The problem is that if I use SSLv3_method to connect to a client that
supports SSLv2 ONLY. Then we function ssl3_get_record always returns "WRONG
VERSION NUMBER". Should I try to connect again with SSLv2_method??
On Sat, Sep 09, 2000 at 09:19:34AM +0800, Fung wrote:
> If you look at the source code, you will see the following
> static int ssl3_get_record(SSL *s)
> [...skipped]
> n=ssl3_read_n(s,SSL3_RT_HEADER_LENGTH,
> SSL3_RT_MAX_PACKET_SIZE,0);
> if (n <= 0) return(n); /* error or non-blocking */
> s->rstate=SSL_ST_READ_BODY;
>
> p=s->packet;
>
> /* Pull apart the header into the SSL3_RECORD */
> rr->type= *(p++);
> ssl_major= *(p++); <-- WRONG!!
> ssl_minor= *(p++); <-- WRONG!!
> version=(ssl_major<<8)|ssl_minor;
> n2s(p,rr->length);
>
> If you smart enough, you will see that ssl_major and ssl_minor is wrongly
> assigned and will NEVER get the correct version. Because the version
number
> is stored at the 3rd and the 4th byte of p.
According to what specification?! According to RFC 2246 (and,
similarly, the SSL 3.0 drafts), the version number immediately follows
the ContentType byte. And that's also where it is located in real life:
$ openssl s_client -debug -connect www.microsoft.com:443
[...]
read from 00156C48 [0015E320] (7 bytes => 7 (0x7))
0000 - 16 03 01 02 a9 02 ......
0007 - <SPACES/NULS>
[...]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
