After a week of rather heavy use with no problems, I think it's ready to release the big patch
Proxomitron 4.5 now working with OpenSSL 1.0.1l
Summary of things added/fixed by this patch:
- No more random crashes/"could not connect" even if site is up
- Certificate verification error messages should be correct now
- Adds
SNI, needed to access many sites now
- Checking wildcard certificates correctly
- Checking SubjectAltName extension correctly
- Cipher list is configured to avoid weak/insecure ciphers, and to use strongest encryption level available
It comes in 10(!) parts, which all have to be applied to your Proxomitron (original) exe to work correctly.
1. Update section headers to add space for code (offset, old, new)
Code:
00000118: 00 98
00000119: A0 9B
000001C6: 00 14
000001C8: 12 00
000001C9: 4F 50
000001F0: 1A 00
000001F1: 1A 1C
0000020F: 40 C0
2. Allocate more critical sections, fixing multithreading crashes
Code:
00005A81: D8 B0
00005A82: 00 04
00005AA1: C0 98
00005AA2: 00 04
00005AD9: C0 98
00005ADA: 00 04
3. SslInit: jump to additional SSL initialisation code
Code:
0000E649: 6A E9
0000E64A: 00 C4
0000E64B: 6A 6C
0000E64C: 00 01
0000E64D: 6A 00
4. Update offsets of error and error_depth fields in SSL_CTX structure (so the error messages are actually correct)
Code:
0000E913: 4C 64
0000E920: 48 60
0000E92B: 4C 64
0000E93C: 4C 64
5. Jump to additional code for adding SNI
Old:
Code:
0000EACC: 8B 4E 04 51 8B 15 BC C4 42 00
New:
Code:
0000EACC: E9 6A 68 01 00 90 90 90 90 90
6. Replaced certificate name checking function (SAN and wildcard support)
Old:
Code:
0000EBF0:
81 EC 0C 02-00 00 55 56-8B B4 24 18-02 00 00 C7
44 24 08 00-00 00 00 8B-46 0C 8B 40-1C 8B 48 14
0F BF 68 30-8B 06 89 4C-24 0C 85 C0-74 0E B8 01
00 00 00 5E-5D 81 C4 0C-02 00 00 C3-8B 4E 10 A1
BC C4 42 00-57 53 8D 54-24 18 68 00-02 00 00 52
8B 51 04 6A-0D 52 8D 78-60 8D 98 CC-00 00 00 FF
90 D0 00 00-00 83 C4 04-50 FF 13 83-C4 04 50 FF
17 83 C4 10-83 F8 01 7E-38 8A 54 24-18 8D 4C 24
18 80 FA 2A-75 05 8D 4C-24 19 48 3B-E8 7C 22 83
F8 03 7E 1D-50 51 8B 4C-24 1C 03 E9-2B E8 55 FF
15 B4 61 42-00 83 C4 0C-BF 01 00 00-00 85 C0 74
04 8B 7C 24-10 85 FF 75-18 8B 5E 04-83 C6 14 43
68 C8 9B 42-00 89 5E F0-56 E8 D2 70-FF FF 83 C4
08 8B C7 5B-5F 5E 5D 81-C4 0C 02 00-00 C3 90 90
New (
updated 2015-01-18 to fix bug reported below):
Code:
0000EBF0:
80 7D B4 00-74 01 C3 56-57 8B 1D BC-C4 42 00 8B
47 1C FF 70-14 0F BF 40-30 50 FF 76-04 FF 93 D0
00 00 00 85-C0 97 74 53-6A 00 6A 00-6A 55 57 FF
53 64 83 C4-10 85 C0 74-1F 50 8B 70-04 8B 08 E3
0D AD 83 38-02 75 05 E8-4C 00 00 00-E0 F3 58 9C
50 FF 53 4C-58 9D 74 36-57 FF 93 CC-00 00 00 96
6A FF 6A 0D-56 FF 53 60-50 56 FF 53-5C 83 C4 18
85 C0 74 07-E8 1F 00 00-00 74 13 FF-45 B8 8D 45
C8 68 C8 9B-42 00 50 E8-14 71 FF FF-59 59 57 FF
53 50 83 C4-10 5F 5E C3-51 8B 50 04-FF 32 8B 52
08 8B 45 90-8B 4D 8C 66-81 3A 2A 2E-75 17 42 42
83 2C 24 02-80 38 00 75-03 59 EB 19-80 38 2E 9C
40 49 9D 75-EF 3B 0C 24-75 EF 52 50-FF 15 B4 61
42 00 83 C4-0C 85 C0 59-C3 90 90 90-90 90 90 90
7. Fix crash when no certificate available or connection failed
Old:
Code:
0000F370:
C4 42 00 56-53 8B 48 04-51 FF 92 D0-00 00 00 83
C4 04 8B F0-8D 44 24 34-6A 00 50 E8-10 68 FF FF
8B 5C 24 68-83 C4 08 8B-43 1C 8B 48-14 89 4C 24
58 8D 4C 24-34 0F BF 50-30 8D 44 24-48 89 54 24
50 50 51 E8-68 69 FF FF-83 C4 08 8D-54 24 20 68
08 9E 42 00-52 E8 D6 67-FF FF 83 C4-08 8D 44 24
34 8D 4C 24-20 50 51 E8-44 69 FF FF-83 C4 08 8D
54 24 20 68-F0 9D 42 00-52 E8 A2 69-FF FF 83 C4
08 8D 44 24-0C 68 D0 9D-42 00 50 E8-A0 67 FF FF
83 C4 08 83-C7 14 8D 4C-24 0C 57 51-E8 0F 69 FF
FF 83 C4 08-8D 54 24 0C-68 B0 9D 42-00 52 E8 6D
69 FF FF 8B-44 24 1C 83-C4 08 05 00-02 00 00 8D
4C 24 0C 50-51 E8 06 6D-FF FF 83 C4-08 85 C0 74
New:
Code:
0000F370:
C4 42 00 56-53 8B 48 04-51 FF 92 D0-00 00 00 59
8B F0 8D 44-24 34 6A 00-50 E8 12 68-FF FF 8B 5C
24 68 5A 5A-8B 43 1C 8B-48 14 89 4C-24 58 8D 4C
24 34 0F BF-50 30 8D 44-24 48 89 54-24 50 50 51
E8 6B 69 FF-FF 5A 5A 8D-54 24 20 68-08 9E 42 00
52 E8 DA 67-FF FF 5A 5A-8D 44 24 34-8D 4C 24 20
50 51 E8 49-69 FF FF 5A-5A 8D 54 24-20 68 F0 9D
42 00 52 E8-A8 69 FF FF-5A 5A 8D 44-24 0C 68 D0
9D 42 00 50-E8 A7 67 FF-FF 5A 5A 83-C7 14 8D 4C
24 0C 57 51-E8 17 69 FF-FF 5A 5A 8D-54 24 0C 68
B0 9D 42 00-52 E8 76 69-FF FF 8B 44-24 1C 5A 5A
05 00 02 00-00 8D 4C 24-0C 50 51 E8-10 6D FF FF
5A 5A 85 F6-0F 84 DC 00-00 00 90 90-90 85 C0 74
8. Added "SSL_ctrl" function, SNI, multithreaded locking
Old:
Code:
000252F0:
C3 90 90 90-90 90 90 90-90 90 90 90-90 90 90 90
FF 25 F4 61-42 00 FF 25-18 64 42 00-FF 25 EC 63
42 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
New:
Code:
00252F0:
C3 00 53 53-4C 5F 63 74-72 6C 00 90-90 90 90 90
FF 25 F4 61-42 00 FF 25-18 64 42 00-FF 25 EC 63
42 00 68 20-7A 42 00 50-FF 53 3C 58-58 68 F2 5E
42 00 FF 33-FF 15 90 60-42 00 A3 1C-7A 42 00 EB
64 50 50 50-50 50 E9 18-93 FE FF 83-3D 1C 7A 42
00 00 74 28-8B 47 1C 8B-48 14 0F B7-50 30 03 D1
8A 02 C6 02-00 50 52 51-6A 00 6A 37-FF 76 04 FF
15 1C 7A 42-00 83 C4 10-5A 58 88 02-8B 4E 04 51
8B 15 BC C4-42 00 E9 5B-97 FE FF BA-20 67 40 00
58 59 F6 C1-01 75 03 83-C2 20 59 83-C1 09 51 51
50 FF E2 90-90 68 AF 5F-42 00 FF 73-04 FF 15 90
60 42 00 68-7B 5F 42 00-FF D0 58 33-C0 EB 82 43
52 59 50 54-4F 5F 73 65-74 5F 6C 6F-63 6B 69 6E
67 5F 63 61-6C 6C 62 61-63 6B 00 00-00 00 00 00
9. Cipher list. Old bytes there were all zeros.
Code:
00026E20:
41 4C 4C 3A-21 65 4E 55-4C 4C 3A 21-61 4E 55 4C
4C 3A 21 45-58 50 3A 21-44 45 53 3A-21 52 43 32
3A 21 53 53-4C 76 32 3A-21 50 53 4B-3A 21 61 45
43 44 48 3A-21 43 41 4D-45 4C 4C 49-41 3A 21 53
45 45 44 3A-40 53 54 52-45 4E 47 54-48 00 00 00
This patch sets the cipher list to "ALL:!eNULL:!aNULL:!EXP:!DES:!RC2:!SSLv2:!PSK:!aECDH:!CAMELLIA:!SEED:@STRENGTH", you can use a different one if you want as long as it's less than 1504 bytes long

See
https://www.openssl.org/docs/apps/ciphers.html for more information.
10. Updated OpenSSL function names list.
Old:
Code:
00028690:
65 72 73 69-6F 6E 00 4F-70 65 6E 53-53 4C 5F 61
64 64 5F 61-6C 6C 5F 61-6C 67 6F 72-69 74 68 6D
73 00 53 53-4C 5F 43 54-58 5F 73 65-74 5F 63 69
70 68 65 72-5F 6C 69 73-74 00 53 53-4C 5F 43 54
58 5F 73 65-74 5F 76 65-72 69 66 79-00 53 53 4C
5F 43 54 58-5F 6C 6F 61-64 5F 76 65-72 69 66 79
5F 6C 6F 63-61 74 69 6F-6E 73 00 58-35 30 39 5F
53 54 4F 52-45 5F 43 54-58 5F 67 65-74 5F 63 75
72 72 65 6E-74 5F 63 65-72 74 00 58-35 30 39 5F
53 54 4F 52-45 5F 43 54-58 5F 67 65-74 5F 65 72
72 6F 72 00-58 35 30 39-5F 53 54 4F-52 45 5F 43
54 58 5F 67-65 74 5F 65-72 72 6F 72-5F 64 65 70
74 68 00 58-35 30 39 5F-4E 41 4D 45-5F 6F 6E 65
6C 69 6E 65-00 58 35 30-39 5F 76 65-72 69 66 79
5F 63 65 72-74 5F 65 72-72 6F 72 5F-73 74 72 69
6E 67 00 58-35 30 39 5F-67 65 74 5F-69 73 73 75
65 72 5F 6E-61 6D 65 00-58 35 30 39-5F 4E 41 4D
45 5F 67 65-74 5F 74 65-78 74 5F 62-79 5F 4E 49
44 00 50 45-4D 5F 77 72-69 74 65 5F-58 35 30 39
5F 41 55 58-00 53 53 4C-5F 67 65 74-5F 65 78 5F
6E 65 77 5F-69 6E 64 65-78 00 53 53-4C 5F 73 65
74 5F 65 78-5F 64 61 74-61 00 53 53-4C 5F 67 65
74 5F 65 78-5F 64 61 74-61 00 58 35-30 39 5F 53
54 4F 52 45-5F 43 54 58-5F 67 65 74-5F 65 78 5F
64 61 74 61-00 53 53 4C-5F 67 65 74-5F 65 78 5F
64 61 74 61-5F 58 35 30-39 5F 53 54-4F 52 45 5F
43 54 58 5F-69 64 78 00-53 53 4C 5F-43 54 58 5F
73 65 74 5F-74 69 6D 65-6F 75 74 00-53 53 4C 5F
6C 6F 61 64-5F 65 72 72-6F 72 5F 73-74 72 69 6E
67 73 00 53-53 4C 5F 6E-65 77 00 53-53 4C 5F 73
65 74 5F 66-64 00 53 53-4C 5F 73 65-74 5F 72 65
61 64 5F 61-68 65 61 64-00 53 53 4C-5F 63 6F 6E
6E 65 63 74-00 53 53 4C-5F 73 65 74-5F 63 6F 6E
6E 65 63 74-5F 73 74 61-74 65 00 53-53 4C 5F 61
63 63 65 70-74 00 53 53-4C 5F 73 65-74 5F 61 63
63 65 70 74-5F 73 74 61-74 65 00 53-53 4C 5F 72
65 61 64 00-53 53 4C 5F-77 72 69 74-65 00 53 53
4C 5F 73 68-75 74 64 6F-77 6E 00 53-53 4C 5F 67
65 74 5F 73-68 75 74 64-6F 77 6E 00-53 53 4C 5F
66 72 65 65-00 53 53 4C-5F 43 54 58-5F 66 72 65
65 00 53 53-4C 5F 73 74-61 74 65 5F-73 74 72 69
6E 67 5F 6C-6F 6E 67 00-53 53 4C 5F-67 65 74 5F
63 75 72 72-65 6E 74 5F-63 69 70 68-65 72 00 53
53 4C 5F 43-49 50 48 45-52 5F 67 65-74 5F 62 69
74 73 00 53-53 4C 5F 43-49 50 48 45-52 5F 67 65
74 5F 6E 61-6D 65 00 53-53 4C 65 61-79 5F 76 65
72 73 69 6F-6E 00 58 35-30 39 5F 67-65 74 5F 73
75 62 6A 65-63 74 5F 6E-61 6D 65 00-53 53 4C 5F
67 65 74 5F-70 65 65 72-5F 63 65 72-74 69 66 69
63 61 74 65-00 53 53 4C-76 32 33 5F-63 6C 69 65
6E 74 5F 6D-65 74 68 6F-64 00 53 53-4C 76 32 33
5F 73 65 72-76 65 72 5F-6D 65 74 68-6F 64 00 00
New:
Code:
00028690:
65 72 73 69-6F 6E 00 53-53 4C 5F 6C-69 62 72 61
72 79 5F 69-6E 69 74 00-53 53 4C 5F-43 54 58 5F
73 65 74 5F-63 69 70 68-65 72 5F 6C-69 73 74 00
53 53 4C 5F-43 54 58 5F-73 65 74 5F-76 65 72 69
66 79 00 53-53 4C 5F 43-54 58 5F 6C-6F 61 64 5F
76 65 72 69-66 79 5F 6C-6F 63 61 74-69 6F 6E 73
00 58 35 30-39 5F 53 54-4F 52 45 5F-43 54 58 5F
67 65 74 5F-63 75 72 72-65 6E 74 5F-63 65 72 74
00 47 45 4E-45 52 41 4C-5F 4E 41 4D-45 53 5F 66
72 65 65 00-58 35 30 39-5F 66 72 65-65 00 58 35
30 39 5F 4E-41 4D 45 5F-6F 6E 65 6C-69 6E 65 00
58 35 30 39-5F 76 65 72-69 66 79 5F-63 65 72 74
5F 65 72 72-6F 72 5F 73-74 72 69 6E-67 00 58 35
30 39 5F 4E-41 4D 45 5F-67 65 74 5F-65 6E 74 72
79 00 58 35-30 39 5F 4E-41 4D 45 5F-67 65 74 5F
69 6E 64 65-78 5F 62 79-5F 4E 49 44-00 58 35 30
39 5F 67 65-74 5F 65 78-74 5F 64 32-69 00 53 53
4C 5F 67 65-74 5F 65 78-5F 6E 65 77-5F 69 6E 64
65 78 00 53-53 4C 5F 73-65 74 5F 65-78 5F 64 61
74 61 00 53-53 4C 5F 67-65 74 5F 65-78 5F 64 61
74 61 00 58-35 30 39 5F-53 54 4F 52-45 5F 43 54
58 5F 67 65-74 5F 65 78-5F 64 61 74-61 00 53 53
4C 5F 67 65-74 5F 65 78-5F 64 61 74-61 5F 58 35
30 39 5F 53-54 4F 52 45-5F 43 54 58-5F 69 64 78
00 53 53 4C-5F 43 54 58-5F 73 65 74-5F 74 69 6D
65 6F 75 74-00 53 53 4C-5F 6C 6F 61-64 5F 65 72
72 6F 72 5F-73 74 72 69-6E 67 73 00-53 53 4C 5F
6E 65 77 00-53 53 4C 5F-73 65 74 5F-66 64 00 53
53 4C 5F 73-65 74 5F 72-65 61 64 5F-61 68 65 61
64 00 53 53-4C 5F 63 6F-6E 6E 65 63-74 00 53 53
4C 5F 73 65-74 5F 63 6F-6E 6E 65 63-74 5F 73 74
61 74 65 00-53 53 4C 5F-61 63 63 65-70 74 00 53
53 4C 5F 73-65 74 5F 61-63 63 65 70-74 5F 73 74
61 74 65 00-53 53 4C 5F-72 65 61 64-00 53 53 4C
5F 77 72 69-74 65 00 53-53 4C 5F 73-68 75 74 64
6F 77 6E 00-53 53 4C 5F-67 65 74 5F-73 68 75 74
64 6F 77 6E-00 53 53 4C-5F 66 72 65-65 00 53 53
4C 5F 43 54-58 5F 66 72-65 65 00 53-53 4C 5F 73
74 61 74 65-5F 73 74 72-69 6E 67 5F-6C 6F 6E 67
00 53 53 4C-5F 67 65 74-5F 63 75 72-72 65 6E 74
5F 63 69 70-68 65 72 00-53 53 4C 5F-43 49 50 48
45 52 5F 67-65 74 5F 62-69 74 73 00-53 53 4C 5F
43 49 50 48-45 52 5F 67-65 74 5F 6E-61 6D 65 00
53 53 4C 65-61 79 5F 76-65 72 73 69-6F 6E 00 58
35 30 39 5F-67 65 74 5F-73 75 62 6A-65 63 74 5F
6E 61 6D 65-00 53 53 4C-5F 67 65 74-5F 70 65 65
72 5F 63 65-72 74 69 66-69 63 61 74-65 00 53 53
4C 76 32 33-5F 63 6C 69-65 6E 74 5F-6D 65 74 68
6F 64 00 53-53 4C 76 32-33 5F 73 65-72 76 65 72
5F 6D 65 74-68 6F 64 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
Then you will need to use OpenSSL DLLs version 1.0.1l which I attached. These are compiled from the official source and should not need any patching to work on Win9x nor the VC redistributable package; the DLLs
here should work too, but I haven't tested them. I started testing this patch with 1.0.1j, which should also work as should all the versions going back to 1.0.1a, but the latest version fixes a few bugs so it would be better to use them. You can see differences between the versions here:
http://upstream.rosalinux.ru/versions/openssl.html
With the patch applied, Proxomitron.exe should have the following hashes:
MD5: 0a1e3b087dd35facb4ffcbcac2ddbebb
SHA1: 9442ed2d4a82b40b1b5af08efd2f8045232456a6
Edits:
Jan. 18, 2015 08:47 PM by amy.
Feb. 23, 2015 by JJoe. Changed hashes to reflect
bugfix as reported,
herbalist, and verified.
Old values were:
MD5: 03259b46fc5eac833830a684c47dc64b
SHA1: 7ee76261088f86957f02fe9590b8b71b08b1025b