portable icon indicating copy to clipboard operation
portable copied to clipboard

Published 20 hours ago verified publisher icon libressl

Missing SSL_CTX_set_client_hello_cb Et Al.

Open d3x0r opened this issue 6 years ago • 1 comments

OpenSSL Has a new API for getting a callback during handshake for selecting the certificate chain required for the host being served...

https://manpages.debian.org/experimental/libssl-doc/SSL_client_hello_get1_extensions_present.3ssl.en.html

SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_client_hello_get0_legacy_version, SSL_client_hello_get0_random, SSL_client_hello_get0_session_id, SSL_client_hello_get0_ciphers, SSL_client_hello_get0_compression_methods, SSL_client_hello_get1_extensions_present, SSL_client_hello_get0_ext - callback functions for early server-side ClientHello processing

Also SSL_set_tlsext_host_name which is used to set the hostname for a request...

d3x0r avatar Jun 24 '19 01:06 d3x0r

This is required by ettercap.

https://github.com/Ettercap/ettercap/blob/f03a1174ffccf9343423498fa3c65bd9090d4ce0/src/ec_sslwrap.c#L582-L585

Where the issues were hidden when using libressl in commit https://github.com/Ettercap/ettercap/commit/b2fc8e959dc71fdbaba08aecb1f157c914490a07.

samu: job failed: /usr/lib/ccache/bin/cc -Dlib_ettercap_EXPORTS -I/usr/include/gtk-3.0 -I/usr/include/freetype2 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/cairo -I/usr/include/pango-1.0 -I/usr/include/harfbuzz -I/usr/include/atk-1.0 -I/tmp/ettercap/build/include -I/tmp/ettercap/include -I/usr/include/ncurses -I/tmp/ettercap/src/interfaces/daemon -I/tmp/ettercap/src/interfaces/text -I/tmp/ettercap/src/interfaces/curses -I/tmp/ettercap/src/interfaces/curses/widgets -O2 -w -D_FORTIFY_SOURCE=2 -fPIC -MD -MT src/CMakeFiles/lib_ettercap.dir/ec_sslwrap.c.o -MF src/CMakeFiles/lib_ettercap.dir/ec_sslwrap.c.o.d -o src/CMakeFiles/lib_ettercap.dir/ec_sslwrap.c.o -c /tmp/ettercap/src/ec_sslwrap.c
/tmp/ettercap/src/ec_sslwrap.c: In function 'sslw_clienthello_cb':
/tmp/ettercap/src/ec_sslwrap.c:582:14: error: 'SSL_CLIENT_HELLO_RETRY' undeclared (first use in this function); did you mean 'SSL_F_CLIENT_HELLO'?
  582 |       return SSL_CLIENT_HELLO_RETRY;
      |              ^~~~~~~~~~~~~~~~~~~~~~
      |              SSL_F_CLIENT_HELLO
/tmp/ettercap/src/ec_sslwrap.c:582:14: note: each undeclared identifier is reported only once for each function it appears in
/tmp/ettercap/src/ec_sslwrap.c:585:11: error: 'SSL_CLIENT_HELLO_SUCCESS' undeclared (first use in this function)
  585 |    return SSL_CLIENT_HELLO_SUCCESS;
      |           ^~~~~~~~~~~~~~~~~~~~~~~~
samu: subcommand failed

orbea avatar Apr 30 '23 02:04 orbea