Re: SSL renegotiation and SSL_bio (more data)
Bodo moeller [EMAIL PROTECTED]: Andy Schneider [EMAIL PROTECTED]: I applied the patch and it has allowed me to perform a handshake even when there are writes in-flight. [...] Please try the following patch instead. This should remove the cause of the problem. Eric noticed that this mishandles session statistics and unnecessarily calls the handshake callback. Here's a new version of the patch. (We do call the handshake callback with SSL_CB_HANDSHAKE_START before sending a HelloRequest, but SSL_CB_HANDSHAKE_DONE is probably wrong if there was no actual handshake.) Index: s3_srvr.c === RCS file: /usr/local/openssl/cvs/openssl/ssl/s3_srvr.c,v retrieving revision 1.49.2.6 diff -u -u -r1.49.2.6 s3_srvr.c --- s3_srvr.c 2001/09/20 21:36:39 1.49.2.6 +++ s3_srvr.c 2001/09/21 06:51:22 @@ -167,6 +167,7 @@ long num1; int ret= -1; int new_state,state,skip=0; + int got_new_session=0; RAND_add(Time,sizeof(Time),0); ERR_clear_error(); @@ -270,9 +271,7 @@ case SSL3_ST_SW_HELLO_REQ_C: s-state=SSL_ST_OK; - ret=1; - goto end; - /* break; */ + break; case SSL3_ST_SR_CLNT_HELLO_A: case SSL3_ST_SR_CLNT_HELLO_B: @@ -281,6 +280,7 @@ s-shutdown=0; ret=ssl3_get_client_hello(s); if (ret = 0) goto end; + got_new_session=1; s-state=SSL3_ST_SW_SRVR_HELLO_A; s-init_num=0; break; @@ -511,18 +511,23 @@ /* remove buffering on output */ ssl_free_wbio_buffer(s); - s-new_session=0; s-init_num=0; - - ssl_update_cache(s,SSL_SESS_CACHE_SERVER); - s-ctx-stats.sess_accept_good++; - /* s-server=1; */ - s-handshake_func=ssl3_accept; - ret=1; - - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); + if (got_new_session) /* skipped if we just sent a HelloRequest +*/ + { + /* actually not necessarily a 'new' session */ + + s-new_session=0; + + ssl_update_cache(s,SSL_SESS_CACHE_SERVER); + + s-ctx-stats.sess_accept_good++; + /* s-server=1; */ + s-handshake_func=ssl3_accept; + if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); + } + goto end; /* break; */ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL renegotiation and SSL_bio (more data)
On Fri, Sep 21, 2001 at 10:09:37AM +0100, Andy Schneider wrote: This patch works. However it is also worth noting that my tests expose a minor caveat. If a client and server request handshakes thus: Server: Read Renegotiate Read Write Client: Write Renegotiate Read Write The client will hang stuck in this loop (in ssl3_get_message): [...] Oops. This should fix that bug: Index: s3_both.c === RCS file: /e/openssl/cvs/openssl/ssl/s3_both.c,v retrieving revision 1.22.2.1 diff -u -u -r1.22.2.1 s3_both.c --- s3_both.c 2000/12/14 17:34:26 1.22.2.1 +++ s3_both.c 2001/09/21 11:12:02 @@ -383,7 +383,11 @@ * if their format is correct. Does not count for * 'Finished' MAC. */ if (p[1] == 0 p[2] == 0 p[3] == 0) + { + s-init_num = 0; skip_message = 1; + } + } while (skip_message); -- Bodo Möller [EMAIL PROTECTED] PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: set x.509 version 3
sk wrote: hi I want to set certificate request version 3. I wrote code as below CA sign cert req but, certificate version number is 1. The request version is not copied to the certificate version. The signed certificate version of the 'openssl ca' and 'x509' utilities is normally 3 if some extensions are added or 1 otherwise, though including and empty set of extensions will also set it to 3: as documented in the relevant manual pages. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Root CA signing an intermediate CA - problems!
Louis LeBlanc wrote: I am including the x509 output of my intermediate below. I notice that the CA constraint is false. Does this have anything to do with the problem? I am guessing it does, but how do I fix this? I have been all over the online docs, so I am fairly certain that I am just not seeing what's in front of me, or my antennae are just not picking up the right stations :) This is indeed a problem. With CA:FALSE the certificate is not a valid CA certificate and will be rejected by any reasonable software. By default OpenSSL will sign a certificate request using end user extensions. You can override this using the command line option -extensions to either 'ca' or 'x509' so if you include -extensions v3_ca it should work. You can also use the -signCA option to the CA.pl script in more recent versions of OpenSSL. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Web Client Certificates (Apache-IIS)
Hi, Can the web client certificates generate for an Apache Server be used against an IIS Server if we transfor the certificate format from Apache to IIS? Many Thanks. Nuria _ Uni2 - Lince Telecomunicaciones, S.A.U. Aviso legal: Este mensaje electrónico está dirigido únicamente a la(s) dirección(es) indicadas anteriormente; el carácter confidencial, personal e intransferible del mismo está protegido legalmente. Cualquier revelación, uso o reenvío no autorizado, completo o en parte, está prohibido. Si ha recibido este mensaje por equivocación, notifíquelo inmediatamente a la persona que lo ha enviado y borre el mensaje original junto con sus ficheros anexos sin leerlo ni grabarlo, total o parcialmente. Gracias
OpenSSL PRNG analysis
has anyone done an analysis of the OpenSSL PRNG which would be available for public? i've read the Random Number Generation chapter of Peter Gutmann's PhD thesis (The Design and Verification of a Cryptographic Security Architecture, http://www.cryptoapps.com/~peter/06_random.pdf) which contains an analysis of the design of OpenSSL PRNG but has anyone analysed the random numbers generated? does the PRNG contain mechanisms for statistically analysing its output? have there been any plans for including statistical randomness tests in the PRNG output? do these tests like the Maurer's universal statistical test catch PRNG errors in practice? best regards, -- aspa __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Freeing of memory allocated CRYPTO_get_ex_new_index
Hi, I notice that when SSL_CTX_new() is called, the following call sequence happens : SSL_CTX_new - SSL_get_ex_data_X509_STORE_CTX_idx - X509_STORE_CTX_get_ex_new_index - CRYPTO_get_ex_new_index And the memory (56 bytes) that is allocated by CRYPTO_get_ex_new_index() doesnt get freed when I call the following functions at the end : SSL_free() SSL_CTX_free() ERR_free_strings(); ERR_remove_state(0); EVP_cleanup(); Is there some other cleanup function that I need to call ensure that those 56 bytes also get freed ? Thanks Rampi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL PRNG analysis
On Fri, Sep 21, 2001 at 04:59:17PM +0300, Marko Asplund wrote: has anyone done an analysis of the OpenSSL PRNG which would be available for public? i've read the Random Number Generation chapter of Peter Gutmann's PhD thesis (The Design and Verification of a Cryptographic Security Architecture, http://www.cryptoapps.com/~peter/06_random.pdf) which contains an analysis of the design of OpenSSL PRNG but has anyone analysed the random numbers generated? does the PRNG contain mechanisms for statistically analysing its output? have there been any plans for including statistical randomness tests in the PRNG output? do these tests like the Maurer's universal statistical test catch PRNG errors in practice? Some of the FIPS 140-1 tests are implemented in randtest.c, but statistical tests on PRNG output are not really meaningful. If a PRNG fails them, this surely is a bad sign, but it is easy to implement a bad PRNG that passes all the tests. Hash function output looks pretty random, but usually isn't. Such tests are meaningful for hardware implementations where you might have issues such as defective wires (e.g. every byte is of the form r0rr -- seven random bits, but one fixed bit). For a concise description of a problem with earlier versions of the OpenSSL PRNG that Peter Gutmann did not notice, see URL:http://www.openssl.org/news/secadv_prng.txt. -- Bodo Möller [EMAIL PROTECTED] PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Root CA signing an intermediate CA - problems!
On 09/21/01 12:53 PM, Dr S N Henson sat at the `puter and typed: Louis LeBlanc wrote: I am including the x509 output of my intermediate below. I notice that the CA constraint is false. Does this have anything to do with the problem? I am guessing it does, but how do I fix this? I have been all over the online docs, so I am fairly certain that I am just not seeing what's in front of me, or my antennae are just not picking up the right stations :) This is indeed a problem. With CA:FALSE the certificate is not a valid CA certificate and will be rejected by any reasonable software. By default OpenSSL will sign a certificate request using end user extensions. You can override this using the command line option -extensions to either 'ca' or 'x509' so if you include -extensions v3_ca it should work. You can also use the -signCA option to the CA.pl script in more recent versions of OpenSSL. So will this also result in setting the pathlen? I noticed on a self signed cert, CA is true, and there is also a pathlen=0 (or something to that effect). I managed to get over the CA:True problem, and even copied the appropriate extensions, but now, a server cert signed by an intermediate CA causes netscape to pop up a warning that the 'Certificate path length constraint is invalid. I am including all Intermediate CA files between the server cert and the root CA (in that order, but not including the server or root cert) in a chain.crt file which is pointed to by the SSLCertificateChain(?) directive in Apache. If I don't include directive, I simply get an unrecognized certificate popup, even though I have installed the root as trusted on my browser. I'll take a look in openssl.txt for any info on this - this helped me get over the last hurdle - but if you know offhand, I'd appreciate the pointer. Thanks a bunch for the help! Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ All new: Parts not interchangeable with previous model. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Determing SSL conection to use in password_Callback
Title: Determing SSL conection to use in password_Callback I have come across a little delima.. I set a password callback on a SSL_CTX, and when I went to write the implementatino I realized I couldn't determine what SSL * connection was currently in use.. And every SSL connection I have uses a different set of certificate/key pairs. So what is the normal way of determining what connection and/or what cert/key pair needs the password? - Andrew T. Finnell Software Engineer eSecurity Inc (321) 394-2485
Phaos' SSLava key
I have an encrypted/password-protected private key file in PEM format generated by Phaos' SSLava. My OpenSSL app can't read it - it crashes on Windows with an Access Violation during SSL_CTX_use_PrivateKey_file(...). Here is a stack: EVP_PKCS82PKEY + 28 bytes PEM_ASN1_read_bio + 1629 bytes PEM_read_bio_PrivateKey + 35 bytes SSL_CTX_use_PrivateKey_file + 134 bytes The command 'openssl asn1parse -inform PEM -in TWkey.pem' (TWkey.pem is the key file that causes the crash). 0:d=0 hl=3 l= 252 cons: SEQUENCE 3:d=1 hl=2 l= 39 cons: SEQUENCE 5:d=2 hl=2 l= 10 prim: OBJECT :pbeWithSHA1And3-KeyTripleDES-CBC 17:d=2 hl=2 l= 25 cons: SEQUENCE 19:d=3 hl=2 l= 20 prim: OCTET STRING 41:d=3 hl=2 l= 1 prim: INTEGER :64 44:d=1 hl=3 l= 208 prim: OCTET STRING Anybody know what's wrong and what I can do to fix it? Thanks! Bill Rebey === Confidentiality Statement === The information contained in this message and any attachments is intended only for the use of the individual or entity to which it is addressed, and may contain information that is PRIVILEGED, CONFIDENTIAL and exempt from disclosure under applicable law. If you have received this message in error, you are prohibited from copying, distributing, or using the information. Please contact the sender immediately by return e-mail and delete the original message from your system. = End Confidentiality Statement = __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
ans1 0D09F007 error with verisign cert.
Hello Using Apache/modssl/openssl SSL worked fine with apache snake-oil certs, but when adding verisign cert I get the following error and no startup OpenSSL: error:0D09F007:ans1 encoding routines :d2i_x509: expecting an ans1 sequence. Does anyone know the fix? Thanks in advance Gregg Andrew [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ans1 0D09F007 error with verisign cert.
[EMAIL PROTECTED] wrote: Hello Using Apache/modssl/openssl SSL worked fine with apache snake-oil certs, but when adding verisign cert I get the following error and no startup OpenSSL: error:0D09F007:ans1 encoding routines :d2i_x509: expecting an ans1 sequence. It probably isn't a certificate but a set of them in a PKCS#7 wrapper. Try: openssl pkcs7 -in file.pem -print_certs -out certs.pem and you should see several certificates in the file which can be separated using a text editor. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ans1 0D09F007 error with verisign cert.
[EMAIL PROTECTED] wrote: Hello Using Apache/modssl/openssl SSL worked fine with apache snake-oil certs, but when adding verisign cert I get the following error and no startup OpenSSL: error:0D09F007:ans1 encoding routines :d2i_x509: expecting an ans1 sequence. Does anyone know the fix? This should be in the FAQ. It's not a cert, it's a PKCS#7 message that contains a cert. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Root CA signing an intermediate CA - problems solved
Ok, I found the solution, and thought someone else might benefit from my efforts. What I am trying to do is create a heirarchy of intermediate CAs with a single root CA at the top. I wish to be able to sign server certs, primarily, and they must be able to create a trusted site that loads without popup or warning on multiple browsers. Of course, having the root CA be trusted is a prerequisite, so I am installing it to the browser by simply serving it on the site with the proper mime type. As Dr Henson pointed out, the -extensions v3_ca flag would tell openssl that the cert was to be considered a CA, and CA:true would be set in the cert. However, most default self signed certs also have pathlen:0 set. This is a roadblock, and was causing my other issue: 'Certificate path length constraint is invalid. It's kinda kludgy, but here is what I did: In my openssl.cnf, I changed the following line in the v3_ca section: basicConstraints = CA:true to this: basicConstraints = CA:true,pathlen:5 which is obviously overkill, but at least I won't have to recreate my root cert because of this. the pathlen defines how many intermediate certs can be contained in the chain between the root and server/user certs. I then created a subdir in the MYCA directory for each 'first level' intermediate CA, and copied openssl.cnf into it, decrementing the pathlen constraint, and pointing the 'dir' directive in CA_default to the subdir. Repeat as needed for up to 5 certs deep. Definitely messy, but I haven't gotten around to fine tuning the whole thing into a single config that will work with multiple CAs. When I get a chance, I'll do it. For each intermediate CA directory, I set up a script to sign certs which points to the proper config, so all I have to do is get the csr into the correct location, and './sign_cert server' will sign server.csr and output server.crt. For my purposes, right now, each intermediate subdir is contained within its 'parent CAs' dir, and each maintains its own serial number count, index listing, and newcerts store. They could essentially be placed on separate machines and continue to be used with minimum modification. Like I said, it's messy, but it works for now. Thanks for the help Dr Henson! Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ Statistics are no substitute for judgement. -- Henry Clay __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Determing SSL conection to use in password_Callback
On Fri, Sep 21, 2001 at 10:50:55AM -0400, Andrew Finnell wrote: I have come across a little delima.. I set a password callback on a SSL_CTX, and when I went to write the implementatino I realized I couldn't determine what SSL * connection was currently in use.. And every SSL connection I have uses a different set of certificate/key pairs. So what is the normal way of determining what connection and/or what cert/key pair needs the password? I just had a look into the source. The password callback (and userdata) are only set once per SSL_CTX object. When the certificates and keys are read in, the ctx-default_passwd_callback() is unconditionally used regardless of which SSL object is currently treated. The function is actually handed to e.g. PEM_read_bio_RSAPrivateKey(), which does not even know, what an SSL object (or SSL_CTX object) is (see ssl/ssl_rsa.c:SSL_use_certificate_file(). The answer to your question therefore is: The OpenSSL API does not support per-SSL object password callbacks, only per-SSL_CTX password callbacks are supported. The same applies for the userdata field, so that one can also not use it it to pass the information about the SSL object. Proposed solution: read the key directly using e.g. PEM_read_bio_RSAPrivateKey() and friends, freely using the password callback of your choice, then load the key using SSL_use_RSAPrivateKey() and friends. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL_dup() not functioning
On Fri, Sep 21, 2001 at 08:51:43AM +0600, Ashada Karunaratna wrote: I tried to use SSL_dup() functions to duplicate my SSL object and use that SSL object to communication. But it fails. However I could communicate with original SSL object well. Is anyone know reson for that. That is hard to say from the distance. (I have never used SSL_dup() and before writing a manual page I wanted to find out what it is good for anyway :-) What is your intention? LutzHaving this said: I don't know, in how far other -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]