[openssl-dev] OpenSSL HEAD breaks OpenConnect VPN client
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Feb 16 15:29:35 UTC 2015
On Mon, Feb 16, 2015 at 02:16:15PM -0000, David Woodhouse wrote:
> > What fields do you need access to?
>
> Basically just SSL version, cipher, master secret and session ID. Enough
> to fake "resuming" a session that never really existed.
Does the constructed DTLS session re-use the parameters of the
original TLS session from HTTPS? If so, it might suffice to run
i2d_SSL_SESSION on the TLS session, later thaw it with d2i_SSL_SESSION
and then change just enough to turn that into a DTLS session (is
just changing s->version enough?).
Constructing everything by hand seems like too much work, and
likely too much for the API to expose.
--
Viktor.
More information about the openssl-dev
mailing list