Message140248
| Author |
pitrou |
| Recipients |
Jajcus, pitrou |
| Date |
2011年07月13日.11:52:08 |
| SpamBayes Score |
0.00039632941 |
| Marked as misclassified |
No |
| Message-id |
<1310557929.91.0.761644729946.issue12551@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
Interestingly (from rfc5929):
This definition of 'tls-unique' means that a channel's bindings
data may change over time, which in turn creates a synchronization
problem should the channel's bindings data change between the time
that the client initiates authentication with channel binding and
the time that the server begins to process the client's first
authentication message. If that happens, the authentication
attempt will fail spuriously.
> and is (they say), available via OpenSSL API
Do you happen to know which API? I see no reference to tls-unique or channel binding, in either the OpenSSL website or the latest OpenSSL snapshot.
According to some mailing-list message, we could use SSL_get_finished() and SSL_get_peer_finished(), but that still leaves us to figure out what to do with the info returned by these functions. It would be nice if there was some ready-to-use code (I'm not a crypto expert). |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2011年07月13日 11:52:10 | pitrou | set | recipients:
+ pitrou, Jajcus |
| 2011年07月13日 11:52:09 | pitrou | set | messageid: <1310557929.91.0.761644729946.issue12551@psf.upfronthosting.co.za> |
| 2011年07月13日 11:52:09 | pitrou | link | issue12551 messages |
| 2011年07月13日 11:52:08 | pitrou | create |
|