[openssl-dev] OpenSSL HEAD breaks OpenConnect VPN client
David Woodhouse
dwmw2 at infradead.org
Mon Feb 16 15:39:49 UTC 2015
> On Mon, Feb 16, 2015 at 02:16:15PM -0000, David Woodhouse wrote:
>
>> > What fields do you need access to?
>>
>> Basically just SSL version, cipher, master secret and session ID. Enough
>> to fake "resuming" a session that never really existed.
>
> Does the constructed DTLS session re-use the parameters of the
> original TLS session from HTTPS? If so, it might suffice to run
> i2d_SSL_SESSION on the TLS session, later thaw it with d2i_SSL_SESSION
> and then change just enough to turn that into a DTLS session (is
> just changing s->version enough?).
No. The parameters for the DTLS session are entirely separate. I could
relatively easily construct the corresponding ASN.1 if I fix the fact that
d2i_SSL_SESSION() breaks on the ssl_version I need. If that's considered
to be a reasonable (ab)use of the API.
--
dwmw2
More information about the openssl-dev
mailing list