I've done some more analysis, and it appears that the decrypt key is wrong, as pike seems to be trying to decrypt the correct data. This makes me thing that something's funny in the key exchange, but I'm not knowledgable enough to know if it's working properly.
Anyone have any experience in these matters?
Bill
/ hww3
Previous text:
2004-03-12 17:11: Subject: Re: SSL problem
Well, it doesn't work with 7.4.28:
SSL.packet->recv: received version 3.1 packet Decrypting packet.. version[1]=1 SSL.state->decrypt_packet: data = "\1" SSL.state: Decrypted_packet "\1" SSL.connection: received packet of type 20 tried change_cipher: 0 SSL.packet->recv: received version 3.1 packet Decrypting packet.. version[1]=1 SSL.state->decrypt_packet: data = "^\304\373P\331\371\336i\213\23\226\234\260\247\356\220\307\346\\n\300\321,\327W\206" \212\370o}\263\1\204\323\205b(L" SSL.state: Trying decrypt.. strlen of the encrypted packet is:40 Incorrect padding detected!!! SSL.state: Decrypted_packet "\27\235\21g\36\242\301\360\304\332\266\245\274\312\336\325\230\340U\251 \372\6\360\1<\26\213\16\341\335\16\245\222\270\366\265\264\352\333" SSL.state: Trying mac verification... Failed MAC-verification!! SSL.connection: Bad received packet SSL.connection->send_packet: type 21, 1, '"\2\24"' SSL.sslfile->die: is_closed = 0 SSL.context->purge_session: "" SSL.sslfile: Killed
But, it seems to think the padding is incorrect. I guess I'll need to look to see where that's coming from.
Bill
Does it work with older Pikes? If so, can you store the data used (network traffic, private keys) and feed it to the old SSL module and see where it differs?
/ Martin Nilsson (saturator)
/ Brevbäraren