[Cryptography Team] Debugging SSL on Linux

Ron Teitelbaum Ron at USMedRec.com
Tue Mar 20 22:34:36 UTC 2007 

Great that explains it.  I'll look at the asn more closely and let you know
tomorrow.

 

Ron

 

  _____  

From: Robert Withers [mailto:reefedjib at yahoo.com] 
Sent: Tuesday, March 20, 2007 6:26 PM
To: Ron at USMedRec.com
Cc: 'Norbert Hartl'; 'Cryptography Team Development List'
Subject: Re: [Cryptography Team] Debugging SSL on Linux

 

Hey Ron,

 

You are back on the SSL version.  The latest is SSL.111.  You are missing
all of the Certificate validation code that I put in and this is why you are
able to connect, since all of the problems in this case are with validation.
Since you have the latest X509, you are decoding the CertificateExtensions,
which would expose problems 2 and 3, but you aren't encoding them for
signature validation, per the above reason, so you never have a problem.

 

Norbert, if you load SSL.109 it should work, while we get this issue fixed.
This is just missing a lot of security.

 

Rob

 

 

On Mar 20, 2007, at 3:03 PM, Ron Teitelbaum wrote:





Hey Rob,

 

I'll look more into the asn issue but this doesn't explain why it works on
my machine.

 

I was able to connect and retrieve data just fine, I just checked again
with:

 

ANS1.26

Core.23

SSL.109

X509.32

 

I'll try your new code but first I'll verify the extension data and see if I
can tell why it is parsing correctly on my machine.  I can't get to it till
tomorrow.

 

Thanks for looking at it!

Ron  

 

  _____  

From: Robert Withers [mailto:reefedjib at yahoo.com] 
Sent: Tuesday, March 20, 2007 4:43 PM
To: Ron at USMedRec.com; Cryptography Team Development List
Cc: 'Norbert Hartl'
Subject: Re: [Cryptography Team] Debugging SSL on Linux

 

Ron and Norbert,

 

I found that SSL failed to establish a connection on the Mac, and I suspect
the same is actually true on Windows, on close inspection. The resulting
MIMEDocument has an error when evaluating the example:

 

https://home.selfish.orgHello everyone,

This is from Norbert:

I tried using the url that Norbert gave and it worked fine on Windows.

Could someone try this on Linux and see if they can help provide info as to
what is going wrong. I suspect that the client hello is causing the server
to disconnect. Maybe an Endian issue?


Ron Teitelbaum
Squeak Cryptography Team Leader

_______________________________________________

Cryptography mailing list

 <mailto:Cryptography at lists.squeakfoundation.org>
Cryptography at lists.squeakfoundation.org

 <http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography>
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/cryptography/attachments/20070320/d0c135f3/attachment-0001.htm

More information about the Cryptography mailing list