Post Reply 
Adapting proxo 4.5 to the latest OpenSSL DLLs
Jan. 01, 2015, 08:40 PM
Post: #31
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
noted...

i've reloaded all the patches (basically everything except the multiple-instances)...

i'm now running Henk's 3.6 and everything is functioning as expected...
Add Thank You Quote this message in a reply
Jan. 03, 2015, 05:05 PM (This post was last modified: Jan. 03, 2015 05:06 PM by amy.)
Post: #32
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
These are now done in the patch I'm currently testing:

- SubjectAltName extension
- Wildcard certificates checking

No more "hostname doesn't match the site" warnings from that, and it's better than bypassing the check completely. I managed to squeeze the code for doing it in the same space taken up by the original certificate check function, which didn't actually check much. Big Teeth

Proxomitron was originally not doing multithreaded SSL correctly so, on a multicore machine, it occasionally crashed with many simultaneous SSL requests. I've fixed that too along with not checking return value of SSL_connect() function (caused another crash if the connection somehow failed.)

This is going to be a pretty big patch - there's almost 1.5KB changed - so I'm going to test it for a little while more and then release it when I feel it's stable enough.
Add Thank You Quote this message in a reply
Jan. 06, 2015, 03:39 AM
Post: #33
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Jan. 03, 2015 05:05 PM)amy Wrote:  This is going to be a pretty big patch - there's almost 1.5KB changed

and very interesting...
Got notes? Any hair left? Wink

Don't let Proxo steal too much time.
Have fun.
Add Thank You Quote this message in a reply
Jan. 09, 2015, 02:08 PM
Post: #34
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
What I've done so far

- Compatible with OpenSSL 1.0.1j (1.0.1k just came out, I think it'd be compatible too)
- Configurable cipher list
- SNI extension
- SubjectAltName extension
- Wildcard certificate support
- Fixed multithreading crash/hang
- Fixed crash on connection failure

Yesterday fixed memory leak in the certificate name checking... and I still have 7 bytes left there. Smile!

I'm just fixing things when I have the time, hence the sparse updates, and mostly using in the meantime to test its stability.

It starts up using around 8.5MB and now it's at 12.5MB; if it doesn't grow much more than that (or crash) after a week of use then I'll probably release it then. The leak I fixed yesterday caused it to grow to over 45MB after a few days of use!
Add Thank You Quote this message in a reply
Jan. 16, 2015, 03:24 PM (This post was last modified: Feb. 24, 2015 01:31 AM by JJoe.)
Post: #35
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
After a week of rather heavy use with no problems, I think it's ready to release the big patch Smile!

Proxomitron 4.5 now working with OpenSSL 1.0.1l

Summary of things added/fixed by this patch:
- No more random crashes/"could not connect" even if site is up
- Certificate verification error messages should be correct now
- Adds SNI, needed to access many sites now
- Checking wildcard certificates correctly
- Checking SubjectAltName extension correctly
- Cipher list is configured to avoid weak/insecure ciphers, and to use strongest encryption level available

It comes in 10(!) parts, which all have to be applied to your Proxomitron (original) exe to work correctly.

1. Update section headers to add space for code (offset, old, new)
Code:
00000118: 00 98
00000119: A0 9B
000001C6: 00 14
000001C8: 12 00
000001C9: 4F 50
000001F0: 1A 00
000001F1: 1A 1C
0000020F: 40 C0

2. Allocate more critical sections, fixing multithreading crashes
Code:
00005A81: D8 B0
00005A82: 00 04
00005AA1: C0 98
00005AA2: 00 04
00005AD9: C0 98
00005ADA: 00 04

3. SslInit: jump to additional SSL initialisation code
Code:
0000E649: 6A E9
0000E64A: 00 C4
0000E64B: 6A 6C
0000E64C: 00 01
0000E64D: 6A 00

4. Update offsets of error and error_depth fields in SSL_CTX structure (so the error messages are actually correct)
Code:
0000E913: 4C 64
0000E920: 48 60
0000E92B: 4C 64
0000E93C: 4C 64

5. Jump to additional code for adding SNI
Old:
Code:
0000EACC: 8B 4E 04 51 8B 15 BC C4 42 00
New:
Code:
0000EACC: E9 6A 68 01 00 90 90 90 90 90

6. Replaced certificate name checking function (SAN and wildcard support)
Old:
Code:
0000EBF0:
81 EC 0C 02-00 00 55 56-8B B4 24 18-02 00 00 C7
44 24 08 00-00 00 00 8B-46 0C 8B 40-1C 8B 48 14
0F BF 68 30-8B 06 89 4C-24 0C 85 C0-74 0E B8 01
00 00 00 5E-5D 81 C4 0C-02 00 00 C3-8B 4E 10 A1
BC C4 42 00-57 53 8D 54-24 18 68 00-02 00 00 52
8B 51 04 6A-0D 52 8D 78-60 8D 98 CC-00 00 00 FF
90 D0 00 00-00 83 C4 04-50 FF 13 83-C4 04 50 FF
17 83 C4 10-83 F8 01 7E-38 8A 54 24-18 8D 4C 24
18 80 FA 2A-75 05 8D 4C-24 19 48 3B-E8 7C 22 83
F8 03 7E 1D-50 51 8B 4C-24 1C 03 E9-2B E8 55 FF
15 B4 61 42-00 83 C4 0C-BF 01 00 00-00 85 C0 74
04 8B 7C 24-10 85 FF 75-18 8B 5E 04-83 C6 14 43
68 C8 9B 42-00 89 5E F0-56 E8 D2 70-FF FF 83 C4
08 8B C7 5B-5F 5E 5D 81-C4 0C 02 00-00 C3 90 90
New (updated 2015-01-18 to fix bug reported below):
Code:
0000EBF0:
80 7D B4 00-74 01 C3 56-57 8B 1D BC-C4 42 00 8B
47 1C FF 70-14 0F BF 40-30 50 FF 76-04 FF 93 D0
00 00 00 85-C0 97 74 53-6A 00 6A 00-6A 55 57 FF
53 64 83 C4-10 85 C0 74-1F 50 8B 70-04 8B 08 E3
0D AD 83 38-02 75 05 E8-4C 00 00 00-E0 F3 58 9C
50 FF 53 4C-58 9D 74 36-57 FF 93 CC-00 00 00 96
6A FF 6A 0D-56 FF 53 60-50 56 FF 53-5C 83 C4 18
85 C0 74 07-E8 1F 00 00-00 74 13 FF-45 B8 8D 45
C8 68 C8 9B-42 00 50 E8-14 71 FF FF-59 59 57 FF
53 50 83 C4-10 5F 5E C3-51 8B 50 04-FF 32 8B 52
08 8B 45 90-8B 4D 8C 66-81 3A 2A 2E-75 17 42 42
83 2C 24 02-80 38 00 75-03 59 EB 19-80 38 2E 9C
40 49 9D 75-EF 3B 0C 24-75 EF 52 50-FF 15 B4 61
42 00 83 C4-0C 85 C0 59-C3 90 90 90-90 90 90 90

7. Fix crash when no certificate available or connection failed
Old:
Code:
0000F370:
C4 42 00 56-53 8B 48 04-51 FF 92 D0-00 00 00 83
C4 04 8B F0-8D 44 24 34-6A 00 50 E8-10 68 FF FF
8B 5C 24 68-83 C4 08 8B-43 1C 8B 48-14 89 4C 24
58 8D 4C 24-34 0F BF 50-30 8D 44 24-48 89 54 24
50 50 51 E8-68 69 FF FF-83 C4 08 8D-54 24 20 68
08 9E 42 00-52 E8 D6 67-FF FF 83 C4-08 8D 44 24
34 8D 4C 24-20 50 51 E8-44 69 FF FF-83 C4 08 8D
54 24 20 68-F0 9D 42 00-52 E8 A2 69-FF FF 83 C4
08 8D 44 24-0C 68 D0 9D-42 00 50 E8-A0 67 FF FF
83 C4 08 83-C7 14 8D 4C-24 0C 57 51-E8 0F 69 FF
FF 83 C4 08-8D 54 24 0C-68 B0 9D 42-00 52 E8 6D
69 FF FF 8B-44 24 1C 83-C4 08 05 00-02 00 00 8D
4C 24 0C 50-51 E8 06 6D-FF FF 83 C4-08 85 C0 74
New:
Code:
0000F370:
C4 42 00 56-53 8B 48 04-51 FF 92 D0-00 00 00 59
8B F0 8D 44-24 34 6A 00-50 E8 12 68-FF FF 8B 5C
24 68 5A 5A-8B 43 1C 8B-48 14 89 4C-24 58 8D 4C
24 34 0F BF-50 30 8D 44-24 48 89 54-24 50 50 51
E8 6B 69 FF-FF 5A 5A 8D-54 24 20 68-08 9E 42 00
52 E8 DA 67-FF FF 5A 5A-8D 44 24 34-8D 4C 24 20
50 51 E8 49-69 FF FF 5A-5A 8D 54 24-20 68 F0 9D
42 00 52 E8-A8 69 FF FF-5A 5A 8D 44-24 0C 68 D0
9D 42 00 50-E8 A7 67 FF-FF 5A 5A 83-C7 14 8D 4C
24 0C 57 51-E8 17 69 FF-FF 5A 5A 8D-54 24 0C 68
B0 9D 42 00-52 E8 76 69-FF FF 8B 44-24 1C 5A 5A
05 00 02 00-00 8D 4C 24-0C 50 51 E8-10 6D FF FF
5A 5A 85 F6-0F 84 DC 00-00 00 90 90-90 85 C0 74

8. Added "SSL_ctrl" function, SNI, multithreaded locking
Old:
Code:
000252F0:
C3 90 90 90-90 90 90 90-90 90 90 90-90 90 90 90
FF 25 F4 61-42 00 FF 25-18 64 42 00-FF 25 EC 63
42 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
New:
Code:
00252F0:
C3 00 53 53-4C 5F 63 74-72 6C 00 90-90 90 90 90
FF 25 F4 61-42 00 FF 25-18 64 42 00-FF 25 EC 63
42 00 68 20-7A 42 00 50-FF 53 3C 58-58 68 F2 5E
42 00 FF 33-FF 15 90 60-42 00 A3 1C-7A 42 00 EB
64 50 50 50-50 50 E9 18-93 FE FF 83-3D 1C 7A 42
00 00 74 28-8B 47 1C 8B-48 14 0F B7-50 30 03 D1
8A 02 C6 02-00 50 52 51-6A 00 6A 37-FF 76 04 FF
15 1C 7A 42-00 83 C4 10-5A 58 88 02-8B 4E 04 51
8B 15 BC C4-42 00 E9 5B-97 FE FF BA-20 67 40 00
58 59 F6 C1-01 75 03 83-C2 20 59 83-C1 09 51 51
50 FF E2 90-90 68 AF 5F-42 00 FF 73-04 FF 15 90
60 42 00 68-7B 5F 42 00-FF D0 58 33-C0 EB 82 43
52 59 50 54-4F 5F 73 65-74 5F 6C 6F-63 6B 69 6E
67 5F 63 61-6C 6C 62 61-63 6B 00 00-00 00 00 00

9. Cipher list. Old bytes there were all zeros.
Code:
00026E20:
41 4C 4C 3A-21 65 4E 55-4C 4C 3A 21-61 4E 55 4C
4C 3A 21 45-58 50 3A 21-44 45 53 3A-21 52 43 32
3A 21 53 53-4C 76 32 3A-21 50 53 4B-3A 21 61 45
43 44 48 3A-21 43 41 4D-45 4C 4C 49-41 3A 21 53
45 45 44 3A-40 53 54 52-45 4E 47 54-48 00 00 00
This patch sets the cipher list to "ALL:!eNULL:!aNULL:!EXP:!DES:!RC2:!SSLv2:!PSK:!aECDH:!CAMELLIA:!SEED:@STRENGTH", you can use a different one if you want as long as it's less than 1504 bytes long Smile! See https://www.openssl.org/docs/apps/ciphers.html for more information.

10. Updated OpenSSL function names list.
Old:
Code:
00028690:
65 72 73 69-6F 6E 00 4F-70 65 6E 53-53 4C 5F 61
64 64 5F 61-6C 6C 5F 61-6C 67 6F 72-69 74 68 6D
73 00 53 53-4C 5F 43 54-58 5F 73 65-74 5F 63 69
70 68 65 72-5F 6C 69 73-74 00 53 53-4C 5F 43 54
58 5F 73 65-74 5F 76 65-72 69 66 79-00 53 53 4C
5F 43 54 58-5F 6C 6F 61-64 5F 76 65-72 69 66 79
5F 6C 6F 63-61 74 69 6F-6E 73 00 58-35 30 39 5F
53 54 4F 52-45 5F 43 54-58 5F 67 65-74 5F 63 75
72 72 65 6E-74 5F 63 65-72 74 00 58-35 30 39 5F
53 54 4F 52-45 5F 43 54-58 5F 67 65-74 5F 65 72
72 6F 72 00-58 35 30 39-5F 53 54 4F-52 45 5F 43
54 58 5F 67-65 74 5F 65-72 72 6F 72-5F 64 65 70
74 68 00 58-35 30 39 5F-4E 41 4D 45-5F 6F 6E 65
6C 69 6E 65-00 58 35 30-39 5F 76 65-72 69 66 79
5F 63 65 72-74 5F 65 72-72 6F 72 5F-73 74 72 69
6E 67 00 58-35 30 39 5F-67 65 74 5F-69 73 73 75
65 72 5F 6E-61 6D 65 00-58 35 30 39-5F 4E 41 4D
45 5F 67 65-74 5F 74 65-78 74 5F 62-79 5F 4E 49
44 00 50 45-4D 5F 77 72-69 74 65 5F-58 35 30 39
5F 41 55 58-00 53 53 4C-5F 67 65 74-5F 65 78 5F
6E 65 77 5F-69 6E 64 65-78 00 53 53-4C 5F 73 65
74 5F 65 78-5F 64 61 74-61 00 53 53-4C 5F 67 65
74 5F 65 78-5F 64 61 74-61 00 58 35-30 39 5F 53
54 4F 52 45-5F 43 54 58-5F 67 65 74-5F 65 78 5F
64 61 74 61-00 53 53 4C-5F 67 65 74-5F 65 78 5F
64 61 74 61-5F 58 35 30-39 5F 53 54-4F 52 45 5F
43 54 58 5F-69 64 78 00-53 53 4C 5F-43 54 58 5F
73 65 74 5F-74 69 6D 65-6F 75 74 00-53 53 4C 5F
6C 6F 61 64-5F 65 72 72-6F 72 5F 73-74 72 69 6E
67 73 00 53-53 4C 5F 6E-65 77 00 53-53 4C 5F 73
65 74 5F 66-64 00 53 53-4C 5F 73 65-74 5F 72 65
61 64 5F 61-68 65 61 64-00 53 53 4C-5F 63 6F 6E
6E 65 63 74-00 53 53 4C-5F 73 65 74-5F 63 6F 6E
6E 65 63 74-5F 73 74 61-74 65 00 53-53 4C 5F 61
63 63 65 70-74 00 53 53-4C 5F 73 65-74 5F 61 63
63 65 70 74-5F 73 74 61-74 65 00 53-53 4C 5F 72
65 61 64 00-53 53 4C 5F-77 72 69 74-65 00 53 53
4C 5F 73 68-75 74 64 6F-77 6E 00 53-53 4C 5F 67
65 74 5F 73-68 75 74 64-6F 77 6E 00-53 53 4C 5F
66 72 65 65-00 53 53 4C-5F 43 54 58-5F 66 72 65
65 00 53 53-4C 5F 73 74-61 74 65 5F-73 74 72 69
6E 67 5F 6C-6F 6E 67 00-53 53 4C 5F-67 65 74 5F
63 75 72 72-65 6E 74 5F-63 69 70 68-65 72 00 53
53 4C 5F 43-49 50 48 45-52 5F 67 65-74 5F 62 69
74 73 00 53-53 4C 5F 43-49 50 48 45-52 5F 67 65
74 5F 6E 61-6D 65 00 53-53 4C 65 61-79 5F 76 65
72 73 69 6F-6E 00 58 35-30 39 5F 67-65 74 5F 73
75 62 6A 65-63 74 5F 6E-61 6D 65 00-53 53 4C 5F
67 65 74 5F-70 65 65 72-5F 63 65 72-74 69 66 69
63 61 74 65-00 53 53 4C-76 32 33 5F-63 6C 69 65
6E 74 5F 6D-65 74 68 6F-64 00 53 53-4C 76 32 33
5F 73 65 72-76 65 72 5F-6D 65 74 68-6F 64 00 00

New:
Code:
00028690:
65 72 73 69-6F 6E 00 53-53 4C 5F 6C-69 62 72 61
72 79 5F 69-6E 69 74 00-53 53 4C 5F-43 54 58 5F
73 65 74 5F-63 69 70 68-65 72 5F 6C-69 73 74 00
53 53 4C 5F-43 54 58 5F-73 65 74 5F-76 65 72 69
66 79 00 53-53 4C 5F 43-54 58 5F 6C-6F 61 64 5F
76 65 72 69-66 79 5F 6C-6F 63 61 74-69 6F 6E 73
00 58 35 30-39 5F 53 54-4F 52 45 5F-43 54 58 5F
67 65 74 5F-63 75 72 72-65 6E 74 5F-63 65 72 74
00 47 45 4E-45 52 41 4C-5F 4E 41 4D-45 53 5F 66
72 65 65 00-58 35 30 39-5F 66 72 65-65 00 58 35
30 39 5F 4E-41 4D 45 5F-6F 6E 65 6C-69 6E 65 00
58 35 30 39-5F 76 65 72-69 66 79 5F-63 65 72 74
5F 65 72 72-6F 72 5F 73-74 72 69 6E-67 00 58 35
30 39 5F 4E-41 4D 45 5F-67 65 74 5F-65 6E 74 72
79 00 58 35-30 39 5F 4E-41 4D 45 5F-67 65 74 5F
69 6E 64 65-78 5F 62 79-5F 4E 49 44-00 58 35 30
39 5F 67 65-74 5F 65 78-74 5F 64 32-69 00 53 53
4C 5F 67 65-74 5F 65 78-5F 6E 65 77-5F 69 6E 64
65 78 00 53-53 4C 5F 73-65 74 5F 65-78 5F 64 61
74 61 00 53-53 4C 5F 67-65 74 5F 65-78 5F 64 61
74 61 00 58-35 30 39 5F-53 54 4F 52-45 5F 43 54
58 5F 67 65-74 5F 65 78-5F 64 61 74-61 00 53 53
4C 5F 67 65-74 5F 65 78-5F 64 61 74-61 5F 58 35
30 39 5F 53-54 4F 52 45-5F 43 54 58-5F 69 64 78
00 53 53 4C-5F 43 54 58-5F 73 65 74-5F 74 69 6D
65 6F 75 74-00 53 53 4C-5F 6C 6F 61-64 5F 65 72
72 6F 72 5F-73 74 72 69-6E 67 73 00-53 53 4C 5F
6E 65 77 00-53 53 4C 5F-73 65 74 5F-66 64 00 53
53 4C 5F 73-65 74 5F 72-65 61 64 5F-61 68 65 61
64 00 53 53-4C 5F 63 6F-6E 6E 65 63-74 00 53 53
4C 5F 73 65-74 5F 63 6F-6E 6E 65 63-74 5F 73 74
61 74 65 00-53 53 4C 5F-61 63 63 65-70 74 00 53
53 4C 5F 73-65 74 5F 61-63 63 65 70-74 5F 73 74
61 74 65 00-53 53 4C 5F-72 65 61 64-00 53 53 4C
5F 77 72 69-74 65 00 53-53 4C 5F 73-68 75 74 64
6F 77 6E 00-53 53 4C 5F-67 65 74 5F-73 68 75 74
64 6F 77 6E-00 53 53 4C-5F 66 72 65-65 00 53 53
4C 5F 43 54-58 5F 66 72-65 65 00 53-53 4C 5F 73
74 61 74 65-5F 73 74 72-69 6E 67 5F-6C 6F 6E 67
00 53 53 4C-5F 67 65 74-5F 63 75 72-72 65 6E 74
5F 63 69 70-68 65 72 00-53 53 4C 5F-43 49 50 48
45 52 5F 67-65 74 5F 62-69 74 73 00-53 53 4C 5F
43 49 50 48-45 52 5F 67-65 74 5F 6E-61 6D 65 00
53 53 4C 65-61 79 5F 76-65 72 73 69-6F 6E 00 58
35 30 39 5F-67 65 74 5F-73 75 62 6A-65 63 74 5F
6E 61 6D 65-00 53 53 4C-5F 67 65 74-5F 70 65 65
72 5F 63 65-72 74 69 66-69 63 61 74-65 00 53 53
4C 76 32 33-5F 63 6C 69-65 6E 74 5F-6D 65 74 68
6F 64 00 53-53 4C 76 32-33 5F 73 65-72 76 65 72
5F 6D 65 74-68 6F 64 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00

Then you will need to use OpenSSL DLLs version 1.0.1l which I attached. These are compiled from the official source and should not need any patching to work on Win9x nor the VC redistributable package; the DLLs here should work too, but I haven't tested them. I started testing this patch with 1.0.1j, which should also work as should all the versions going back to 1.0.1a, but the latest version fixes a few bugs so it would be better to use them. You can see differences between the versions here: http://upstream.rosalinux.ru/versions/openssl.html

With the patch applied, Proxomitron.exe should have the following hashes:
MD5: 0a1e3b087dd35facb4ffcbcac2ddbebb
SHA1: 9442ed2d4a82b40b1b5af08efd2f8045232456a6


Edits:
Jan. 18, 2015 08:47 PM by amy.
Feb. 23, 2015 by JJoe. Changed hashes to reflect bugfix as reported, herbalist, and verified.
Old values were:
MD5: 03259b46fc5eac833830a684c47dc64b
SHA1: 7ee76261088f86957f02fe9590b8b71b08b1025b


Attached File(s)
.zip  OpenSSL_1_0_1_L_win32_DLLs.zip (Size: 583.69 KB / Downloads: 805)
Add Thank You Quote this message in a reply
[-] The following 5 users say Thank You to amy for this post:
eclipse, defconnect, usr, whenever, herbalist
Jan. 16, 2015, 07:37 PM
Post: #36
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
Thanks for your great work amy! A nice weekend to all.
Add Thank You Quote this message in a reply
Jan. 18, 2015, 06:37 AM
Post: #37
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Jan. 16, 2015 03:24 PM)amy Wrote:  After a week of rather heavy use with no problems, I think it's ready to release the big patch Smile!

Yes! Well done. Applause Thank you, thank you, thank you. Hail

A few issues noted on Win7 64.

1. Hate to ask for more but always crashes at https://www.ssllabs.com/ssltest/viewMyClient.html . I suspect this is due to https://www.ssllabs.com:10200/1x1-transparent.png which is used to test for unsupported SSL2. Ideally SSL2 will not be seen but is a more graceful exit possible?

2. Use ProxHTTPSProxyMII's "cacert.pem" renamed "certs.pem". I had problems while using the original "certs.pem" and the one that I created specifically for the Proxomitron.

3. Using the Proxomitron's "Abort" while files are downloading may crash it.


Hope Santa was very good to amy, whenever, Stone-D, mas, Kye-U, sidki, and all. Cheers

Have fun
Add Thank You Quote this message in a reply
Jan. 19, 2015, 12:56 AM (This post was last modified: Jan. 19, 2015 12:57 AM by amy.)
Post: #38
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
1. Yes, this is a bug! Thanks for finding and reporting it! The fix is (old, new):
Code:
0000EC15: 74 97
0000EC16: 54 74
0000EC17: 97 53
I've updated my post above with the right values.

2. I don't use ProxHTTPSProxyMII so can't give any explanation for this... but the original certs.pem is wildly out-of-date. I've extracted a list of CAs from the other browsers to use in my certs.pem; I'll probably post that one later (along with the tools to do the extraction) somewhere else.

3. I rarely use the Abort button but I've just tried aborting a few (large) HTTP and HTTPS downloads and it didn't happen. I don't think I've experienced any crashes with aborts before that were not HTTPS-related. Is this on HTTPS downloads only?
Add Thank You Quote this message in a reply
Jan. 19, 2015, 05:18 AM
Post: #39
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
HTTPS only. I experienced crashes while loading cfgs that required closing existing connections. To test, I opened yahoo mail and 'aborted' till crash. Seems to be fixed by the bug fix.

I mentioned the ProxHTTPSProxyMII certs file for the others because it is easily available and was working for me. I assumed you had another.

My guess is a failed or bad request was responsible for each crash. I think or hope the fix fixes 1, 2, and 3. Wink

Happy to help!
Thanks again!
Add Thank You Quote this message in a reply
Jan. 23, 2015, 09:53 AM
Post: #40
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
i'm curious, acknowledging that my views are less "mainstream" than most, but also knowing that this *IS* becoming an INCREASINGLY more "accepted" protocol -
(ie, chrome/chromium enable this via command line switches, QupZilla has an option to enable this right in the GUI)

what about a patch for Proxo that enables the end-user to FULLY DISABLE SSL cert-check "crap"?
basically a GUI "check box" similar to that used to freeze GIFs

throw in a "warning" dialog box if you feel it appropriate
(i personally don't, the Proxo user is generally MUCH smarter than the 'average' web user)
Add Thank You Quote this message in a reply
Jan. 23, 2015, 10:10 PM (This post was last modified: Jan. 23, 2015 10:11 PM by herbalist.)
Post: #41
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
What hex editor are you people using here? I tried to copy and paste the changes shown using HxD. It won't allow it due to the 3 columns of hyphens in the code. I'm new to hex editing. Is there an easy work-around that I'm missing?
Add Thank You Quote this message in a reply
Jan. 24, 2015, 12:29 AM (This post was last modified: Jan. 25, 2015 03:29 PM by JJoe.)
Post: #42
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Jan. 23, 2015 10:10 PM)herbalist Wrote:  What hex editor are you people using here? I tried to copy and paste the changes shown using HxD. It won't allow it due to the 3 columns of hyphens in the code. I'm new to hex editing. Is there an easy work-around that I'm missing?

I used HxD and a text editor. Use the text editor to change all "-" to spaces, " ".

Patching exes are coming, tho.
Add Thank You Quote this message in a reply
Jan. 24, 2015, 04:39 PM
Post: #43
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Jan. 24, 2015 12:29 AM)JJoe Wrote:  ...Patching exes are coming, tho.
...Want to test one for me?

md5: d675477025d6af758f10ed1b87a366e6

Can you please confirm the above md5 for the patched proxomitron.exe (using your patcher)?

Thanks.

soccerfan
Add Thank You Quote this message in a reply
Jan. 24, 2015, 04:48 PM
Post: #44
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Jan. 24, 2015 04:39 PM)soccerfan Wrote:  md5: d675477025d6af758f10ed1b87a366e6

Can you please confirm the above md5 for the patched proxomitron.exe (using your patcher)?

MD-5: D675477025D6AF758F10ED1B87A366E6
SHA-1: FAADF4508437F9525FD7E5856822EBE6623C92ED

Problems?
Add Thank You Quote this message in a reply
Jan. 24, 2015, 04:59 PM
Post: #45
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Jan. 24, 2015 04:48 PM)JJoe Wrote:  Problems?

The checksums match. Some guidance in how to use/test the patched version:
For example: should I use it with ProxHTTPSProxyMII
or by itself (with ssl enabled)

soccerfan
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: