> Thanks for the reply. I've read Netscape's SSL 3.0 draft twice...most of
> the information is simply data type specification in Baukus Naur Form
> with no reference to the construction of the packet itself.
Since SSL is layered on top of a byte-stream protocol, there won't be any
specifications for packets.
> For
> instance, it outlines several higher-level data types within the
> protocol (SSLPlaintext, SSLCompressed, SSLCiphertext) and their
> component types (type, version, length, fragment, etc.), but with no
> useful information as to where such data is located in the packet.
Because the protocol is not defined in terms of packets, it's defined in
terms of objects that are streamed across a byte-stream link.
> I
> need to be able to map a struct{} data type over the packet headers, so
> some sort of detailed specification (e.g., "bits 0 - 7 are flag bits
> with the following possible values, bits 9-23 are ...") is necessary.
If you need to do that, then you're going to be out of luck. The protocol
is not specified in terms of fixed-byte objects. It's specified in terms of
objects that contain sub-objects. Each object and sub-object contains its
length within it.
If you're not familiar with BER (X.690) and ASN.1, you're really just not
going to be able to do this.
> Obviously, I could map them myself using a packet sniffer and
> trial-and-error packet generation, but this is somewhat tedious.
> Alternatively, I could look at the source for OpenSSL or SSLDump I
> suppose, but this is not desirable either. It seems to me that since
> somebody somewhere has developed software that interacts directly with
> the layer 3 protocol datagrams themselves, this information should be
> available.
Datagrams? I think you have some fundamental misunderstandings about what
type of protocol SSL is and where in the stack layering it fits. That's
probably why you looked right at the information you wanted and didn't see
it. ;)
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
