Re: Followup to TLS Handshake Problem - John Banes I need you

Hmmm. The ServerHello message itself looks fine. Assuming that I understand
the situation correctly, then I would expect the InitializeSecurityContext
function to return something like SEC_E_INCOMPLETE_MESSAGE when called with
just the ServerHello message in the input buffer. I'm not sure what's going
on here. You may want to have another look for bugs in your code. Don't you
hate it when someone says that?

Failing this, you may want to ask the Microsoft guys for help, or even
better the guys who implemented the non-Windows SSL server code. I can't
imagine someone shipping an SSL implementation that didn't play nice with
the Microsoft code, and so they may have something interesting to say. If
it's open source, then a look at the code might be helpful.

Best of luck,
John


"Roy Chastain" <roy@xxxxxxxxx> wrote in message
news:cfd7035v10i8tk6j3l6esrfvur2q40abcj@xxxxxxxxxx
John, the customer finally tested again and I now have both sides of the
conversation

12:20:52.579 [SSL#3] TransportSocket(1051).Send - Initiating I/O -
AsyncSocketState(1063)
0/0000 16 03 01 00 41 01 00 00 3d 03 01 46 02 ac e4 83
16/0010 c4 70 ae 56 2f 96 d0 c7 24 58 20 28 c6 d7 90 89
32/0020 55 ca b8 c6 8e e7 0e a9 3f da 32 00 00 16 00 04
48/0030 00 05 00 0a 00 09 00 64 00 62 00 03 00 06 00 13
64/0040 00 12 00 63 01 00
12:20:52.579 [2204] TransportSocket(1051).CBSend - I/O Completed - Bytes:
70 AsyncSocketState(1063)/QSBuffer(1062) Len: 70
12:20:52.610 [2204] TransportSocket(1051).CBReceive - Completed - Bytes:
55 AsyncSocketState(1060)QSBuffer(1061) Len: 55
ToProcess/GetIdx: 55/0
0/0000 16 03 01 00 32 02 00 00 2e 03 01 46 02 74 a4 0e
16/0010 5a f2 56 a3 12 6d 21 bc b7 6c a4 ed e5 09 9f bb
32/0020 68 7d d2 42 d1 fa fd 1c 64 3e e0 08 67 86 e8 46
48/0030 02 74 a4 00 00 04 00


I passed the 55 bytes received to SChannel and it responded with a
0x80090308

As you may remember from the first posting my code works against SSL
implementations running on Windows systems. On those
systems, I SERVER_HELLO, SEVER_CERTIFICATE and SERVER_HELLO_DONE in a
single block and I pass them to SChannel on a single call.
As you see from the above, this host manages to split the messages. The
SERVER_CERTIFICATE message arrived a little after I had
pass the SERVER_HELLO to SChannel.

First part of SERVER_CERTIFICATE message received
12:20:52.688 [2204] TransportSocket(1051).CBReceive - Completed - Bytes:
512 AsyncSocketState(1060)QSBuffer(1071) Len: 512
ToProcess/GetIdx: 512/0
0/0000 16 03 01 03 21 0b 00 03 1d 00 03 1a 00 03 17 30
16/0010 82 03 13 30 82 02 7c a0 03 02 01 02 02 03 06 db
32/0020 d8 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00
48/0030 30 4e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31
64/0040 10 30 0e 06 03 55 04 0a 13 07 45 71 75 69 66 61
80/0050 78 31 2d 30 2b 06 03 55 04 0b 13 24 45 71 75 69
96/0060 66 61 78 20 53 65 63 75 72 65 20 43 65 72 74 69
112/0070 ...........

Thanks for your help
-------------------------------------------
Roy Chastain
KMSYS Worldwide, Inc.
http://www.kmsys.com


.

Quantcast