From 0fd90d9a4d880955431a394dae632703158bc052 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Daniel=20Kou=C5=99il?= Date: Tue, 28 Feb 2012 09:24:18 +0000 Subject: [PATCH] Recognize sslv2 records --- org.glite.lbjp-common.gss/src/glite_gss.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/org.glite.lbjp-common.gss/src/glite_gss.c b/org.glite.lbjp-common.gss/src/glite_gss.c index 9f9a48f..1a8606e 100644 --- a/org.glite.lbjp-common.gss/src/glite_gss.c +++ b/org.glite.lbjp-common.gss/src/glite_gss.c @@ -502,14 +502,28 @@ read_token(int sock, void *token, size_t length, struct timeval *to) /* SSL/TLS framing: + SSLv3 header: 1st byte: SSL Handshake Record Type (\x16) 2nd-3rd bytes: SSL Version 3.0 (\x03 \x00) TLS Version 1.0 (\x03 \x01) 4th-5th bytes: Length + + SSLv2 header: + 1st-2nd bytes: length, 1st byte has the highest bit set to 1 + N.B. this applies to client_hello, other messages may encode + lenght in 3 bytes + 3rd byte: type (CLIENT_HELLO) (== 1) + 4rd-5th bytes: SSL Version 3.0 (\x03 \x00) + TLS Version 1.0 (\x03 \x01) + + see also e.g. openssl's s23_srvr.c */ #define SSLv3_HEADER "\x16\x03\x00" #define TLSv1_HEADER "\x16\x03\x01" +#define SSL2_CLIENT_HELLO 0x01 +#define SSL3_VERSION_MAJOR 0x03 + static int is_ssl(unsigned char *header) { @@ -517,6 +531,9 @@ is_ssl(unsigned char *header) return 1; if (memcmp(header, TLSv1_HEADER, 3) == 0) return 1; + if ((header[0] & 0x80) && header[2] == SSL2_CLIENT_HELLO && + header[3] == SSL3_VERSION_MAJOR) + return 1; return 0; /* payload len == (size_t)(header[3]) << 8) | header[4]) + 5; */ -- 1.8.2.3