  SSL Proxy Server.
  ----------------------------------------------
  Written by: Eu-Jin Goh (eujin@cs.stanford.edu)
              Stanford University April 2000
 
  ----------------- GNU Public License -----------
 Copyright (C) 2000  Eu-Jin Goh

 This program is free software; you can redistribute it and/or
 modify it under the terms of the GNU General Public License
 as published by the Free Software Foundation; either version 2
 of the License, or (at your option) any later version.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
 
 You should have received a copy of the GNU General Public License
 along with this program; if not, write to the Free Software
 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
 USA.

 --------------------------------------------------
 Modifications in version 1.02.

 I was printing out the reverse of session ID for a V3 hello and also
 for the RSA encrypted premaster secret. the function extractParams
 suffered from this problem too
 there was a one by off error in these same functions
 ---------------------------------------------------

  Some notes:
  ---------------
  This program uses the OpenSSL libraries and Dan Boneh's code for the 
  processing of the certificates. Other than that, everything else was 
  coded from scratch.

  The proxy handles SSLV3/TLS servers only. It deals with the first 
  clientHello packet being in SSLV2 format but other than that, no other
  SSLV2 packets are handled. You can typically recognise when the site
  is using SSLV2 when the first byte of the error messages that the
  proxy prints out are -128 or -126. try it on wellsfargo to see.

  This was developed in RedHat linux 6.1 using glibc 2.1.3-8 and openssl
  0.94. Works best in linux using x86 architecture. On some machines, 
  the print outs in hex will appear to have either leading or trailing zeros.

  Please send all bug reports to me. It would be great if you could 
  attach the output when the bug ocurred too. I typically use
  'sslproxy >! out' and read the out file later because there is 
  usually too much output to read at one go.

  NOTE: 
  I have not ported this to big endian architectures yet, i think
  it's not too hard since all that is needed is to change the function
  threeBytesToInt so that it converts the handshake length field to 
  from a three byte number in network byte order to the host byte order.

  If the server returns a cipher suite that is unknown, currently 
  my proxy doesn't handle it too well. it still works but doesn't
  parse the messages properly. 

  Occasionally (very rarely), the multiple application data fragments
  aren't handled properly and invalid type errors keeping appearing
  but the proxy should still work properly after that connection.

  Netscape enterprise servers were rather flakey on the proxy and i added 
  some code so that it works properly. I tested on stronghold servers and
  this proxy works best with those. This is due to the fact that 
  enterprise servers place multiple handshake messages within a single
  TLS record while stronghold sends out handshake messages with their
  own TLS record.

  The application data and certificate messages might be split up over
  several packets and the code that i have currently handles this fine
  but is rather ugly. Given more time, i would rewrite it so that it's 
  cleaner.
  
  THIS SOFTWARE IS PROVIDED BY EU-JIN GOH ``AS IS'' AND ANY EXPRESS OR 
  IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  SUCH DAMAGE.
  

  installation:
  -------------
  First type 'tar zxvf sslsniffer-1_0.tar.gz' to extract the files.
  Just use the Makefile. You might have to change the paths of the headers
  and libraries for openSSL.