Return-Path: 
 <dev-return-66999-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: (qmail 2840 invoked from network); 20 Nov 2009 12:40:38 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 20 Nov 2009 12:40:38 -0000
Received: (qmail 91643 invoked by uid 500); 20 Nov 2009 12:40:36 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 91541 invoked by uid 500); 20 Nov 2009 12:40:35 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 91532 invoked by uid 99); 20 Nov 2009 12:40:35 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Nov 2009 12:40:35 +0000
X-ASF-Spam-Status: No, hits=1.5 required=10.0
	tests=SPF_PASS,WEIRD_PORT
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: local policy)
Received: from [193.192.235.15] (HELO smtp1.adnovum.ch) (193.192.235.15)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Nov 2009 12:40:24 +0000
Received: from adnsmtpzh (unknown [10.0.20.211])
	by smtp1.adnovum.ch (Postfix) with ESMTP id 2762F71E3C
	for <dev@httpd.apache.org>; Fri, 20 Nov 2009 13:40:04 +0100 (MET)
Received: from adnsmtpzh (unknown [127.0.0.1])
	by adnsmtpzh (Symantec Mail Security) with ESMTP id 065432DD90
	for <dev@httpd.apache.org>; Fri, 20 Nov 2009 13:40:04 +0100 (MET)
X-AuditID: c0a804ca-0000000400005794-3f-4b068e236692 
Received: from [192.168.12.141] (adnws121.zh.adnovum.ch [192.168.12.141])
	by adnsmtpzh (Symantec Mail Security) with ESMTP id 9EB772DD8D
	for <dev@httpd.apache.org>; Fri, 20 Nov 2009 13:40:03 +0100 (MET)
Message-ID: <4B068E23.10309@adnovum.ch>
Date: Fri, 20 Nov 2009 13:40:03 +0100
From: Hartmut Keil <Hartmut.Keil@adnovum.ch>
Reply-To: dev@httpd.apache.org
User-Agent: Thunderbird 2.0.0.18 (X11/20081112)
MIME-Version: 1.0
To: dev@httpd.apache.org
Subject: Re: handling request splicing in case of server
 initiated	renegotiation
 CVE-2009-3555
References: <4B01BD20.1060300@adnovum.ch> <20091116221903.GB18036@redhat.com>
 <4B027E20.2030200@adnovum.ch> <20091117130812.GB29064@redhat.com>
 <4B02D989.1070604@adnovum.ch> <20091119093041.GA9262@redhat.com>
 <4B055EBE.5090307@adnovum.ch> <20091119155854.GA25109@redhat.com>
In-Reply-To: <20091119155854.GA25109@redhat.com>
Content-Type: multipart/mixed;
 boundary="------------080200090907070907060703"
X-Brightmail-Tracker: AAAAAA==
X-Virus-Checked: Checked by ClamAV on apache.org

This is a multi-part message in MIME format.
--------------080200090907070907060703
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

Joe Orton wrote:
> On Thu, Nov 19, 2009 at 04:05:34PM +0100, Hartmut Keil wrote:
>> With the proposed change, we prevent request splitting attacks based 
>> on the TSL renegotiation flaw. From my point of view without 
>> drawbacks, since 'pipelining' clients must handle the closing of a 
>> connection after a complete response in any case.
> 
> Yes, I agree, this seems very sensible, I can't see any problem with 
> this.  
> 
> I would prefer to do it in a slightly more general way as below, which 
> would catch the case where any other module's connection filter had 
> buffered the data, and adds appropriate logging.
> 

Ok, I agree with your approach, giving more information what happens.
(maybe having a trace with info would be enough, since it can occurr under
normal circumstances)

> (more general but which required half a day tracking down an obscure bug 
> in the BIO/filters, also fixed below...)
yep, that fix is essential for the case here
> 
> Testing on this version very welcome!

If have successfully tested the change with the following setup
(the one described in my initial mail):

o for the location /cert/* SSLVerifyClient require is configured

o the MTIM attacker is injecting one complete request that causes the
   server to initiated the renegotiation.
   And a second incomplete one for request splitting

The proposed change is dropping the second incomplete request. The file
ssldump.patched in the attachment shows the output of ssldump with the
change, the file ssldump.injected without.


Regards
Hartmut



> 
> Index: ssl_engine_kernel.c
> ===================================================================
> --- ssl_engine_kernel.c	(revision 882089)
> +++ ssl_engine_kernel.c	(working copy)
> @@ -87,6 +87,29 @@
>      return APR_SUCCESS;
>  }
>  
> +/* Do a non-blocking read from the connection filters to see whether
> + * there is any pending data on the connection.  Return non-zero if
> + * there is, else zero. */
> +static int has_pending_data(request_rec *r) 
> +{
> +    apr_bucket_brigade *bb;
> +    apr_off_t len;
> +    apr_status_t rv;
> +    int result;
> +    
> +    bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
> +    
> +    rv = ap_get_brigade(r->connection->input_filters, bb, AP_MODE_SPECULATIVE,
> +                        APR_NONBLOCK_READ, 1); 
> +    result = rv == APR_SUCCESS
> +        && apr_brigade_length(bb, 1, &len) == APR_SUCCESS
> +        && len > 0;
> +    
> +    apr_brigade_destroy(bb);
> +    
> +    return result;
> +}
> +
>  /*
>   *  Post Read Request Handler
>   */
> @@ -724,6 +747,23 @@
>          else {
>              request_rec *id = r->main ? r->main : r;
>  
> +            /* Mitigation for CVE-2009-3555: At this point, before
> +             * renegotiating, an (entire) request has been read from
> +             * the connection.  An attacker may have sent further data
> +             * to "prefix" any subsequent request by the victim's
> +             * client after the renegotiation; this data may already
> +             * have been read and buffered.  Forcing a connection
> +             * closure after the first response ensures such data will
> +             * be discarded.  Legimately pipelined HTTP requests will
> +             * be retried anyway with this approach. */
> +            if (has_pending_data(r)) {
> +                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
> +                              "insecure SSL re-negotiation required, but "
> +                              "a pipelined request is present; keepalive "
> +                              "disabled");
> +                r->connection->keepalive = AP_CONN_CLOSE;
> +            }
> +
>              /* do a full renegotiation */
>              ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
>                            "Performing full renegotiation: "
> Index: ssl_engine_io.c
> ===================================================================
> --- ssl_engine_io.c	(revision 882089)
> +++ ssl_engine_io.c	(working copy)
> @@ -1344,9 +1344,17 @@
>      }
>      else {
>          /* We have no idea what you are talking about, so return an error. */
> -        return APR_ENOTIMPL;
> +        status = APR_ENOTIMPL;
>      }
>  
> +    /* It is possible for mod_ssl's BIO to be used outside of the
> +     * direct control of mod_ssl's input or output filter -- notably,
> +     * when mod_ssl initiates a renegotiation.  Switching the BIO mode
> +     * back to "blocking" here ensures such operations don't fail with
> +     * SSL_ERROR_WANT_READ. */
> +    inctx->block = APR_BLOCK_READ;
> +
> +    /* Handle custom errors. */
>      if (status != APR_SUCCESS) {
>          return ssl_io_filter_error(f, bb, status);
>      }
> 


-- 
AdNovum Informatik AG
Hartmut Keil, Senior Software Engineer
Dipl. Physiker

Roentgenstrasse 22, CH-8005 Zurich
mailto:hartmut.keil@adnovum.ch
phone: +41 44 272 6111, fax: +41 44 272 6312
http://www.adnovum.ch

AdNovum Locations: Bern, Budapest, San Mateo, Zurich (HQ)


--------------080200090907070907060703
Content-Type: text/plain;
 name="ssldump.injected"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="ssldump.injected"

TmV3IFRDUCBjb25uZWN0aW9uICMxOiBhZG53czEyMS56aC5hZG5vdnVtLmNoKDMzODU2KSA8
LT4gYWRucG9vbDAxLnpoLmFkbm92dW0uY2goNDQzMDApCjEgMSAgMC4wMDE1ICgwLjAwMTUp
ICBDPlMgU1NMdjIgY29tcGF0aWJsZSBjbGllbnQgaGVsbG8KICBWZXJzaW9uIDMuMSAKICBj
aXBoZXIgc3VpdGVzCiAgVExTX1JTQV9XSVRIX1JDNF8xMjhfU0hBICAKICBUTFNfUlNBX1dJ
VEhfUkM0XzEyOF9NRDUgIAogIFNTTDJfQ0tfUkM0ICAKMSAyICAwLjAwNjIgKDAuMDA0Nykg
IFM+QyAgSGFuZHNoYWtlCiAgICAgIFNlcnZlckhlbGxvCiAgICAgICAgVmVyc2lvbiAzLjEg
CiAgICAgICAgc2Vzc2lvbl9pZFswXT0KCiAgICAgICAgY2lwaGVyU3VpdGUgICAgICAgICBU
TFNfUlNBX1dJVEhfUkM0XzEyOF9NRDUKICAgICAgICBjb21wcmVzc2lvbk1ldGhvZCAgICAg
ICAgICAgICAgICAgICBOVUxMCjEgMyAgMC4wMDYzICgwLjAwMDApICBTPkMgIEhhbmRzaGFr
ZQogICAgICBDZXJ0aWZpY2F0ZQoxIDQgIDAuMDA2MyAoMC4wMDAwKSAgUz5DICBIYW5kc2hh
a2UKICAgICAgU2VydmVySGVsbG9Eb25lCjEgNSAgMC4wMDc0ICgwLjAwMTEpICBDPlMgIEhh
bmRzaGFrZQogICAgICBDbGllbnRLZXlFeGNoYW5nZQoxIDYgIDAuMDA3OCAoMC4wMDAzKSAg
Qz5TICBDaGFuZ2VDaXBoZXJTcGVjCjEgNyAgMC4xMDUyICgwLjA5NzQpICBDPlMgIEhhbmRz
aGFrZQogICAgICBGaW5pc2hlZAoxIDggIDAuMTA2MiAoMC4wMDEwKSAgUz5DICBDaGFuZ2VD
aXBoZXJTcGVjCjEgOSAgMC4xMDYyICgwLjAwMDApICBTPkMgIEhhbmRzaGFrZQogICAgICBG
aW5pc2hlZAoxIDEwIDAuMTA2OSAoMC4wMDA2KSAgQz5TICBhcHBsaWNhdGlvbl9kYXRhCiAg
ICAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0KICAgIEdFVCAvY2VydC9oYWNrZWQtaW5pdGlhdGVkLmh0bWwgSFRUUC8x
LjENCiAgICBIb3N0OiBhZG5wb29sMDEuemguYWRub3Z1bS5jaA0KICAgIA0KICAgIEdFVCAv
aGFja2VkL3BheWxvYWQuaHRtbCBIVFRQLzEuMQ0KICAgIEhvc3Q6IGFkbnBvb2wwMS56aC5h
ZG5vdnVtLmNoDQogICAgWC1JZ25vcmU6IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQoxIDExIDAuMTEwMSAoMC4wMDMy
KSAgUz5DICBIYW5kc2hha2UKICAgICAgSGVsbG9SZXF1ZXN0CjEgMTIgMC4xMTAxICgwLjAw
MDApICBDPlMgIEhhbmRzaGFrZQogICAgICBDbGllbnRIZWxsbwogICAgICAgIFZlcnNpb24g
My4xIAogICAgICAgIGNpcGhlciBzdWl0ZXMKICAgICAgICBVbmtub3duIHZhbHVlIDB4MzkK
ICAgICAgICBVbmtub3duIHZhbHVlIDB4MzgKICAgICAgICBVbmtub3duIHZhbHVlIDB4MzcK
ICAgICAgICBVbmtub3duIHZhbHVlIDB4MzYKICAgICAgICBVbmtub3duIHZhbHVlIDB4MzUK
ICAgICAgICBVbmtub3duIHZhbHVlIDB4MzMKICAgICAgICBVbmtub3duIHZhbHVlIDB4MzIK
ICAgICAgICBVbmtub3duIHZhbHVlIDB4MzEKICAgICAgICBVbmtub3duIHZhbHVlIDB4MzAK
ICAgICAgICBVbmtub3duIHZhbHVlIDB4MmYKICAgICAgICBUTFNfUlNBX1dJVEhfUkM0XzEy
OF9TSEEKICAgICAgICBUTFNfUlNBX1dJVEhfUkM0XzEyOF9NRDUKICAgICAgICBUTFNfREhF
X0RTU19XSVRIXzNERVNfRURFX0NCQ19TSEEKICAgICAgICBUTFNfREhfRFNTX1dJVEhfM0RF
U19FREVfQ0JDX1NIQQogICAgICAgIFRMU19ESEVfUlNBX1dJVEhfM0RFU19FREVfQ0JDX1NI
QQogICAgICAgIFRMU19ESF9SU0FfV0lUSF8zREVTX0VERV9DQkNfU0hBCiAgICAgICAgVExT
X1JTQV9XSVRIXzNERVNfRURFX0NCQ19TSEEKICAgICAgICBjb21wcmVzc2lvbiBtZXRob2Rz
CiAgICAgICAgICAgICAgICAgIE5VTEwKMSAxMyAwLjExMjcgKDAuMDAyNSkgIFM+QyAgSGFu
ZHNoYWtlCiAgICAgIFNlcnZlckhlbGxvCiAgICAgICAgVmVyc2lvbiAzLjEgCiAgICAgICAg
c2Vzc2lvbl9pZFswXT0KCiAgICAgICAgY2lwaGVyU3VpdGUgICAgICAgICBUTFNfUlNBX1dJ
VEhfUkM0XzEyOF9NRDUKICAgICAgICBjb21wcmVzc2lvbk1ldGhvZCAgICAgICAgICAgICAg
ICAgICBOVUxMCjEgMTQgMC4xMTI4ICgwLjAwMDApICBTPkMgIEhhbmRzaGFrZQogICAgICBD
ZXJ0aWZpY2F0ZQoxIDE1IDAuMTEyOCAoMC4wMDAwKSAgUz5DICBIYW5kc2hha2UKICAgICAg
Q2VydGlmaWNhdGVSZXF1ZXN0CiAgICAgICAgY2VydGlmaWNhdGVfdHlwZXMgICAgICAgICAg
ICAgICAgICAgcnNhX3NpZ24KICAgICAgICBjZXJ0aWZpY2F0ZV90eXBlcyAgICAgICAgICAg
ICAgICAgICBkc3Nfc2lnbgogICAgICAgIGNlcnRpZmljYXRlX3R5cGVzICAgICAgICAgICAg
ICAgICB1bmtub3duIHZhbHVlCiAgICAgICAgY2VydGlmaWNhdGVfYXV0aG9yaXR5CiAgICAg
ICAgICAzMCA4MSA5YiAzMSAwYiAzMCAwOSAwNiAwMyA1NSAwNCAwNiAxMyAwMiA0MyA0OCAK
ICAgICAgICAgIDMxIDE1IDMwIDEzIDA2IDAzIDU1IDA0IDA3IDEzIDBjIDM4IDMwIDMwIDM1
IDIwIAogICAgICAgICAgNWEgNzUgNjUgNzIgNjkgNjMgNjggMzEgMWUgMzAgMWMgMDYgMDMg
NTUgMDQgMGEgCiAgICAgICAgICAxMyAxNSA0MSA2NCA0ZSA2ZiA3NiA3NSA2ZCAyMCA0OSA2
ZSA2NiA2ZiA3MiA2ZCAKICAgICAgICAgIDYxIDc0IDY5IDZiIDIwIDQxIDQ3IDMxIDIwIDMw
IDFlIDA2IDAzIDU1IDA0IDBiIAogICAgICAgICAgMTMgMTcgNDkgNmUgNzQgNjUgNzIgNmUg
NjUgNzQgMjAgNDEgNjQgNmQgNjkgNmUgCiAgICAgICAgICA2OSA3MyA3NCA3MiA2MSA3NCA2
OSA2ZiA2ZSAzMSAxZSAzMCAxYyAwNiAwMyA1NSAKICAgICAgICAgIDA0IDAzIDEzIDE1IDQx
IDY0IDRlIDZmIDc2IDc1IDZkIDIwIDQ5IDZlIDY2IDZmIAogICAgICAgICAgNzIgNmQgNjEg
NzQgNjkgNmIgMjAgNDEgNDcgMzEgMTMgMzAgMTEgMDYgMDkgMmEgCiAgICAgICAgICA4NiA0
OCA4NiBmNyAwZCAwMSAwOSAwMSAxNiAwNCA3NCA2OCA2OSA3MyAKICAgICAgU2VydmVySGVs
bG9Eb25lCjEgMTYgMy4zMzUyICgzLjIyMjQpICBDPlMgIEhhbmRzaGFrZQogICAgICBDZXJ0
aWZpY2F0ZQoxIDE3IDMuMzM1MiAoMC4wMDAwKSAgQz5TICBIYW5kc2hha2UKICAgICAgQ2xp
ZW50S2V5RXhjaGFuZ2UKMSAxOCAzLjMzNTIgKDAuMDAwMCkgIEM+UyAgSGFuZHNoYWtlCiAg
ICAgIENlcnRpZmljYXRlVmVyaWZ5CiAgICAgICAgU2lnbmF0dXJlWzEyOF09CiAgICAgICAg
ICBjMCA4ZCAwYyBmYyA1NyBlOSBlMSBjNSAxYSAzMiAwNyA3ZiA0YiBhMyA2ZSA4ZSAKICAg
ICAgICAgIDA1IDZkIGI1IDUwIDU3IDMwIDMyIDIyIDZkIDZmIGNkIGI5IDk1IGY2IDJlIGFj
IAogICAgICAgICAgNzEgNWYgZGIgMjkgOTEgMWYgZGEgODggYjggNzYgZmMgZjkgNjAgZjgg
OWYgZDEgCiAgICAgICAgICA2MiBmYSA5ZSBlZSA5YiBjZCA4ZCBmNyBlMiBjNSA0OSA5OCBi
YSA0YiAyMyBlZCAKICAgICAgICAgIDZjIDM0IDM4IDg1IDU2IGY3IGVhIDRlIGVjIGVkIGE2
IDQwIDQxIGUyIDllIGZkIAogICAgICAgICAgZmMgMTEgYTQgYjggZDMgNjggOWQgMzUgYzIg
NDcgNzIgODEgZTcgNWUgMTEgN2QgCiAgICAgICAgICA2MiA2MiA2YiBiYSA1MyAwYiAyOSA1
MiBiMiAzNCA5NyBmYyAxNSBhNiBjOCBlYyAKICAgICAgICAgIDQzIDRhIGM5IDU3IDg2IGIw
IGJiIDMyIGFhIGJhIGEyIDY1IDE4IDQ2IGNlIGIxIAoxIDE5IDMuMzM1MiAoMC4wMDAwKSAg
Qz5TICBDaGFuZ2VDaXBoZXJTcGVjCjEgMjAgMy4zMzUyICgwLjAwMDApICBDPlMgIEhhbmRz
aGFrZQogICAgICBGaW5pc2hlZAoxIDIxIDMuMzc3MyAoMC4wNDIwKSAgUz5DICBDaGFuZ2VD
aXBoZXJTcGVjCjEgMjIgMy4zNzczICgwLjAwMDApICBTPkMgIEhhbmRzaGFrZQogICAgICBG
aW5pc2hlZAoxIDIzIDMuMzgwMiAoMC4wMDI4KSAgUz5DICBhcHBsaWNhdGlvbl9kYXRhCiAg
ICAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0KICAgIEhUVFAvMS4xIDIwMCBPSw0KICAgIERhdGU6IEZyaSwgMjAgTm92
IDIwMDkgMTI6MTU6MDMgR01UDQogICAgU2VydmVyOiBBcGFjaGUNCiAgICBMYXN0LU1vZGlm
aWVkOiBNb24sIDE2IE5vdiAyMDA5IDE5OjIyOjExIEdNVA0KICAgIEVUYWc6ICIyZDAxYmMt
MTFkLTQ3ODgxZWQyNjYzMzkiDQogICAgQWNjZXB0LVJhbmdlczogYnl0ZXMNCiAgICBDb250
ZW50LUxlbmd0aDogMjg1DQogICAgQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCiAgICANCiAg
ICAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0KMSAyNCAzLjM4MDIgKDAuMDAwMCkgIFM+QyAgYXBwbGljYXRpb25fZGF0
YQogICAgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tCiAgICA8IURPQ1RZUEUgSFRNTCBQVUJMSUMgIi0vL1czQy8vRFRE
IEhUTUwgNC4wIFRyYW5zaXRpb25hbC8vRU4iICJodHRwOi8vd3d3LnczLm9yZy9UUi9SRUMt
aHRtbDQwL2xvb3NlLmR0ZCI+CiAgICA8SFRNTD4KICAgIDxIRUFEPgogICAgPFRJVExFPldl
bGNvbWUgd2l0aCBhIGNlcnQgSEFDS0VEISEhITwvVElUTEU+CiAgICA8Qk9EWSBCR0NPTE9S
PSIjRkZGRkZGIj4KICAgIDxDRU5URVI+PEgyPgogICAgV2VsY29tZSB0byB0aGUgTmV2aXN3
ZWIgUmV2ZXJzZSBQcm94eSAgSEFDS0VEISEhCiAgICA8L0gyPjwvQ0VOVEVSPgogICAgPC9C
T0RZPjwvSFRNTD4gCiAgICAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KMSAyNSAzLjQ3NTIgKDAuMDk1MCkgIEM+UyAg
YXBwbGljYXRpb25fZGF0YQogICAgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiAgICBHRVQgL3ZpY3RpbSBIVFRQLzEu
MQ0KICAgIFVzZXItQWdlbnQ6IE9wZXJhLzkuNjQgKFgxMTsgTGludXggaTY4NjsgVTsgZW4p
IFByZXN0by8yLjEuMQ0KICAgIEhvc3Q6IGFkbnBvb2wwMS56aC5hZG5vdnVtLmNoOjQ0MzAw
DQogICAgQWNjZXB0OiB0ZXh0L2h0bWwsIGFwcGxpY2F0aW9uL3htbDtxPTAuOSwgYXBwbGlj
YXRpb24veGh0bWwreG1sLCBpbWFnZS9wbmcsIGltYWdlL2pwZWcsIGltYWdlL2dpZiwgaW1h
Z2UveC14Yml0bWFwLCAqLyo7cT0wLjENCiAgICBBY2NlcHQtTGFuZ3VhZ2U6IGVuDQogICAg
QWNjZXB0LUNoYXJzZXQ6IGlzby04ODU5LTEsIHV0Zi04LCB1dGYtMTYsICo7cT0wLjENCiAg
ICBBY2NlcHQtRW5jb2Rpbmc6IGRlZmxhdGUsIGd6aXAsIHgtZ3ppcCwgaWRlbnRpdHksICo7
cT0wDQogICAgSWYtTW9kaWZpZWQtU2luY2U6IE1vbiwgMTYgTm92IDIwMDkgMTk6MjI6MTEg
R01UDQogICAgSWYtTm9uZS1NYXRjaDogIjJkMDFiYy0xMWQtNDc4ODFlZDI2NjMzOSINCiAg
ICBDb29raWU6IE5hdmFqbz1SQkJKS0JHWGVFczUvL084OGowYVlEV01tcVp4aDZiaTQvQlI0
bkp1UmQ0UjJLcnNYc1VwMi9xZUhsakpkUERZU1E4VFdVTzNWQWstOyBJVzRMb2dpbj1sb2dp
bg0KICAgIENvb2tpZTI6ICRWZXJzaW9uPTENCiAgICBDb25uZWN0aW9uOiBLZWVwLUFsaXZl
LCBURQ0KICAgIFRFOiBkZWZsYXRlLCBnemlwLCBjaHVua2VkLCBpZGVudGl0eSwgdHJhaWxl
cnMNCiAgICANCiAgICAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KMSAyNiAzLjQ4MjcgKDAuMDA3NCkgIFM+QyAgYXBw
bGljYXRpb25fZGF0YQogICAgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiAgICBIVFRQLzEuMSAyMDAgT0sNCiAgICBE
YXRlOiBGcmksIDIwIE5vdiAyMDA5IDEyOjE1OjA2IEdNVA0KICAgIFNlcnZlcjogQXBhY2hl
DQogICAgTGFzdC1Nb2RpZmllZDogTW9uLCAxNiBOb3YgMjAwOSAxOToyMTo1OCBHTVQNCiAg
ICBFVGFnOiAiMmQwMWJkLTExZi00Nzg4MWVjNjRhZGM5Ig0KICAgIEFjY2VwdC1SYW5nZXM6
IGJ5dGVzDQogICAgQ29udGVudC1MZW5ndGg6IDI4Nw0KICAgIEtlZXAtQWxpdmU6IHRpbWVv
dXQ9NSwgbWF4PTkNCiAgICBDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQogICAgQ29udGVudC1U
eXBlOiB0ZXh0L2h0bWwNCiAgICANCiAgICAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KMSAyNyAzLjQ4MjcgKDAuMDAw
MCkgIFM+QyAgYXBwbGljYXRpb25fZGF0YQogICAgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiAgICA8IURPQ1RZUEUg
SFRNTCBQVUJMSUMgIi0vL1czQy8vRFREIEhUTUwgNC4wIFRyYW5zaXRpb25hbC8vRU4iICJo
dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwL2xvb3NlLmR0ZCI+CiAgICA8SFRNTD4K
ICAgIDxIRUFEPgogICAgPFRJVExFPldlbGNvbWUgd2l0aCBhIGNlcnQgSU5KRUNURUQhITwv
VElUTEU+CiAgICA8Qk9EWSBCR0NPTE9SPSIjRkZGRkZGIj4KICAgIDxDRU5URVI+PEgyPgog
ICAgV2VsY29tZSB0byB0aGUgTmV2aXN3ZWIgUmV2ZXJzZSBQcm94eSBJTkpFQ1RFRCEhISEK
ICAgIDwvSDI+PC9DRU5URVI+CiAgICA8L0JPRFk+PC9IVE1MPiAKICAgIC0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQox
ICAgIDMuNTgzMyAoMC4xMDA1KSAgQz5TICBUQ1AgRklOCjEgMjggMy41ODM5ICgwLjAwMDYp
ICBTPkMgIEFsZXJ0CiAgICBsZXZlbCAgICAgICAgICAgd2FybmluZwogICAgdmFsdWUgICAg
ICAgICAgIGNsb3NlX25vdGlmeQo=
--------------080200090907070907060703
Content-Type: text/plain;
 name="ssldump.patched"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="ssldump.patched"

TmV3IFRDUCBjb25uZWN0aW9uICMxOiBhZG53czEyMS56aC5hZG5vdnVtLmNoKDM5NTczKSA8
LT4gYWRucG9vbDAxLnpoLmFkbm92dW0uY2goNDQzMDApCjEgMSAgMC4wMDE1ICgwLjAwMTUp
ICBDPlMgU1NMdjIgY29tcGF0aWJsZSBjbGllbnQgaGVsbG8KICBWZXJzaW9uIDMuMSAKICBj
aXBoZXIgc3VpdGVzCiAgVExTX1JTQV9XSVRIX1JDNF8xMjhfU0hBICAKICBUTFNfUlNBX1dJ
VEhfUkM0XzEyOF9NRDUgIAogIFNTTDJfQ0tfUkM0ICAKMSAyICAwLjAwNDMgKDAuMDAyNykg
IFM+QyAgSGFuZHNoYWtlCiAgICAgIFNlcnZlckhlbGxvCiAgICAgICAgVmVyc2lvbiAzLjEg
CiAgICAgICAgc2Vzc2lvbl9pZFswXT0KCiAgICAgICAgY2lwaGVyU3VpdGUgICAgICAgICBU
TFNfUlNBX1dJVEhfUkM0XzEyOF9NRDUKICAgICAgICBjb21wcmVzc2lvbk1ldGhvZCAgICAg
ICAgICAgICAgICAgICBOVUxMCjEgMyAgMC4wMDQzICgwLjAwMDApICBTPkMgIEhhbmRzaGFr
ZQogICAgICBDZXJ0aWZpY2F0ZQoxIDQgIDAuMDA0MyAoMC4wMDAwKSAgUz5DICBIYW5kc2hh
a2UKICAgICAgU2VydmVySGVsbG9Eb25lCjEgNSAgMC4wMDU1ICgwLjAwMTEpICBDPlMgIEhh
bmRzaGFrZQogICAgICBDbGllbnRLZXlFeGNoYW5nZQoxIDYgIDAuMDA1OCAoMC4wMDAzKSAg
Qz5TICBDaGFuZ2VDaXBoZXJTcGVjCjEgNyAgMC4xMDA0ICgwLjA5NDYpICBDPlMgIEhhbmRz
aGFrZQogICAgICBGaW5pc2hlZAoxIDggIDAuMTAxOSAoMC4wMDE0KSAgUz5DICBDaGFuZ2VD
aXBoZXJTcGVjCjEgOSAgMC4xMDE5ICgwLjAwMDApICBTPkMgIEhhbmRzaGFrZQogICAgICBG
aW5pc2hlZAoxIDEwIDAuMTAyNSAoMC4wMDA2KSAgQz5TICBhcHBsaWNhdGlvbl9kYXRhCiAg
ICAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0KICAgIEdFVCAvY2VydC9oYWNrZWQtaW5pdGlhdGVkLmh0bWwgSFRUUC8x
LjENCiAgICBIb3N0OiBhZG5wb29sMDEuemguYWRub3Z1bS5jaA0KICAgIA0KICAgIEdFVCAv
aGFja2VkL3BheWxvYWQuaHRtbCBIVFRQLzEuMQ0KICAgIEhvc3Q6IGFkbnBvb2wwMS56aC5h
ZG5vdnVtLmNoDQogICAgWC1JZ25vcmU6IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQoxIDExIDAuMTExOCAoMC4wMDkz
KSAgUz5DICBIYW5kc2hha2UKICAgICAgSGVsbG9SZXF1ZXN0CjEgMTIgMC4xMTE5ICgwLjAw
MDApICBDPlMgIEhhbmRzaGFrZQogICAgICBDbGllbnRIZWxsbwogICAgICAgIFZlcnNpb24g
My4xIAogICAgICAgIGNpcGhlciBzdWl0ZXMKICAgICAgICBVbmtub3duIHZhbHVlIDB4MzkK
ICAgICAgICBVbmtub3duIHZhbHVlIDB4MzgKICAgICAgICBVbmtub3duIHZhbHVlIDB4MzcK
ICAgICAgICBVbmtub3duIHZhbHVlIDB4MzYKICAgICAgICBVbmtub3duIHZhbHVlIDB4MzUK
ICAgICAgICBVbmtub3duIHZhbHVlIDB4MzMKICAgICAgICBVbmtub3duIHZhbHVlIDB4MzIK
ICAgICAgICBVbmtub3duIHZhbHVlIDB4MzEKICAgICAgICBVbmtub3duIHZhbHVlIDB4MzAK
ICAgICAgICBVbmtub3duIHZhbHVlIDB4MmYKICAgICAgICBUTFNfUlNBX1dJVEhfUkM0XzEy
OF9TSEEKICAgICAgICBUTFNfUlNBX1dJVEhfUkM0XzEyOF9NRDUKICAgICAgICBUTFNfREhF
X0RTU19XSVRIXzNERVNfRURFX0NCQ19TSEEKICAgICAgICBUTFNfREhfRFNTX1dJVEhfM0RF
U19FREVfQ0JDX1NIQQogICAgICAgIFRMU19ESEVfUlNBX1dJVEhfM0RFU19FREVfQ0JDX1NI
QQogICAgICAgIFRMU19ESF9SU0FfV0lUSF8zREVTX0VERV9DQkNfU0hBCiAgICAgICAgVExT
X1JTQV9XSVRIXzNERVNfRURFX0NCQ19TSEEKICAgICAgICBjb21wcmVzc2lvbiBtZXRob2Rz
CiAgICAgICAgICAgICAgICAgIE5VTEwKMSAxMyAwLjExNDYgKDAuMDAyNykgIFM+QyAgSGFu
ZHNoYWtlCiAgICAgIFNlcnZlckhlbGxvCiAgICAgICAgVmVyc2lvbiAzLjEgCiAgICAgICAg
c2Vzc2lvbl9pZFswXT0KCiAgICAgICAgY2lwaGVyU3VpdGUgICAgICAgICBUTFNfUlNBX1dJ
VEhfUkM0XzEyOF9NRDUKICAgICAgICBjb21wcmVzc2lvbk1ldGhvZCAgICAgICAgICAgICAg
ICAgICBOVUxMCjEgMTQgMC4xMTQ2ICgwLjAwMDApICBTPkMgIEhhbmRzaGFrZQogICAgICBD
ZXJ0aWZpY2F0ZQoxIDE1IDAuMTE0NiAoMC4wMDAwKSAgUz5DICBIYW5kc2hha2UKICAgICAg
Q2VydGlmaWNhdGVSZXF1ZXN0CiAgICAgICAgY2VydGlmaWNhdGVfdHlwZXMgICAgICAgICAg
ICAgICAgICAgcnNhX3NpZ24KICAgICAgICBjZXJ0aWZpY2F0ZV90eXBlcyAgICAgICAgICAg
ICAgICAgICBkc3Nfc2lnbgogICAgICAgIGNlcnRpZmljYXRlX3R5cGVzICAgICAgICAgICAg
ICAgICB1bmtub3duIHZhbHVlCiAgICAgICAgY2VydGlmaWNhdGVfYXV0aG9yaXR5CiAgICAg
ICAgICAzMCA4MSA5YiAzMSAwYiAzMCAwOSAwNiAwMyA1NSAwNCAwNiAxMyAwMiA0MyA0OCAK
ICAgICAgICAgIDMxIDE1IDMwIDEzIDA2IDAzIDU1IDA0IDA3IDEzIDBjIDM4IDMwIDMwIDM1
IDIwIAogICAgICAgICAgNWEgNzUgNjUgNzIgNjkgNjMgNjggMzEgMWUgMzAgMWMgMDYgMDMg
NTUgMDQgMGEgCiAgICAgICAgICAxMyAxNSA0MSA2NCA0ZSA2ZiA3NiA3NSA2ZCAyMCA0OSA2
ZSA2NiA2ZiA3MiA2ZCAKICAgICAgICAgIDYxIDc0IDY5IDZiIDIwIDQxIDQ3IDMxIDIwIDMw
IDFlIDA2IDAzIDU1IDA0IDBiIAogICAgICAgICAgMTMgMTcgNDkgNmUgNzQgNjUgNzIgNmUg
NjUgNzQgMjAgNDEgNjQgNmQgNjkgNmUgCiAgICAgICAgICA2OSA3MyA3NCA3MiA2MSA3NCA2
OSA2ZiA2ZSAzMSAxZSAzMCAxYyAwNiAwMyA1NSAKICAgICAgICAgIDA0IDAzIDEzIDE1IDQx
IDY0IDRlIDZmIDc2IDc1IDZkIDIwIDQ5IDZlIDY2IDZmIAogICAgICAgICAgNzIgNmQgNjEg
NzQgNjkgNmIgMjAgNDEgNDcgMzEgMTMgMzAgMTEgMDYgMDkgMmEgCiAgICAgICAgICA4NiA0
OCA4NiBmNyAwZCAwMSAwOSAwMSAxNiAwNCA3NCA2OCA2OSA3MyAKICAgICAgU2VydmVySGVs
bG9Eb25lCjEgMTYgMTAuMzAwNCAoMTAuMTg1NykgIEM+UyAgSGFuZHNoYWtlCiAgICAgIENl
cnRpZmljYXRlCjEgMTcgMTAuMzAwNCAoMC4wMDAwKSAgQz5TICBIYW5kc2hha2UKICAgICAg
Q2xpZW50S2V5RXhjaGFuZ2UKMSAxOCAxMC4zMDA0ICgwLjAwMDApICBDPlMgIEhhbmRzaGFr
ZQogICAgICBDZXJ0aWZpY2F0ZVZlcmlmeQogICAgICAgIFNpZ25hdHVyZVsxMjhdPQogICAg
ICAgICAgZDEgMmEgZGYgZjUgOWMgZDYgYWUgMTIgZDggODQgMDggMzEgMjggYjQgYzMgMDEg
CiAgICAgICAgICAwZCA2ZCBkMiBiZSBjMSA4NCA3YSA4NCA2NCA4MCA0NyBiZCBmNyAyZiBk
ZiA3MiAKICAgICAgICAgIDM0IDE1IDljIDIwIDU5IDNhIGNkIDQ5IDk3IGVmIDdmIGYzIGU0
IDJlIDFkIDI2IAogICAgICAgICAgM2YgNzMgODAgMjkgMzUgM2IgZTMgMDAgM2YgNjUgM2Ig
NjEgNTggZDcgNjYgZDUgCiAgICAgICAgICAzOCA0MyBkMCAxMSBmMSA3ZiBlZiBhNiBhZCA1
MiA3NyAwNSA0MiAyMSAxMyAyMiAKICAgICAgICAgIDAxIDUyIGE5IGIwIDY5IGI2IGUyIDg4
IGNhIDQzIDdiIDRkIDU1IDNlIDI5IDI0IAogICAgICAgICAgYzYgZTMgMTQgOGYgOTAgNWQg
ZmMgOTQgZDYgZGIgZmIgZjQgMTIgOWUgMzIgODYgCiAgICAgICAgICBiOCA5NyA1ZiBhNSAy
YyA5OSBkOCBmNyAzNSBlZiAxOCA0OCBmMyAwOCAzYSA2ZiAKMSAxOSAxMC4zMDA0ICgwLjAw
MDApICBDPlMgIENoYW5nZUNpcGhlclNwZWMKMSAyMCAxMC4zMDA0ICgwLjAwMDApICBDPlMg
IEhhbmRzaGFrZQogICAgICBGaW5pc2hlZAoxIDIxIDEwLjMzOTggKDAuMDM5MykgIFM+QyAg
Q2hhbmdlQ2lwaGVyU3BlYwoxIDIyIDEwLjMzOTggKDAuMDAwMCkgIFM+QyAgSGFuZHNoYWtl
CiAgICAgIEZpbmlzaGVkCjEgMjMgMTAuMzQyNSAoMC4wMDI3KSAgUz5DICBhcHBsaWNhdGlv
bl9kYXRhCiAgICAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0KICAgIEhUVFAvMS4xIDIwMCBPSw0KICAgIERhdGU6IEZy
aSwgMjAgTm92IDIwMDkgMTI6MTM6MzEgR01UDQogICAgU2VydmVyOiBBcGFjaGUNCiAgICBM
YXN0LU1vZGlmaWVkOiBNb24sIDE2IE5vdiAyMDA5IDE5OjIyOjExIEdNVA0KICAgIEVUYWc6
ICIyZDAxYmMtMTFkLTQ3ODgxZWQyNjYzMzkiDQogICAgQWNjZXB0LVJhbmdlczogYnl0ZXMN
CiAgICBDb250ZW50LUxlbmd0aDogMjg1DQogICAgQ29ubmVjdGlvbjogY2xvc2UNCiAgICBD
b250ZW50LVR5cGU6IHRleHQvaHRtbA0KICAgIA0KICAgIC0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQoxIDI0IDEwLjM0
MjUgKDAuMDAwMCkgIFM+QyAgYXBwbGljYXRpb25fZGF0YQogICAgLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiAgICA8
IURPQ1RZUEUgSFRNTCBQVUJMSUMgIi0vL1czQy8vRFREIEhUTUwgNC4wIFRyYW5zaXRpb25h
bC8vRU4iICJodHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwL2xvb3NlLmR0ZCI+CiAg
ICA8SFRNTD4KICAgIDxIRUFEPgogICAgPFRJVExFPldlbGNvbWUgd2l0aCBhIGNlcnQgSEFD
S0VEISEhITwvVElUTEU+CiAgICA8Qk9EWSBCR0NPTE9SPSIjRkZGRkZGIj4KICAgIDxDRU5U
RVI+PEgyPgogICAgV2VsY29tZSB0byB0aGUgTmV2aXN3ZWIgUmV2ZXJzZSBQcm94eSAgSEFD
S0VEISEhCiAgICA8L0gyPjwvQ0VOVEVSPgogICAgPC9CT0RZPjwvSFRNTD4gCiAgICAtLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0KMSAyNSAxMC4zNDI5ICgwLjAwMDMpICBTPkMgIEFsZXJ0CiAgICBsZXZlbCAgICAg
ICAgICAgd2FybmluZwogICAgdmFsdWUgICAgICAgICAgIGNsb3NlX25vdGlmeQoxIDI2IDEw
LjM0MjkgKDAuMDAwMCkgIEM+UyAgYXBwbGljYXRpb25fZGF0YQogICAgLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiAg
ICBHRVQgL3ZpY3RpbSBIVFRQLzEuMQ0KICAgIFVzZXItQWdlbnQ6IE9wZXJhLzkuNjQgKFgx
MTsgTGludXggaTY4NjsgVTsgZW4pIFByZXN0by8yLjEuMQ0KICAgIEhvc3Q6IGFkbnBvb2ww
MS56aC5hZG5vdnVtLmNoOjQ0MzAwDQogICAgQWNjZXB0OiB0ZXh0L2h0bWwsIGFwcGxpY2F0
aW9uL3htbDtxPTAuOSwgYXBwbGljYXRpb24veGh0bWwreG1sLCBpbWFnZS9wbmcsIGltYWdl
L2pwZWcsIGltYWdlL2dpZiwgaW1hZ2UveC14Yml0bWFwLCAqLyo7cT0wLjENCiAgICBBY2Nl
cHQtTGFuZ3VhZ2U6IGVuDQogICAgQWNjZXB0LUNoYXJzZXQ6IGlzby04ODU5LTEsIHV0Zi04
LCB1dGYtMTYsICo7cT0wLjENCiAgICBBY2NlcHQtRW5jb2Rpbmc6IGRlZmxhdGUsIGd6aXAs
IHgtZ3ppcCwgaWRlbnRpdHksICo7cT0wDQogICAgSWYtTW9kaWZpZWQtU2luY2U6IE1vbiwg
MTYgTm92IDIwMDkgMTk6MjI6MTEgR01UDQogICAgSWYtTm9uZS1NYXRjaDogIjJkMDFiYy0x
MWQtNDc4ODFlZDI2NjMzOSINCiAgICBDb29raWU6IE5hdmFqbz1SQkJKS0JHWGVFczUvL084
OGowYVlEV01tcVp4aDZiaTQvQlI0bkp1UmQ0UjJLcnNYc1VwMi9xZUhsakpkUERZU1E4VFdV
TzNWQWstOyBJVzRMb2dpbj1sb2dpbg0KICAgIENvb2tpZTI6ICRWZXJzaW9uPTENCiAgICBD
b25uZWN0aW9uOiBLZWVwLUFsaXZlLCBURQ0KICAgIFRFOiBkZWZsYXRlLCBnemlwLCBjaHVu
a2VkLCBpZGVudGl0eSwgdHJhaWxlcnMNCiAgICANCiAgICAtLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KMSAgICAxMC4z
NDMxICgwLjAwMDEpICBDPlMgIFRDUCBGSU4KMSAgICAxMC4zNDM0ICgwLjAwMDIpICBTPkMg
IFRDUCBGSU4K
--------------080200090907070907060703--