On Tue, Aug 08, 2000 at 12:51:52PM -0500, [EMAIL PROTECTED] wrote:
> Hello there,
>
> I would like to use OpenSSL to do the following:
>
> Send an alert message with level of fatal that results in immediate
> termination of the connection.
> Then also check that the session identifier is invalidated, preventing the
> failed session from being used to establish new connections.
>
> Thus far my script has something like this to open the connection:
>
> echo " GET /" | ./openssl s_client -connect $ip:443 -cipher EXP-RC4-MD5
> -ssl3 >> test
>
> Does anyone have any idea how I could send the alert to terminate the
> connection then attempt
> to recconnect using the same session identifier.
You'll need to complete the handshake first to get a valid session.
So you have to 'fake' a failure alert. Look for a routine
in crypto/ssl directory that sends the alert, and use that.
Then try to resume the session with the same session id.
You will probably have to diddle the source to make the appropriate
alert routine callable from your code. You can start with s_client.c
as a base and modify that.
You might spend some time watching s_client under a debugger, that can
be instructive.
--
Eric Murray http://www.lne.com/ericm ericm at lne.com PGP keyid:E03F65E5
Security consulting: secure protocols, security reviews, standards, smartcards.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
