How can I unsubscribe?
__ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RSA Bsafe
I'm working on an update to a mail application that was using RSA Bsafe Crypto-C, but is now being moved to SSL and Sendmail 8.11 which will allow for a higher level of security. Right now we have a base class of all of the algorithm and key objects in RSA. This creates a wrapper for the encryption functions(B_CreateAlgorithmObject, B_SetAlgorithmObject, B_EncryptInit, etc). With the move to SSL, I've been unsuccessfully trying to map OpenSSL functions to those in RSA. It doesn't help that I've only been working with cryptography for a few weeks now. What are the steps and OpenSSL functions involved in encrypting the message? Thanks in advance, Pete Groff Software Engineer Mail.com 732-906-2000 ext. 2309 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Apache on Windows
Hi Everyone, I am final year university student creating a e-commerce application, because I do most of my work at home I am using the windows version of apache. is it possible to use the standard Open SSL package in combination with windows apache or do I have to do it some other way. one last question apache seems to have it's own Apache-SSL modal is this compatible with the windows version or is just for a UNIX based system. Thanks for any help you can give, Hope to hear from you soon, Best Regards, Nick Wood __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Is this a certificate problem?
Hi,
Im new to SSL and Im having trouble with RC4-128 encrypted sites. Im hoping
that its just be a problem with my certificates. If I force it to bypass
this code its okay:
i=ssl_verify_cert_chain(s,sk);
if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
{
al=ssl_verify_alarm_type(s->verify_result);
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
goto f_err;
}
This code is in the function ssl3_get_server_certificate(), in the file
s3_clnt.c.
So, does this look like a certificate problem?
Thanks for any help.
Terry
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
num attribute in BIO structure
Hi, Inside the BIO structure (struct bio_st), there is a field called num with integer type. It is used to store the file descriptor of the associated socket. Please correct me if I am wrong. I am still investigating what needs to be changed if I plug in my own TCP routines which is implemented in C++ class which does not expose the socket file descriptor. It seems I need to modify the BIO structure to store the TCP class object rather than a simple integer for file descriptor right? Thanks Patrick __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: localhost certificate (no, really!)
I agree with all your points, but I thought I would add one more. If the man-in-the-stack were named mack, and you were named jack, then you would be vulnerable to a mack-in-the-stack attack jack, which should be in the FAQ. Its late. My apologies to the terminally serious. _ Greg Stark Ethentica, Inc. [EMAIL PROTECTED] _ - Original Message - From: "Andrew Cooke" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 25, 2001 3:07 PM Subject: Re: localhost certificate (no, really!) > > [Sorry for the long gap before replying] > > As far as I can tell, the following might work: > > - get a certificate with an arbitrary domain name (say foo.bar.com) > - configure DNS to return 127.0.0.1 when clients want to convert > for.bar.com to an address > - supply the foo.bar.com certificate to the browser from localhost > > Security on the local machine isn't really an issue - if the machine is > compromised then (as you say) there are much worse attacks than snooping > local data flow. The aim is to avoid browser warnings in a sequence of > transactions (which, when to remote machines, do need to be secure). > However, there is at least one attack I can think of if the client > software is widely distributed: the foo.bar.com certificate and key will > also become widely distributed and DNS spoofing would allow someone to > divert the connection to a malicious machine (ie not localhost). > > Any comments, anyone? (thanks for previous replies; apologies again for > not replying for some time), > > Andrew > > Greg Stark wrote: > > > > Andrew, > > > > Ha, that's a good one. Seriously, I'd imagine they might be reluctant to > > issue it because the DN would not be unique. Does Verisign / Thawte insist > > on unique DN's? I would think they'd have to. That's what the D in DN is all > > about, right? You could add other unique information to the DN to solve this > > problem, like include an second CN with a real internet hostname. I have > > seen certs with multiple CN's. > > > > Would it work? It would be subject to a MITS (man-in-the-stack) attack, > > but you've got bigger problems if you got a man in your stack ;) > > > > Greg Stark, [EMAIL PROTECTED] > > Ethentica, Inc. > > www.ethentica.com > > > > - Original Message - > > From: "Andrew Cooke" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Friday, January 12, 2001 12:39 PM > > Subject: localhost certificate (no, really!) > > > > > > > > Hi, > > > > > > Is it possible to buy a "localhost" certificate from any of the major > > > suppliers? Is there any reason why it wouldn't work? > > > > > > (It's for an application that will run on arbitrary machines that needs > > > a web browser to make a local connection as part of a sequence of secure > > > connections - supplying a certificate will stop any security warning > > > from the browser telling the user that they are insecure...) > > > > > > Thanks, > > > Andrew > > > __ > > > OpenSSL Project http://www.openssl.org > > > User Support Mailing List[EMAIL PROTECTED] > > > Automated List Manager [EMAIL PROTECTED] > > > > __ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List[EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Some question about SSL implementation...
Sharon, 1) You are, correct, this is not done anywhere in the OpenSSL code. You have to make that check outside of OpenSSL, probably just after the handshake has completed. The precise check you mention is not really mandated by SSL. If you want to authenticate the peer you do need to make sure the identity as presented in the certificate is acceptable. This is typically exactly the check you mentioned, that the hostname in the certificate matches the hostname you thought you were connecting to (see. rfc 2818), however there are other possibilities and it is up to the application developer. I might just be willing to trust anybody whose certificate chain is rooted at Verisign. 2) Don't know if this potential problem is an issue for OpenSSL -- although I don't even think it supports any signing-only ciphersuites! _ Greg Stark Ethentica, Inc. [EMAIL PROTECTED] _ - Original Message - From: "Sharon" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 25, 2001 3:52 AM Subject: Some question about SSL implementation... > Hello, > > I've tried recently to answer few questions about SSL and its implementation > inside OpenSSL, and I failed. Maybe somebody have an idea? > The questions are: > > 1. During certificate verification, I didn't found a place in the code where > the name in the certificate checked against the domain name of certificate's > sender (usually verification done for servers only by clients, but it > doesn't really matter here). > > 2. SSL itself has several open issues. One of them - very simple to fix. > Here it is: if during the handshake, you negotiated algorithms for digital > signature but without encryption (i.e., only hashing), some hacker sitting > on the net can easily drop ChangeCipherSpec messages from both sides that > should change SSL state from "pass messages" to "pass signed messages". The > 'Finished' message, sent just after ChangeCipherSpec - will not change (even > that it contains sign of all the handshake till now). So, the problem here > is that ChangeCipherSpec message does not belong to Handshake protocol and > thus we can't verify that it arrived before 'Finished' message. The solution > seems to be very simple (maybe I wrong?): just to turn on some flag when > ChangeCipherSpec message arrives, and if it didn't arrived before 'Finished' > message - drop the whole connection. Am I right? I know that it's pretty old > problem, so I was hoping that maybe there will be a solution to this soon... > If not - may somebody give me directions what is the easiest way to fix it > (what file will be most appropriate for this) ? > > Best Regards, > > Sharon Voskoboynik. > Spearhead Technologies Ltd. > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: IIS 5.0 Cert Signing?
I know with WinNT4 with IIS 4 and the certificate managing software (KeyManager?) tended to break things. I couldn't even install a test cert from Thawte or VeriSign. I installed openssl (9.x) on my Slackware Linux box and generated a certificate for IIS 5.0 (win2k) with no problem. Just removed everything prior to the Begin Certificate like you had. Works just fine. The slackware installation of openssl included a perl script to act as a wrapper to openssl. CA.pl, all I had to do was rename the request file to newreq.txt run `./CA.pl -sign' and it output newcert.txt For perhaps once, M$ didn't break something? If that's the case... Could someone let me know if hell really froze over? On Thu, 25 Jan 2001, Tony Lill wrote: > I don't know it M$ broke anything in IIS 5.0, but I recently signed my > own certificate for an IIS 4.0 server, and it worked fine (once I > figured out that I had to manually strip everything before the "BEGIN > CERTIFICATE" stuff in the signed cert). I just used the sign.sh script > from the mod_ssl source. > > If they did break something, perhaps you could "downgrade" to IIS 4.0 > -- > Tony Lill, [EMAIL PROTECTED] > President, A. J. Lill Consultantsfax/data (519) 650 3571 > 539 Grand Valley Dr., Cambridge, Ont. N3H 2S2 (519) 241 2461 > --- http://www.ajlc.waterloo.on.ca/ > "Welcome to All Things UNIX, where if it's not UNIX, it's CRAP!" > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > Jacob D. Barde Systems Engineer McAdams Technologies, Inc. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL_ERROR_SYSCALL question (follow up)
Cory, Section 7.2.1 of the TLS spec (rfc2246) goes into detail about this, and Eric Rescorla's book has a complete discussion of what the issues are here. I believe you get the error from OpenSSL if you receive an TCP FIN *before* you receive a close_notify alert. The problem is probably in the peer which you perhaps cannot control. If you close down the SSL connection with SSL_shutdown(), you will cause a close_notify alert to be sent to the peer before the TCP FIN. Now, my question is: what does SSL_set_shutdown() do, how is it different from SSL_shutdown(), and what do the mode options SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN do? _ Greg Stark Ethentica, Inc. [EMAIL PROTECTED] _ - Original Message - From: "Cory Winter" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, January 24, 2001 10:26 PM Subject: Re: SSL_ERROR_SYSCALL question (follow up) > Hi, > > I guess what I was wondering was does this just indicate that the peer has > simply gone away/shutdown? By violation, does this situation actually a > indicate a protocol error? I'm thinking that its not. > > Take care, > Cory > > On Wed, Jan 24, 2001 at 11:13:34PM -0330, Cory Winter wrote: > > Hi, > > > > I am occasionally experiencing an SSL_ERROR_SYSCALL where the result of > > the SSL_read() was 0. The docs explain that this is most likely due to > > an EOF that was observed which violates the protocol. I was hoping > > someone could elaborate on this to maybe give me a clue about what I > > should look for in my code. > > > > Thanks, > > Cory > > > > -- > > Cory Winter E-Mail: mailto:[EMAIL PROTECTED] > > Software Developer WWW: http://www.ooc.com/ > > Object Oriented Concepts, Inc. Phone: (709) 738-3725 > > __ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List[EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > -- > Cory Winter E-Mail: mailto:[EMAIL PROTECTED] > Software Developer WWW: http://www.ooc.com/ > Object Oriented Concepts, Inc. Phone: (709) 738-3725 > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: IIS 5.0 Cert Signing?
I don't know it M$ broke anything in IIS 5.0, but I recently signed my own certificate for an IIS 4.0 server, and it worked fine (once I figured out that I had to manually strip everything before the "BEGIN CERTIFICATE" stuff in the signed cert). I just used the sign.sh script from the mod_ssl source. If they did break something, perhaps you could "downgrade" to IIS 4.0 -- Tony Lill, [EMAIL PROTECTED] President, A. J. Lill Consultantsfax/data (519) 650 3571 539 Grand Valley Dr., Cambridge, Ont. N3H 2S2 (519) 241 2461 --- http://www.ajlc.waterloo.on.ca/ "Welcome to All Things UNIX, where if it's not UNIX, it's CRAP!" __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Interoperable DH certs?
Dr S N Henson wrote: > Seriously though is there some specific reason why you need to use DH > rather than RSA or DSA (if its authentication only)? Actually... yes. ;-) Several proposed algorithms for authentication and replay prevention exist which use the long-term DH secret (or some product of the Kij) as the key to an hmac-md5 or hmac-sha1. A nonce or timestamp is used as the data input to the hmac, and the result is presented as an authenticator. This is the technique used in the PKI proposals for MobileIP. > There are various techniques about. The one mentioned in the X9.42 spec > is frowned upon many people use Lim-Lee instead which I did look at ages > ago but I've lost the reference. Thanks, I'll look into it. (perhaps things like private key length could be treated in an extension?) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
modssl related question
I'm getting the following messages in my ssl_engine_log [25/Jan/2001 16:31:56 18090] [error] OpenSSL: error:1408F071:SSL routines:SSL3_GET_RECORD:bad mac decode [Hint: Browser still remembered details of a re-created server certificate?] I am unsure as to how to remedy this... Anyone else experienced this? - John Douglass, Georgia Tech __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Interoperable DH certs?
Michael Sierchio wrote: > > Dr S N Henson wrote: > > > Or to summarise, yes it is possible to add support in OpenSSL, no it > > isn't very easy and I'm not sure how useful it would be if support was > > added. > > I suggest a division of labor -- leave the demonstration of usefulness to me, > and you take the hard part... ;-) Our intention is to deploy on thousands > of mobile devices, each needing to authenticate itself to an access point. > 3- or 4-way handshakes and cert chains aren't an option. > Certainly, please deposit not less than £1,000,000 in the following account ... :-) Seriously though is there some specific reason why you need to use DH rather than RSA or DSA (if its authentication only)? > Maybe I should reiterate that encoding the DH certs as DSA certs is not > a problem -- finding the right parameters is. This might make the common > parameters (e.g. SKIP's choice of g, p) impossible to use because of a lack > of an appropriate 160-bit q (I am guessing, I haven't searched for one). > I am open to suggestions. There are various techniques about. The one mentioned in the X9.42 spec is frowned upon many people use Lim-Lee instead which I did look at ages ago but I've lost the reference. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: localhost certificate (no, really!)
[Sorry for the long gap before replying] As far as I can tell, the following might work: - get a certificate with an arbitrary domain name (say foo.bar.com) - configure DNS to return 127.0.0.1 when clients want to convert for.bar.com to an address - supply the foo.bar.com certificate to the browser from localhost Security on the local machine isn't really an issue - if the machine is compromised then (as you say) there are much worse attacks than snooping local data flow. The aim is to avoid browser warnings in a sequence of transactions (which, when to remote machines, do need to be secure). However, there is at least one attack I can think of if the client software is widely distributed: the foo.bar.com certificate and key will also become widely distributed and DNS spoofing would allow someone to divert the connection to a malicious machine (ie not localhost). Any comments, anyone? (thanks for previous replies; apologies again for not replying for some time), Andrew Greg Stark wrote: > > Andrew, > > Ha, that's a good one. Seriously, I'd imagine they might be reluctant to > issue it because the DN would not be unique. Does Verisign / Thawte insist > on unique DN's? I would think they'd have to. That's what the D in DN is all > about, right? You could add other unique information to the DN to solve this > problem, like include an second CN with a real internet hostname. I have > seen certs with multiple CN's. > > Would it work? It would be subject to a MITS (man-in-the-stack) attack, > but you've got bigger problems if you got a man in your stack ;) > > Greg Stark, [EMAIL PROTECTED] > Ethentica, Inc. > www.ethentica.com > > - Original Message - > From: "Andrew Cooke" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, January 12, 2001 12:39 PM > Subject: localhost certificate (no, really!) > > > > > Hi, > > > > Is it possible to buy a "localhost" certificate from any of the major > > suppliers? Is there any reason why it wouldn't work? > > > > (It's for an application that will run on arbitrary machines that needs > > a web browser to make a local connection as part of a sequence of secure > > connections - supplying a certificate will stop any security warning > > from the browser telling the user that they are insecure...) > > > > Thanks, > > Andrew > > __ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List[EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Interoperable DH certs?
Dr S N Henson wrote: > Or to summarise, yes it is possible to add support in OpenSSL, no it > isn't very easy and I'm not sure how useful it would be if support was > added. I suggest a division of labor -- leave the demonstration of usefulness to me, and you take the hard part... ;-) Our intention is to deploy on thousands of mobile devices, each needing to authenticate itself to an access point. 3- or 4-way handshakes and cert chains aren't an option. Maybe I should reiterate that encoding the DH certs as DSA certs is not a problem -- finding the right parameters is. This might make the common parameters (e.g. SKIP's choice of g, p) impossible to use because of a lack of an appropriate 160-bit q (I am guessing, I haven't searched for one). I am open to suggestions. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Certificates with many Virtual host
>From the Thawte support web server (http://www.thawte.com/support/server/wildcards.html#wildsupport) Do wildcard certificates work with all servers and browsers? Wildcard certs work with (almost) all servers. We don't think WebSTAR/SSL supports wildcards. We know for a fact that MS IIS does not properly support wildcard certs. There may be other servers that dislike wildcard certs. We can't be held responsible if your server refuses a wildcard cert. Be aware that, officially, MS IE does not support wildcards, however, our testing suggests that MS IE does not show any warning messages when connecting to a wildcard certificate. IE browsers on the Windows 2000 platform do not support wildcards at all, Netscape, however, still works just fine. This is seemingly an issue with the CAPI of Win2k and they are working on sorting it out. > > Correction, it does work with IE, we have a wildcard > certificate that works > with IE 5.01. It works with IE 4 fine. As for IE 3.02 and > before, well, they > have problems with their root certs anyway. > > - > Happy new Millennium - http://www.rog.nmm.ac.uk/mill/index.htm > John Airey > Internet Systems Support Officer, ITCSD, Royal National > Institute for the > Blind, > Bakewell Road, Peterborough PE2 6XU, > Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 > [EMAIL PROTECTED] > > > > -Original Message- > > From: Michael Ströder [mailto:[EMAIL PROTECTED]] > > Sent: 25 January 2001 14:34 > > To: [EMAIL PROTECTED] > > Subject: Re: Certificates with many Virtual host > > > > > > Reiner Buehl wrote: > > > > > > There is a (not recommended) possibility for this: If all > > of your hosts > > > belong to the same domain you could generate a so called > "wildcard > > > certificate". > > > This is a certificate with a hostname like '*.mydomain.org' > > > > AFAIK this does not work with M$ IE. > > > > Ciao, Michael. > > > __ > > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
jsse 1.0.2 and openssl.0.9.6 connectivity
Hi, I'm sure this has been asked before, but is it possible to have a jsse java client connect to an openssl coded server. I'm sure there are issues with how openssl and java store their respective certificates at the very least. Does anyone have any example code? Thanks Bill Masson __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Interoperable DH certs?
Michael Sierchio wrote:
>
> Dr S N Henson wrote:
>
> > The main problem is how you'd certify a DH key when it can't be used to
> > sign a certificate request.
>
> I do not understand your comments. There are excellent POP algorithms
> available for the certificate request phase (see Diffie-Hellman
> Proof-of-Possession Algorithms, RFC 2875), and of course such certs
> may be signed with RSA (preferred for speed of verification) or DSA.
>
I should have qualified it a bit more. It can't be handled in the same
way as other algorithms for PKCS#10 requests. The various techniques
require additional input and in the case of X9.42 the addition of a new
public key algorithm to OpenSSL.
Currently adding public key algorithms to OpenSSL is painful. There's
stuff hard coded all over the place. I've been meaning to make public
key algorithms "pluggable" for some time but its tricky to do and I've
been too busy with other things.
Even in the PKCS#3 case there's no I/O support for DH public and private
keys (e.g. a PEM format for DH) and no utilities to support them.
> > There are workatrounds but it would need quite a bit of work and very
> > few DH certificates are in general use.
>
> The PKIX profile used for 'dhpublicnumber' isn't much different from
> the one used for dsa parameters:
>
> dhpublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2)
> us(840) ansi-x942(10046) number-type(2) 1 }
>
> DomainParameters ::= SEQUENCE {
> p INTEGER, -- odd prime, p=jq +1
> g INTEGER, -- generator, g
> q INTEGER, -- factor of p-1
> j INTEGER OPTIONAL, -- subgroup factor
> validationParms ValidationParms OPTIONAL }
>
> leaving off the optional parms,
>
> DomainParameters ::= SEQUENCE {
> p INTEGER, -- odd prime, p=jq +1
> g INTEGER, -- generator, g
> q INTEGER, -- factor of p-1 }
>
> The difference is that, in generation and validation for signing by the CA,
> q is not constrained to be a 160-bit (or other hashsize) prime factor of
> (p-1), and g and p may be global parameters chosen for esoteric properties.
>
> > Can you send me a sample DH certificate? It would be useful if we ever
> > need to support them.
>
> I'd be glad too... I'll scrounge some up. Meanwhile, any suggestions
> on hacking the dhparams tool to permit me to do the above?
>
The lack of DH certificates is part of the problem. I've only ever seen
them in one place and that is the S/MIME v3 examples group. I suspect
those are broken (the validation parameters: I suspect the examples in
RFC2875 are broken in the same way) but despite repeated requests I've
yet to find someone that can independently verify them or confirm they
are broken. I've taken that as an indication of how widespread they
are... Needless to say I don't know of one public CA that will sign DH
requests either.
Or to summarise, yes it is possible to add support in OpenSSL, no it
isn't very easy and I'm not sure how useful it would be if support was
added.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: ssl_read function
On Thu, Jan 25, 2001 at 09:19:48AM -0800, Patrick Li wrote: > Hi, > > I am reading the SSL_read() in ssl_lib.c file under ssl directory and it > calls the ssl_read(SSL *, void *, int) function. I searched the ssl > directory and found there is a ssl_read(BIO *, char *, int) defined in > bio_ssl.c. Looks like it is casting the SSL structure to the BIO structure. > But I check the SSL structure and BIO structure are quite different and > I couldn't figure it why? Did I miss something here? Anyone can help me? You have been fooled: in ssl_lib.c, SSL_read() calls a read function via a function pointer: return(s->method->ssl_read(s,buf,num)); The function for reading is defined for each method: For an SSLv3 method, this is the function "ssl3_read()" in s3_lib.c, which is set up in the table on top of s3_lib.c and is defined within s3_lib.c. The according functions the othe methods are in s23_lib.c and so on. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
ssl_read function
Hi, I am reading the SSL_read() in ssl_lib.c file under ssl directory and it calls the ssl_read(SSL *, void *, int) function. I searched the ssl directory and found there is a ssl_read(BIO *, char *, int) defined in bio_ssl.c. Looks like it is casting the SSL structure to the BIO structure. But I check the SSL structure and BIO structure are quite different and I couldn't figure it why? Did I miss something here? Anyone can help me? Thanks Patrick __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Certificates with many Virtual host
You have both Thawte & Verisign www.thawte.com & www.verisign.com With respects to how Thawte handles the enrollments, any request for a 'wild card' certificate through Verisign will need to be submitted via email to '[EMAIL PROTECTED]'. All requests are handled on a 'case by case' basis. Upon approval for a wild card certificate, the company will be instructed on how to place the certificate request online. Sincerely, Ray Erdmann Technical Support Verisign, Inc. -Original Message- From: Jean-Marc Desperrier [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 25, 2001 7:43 AM To: [EMAIL PROTECTED] Subject: Re: Certificates with many Virtual host Reiner Buehl wrote: > Hi, > > > a) Can I make my on certificate valid for many host names ? > > There is a (not recommended) possibility for this: If all of your hosts > belong to the same domain you could generate a so called "wildcard certificate". > This is a certificate with a hostname like '*.mydomain.org' that would > not produce the error message. What public CA will accept to generate such a certificate !? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
first 8 bytes of unsigned char * fail to encrypt/decrypt !?
Hi, When I encrypt a large chunk of data (in my case 12220 bytes) the first 8 bytes of that data cannot be encrypted and decrypted again properly. They are garbage. The routines I use are the following : // read a file in an unsigned char * cbc_data // Length = number of bytes read // cbc_out, cbc_in are of size Length // First 16 bytes of plaintext look like this // 0The quick brown des_ede3_cbc_encrypt(cbc_data, cbc_out, Length, ks, ks2, ks3, &iv3, DES_ENCRYPT) des_ede3_cbc_encrypt(cbc_out, cbc_in, Length, ks, ks2, ks3, &iv3, DES_DECRYPT) // The First 16 bytes of decrypted text look like this // ?-?-?-?-ck brown // ?-?-?-?- is garbage Any help is appreciated. PS: what does the iv3 do exactly ?? With kind regards, Thijs. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Certificates with many Virtual host
Reiner Buehl wrote: > Hi, > > > a) Can I make my on certificate valid for many host names ? > > There is a (not recommended) possibility for this: If all of your hosts > belong to the same domain you could generate a so called "wildcard certificate". > This is a certificate with a hostname like '*.mydomain.org' that would > not produce the error message. What public CA will accept to generate such a certificate !? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Interoperable DH certs?
Dr S N Henson wrote:
> The main problem is how you'd certify a DH key when it can't be used to
> sign a certificate request.
I do not understand your comments. There are excellent POP algorithms
available for the certificate request phase (see Diffie-Hellman
Proof-of-Possession Algorithms, RFC 2875), and of course such certs
may be signed with RSA (preferred for speed of verification) or DSA.
While your thinking may be driven by the demands of the SSL protocol,
I find myself using the toolkit in situations where a protocol
handshake is undesirable (e.g. wireless access-point fast handoffs),
and DH permits parties that possess mutually authenticated identities
to begin encrypted traffic without keying messages. As 802.11 and
Bluetooth take off, this will be of increasing importance.
> There are workatrounds but it would need quite a bit of work and very
> few DH certificates are in general use.
The PKIX profile used for 'dhpublicnumber' isn't much different from
the one used for dsa parameters:
dhpublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) ansi-x942(10046) number-type(2) 1 }
DomainParameters ::= SEQUENCE {
p INTEGER, -- odd prime, p=jq +1
g INTEGER, -- generator, g
q INTEGER, -- factor of p-1
j INTEGER OPTIONAL, -- subgroup factor
validationParms ValidationParms OPTIONAL }
leaving off the optional parms,
DomainParameters ::= SEQUENCE {
p INTEGER, -- odd prime, p=jq +1
g INTEGER, -- generator, g
q INTEGER, -- factor of p-1 }
The difference is that, in generation and validation for signing by the CA,
q is not constrained to be a 160-bit (or other hashsize) prime factor of
(p-1), and g and p may be global parameters chosen for esoteric properties.
> Can you send me a sample DH certificate? It would be useful if we ever
> need to support them.
I'd be glad too... I'll scrounge some up. Meanwhile, any suggestions
on hacking the dhparams tool to permit me to do the above?
Cheers,
M.Sierchio
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
RE: Certificates with many Virtual host
It appears that you are not using one IP address for each virtual host. Once you've configured those correctly the error should go away. - Happy new Millennium - http://www.rog.nmm.ac.uk/mill/index.htm John Airey Internet Systems Support Officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] > -Original Message- > From: Luis Miguel [mailto:[EMAIL PROTECTED]] > Sent: 25 January 2001 11:50 > To: [EMAIL PROTECTED] > Subject: Certificates with many Virtual host > > > Please, help. > I have an apache http/https server an 8 virtual http servers > (8 virtual host). Four virtual servers are secure servers > Then, I have 4 hostnames and my on CA root (self signed) certificate. > > The certificate have only 1 host name and with > 3 of virtual host, clients can see the message: > > "The certificate you are viewing does not mach the > name of the site you are trying to view" > or similar > (Clients can work, but they see this previous message) > > I need thay the clients can't see this message. > > a) Can I make my on certificate valid for many host names ? > b) If don't, then the solution is to make 4 certificates, one for each > virtual https host > - a certificate (C1) for host A > - a certificate (C2) for host B > ... > - a certificate (C3) for host C > > , but then the client must accept 4 four certificates. > I need that the client only accept the firt certificate, > and not the > >four certificates . > >Are the solution to make a CA root certificate an then >4 CA certificates ? >How can make it ? > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
EVP_Verify failing -- Help!
Hello,
I'm not sure these messages are getting through to the list
-- can someone please answer me? I've posted already, but it didn't
reflect my message. Can anyone acknowledge this message please?
Thanks!
--
I've been having some trouble with EVP_Verify, perhaps someone could
lend me a hand. I've signed the message with:
EVP_MD_CTX evp;
EVP_PKEY *evp_key;
unsigned char md_value[EVP_MAX_MD_SIZE];
evp_key = EVP_PKEY_new();
EVP_PKEY_assign_RSA(evp_key, privkey);
EVP_SignInit(&evp, EVP_sha1());
EVP_SignUpdate(&evp, msg, strlen(msg));
if(0 == EVP_SignFinal(&evp, md_value, &md_len, evp_key)) {
printf("error signing message.\n");
ERR_print_errors_fp(stderr);
}
Then I tried verifying:
EVP_VerifyInit(&evp, EVP_sha1());
EVP_VerifyUpdate(&evp, msg, strlen(msg));
res = EVP_VerifyFinal(&evp, md_value, md_len, evp_key);
if(1==res)
printf("Signature verified.\n");
else if(0==res)
printf("Incorrect signature!\n");
else if(-1==res) {
printf("Error verifying signature!\n");
ERR_print_errors_fp(stderr);
}
... and I get "Incorrect signature" all the time. I've even tried
printing out the signature, and it all checks ok. Am I completely
off-target here? I'm probably missing something...
Can someone help me with this, please?
Thanks in advance,
Pedro.
--
Pedro Miller Rabinovitch
Gerente Geral de Tecnologia
Cipher Technology
www.cipher.com.br
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
RE: Certificates with many Virtual host
Correction, it does work with IE, we have a wildcard certificate that works with IE 5.01. It works with IE 4 fine. As for IE 3.02 and before, well, they have problems with their root certs anyway. - Happy new Millennium - http://www.rog.nmm.ac.uk/mill/index.htm John Airey Internet Systems Support Officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] > -Original Message- > From: Michael Ströder [mailto:[EMAIL PROTECTED]] > Sent: 25 January 2001 14:34 > To: [EMAIL PROTECTED] > Subject: Re: Certificates with many Virtual host > > > Reiner Buehl wrote: > > > > There is a (not recommended) possibility for this: If all > of your hosts > > belong to the same domain you could generate a so called "wildcard > > certificate". > > This is a certificate with a hostname like '*.mydomain.org' > > AFAIK this does not work with M$ IE. > > Ciao, Michael. > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: URGENT : SSL Handshake failed
I hope you are kidding about using mod_ssl 2.2.7. The latest version is 2.7.1, which is what you should be running. - Happy new Millennium - http://www.rog.nmm.ac.uk/mill/index.htm John Airey Internet Systems Support Officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] -Original Message- From: drt rappanah [mailto:[EMAIL PROTECTED]] Sent: 25 January 2001 14:07 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: URGENT : SSL Handshake failed Importance: High Hi !! I've installed a Netscape Certificate Server 4.2sp1 on a linux mandrake 7.2 (kernel 2.2.17-21)... I've also installed an Apache 1.3.14 server with mod_perl 1.24_01, mod_ssl 2.2.7, php 4.0.3pl1 and openssl 0.9.6... __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
cert expiry dates
I want to figure out in how many days a cert will expire. I want to do this so I can flag the user that their cert is about to expire (n a week, say). What API should I use for this? thanks, Michael. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Certificates with many Virtual host
Reiner Buehl wrote: > > There is a (not recommended) possibility for this: If all of your hosts > belong to the same domain you could generate a so called "wildcard > certificate". > This is a certificate with a hostname like '*.mydomain.org' AFAIK this does not work with M$ IE. Ciao, Michael. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
URGENT : SSL Handshake failed
Hi !! I've installed a Netscape Certificate Server 4.2sp1 on a linux mandrake 7.2 (kernel 2.2.17-21)... I've also installed an Apache 1.3.14 server with mod_perl 1.24_01, mod_ssl 2.2.7, php 4.0.3pl1 and openssl 0.9.6... I've signed Apache certificate with the Certificate server. I use a Netscape browser (communicator 4.75) or Internet Explorer (5.00.3103.1000 128 bits) to have a certificate from the Certificate Server. I can't access to the Apache web server because of this following error : [Tue Jan 23 13:21:14 2001] [error] mod_ssl: Certificate Verification: Error (20): unable to get local issuer certificate[Tue Jan 23 13:21:14 2001] [error] mod_ssl: SSL handshake failed (server cerbereweb.anpe.fr:843, client 10.0.144.161) (OpenSSL library error follows)[Tue Jan 23 13:21:14 2001] [error] OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned In my httpd.conf, I have the line SSLVerifyClient require SSLVerifyDepth 10 Thanks for your help. Thanks in advance. Regards, Ravi APPANAH APPANAH Ravi CF6 Groupe TELINDUS Consultant Sécurité Tél. : +33 1 41 91 39 00 Fax : +33 1 41 91 39 99 Gsm : +33 6 20 78 29 63 [EMAIL PROTECTED] Parc de la Défense 41 rue des Trois Fontanot 92024 Nanterre http://www.cf6.fr
Re: SSL access to Web server
"Eric W. Bradway" wrote: > > > > > private-key be stored on a smart-card. However you do it, your > > > > guarentee of client id is only as secure as that private key. > > > So, how do the browsers manage the private-key? Is it only > > > the OS that prevents unauthorized access to it? > > > > whole system. How this is implemented I really don't know, so can't > > tell you a whole lot more. > > When you store a key in IE/WinX, you are given a choice of 'security > level' for the key: low, medium, high. Low doesn't require any > authentication to use the key, medium requires password authentication > once per login session, and high requires password authentication on every > key use. > Actually medium doesn't require password authentication (other than having to login as the relevant user) it just throws up a dialog box asking for confirmation of the operation. The original poster also asked about Netscape. Netscape stores key encrypted with a password in the key3.db file using the triple DES algorithm. The precise format is documented in several places including my home site and the mozilla site. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Interoperable DH certs?
Michael Sierchio wrote: > > I am now faced with the need to generate and validate certs > based on PKCS#3 DH Parameters: prime, base, and privateValueLength. > These don't seem to be supported directly in the command line tool, > though I may be mistaken. Is anyone using OpenSSL to generate > and manage these certs? No OpenSSL doesn't support DH certificates. The main problem is how you'd certify a DH key when it can't be used to sign a certificate request. There are workatrounds but it would need quite a bit of work and very few DH certificates are in general use. Can you send me a sample DH certificate? It would be useful if we ever need to support them. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
