID, and challenge in the two Client Hello messages. SSL version and certificate suite are easy to set. But, is there an openssl call to EXPLICITLY set the challenge sequence? (I'm not worrying about session resumption at this point.)
