On Sat, May 13, 2006 at 04:25:15AM +0900, nisato wrote:
> I want to use openssl only client and server certificate files.
> and don't encrypt in SSL_read and SSL_write...(like plaintext)
>
> then, i set "NULL", "NULL-MD5", "NULL-SHA" in client and server
> program(SSL_set_cipher_list). but ssl handshake error occur at
> SSL_connect and SSL_accept.(in this test case, don't use client and
> server certification file)
>
> Please, advise how to use client and server certification files, but
> don't use encryption.
>
The s_client and s_server applications are able to do this with the
"eNULL" cipher suite (choosing NULL-SHA as the stronger of the two).
Window A:
: prompt; openssl ciphers -v eNULL
NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5
: prompt; openssl genrsa -out key.pem 1024
: prompt; : accept default values for all prompts in the next command
: prompt; openssl req -x509 -new -key key.pem -out cert.pem
: prompt; openssl s_server -cert cert.pem -key key.pem \
-cipher eNULL -accept 12345
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MHUCAQECAgMBBAIAAgQg+CIIyN0QiZBpuSelMK6FnVxSMg+7axQraLY1mJzneRAE
MP0HBdHOKD4AL94VryVaxb6IH2LTHMg+s9ytiJvAehvCajAn2WijcgKELS3B1W8T
MqEGAgREZOUqogQCAgEspAYEBAEAAAA=
-----END SSL SESSION PARAMETERS-----
Shared ciphers:NULL-SHA:NULL-MD5
CIPHER is NULL-SHA
Read BLOCK
DONE
shutting down SSL
CONNECTION CLOSED
ACCEPT
Window B:
: prompt; openssl s_client -showcerts -cipher eNULL \
-connect localhost:12345
CONNECTED(00000003)
depth=0 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
verify return:1
---
Certificate chain
0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
-----BEGIN CERTIFICATE-----
MIICsDCCAhmgAwIBAgIJAL4crAis6TGWMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMDYwNTEyMTkzMzEzWhcNMDYwNjExMTkzMzEzWjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDB9Mq+ncFj/4vdJfsOEdCdCvaASMAY1wN4v0L699VFs0zT/9epxdeUqZg5WJDk
hFBBzg2D4uflyYGjgp176jmwXJnnfMZDLzL0SEoxMdxNkGrFwMFCwmQlHA6Q4myu
hoKa/MJSFf4hz7aUANWF+5IRlgCmhOB5EeYUEpf7tIkcTQIDAQABo4GnMIGkMB0G
A1UdDgQWBBQCmFF//q/LOpA4wEakMW0I+9J96zB1BgNVHSMEbjBsgBQCmFF//q/L
OpA4wEakMW0I+9J966FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAL4crAis
6TGWMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAQ7oloWNJUa754/y4
bUJbu3UbrV2VYTUWTd1H6rsN/HqPoMCqmyBPx3hZhb+O0kcB4n3TZ6LbE+mRo564
tDlgop3UIN2scCZClV+Hnzzr0JLSEjK0yEAZ66dGAmxSUJyHaXBugOniBM0Z1d4V
3V1pKhX11pX13SbKISVVvj+tjqQ=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
No client certificate CA names sent
---
SSL handshake has read 842 bytes and written 235 bytes
---
New, TLSv1/SSLv3, Cipher is NULL-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : NULL-SHA
Session-ID:
F344AD6B84A16B93A5BFB13121E18052EEB9EC3AACA53286077BFAA7EB5E2DA0
Session-ID-ctx:
Master-Key:
54C752606CED9D7F60C494759A8C4C7DE63E50E80AF0E45D5459CB5BD09F8056CD92F9D362A5F209162B4712C0517E77
Key-Arg : None
Start Time: 1147462532
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
R
RENEGOTIATING
depth=0 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
verify return:1
Q
DONE
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
