RE: Certificates
Hi Goetz, > At least my c_rehash expects CA certs to have the suffix .pem. > And since the -CApath param needs hashes generated by c_rehash > to find the certificates, it will fail... > > Fix the extension to .pem, run c_rehash and verify should > succeed... Thanks. That does it :-) Cheers, Mark __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: cipher suite names in 0.9.8
Frédéric Donnat wrote: > be carefull with some typo error. > > My openssl 0.9.7e does not accept this "RSA-AES256", It does NOT? Strange. > but accept "RSA:AES256". Sure, as this specifies two cipher preferences, "RSA" or "AES256"... > Things are the same with last openssl 0.9.7i. I'll take it as an user error then. Thanks again, daniel __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Authentication
Hi All, > The code below gives the FIRST Common Name RDN, not the last > one in the hierarchy > to be tested as a servername in tls. But well, if you only have one > occurrence of common name :-) > > Anyway, the WHOLE DN, i.e. all attributes together are supposed to be > unique in a CA. > Of course, if your private CA makes the common name attribute > unique .. There may be more than one "Joe Smith" > > There are utility function to get a string representation of > the whole > subject, with many options about > the formatting, one almlowing to be used diurectly in a ldap request > etc. ==> cf apps/x509.c I must admit to being even more confused after the all the replies to this thread! Thanks for all the input ;-) I have experimented with the code examples given and some do not yield objects that look particularly unique (i.e. short strings). The following code seems promising: cert = SSL_get_peer_certificate(ssl); subj = X509_get_subject_name(cert); if (X509_NAME_oneline(subj, data, 256)) { printf("Peer subject='%s'", data); } Can anyone comment whether this (data) would suffice? I also noted that a hash value of this subject line is also available. That might yield a good database key? Cheers, Mark. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
ASN1 parsing
Hi I am trying to parse a ASN format that has the following structure. ASNSEQUENCE[C] = 3 elements INTEGER = 0 SEQUENCE[C] = 2 elements OBJECT ID = SHA NULL = null SEQUENCE[C] = 1 elements SEQUENCE[C] = 2 elements INTEGER = 1 OCTET STRING = 20 bytes: 98:F7:6A:06:E1... My input is der encoding of this structure. I am not sure how to correctly read all the elements inside a SEQUENCE. In particular, I want to read the digest and the digest algorithm. I tried using the method ASN1_seq_unpack_ASN1_TYPE. Can anyone provide sample codes or provide an explanation on how to parse? Thanks Venkat __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Authentication
etc. ==> cf apps/x509.c I must admit to being even more confused after the all the replies to this thread! Thanks for all the input ;-) I Read apps/x509.c how it parses the different ways to format a subject and issuer. -- To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch. smime.p7s Description: S/MIME Cryptographic Signature
Re: A Few General OpenSSL Questions...
On 11/30/05, Usman Riaz <[EMAIL PROTECTED]> wrote: > b. Secondly, I set the SSL version to 3 via "SSLv3_method" and wait for > client to connect. When the client connects (client is a FireFox browser, > with SSLv2,3 & TLSv1 enabled), on the server side when i try to read from > the bio (after writing the initial handshake data to the BIO) the read fails > and BIO_should_retry also fails with the error being incorrect version > number. Now if i change the SSL method on my server to "SSLv2_method" then i > dont have any problems and i can connect fine. But since i have enabled all > available version on my client (SSLv2,3 TLS v1), the BIO should not return > an error. Can someone tell what do i need to do to make the server connect > with SSL v3, or TLS ver 1 Have you tried the SSLv23_method? it starts with a v2 Hello, then it upgrades to v3 or tlsv1 ... Regards, Cesc Thanks for the reply, Cesc. I havn't tried with v23, but actually I dont want to use SSLv2 for my server. But if i disable all the other protocols in Firefox except of the one used by my server, it works fine. Probably, there might be some flag so that OpenSSL can fall back to some other protocol if one is not supported by the client. I actually want to use either SSLv3 or TLSv1 for my server. Regards, Usman. P.S: Can someone comment about ssl bio_pairs being full duplex _ Don't just search. Find. Check out the new MSN Search! http://search.msn.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: A Few General OpenSSL Questions...
Hello Usman, > > > an error. Can someone tell what do i need to do to make > the server > >connect > > > with SSL v3, or TLS ver 1 > > > >Have you tried the SSLv23_method? it starts with a v2 Hello, then it > >upgrades to v3 or tlsv1 ... Try this with SSLv23_method: /* Set any parameters such as disabling v2 protocol. */ SSL_CTX_set_options(ctx, SSL_OP_ALL | /* All bug workarounds. */ SSL_OP_NO_SSLv2 /* Disable v2 protocol */ ); Regards, Mark __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: load x509 certificate from base 64 string into X509 structure
extern X509 *mem2x509_pem(char *cert) { X509 *x509= NULL; BIO *bio = NULL; int len = -1; bio = BIO_new(BIO_s_mem()); if (!bio) goto end; len = BIO_write(bio, cert, strlen(cert)); if (len == -1) goto end; x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); if(!x509) goto end;end: if(bio) BIO_free(bio); return x509;} On 11/16/05, Isaac B <[EMAIL PROTECTED]> wrote: Hi, I had to encode a X509 certificate into base 64 to be able to transfer it into an XML, now when I get the XML I need to put it back inside a X509 structure the way I did it with a file was easy BIO *cert = NULL; X509 *x509 = NULL; BIO_read_filename(cert, inFileC); x509 = d2i_X509_bio(cert, null); but now that I have the X509 certificate in PEM format inside a XML node I was wondering how could I load it into x509 withouth having to write a temp file. Thanks in advance. Isaac B Yahoo! FareChase - Search multiple travel sites in one click.
RE: A Few General OpenSSL Questions...
From: "Mark" <[EMAIL PROTECTED]> Reply-To: openssl-users@openssl.org To: openssl-users@openssl.org Subject: RE: A Few General OpenSSL Questions... Date: Thu, 1 Dec 2005 12:37:55 - Hello Usman, > > > an error. Can someone tell what do i need to do to make > the server > >connect > > > with SSL v3, or TLS ver 1 > > > >Have you tried the SSLv23_method? it starts with a v2 Hello, then it > >upgrades to v3 or tlsv1 ... Try this with SSLv23_method: /* Set any parameters such as disabling v2 protocol. */ SSL_CTX_set_options(ctx, SSL_OP_ALL | /* All bug workarounds. */ SSL_OP_NO_SSLv2 /* Disable v2 protocol */ ); Regards, Mark Thanks for the reply Mark, I gather, using method v23 with setting option to disable v2 is same as using just v3, since my problem is OpenSSL on the server does not want to continue if the client is using a different version and returns an error instead of sending client some data to use a different protocol (i guess that's not part of SSL specs). But I'll give it a try & post back I have any further questions. Thanks, Usman. _ Don't just search. Find. Check out the new MSN Search! http://search.msn.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: load x509 certificate from base 64 string into X509 structure
On Thu, Dec 01, 2005, Rajeshwar Singh Jenwar wrote: > extern X509 *mem2x509_pem(char *cert) > > { > X509 *x509= NULL; > BIO *bio = NULL; > int len = -1; > bio = BIO_new(BIO_s_mem()); > if (!bio) > goto end; > len = BIO_write(bio, cert, strlen(cert)); > if (len == -1) >goto end; > x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); > > if(!x509) > goto end; > end: > if(bio) BIO_free(bio); > > return x509; > } > Its easier and more efficient to create the memory BIO with: bio = BIO_new_mem_buf(cert, -1); Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Authentication
Hi Peter, > Read apps/x509.c how it parses the different ways to format a subject > and issuer. I've looked at that file but my understanding is still limited. There's virtually no comments so it's hard to untangle what it is doing. I noticed a function X509_subject_name_hash(). Will that give a unique reference to a certificate? It seems to ;-) Cheers, Mark __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ASN1 parsing
On Thu, Dec 01, 2005, Venkata Sairam wrote: > Hi > > I am trying to parse a ASN format that has the following structure. > ASNSEQUENCE[C] = 3 elements > INTEGER = 0 > SEQUENCE[C] = 2 elements > OBJECT ID = SHA > NULL = null > SEQUENCE[C] = 1 elements > SEQUENCE[C] = 2 elements > INTEGER = 1 > OCTET STRING = 20 bytes: 98:F7:6A:06:E1... > > My input is der encoding of this structure. > > I am not sure how to correctly read all the elements inside a SEQUENCE. In > particular, I want to read the digest and the digest algorithm. > I tried using the method ASN1_seq_unpack_ASN1_TYPE. Can anyone provide > sample codes or provide an explanation on how to parse? > The easiest thing to do is to write an ASN1 module for the data. There are examples of varying complexity all over OpenSSL. Do a grep for ASN1_SEQUENCE in the source. Some of that structure looks like it uses some standard structures. For example the second SEQUENCE looks like a DigestAlgorithmIdentifier which is the type X509_ALGOR in OpenSSL. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Authentication
I've looked at that file but my understanding is still limited. There's virtually no comments so it's hard to untangle what it is doing. I noticed a function X509_subject_name_hash(). Will that give a unique reference to a certificate? It seems to ;-) There are several calls to a function print_name which you will find in apps/apps.c Cheers, Mark __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch. smime.p7s Description: S/MIME Cryptographic Signature
Re: Authentication
Mark wrote: > I noticed a function X509_subject_name_hash(). Will that give a unique > reference to a certificate? It seems to ;-) No hash can be guaranteed to be unique. Issuer and serial number should be, but of course you need to exercise some intelligence here. You can use the subject hash (or a subset) to perform quick lookups. E.g., if you have a large number of certs indexed by their SN hash, you can quickly determine that you don't have the specified cert or find a few possible matches. In practice? A 20-byte hash will almost certainly be unique. What's your risk tolerance? Bear __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Authentication
Hi Bear, > > I noticed a function X509_subject_name_hash(). Will that > give a unique > > reference to a certificate? It seems to ;-) > > No hash can be guaranteed to be unique. Issuer and serial number > should be, but of course you need to exercise some intelligence here. > > You can use the subject hash (or a subset) to perform quick > lookups. E.g., if you have a large number of certs indexed by > their SN hash, you can quickly determine that you don't have the > specified cert or find a few possible matches. In that case I'll use the Issuer and Serial number. Thanks. Cheers, Mark __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Authentication
Mark wrote: >>No hash can be guaranteed to be unique. Issuer and serial number >>should be, but of course you need to exercise some intelligence here. > > In that case I'll use the Issuer and Serial number. Thanks. As I said, just remember to use some intelligence. Verify the issuer, be prepared for the case where a clueless CA issues the same serial number (which is definitely an error, but how will you handle it?), etc. Bear __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Authentication
Hi Bear, > As I said, just remember to use some intelligence. Verify the > issuer, be prepared for the case where a clueless CA issues the > same serial number (which is definitely an error, but how will you > handle it?), etc. Are there any additional steps necessary to verifying the issuer apart from the normal peer authentication and a string compare of the issuer name? I guess I'll use the subject hash value as an additional check to the serial number. Cheers, Mark __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Authentication
Mark wrote: > Are there any additional steps necessary to verifying the issuer > apart from the normal peer authentication and a string compare of > the issuer name? Just follow the certificate chain back to a trusted root. Anyone can forge a certificate chain, but they won't be able to get back to a trusted root. If you don't do this a malicious party could substitute his cert for a good one and/or prevent a legitimate user from providing her own good cert. Bear P.S., remember that the serial number is an arbitrarily long numbers/strings. Some CAs (Verisign?) appear to use cryptographic hashes as their serial numbers. Others use a modified timestamp (e.g., MMDDHHMMSSxx). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: steps to use a dynamic engine from an application
Thank you for your response. I have couple of more questions: - If I use ENGINE_by_id("athena"), what should be the name and path of engine implementation. - I understand that ENGINE_cleanup() should be called before shutting down the application, but can I call ENGINE_finish() and ENGINE_free() before application has done using the Engine? Thanks, -Anil Geoff Thorpe <[EMAIL PROTECTED]> wrote: Hi there,On November 29, 2005 03:05 pm, Anil Gunturu wrote:> I am just wondering about the steps to use a dynamic engine. Can> somebody verify this:> e = ENGINE_by_id("dynamic"); > if (!e) {> return RC_ERROR;> }> if ((!ENGINE_ctrl_cmd_string(e, "SO_PATH", so_path, 0)) ||> (!ENGINE_ctrl_cmd_string(e, "ID", "ATHENA", 0)) ||> (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)))> {> ENGINE_free(e);> return RC_ERROR;> }All of that should be equivalent to ENGINE_by_id("athena") if the engine has the appropriate name/path and you're using a recent version of openssl. But if that works for you, cool.> if (!ENGINE_init(e)) {> ENGINE_free(e);> return RC_ERROR;> }>> ENGINE_set_default_RSA(e);>> Also, when do I need to call ENGINE_finish() and ENGINE_free()?Up until you call ENGINE_init() all you have is a *structural* reference, the engine may not be able to do anything (eg. if it's for hardware you don't have) but it lets you manipulate it. This reference should be released by ENGINE_free(). If ENGINE_init() succeeds, you have a *functional* reference as well, which is released by ENGINE_finish(). In your case, you've got one of each kind of reference so you'd need to release both.However, ENGINE_set_default_RSA() will attempt to initialise the engine if it's not already initialised anyway (it can't be a default unless it's *working*). So don't bother trying to initialise it, then you only need to call ENGINE_free() once you're done. You need to check the return value of ENGINE_set_default_RSA() though if you want to know if it succeeded.BTW, your application needs to call ENGINE_cleanup() when closing down, as this releases any/all internal references. Eg. ENGINE_set_default_RSA() causes an internal functional reference to be kept internally to prevent the engine from deinitialising/unloading.Cheers,Geoff-- Geoff Thorpe[EMAIL PROTECTED]http://www.openssl.org/__OpenSSL Project http://www.openssl.orgUser Support Mailing List openssl-users@openssl.orgAutomated List Manager [EMAIL PROTECTED] Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
Re: Authentication
Mark wrote: Hi Bear, As I said, just remember to use some intelligence. Verify the issuer, be prepared for the case where a clueless CA issues the same serial number (which is definitely an error, but how will you handle it?), etc. Are there any additional steps necessary to verifying the issuer apart from the normal peer authentication and a string compare of the issuer name? I guess I'll use the subject hash value as an additional check to the serial number. Didn't you say that you have only ONE CA? This means you have onluy ONE issuer, and since this is the only cert that you put into the verifyfile, only client certificates signed by this CA can be used. Thus, you only have serialnumber to handle in your authorisation tool. Unless you want to handle certificate renewal trasnparently. The you take the name of the subject, i.e. a string represation of the Subject's DN. I think this thread is getting into a book about how to program with openssl. Cheers, Mark __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch. smime.p7s Description: S/MIME Cryptographic Signature
RE: load x509 certificate from base 64 string into X509 structure
Hi, I think you could use the i2d_X509_bio and d2i_X509_bio function that help using BIO and X509 struture. from openssl/x509.h #define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \ (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)) #define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509) hope it could help Fred -Original Message- From: Dr. Stephen Henson [mailto:[EMAIL PROTECTED] Sent: Thu 12/1/2005 3:01 PM To: openssl-users@openssl.org Cc: Subject:Re: load x509 certificate from base 64 string into X509 structure On Thu, Dec 01, 2005, Rajeshwar Singh Jenwar wrote: > extern X509 *mem2x509_pem(char *cert) > > { > X509 *x509= NULL; > BIO *bio = NULL; > int len = -1; > bio = BIO_new(BIO_s_mem()); > if (!bio) > goto end; > len = BIO_write(bio, cert, strlen(cert)); > if (len == -1) >goto end; > x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); > > if(!x509) > goto end; > end: > if(bio) BIO_free(bio); > > return x509; > } > Its easier and more efficient to create the memory BIO with: bio = BIO_new_mem_buf(cert, -1); Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: steps to use a dynamic engine from an application
On Thu, Dec 01, 2005, Anil Gunturu wrote: > Thank you for your response. I have couple of more questions: > - If I use ENGINE_by_id("athena"), what should be the name and path of > engine implementation. > - I understand that ENGINE_cleanup() should be called before shutting down > the application, but can I call ENGINE_finish() and ENGINE_free() before > application has done using the Engine? > If you just want to load a dynamic ENGINE and set it as the default implementation for (for example) RSA you might want to consider the autoconfig mechanism. That allows the various ENGINE parameters to be set in a config file. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Self-verifying names
On Nov 30, 2005, at 10:48 PM, Victor Duchovni wrote: Clearly OpenSSL has already verified that the client has a private key that matches the public key in the certificate, or else all the certificace checks are pointless. Are you SURE about that? I'm not doubting you, it's just that "Clearly..." sounds more like an assumption. Why should it return NULL? If the client supplied a certificate, and your verification callback in the server said it was OK (just say yes), once the session is established check the public key. Okay, I think I have that working. Three sample files are attached. The client and server sides, and a common verification routine. Would you mind looking them over and letting me know whether they're doing what I want? I THINK they are, but security-sensitive code can always use a second set of eyeballs. :) The output, by the way, looks like this: $ ./server server: waiting for accept server: tcp accept succeeded server: ssl accept succeeded client cert digest=c052b579972919c474e99604443ca0b6d50b215d server: read 14 bytes server: wrote 14 bytes server: connection closed $ ./client client: tcp connect succeeded client: ssl connect succeeded server cert digest=3426940b3247899a536046b58d71a9f2900e63f9 Hello, World! $ openssl x509 -fingerprint -in client-cert.pem -sha1 -nooutSHA1 Fingerprint=C0:52:B5:79:97:29:19:C4:74:E9:96:04:44:3C:A0:B6:D5:0B:21:5D $ openssl x509 -fingerprint -in server-cert.pem -sha1 -nooutSHA1 Fingerprint=34:26:94:0B:32:47:89:9A:53:60:46:B5:8D:71:A9:F2:90:0E:63:F9 Thanks again for all your help, Sean -- Humanity has advanced, when it has advanced, not because it has been sober, responsible, and cautious, but because it has been playful, rebellious, and immature. -- Tom Robbins client.C Description: Binary data server.C Description: Binary data common.C Description: Binary data PGP.sig Description: This is a digitally signed message part
Certificates for MS EFS
OpenSSL Gurus, I run a local CA and I wish to use the OpenSSL certificates to cipher the EFS ops. To do so, I need to generate the certificates with the extended OID 1.3.6.1.4.1.311.10.3.4 (listed as msEFS on objects.h) My certificate generation flow is: openssl req -nodes -new -x509 \ -keyout /etc/CA/certs/key.pem \ -out /etc/CA/certs/cert.pem -days 365 openssl x509 -x509toreq -in /etc/CA/certs/cert.pem \ -signkey /etc/CA/certs/key.pem \ -out /etc/CA/certs/tmp.pem openssl ca -policy policy_anything \ -out /etc/CA/certs/cert.pem \ -infiles /etc/CA/certs/tmp.pem I've tried creating a file, named ext_oids containing: [ ext_client ] # OID:1.3.6.1.4.1.311.10.3.4 (msEFS) Microsoft Encrypted File System extendedKeyUsage=msEFS subjectAltName=email:copy And appended to step 2 (openssl x509): -extfile /etc/CA/ext_oids -extensions ext_client Didn't work. Any hint? Light? Rodrigo. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: ASN1 parsing
Hi Thanks for the reply. I will try to implement a ASN1 module for the data. I am new to openssl and tried to get some sample code but couldn't find any. Can you please point me to few sample examples of the implementation (may be one simple and one complex one)? Thanks once again. -Venkat -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson Sent: Thursday, December 01, 2005 10:27 PM To: openssl-users@openssl.org Subject: Re: ASN1 parsing On Thu, Dec 01, 2005, Venkata Sairam wrote: > Hi > > I am trying to parse a ASN format that has the following structure. > ASNSEQUENCE[C] = 3 elements > INTEGER = 0 > SEQUENCE[C] = 2 elements > OBJECT ID = SHA > NULL = null > SEQUENCE[C] = 1 elements > SEQUENCE[C] = 2 elements > INTEGER = 1 > OCTET STRING = 20 bytes: 98:F7:6A:06:E1... > > My input is der encoding of this structure. > > I am not sure how to correctly read all the elements inside a SEQUENCE. In > particular, I want to read the digest and the digest algorithm. > I tried using the method ASN1_seq_unpack_ASN1_TYPE. Can anyone provide > sample codes or provide an explanation on how to parse? > The easiest thing to do is to write an ASN1 module for the data. There are examples of varying complexity all over OpenSSL. Do a grep for ASN1_SEQUENCE in the source. Some of that structure looks like it uses some standard structures. For example the second SEQUENCE looks like a DigestAlgorithmIdentifier which is the type X509_ALGOR in OpenSSL. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: load x509 certificate from base 64 string into X509 structure
Hi Fred, These functions i2d_X509_bio and d2i_X509_bio are used for X509 cerificates in DER format. But the requirement was to read X509 cert in PEM format from memory. Hi Steve, I got ur point bio = BIO_new_mem_buf(cert, -1); will be more efficient becuase it avoid BIO_write by just assinging memory pointer to BIO. Thanks, RSJ On 12/2/05, Frédéric Donnat <[EMAIL PROTECTED]> wrote: Hi,I think you could use the i2d_X509_bio and d2i_X509_bio function that help using BIO and X509 struture. from openssl/x509.h#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \ (char *(*)())d2i_X509, (bp),(unsigned char **)(x509))#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509) hope it could helpFred-Original Message-From: Dr. Stephen Henson [mailto:[EMAIL PROTECTED]]Sent: Thu 12/1/2005 3:01 PMTo: openssl-users@openssl.orgCc:Subject:Re: load x509 certificate from base 64 string into X509 structureOn Thu, Dec 01, 2005, Rajeshwar Singh Jenwar wrote:> extern X509 *mem2x509_pem(char *cert) >> {> X509 *x509= NULL;> BIO *bio = NULL;> int len = -1;> bio = BIO_new(BIO_s_mem());> if (!bio)> goto end;> len = BIO_write(bio, cert, strlen(cert)); > if (len == -1)>goto end;> x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);>> if(!x509)> goto end;> end:> if(bio) BIO_free(bio);>> return x509; > }>Its easier and more efficient to create the memory BIO with:bio = BIO_new_mem_buf(cert, -1);Steve.--Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepageOpenSSL project core developer and freelance consultant. Funding needed! Details on homepage.Homepage: http://www.drh-consultancy.demon.co.uk__ OpenSSL Project http://www.openssl.orgUser Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]__OpenSSL Project http://www.openssl.orgUser Support Mailing Listopenssl-users@openssl.orgAutomated List Manager [EMAIL PROTECTED]
Re: Self-verifying names
On Thu, Dec 01, 2005 at 04:08:38PM -0500, Sean Rhea wrote: > >Clearly OpenSSL has already verified that the client > >has a private key that matches the public key in the certificate, or > >else all the certificace checks are pointless. > > Are you SURE about that? I'm not doubting you, it's just that > "Clearly..." sounds more like an assumption. Well, it cannot be otherwise, because if that is not the case, there is nothing your verification code can do to check this, because you don't get to participate in the protocol handshake and verify the client's signature on some nonce using the public key from the certificate (the key exchange happens outside your callback). All you get to verify is the trust chain, but it is completely irrelevant, you already know who the client's expected public key or the fingerprint of his self-signed certificate. > Okay, I think I have that working. Three sample files are attached. > The client and server sides, and a common verification routine. > Would you mind looking them over and letting me know whether they're > doing what I want? I THINK they are, but security-sensitive code can > always use a second set of eyeballs. :) > Looks ok to me, but I am hoping that someone else will take a look at it also. In your verification callback the final call to X509_verify is pointless: int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) { // Should have failed due to it being self-signed. int err = X509_STORE_CTX_get_error(ctx); if (err != X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) return 0; // Double check that the certificate is properly signed. // XXX: is that what X509_verify actually does??? X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx); return X509_verify(err_cert, X509_PUBKEY_get(err_cert->cert_info->key)); } It does not matter who signed the certificate. Indeed the callback can always return 1 even if the certificate is not self-signed. The properties you want are: - The peer has proved possesion of the private key that matches the certificate public key (the SSL handshake does that). - The public key (via a fingerprint for convenience) is the one that you want. So I would change this to: int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) { return 1; } You can test this. Give the client or server a the wrong private key and the right certificate and watch the SSL handshake fail, even though you ignore the validity of the certificate chain. Anyone else have comments on the above? -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]