Adapting proxo 4.5 to the latest OpenSSL DLLs
|
Jan. 24, 2015, 07:08 PM
Post: #46
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Jan. 24, 2015 04:59 PM)soccerfan Wrote: For example: should I use it with ProxHTTPSProxyMII Either or both. Since Proxomitron's SSL still uses a self signed cert, unaltered modern browsers will probably complain when ProxHTTPSProxyMII is not used. You may be able to disable the browser's cert warnings. Code: IE11 (Browsers should allow us to specify which self signed certs may always be used but...) With Proxomitron's SSL or ProxHTTPSProxyMII's, unaltered browsers may also complain about mixed or insecure content when http is used to add files to https sites. Code: IE11 (Browsers should allow us to specify which http sites may always be used but...) I'd use an unaltered browser with a direct connection for work, banking, etc. |
|||
Jan. 24, 2015, 07:17 PM
Post: #47
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Jan. 24, 2015 12:29 AM)JJoe Wrote:I must be getting senile. Should have thought of that. Thanks. Entering all the changes by hand, then finding the checksum didn't match was annoying to say the least.(Jan. 23, 2015 10:10 PM)herbalist Wrote: What hex editor are you people using here? I tried to copy and paste the changes shown using HxD. It won't allow it due to the 3 columns of hyphens in the code. I'm new to hex editing. Is there an easy work-around that I'm missing? I'll try out the new versions. Need to update to the current OpenSSl first. Hopefully I'll get to that this evening. |
|||
Jan. 24, 2015, 08:30 PM
Post: #48
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Jan. 24, 2015 07:08 PM)JJoe Wrote: You may be able to disable the browser's cert warnings. Thanks. I use only portable versions of most browsers (never heard of IE ) I found the following (similar/identical) settings (in case others are using a similar browser): Slimjet 2.1.6.0 portable (chrome based): "Allow running https/http mixed mode content" (check this box) Qupzilla 1.8.5 portable (webkit based): preferences|privacy|certificate manager|settings: Ignore all SSL warnings (check this box) k-meleon 74.0 portable (mozilla besed): (about:config) security.mixed_content.block_active_content (set it to false) And now, a question: In Opera 12.17 portable (presto based): (opera:config) I find Certificate revocation lists for ssl (enable online revocation of certificates for ssl connections) I assume this should be unchecked soccerfan |
|||
Jan. 25, 2015, 04:14 AM
Post: #49
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
Minor bug fix - some versions of Opera may fail to connect on the first try with the latest OpenSSL, this is because Opera sends a malformed OCSP nonce extension that OpenSSL rejects (older versions didn't try to parse it unless OCSP stapling is enabled.)
References: http://forum.nginx.org/read.php?2,245454,245454 https://bugzilla.mozilla.org/show_bug.cgi?id=949918 http://marc.info/?l=openssl-dev&m=138686574323281&w=2 http://marc.info/?l=openssl-dev&m=138504505311150 (this is the change in OpenSSL that caused Opera to break) With the 1.0.1l OpenSSL DLLs I posted, change ssleay32.dll (offset, old, new) Code: 0001B456: 0F 90 Code: 0001B261 0F 90 I was actually working on a Proxo patcher for this already... |
|||
Jan. 25, 2015, 03:03 PM
Post: #50
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Jan. 25, 2015 04:14 AM)amy Wrote: Minor bug fix - some versions of Opera may fail to connect on the first try with the latest OpenSSL, this is because Opera sends a malformed OCSP nonce extension that OpenSSL rejects (older versions didn't try to parse it unless OCSP stapling is enabled.) The fourth link refers to opera 12.16. For opera 12.17, the changelog of 04-23-2014 (http://www.opera.com/docs/changelogs/windows/1217/) says: Fixes and stability enhancements since Opera 12.16 Security fixes Opera now checks signature before installing the executable file Updates to OpenSSL versions Could this update to OpenSSL versions have fixed the opera bug? soccerfan |
|||
Jan. 25, 2015, 03:25 PM
Post: #51
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs | |||
Jan. 25, 2015, 03:28 PM
Post: #52
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs | |||
Jan. 25, 2015, 03:36 PM
Post: #53
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Jan. 25, 2015 03:25 PM)JJoe Wrote:(Jan. 24, 2015 08:30 PM)soccerfan Wrote: And now, a question: The default setting is to have it enabled (checked). Should I leave it enabled? soccerfan |
|||
Jan. 25, 2015, 04:21 PM
(This post was last modified: Jan. 25, 2015 04:24 PM by JJoe.)
Post: #54
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Jan. 25, 2015 03:36 PM)soccerfan Wrote: The default setting is to have it enabled (checked). Should I leave it enabled? As I understand it, normally it is a personal choice... Enabled, the browser will check to see if the site's certificate has been revoked but this slows things down and may fail. Disabled, should be quicker but may not be as secure. However, if a mitm proxy is always handling the certificate verification, there should be no need for the browser to check for revocation. https://www.google.com/search?q=online+r...rtificates |
|||
The following 1 user says Thank You to JJoe for this post: soccerfan |
Jan. 25, 2015, 06:45 PM
Post: #55
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
So far, no success on 98SE. I decided to completely remove OpenSSL and start the whole process over. I reinstalled the Visual C++ 2008 Redistributables for Windows 9x/NT4, first the Runmagic.bat, then the install global.bat. I then installed Win32OpenSSL_Light-1_0_1L.exe and ran the FixSSL_9xNT4.bat in its bin folder. Rebooted. I copied Proxomitron.exe to the folder containing the patcher and ran it. The checksum verifies. Copied it and the 2 certificate files back to the Proxomitron folder. Extracted the 2 DLLs from amy in post 35 to the Proxomitron folder. When I open an HTTPS page, I get:
"Sorry, but I need... ssleay32.dll and libeay.dll to do this. I'll experiment with the KernelEx settings to see if it helps but it didn't make any difference the last time. Question. Maybe I'm just not thinking clearly (again) to see this correctly. What is the purpose of installing OpenSSL and "fixing" its files for 9X systems, then copying patched DLLs directly to the Proxomitron folder? It seems to me that the installed OpenSSl isn't going to be used when the files are also in the applications folder. |
|||
Jan. 25, 2015, 07:10 PM
Post: #56
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Jan. 25, 2015 03:03 PM)soccerfan Wrote: The fourth link refers to opera 12.16. For opera 12.17, the changelog of 04-23-2014I will get back to you on that - need to check Opera 12.16 and 12.17 differences. @herbalist: The OpenSSL DLLs I posted do not need anything else and should work on 98SE directly - I need to find a suitable system to test it on first. You may also try the 1.0.1l DLLs here: http://indy.fulgan.com/SSL/openssl-1.0.1...-win32.zip |
|||
Jan. 25, 2015, 08:18 PM
Post: #57
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
amy Wrote:@herbalist: The OpenSSL DLLs I posted do not need anything else and should work on 98SE directly - I need to find a suitable system to test it on first.When I use the files from your DLL.zip extracted to the Proxomitron folder, Dependency Walker reports: Code: LoadLibraryA("ssleay32.dll") returned NULL. Error: A device attached to the system is not functioning (31). Code: GetProcAddress(0x00000000, "LdrUnloadDll") called from "c:\windows\system\UNICOWS.DLL" at address 0x7F2D4066 and returned NULL. Error: The handle is invalid (6). |
|||
Jan. 25, 2015, 09:38 PM
Post: #58
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Jan. 25, 2015 08:18 PM)herbalist Wrote: When I use the files from your DLL.zip extracted to the Proxomitron folder, Dependency Walker reports: I have it working on my old Win98se laptop. Try downloading and extracting the DLLs again. Maybe something happened to ssleay32. I'll try to check another machine later. |
|||
Jan. 25, 2015, 11:06 PM
Post: #59
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
For verification:
ssleay32.dll MD5 15ff464c5d134a8f7422aa5f97123897 SHA-256 c23df0530b04c3975e60a1ff8759244ef5b58cc45e8a0eb4b6229556cac413e4 libeay32.dll MD5 7c0670313ca1577f1339e70a168c97ef SHA-256 797a5aec1d0eb47e50ca748eec78bf16d211454352e5fdbca3adcc853921911c Patched proxomitron.exe, aka ProxN45j+SSL+RWIN.exe MD5 d675477025d6af758f10ed1b87a366e6 SHA-256 5a6160c7f6eeb28b10de7fc698f115176c8e579e44b4e209b088942f12e33425 Are these correct? |
|||
Jan. 25, 2015, 11:47 PM
Post: #60
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Jan. 25, 2015 11:06 PM)herbalist Wrote: For verification: They are not what I am using. I have Code: ssleay32.dll Got mine from Post35. Downloaded again and files are the same. |
|||
« Next Oldest | Next Newest »
|