Re: man pages of PKCS12
I will do so, thank you :) Alexis Dr. Stephen Henson a écrit : Don't post in HTML. Easiest option is to call d2i_PKCS12() and friends and see if you get an error. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] Ce message et toutes les pièces jointes sont confidentiels et établis a l'intention exclusive de ses destinataires. Toute modification, édition, utilisation ou diffusion non autorisée est interdite. Tout message électronique est susceptible d'altération. CXR Anderson Jacobson décline toute responsabilité au titre de ce message s'il a été altéré, déformé, falsifié, édité ou diffusé sans autorisation. This message and any attachments are confidential and intended solely for the addressees. Any unauthorised alteration, printing, use or dissemination is prohibited. E-mails are susceptible to alteration. CXR Anderson Jacobson shall not be liable for the message if altered, changed, falsified, printed or disseminated without authorisation. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to do client verification?
Hi, Edward Chan wrote: > I want to verify that whoever the client is claiming to be, is actually > allowed to connect. However, I don't know where to find this > information in the cert. Are there standard fields where this > information can be found. For example, in the book, "Network Security > with OpenSSL", there is sample code for verifying that the server is > actually who the client connected to. It first looks for the "Subject > Alternative Name" field, then looks for the "DNS" field within that and > checks if this matches the hostname being connected to. If the "DNS" > field is not found, it then checks the "Subject" field for the "Common > Name" field and checks if this matches the hostname being connected to. > Is this the proper way to verify the server cert? And would this work > for most, if not all, server certs the client might receive? Are these > typically the fields that one would use to enter the server's identity? Well, this way of verifying the servers DNS name seems pretty reasonable. But the main check is not mentioned: You check if the certificate of the server was issued by a certification authority that you trust! It's easy to trick a client to connect to a wrong server (usually using some tricks on DNS), but it should be impossible for an attacker to forge a certificate in a way that it has a valid signature from a trusted certification authority. > I'm looking for something similar for verifying the client? Is there > some set of fields that are typically used to enter the client's > identity? Would the same fields be used for a client cert? Well, client's are usually different. There is nothing that specifies what you (or a certification authority) writes in the certificates of a client. Usually it depends a lot of your application. So what are you doing: Do you authenticate client hosts (so maybe a DNS field or the subject field would contain a host name)? Or do you authenticate users (for example S/MIME email)? Then the subject field would usually contain the full name of a user (and maybe something more to identify a specific user, eg. a certain Adam Smith and not any Adam Smith that might exist...). For many secure applications you would just create an own certification authority and issue certificates yourself. Then you would simply just trust this single certification authority and you would not even need to check for the clients (or users) name that is in the certificate. If you trust some CAs that issued more certificates than the user certificates that you want to accept, you have to know what's in there and check for the fields in the certificates. A CA might issue certificates for your organization with the O field (organization) of your company, so this might be sufficient to be checked. So there is nothing that you can rely on for every certificate in the world, you have to know how the certificates that you want to accept look like. And not to forget: First check if the certificate is valid (valid signature from a CA that you trust, not expired, not revoked), then check the contents. Apache/ModSSL uses regular expressions to check the contents of the certificates, so you can configure Apache to check nearly any fields of the certificates DN (Organization, Organizational Unit, Subject, State, Location, Country, ...). > Thanks in advance for taking the time to help out a rookie :) Well, hopefully this helps a bit. Cheers, Olaf -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: verify issuer of a cert
Krishna Prasad wrote: > You can check for the Authority Key Identifier and in that the certificate > serial number of the issuer. No, that's not enough. Authority Key Identifier is only to FIND the issuer certificate. After you found one or more certificates matching the Authority Key Identifier, you still have to check the validity of the signature! And: Authority Key Identifier comes in more than one flavour. It might contain the DN of the issuers issuer and the serial number (so if you have a root CA, an intermediate CA and a client certificate, in the client certificates Authority Key Identifier you would find the DN of the root and the serial number of the intermediate CAs certificate). Or you might simply find a hash value identifying the key of the issueing CA. Olaf > On 11/2/06, Bin Lu <[EMAIL PROTECTED]> wrote: >> >> Hi there, >> >> I have 2 certificates in X509 and I want to verify if one cert is the >> issuer of the other, not using the (issuer)name comparison. What is >> the APIshould I use to verify the signature ? I tried the following >> but it >> doesn't work: >> >> X509 *cert, *issuer; >> >> int result = X509_verify(cert, X509_get_pubkey(issuer)); >> >> It always returns -1 even when "cert" is issued by "issuer". >> >> Appreciate any input. >> >> -wenwu >> __ >> OpenSSL Project http://www.openssl.org >> User Support Mailing Listopenssl-users@openssl.org >> Automated List Manager [EMAIL PROTECTED] >> > -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
d2i/i2d_EC_PUBKEY_bio and d2i/i2d_EC_PUBKEY_fp functions
Dear list,I used the "ecdhtest.c" file as starting point to write a small test application to do ECDH key exchange over a network. In order to encode the peer's public keys in a TCP message I used the i2d_EC_PUBKEY_bio functions to write the public keys to memory BIOs, and from the BIOs to the TCP messages.The received bytes were copied to another BIO, and then decoded with d2i_EC_PUBKEY_bio without errors. The problem is that the procedure ECDH_compute_key yields different key values for both peers ! I have tryed to simulate this behaviour locally , this is, using a "unsigned char " buffer instead a TCP message and the results were reproduceable. Then I tried with the d2i/i2d_EC_PUBKEY_fp functions and it yielded the same ECDH key in both peers. Also, it worked :-) As said, the only relevant change in the program was exchanging the *bio for the *fp procedures and it worked. Am I missing something ? The fp workaround, although locally seems to work good, in a networked environment might result quite ugly and surely implies quite a performance loss.BTW, I am using the 0.9.8a version. I looked through the CHANGES file from 0.9.8d and did not find any informationon that matter. Best regards,Jordi
Re: Error accepting connections
Marek/Chong, Thanks for your reply. As Marek poited out the issue was in the way mutithreading was achieved in server. The locking of SSL context objects 'ctx' was not done properly. The issue is solved now. Chong , I tried using sslv23_server_method but it didn't help . - Original Message - From: "Marek Marcola" <[EMAIL PROTECTED]> To: Sent: Wednesday, November 01, 2006 4:33 AM Subject: Re: Error accepting connections > Hello, > > I have a SSL Server application .. In a test scenario 20 clients try > > connecting to the server simultaneously. In most of the test run > > atleast one connection fails. The server logs the following message > > for the failed connection: > > > > ** server.c:809 Error accepting SSL connection > > 14658:error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or > > bad record mac:s3_pkt.c:426: > > > > What is the reason for this inconsistent handshake failures? > > > > I have OpenSSL 0.9.8a . > This error can appear for a few reasons, for example: > - bad packet decryption (errors in key or cbc xor) > - bad decompression > - MAC length in packet greater than packet > - bad or NULL MAC > But in this situation I would suggest checking proper > setting of callback locking functions if your server > is multithreading. Locking is used by OpenSSL in multithreading > environment in this situation should be checked first. > (assuming that I am knowing nothing about your server). > > Best regards, > -- > Marek Marcola <[EMAIL PROTECTED]> > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: How to do client verification?
This helps. Thanks. Also, checking if the certificate is issued/signed by a certificate authority that I trust is done during the call to SSL_connect/accept right? At least it seems to be. I guess I should check the Apache configuration to see how they do it. I basically want to model my server like that. Thanks, Ed > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Olaf Gellert > Sent: Thursday, November 02, 2006 1:25 AM > To: openssl-users@openssl.org > Subject: Re: How to do client verification? > > Hi, > > Edward Chan wrote: > > I want to verify that whoever the client is claiming to be, is > > actually allowed to connect. However, I don't know where > to find this > > information in the cert. Are there standard fields where this > > information can be found. For example, in the book, > "Network Security > > with OpenSSL", there is sample code for verifying that the > server is > > actually who the client connected to. It first looks for > the "Subject > > Alternative Name" field, then looks for the "DNS" field within that > > and checks if this matches the hostname being connected to. > If the "DNS" > > field is not found, it then checks the "Subject" field for > the "Common > > Name" field and checks if this matches the hostname being > connected to. > > Is this the proper way to verify the server cert? And > would this work > > for most, if not all, server certs the client might receive? Are > > these typically the fields that one would use to enter the > server's identity? > > Well, this way of verifying the servers DNS name seems pretty > reasonable. But the main check is not mentioned: > You check if the certificate of the server was issued by a > certification authority that you trust! It's easy to trick a > client to connect to a wrong server (usually using some > tricks on DNS), but it should be impossible for an attacker > to forge a certificate in a way that it has a valid signature > from a trusted certification authority. > > > I'm looking for something similar for verifying the client? > Is there > > some set of fields that are typically used to enter the client's > > identity? Would the same fields be used for a client cert? > > Well, client's are usually different. There is nothing that > specifies what you (or a certification authority) writes in > the certificates of a client. Usually it depends a lot of > your application. So what are you doing: Do you authenticate > client hosts (so maybe a DNS field or the subject field would > contain a host name)? Or do you authenticate users (for > example S/MIME email)? > Then the subject field would usually contain the full name of > a user (and maybe something more to identify a specific user, > eg. a certain Adam Smith and not any Adam Smith that might exist...). > > For many secure applications you would just create an own > certification authority and issue certificates yourself. Then > you would simply just trust this single certification > authority and you would not even need to check for the > clients (or users) name that is in the certificate. > > If you trust some CAs that issued more certificates than the > user certificates that you want to accept, you have to know > what's in there and check for the fields in the certificates. > A CA might issue certificates for your organization with the O field > (organization) of your company, so this might be sufficient > to be checked. > > So there is nothing that you can rely on for every > certificate in the world, you have to know how the > certificates that you want to accept look like. > And not to forget: First check if the certificate is valid > (valid signature from a CA that you trust, not expired, not > revoked), then check the contents. > > Apache/ModSSL uses regular expressions to check the contents > of the certificates, so you can configure Apache to check > nearly any fields of the certificates DN (Organization, > Organizational Unit, Subject, State, Location, Country, ...). > > > Thanks in advance for taking the time to help out a rookie :) > > Well, hopefully this helps a bit. > > Cheers, Olaf > > -- > > Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET > Senior Researcher, www.intrusion-lab.net > PKI - and IDS - Services[EMAIL PROTECTED] > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Error accepting connections
Prabbu/Marek/Chong I have a SSL server application. It creates threads for each client connection. My server call accept(). After the sock = accept() return, I put SSL on sock, spin-off a thread for that client. All socks share the same 'ctx' in the server. How do I lock SSL object 'ctx' properly in this case ?? Should I generate different 'ctx' for each client, instead of share ?? Please Help. TD -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Prabhu.S Sent: Thursday, November 02, 2006 9:37 To: openssl-users@openssl.org Subject: Re: Error accepting connections Marek/Chong, Thanks for your reply. As Marek poited out the issue was in the way mutithreading was achieved in server. The locking of SSL context objects 'ctx' was not done properly. The issue is solved now. Chong , I tried using sslv23_server_method but it didn't help . - Original Message - From: "Marek Marcola" <[EMAIL PROTECTED]> To: Sent: Wednesday, November 01, 2006 4:33 AM Subject: Re: Error accepting connections > Hello, > > I have a SSL Server application .. In a test scenario 20 clients try > > connecting to the server simultaneously. In most of the test run > > atleast one connection fails. The server logs the following message > > for the failed connection: > > > > ** server.c:809 Error accepting SSL connection > > 14658:error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or > > bad record mac:s3_pkt.c:426: > > > > What is the reason for this inconsistent handshake failures? > > > > I have OpenSSL 0.9.8a . > This error can appear for a few reasons, for example: > - bad packet decryption (errors in key or cbc xor) > - bad decompression > - MAC length in packet greater than packet > - bad or NULL MAC > But in this situation I would suggest checking proper > setting of callback locking functions if your server > is multithreading. Locking is used by OpenSSL in multithreading > environment in this situation should be checked first. > (assuming that I am knowing nothing about your server). > > Best regards, > -- > Marek Marcola <[EMAIL PROTECTED]> > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Error accepting connections
Hello, > Prabbu/Marek/Chong > I have a SSL server application. It creates threads for each client > connection. > My server call accept(). After the sock = accept() return, I put SSL on > sock, spin-off a thread for that client. All socks share the same 'ctx' > in the server. How do I lock SSL object 'ctx' properly in this case ?? > Should I generate different 'ctx' for each client, instead of share ?? > Please Help. Usually SSL_CTX structure is shared between connections, but SSL object created from SSL_CTX is allocated per connection. In general all dynamic changes are made in SSL object, on creation some data are copied from SSL_CTX, some points back but in general are used most "read-only". But there are some use counters in SSL_CTX which are incremented on SSL object creation and must be (should be) secured by locking mechanism. For this purpose setting static locking callbacks should be enough, but dynamic locking callbacks may be set too. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: verify issuer of a cert
Then what is the right API to do signature verification ? thanks, -wenwu On 11/2/06, Olaf Gellert <[EMAIL PROTECTED]> wrote: Krishna Prasad wrote: > You can check for the Authority Key Identifier and in that the certificate > serial number of the issuer. No, that's not enough. Authority Key Identifier is only to FIND the issuer certificate. After you found one or more certificates matching the Authority Key Identifier, you still have to check the validity of the signature! And: Authority Key Identifier comes in more than one flavour. It might contain the DN of the issuers issuer and the serial number (so if you have a root CA, an intermediate CA and a client certificate, in the client certificates Authority Key Identifier you would find the DN of the root and the serial number of the intermediate CAs certificate). Or you might simply find a hash value identifying the key of the issueing CA. Olaf > On 11/2/06, Bin Lu <[EMAIL PROTECTED]> wrote: >> >> Hi there, >> >> I have 2 certificates in X509 and I want to verify if one cert is the >> issuer of the other, not using the (issuer)name comparison. What is >> the APIshould I use to verify the signature ? I tried the following >> but it >> doesn't work: >> >> X509 *cert, *issuer; >> >> int result = X509_verify(cert, X509_get_pubkey(issuer)); >> >> It always returns -1 even when "cert" is issued by "issuer". >> >> Appreciate any input. >> >> -wenwu >> __ >> OpenSSL Project http://www.openssl.org >> User Support Mailing Listopenssl-users@openssl.org >> Automated List Manager [EMAIL PROTECTED] >> > -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: How to do client verification?
> This helps. Thanks. Also, checking if the certificate is issued/signed > by a certificate authority that I trust is done during the call to > SSL_connect/accept right? At least it seems to be. SSL_get_verify_result will let you know if the certificate is well-formed, properly signed, and issued by a CA you trust. After that, pretty much all you need to do is decide whether that certificate was issued to someone who is supposed to access the resource. How you do that depends upon several factors. For example, if you only trust CAs specifically designed for this application, you could have a certificate extension that lists what the certificate is used for or whose mere existence indicates permission to access this server. If you use public CAs, then you may wish to extract the identity and check it against a list. It really depends a lot on the details of your application and why you are checking the peer in the first place. I believe Apache pretty much just makes sure the certificate passes the basic validity checks and stashes the certificate information where scripts and modules can easily find it so they can make their own allow/disallow/restrict decisions. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Error accepting connections
I am a newbie to openssl, and dont know what your problem actually is!But if you want to use locks this may help:include the pthread.h, ofcourse you already do that.create a mutex:pthread_mutex_t mut;initialize it:pthread_mutex_init(&mut, NULL);From now on, you can create critical sections using lock and unlock.lock:pthread_mutex_lock(&mut); unlock:pthread_mutex_unlock(&mut);hope be useful"Dinh, Thao V CIV B32-Branch" <[EMAIL PROTECTED]> wrote: Prabbu/Marek/ChongI have a SSL server application. It creates threads for each clientconnection.My server call accept(). After the sock = accept() return, I put SSL onsock, spin-off a thread for that client. All socks share the same 'ctx'in the server. How do I lock SSL object 'ctx' properly in this case ??Should I generate different 'ctx' for each client, instead of share ??Please Help.TD -Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of Prabhu.SSent: Thursday, November 02, 2006 9:37To: openssl-users@openssl.orgSubject: Re: Error accepting connectionsMarek/Chong,Thanks for your reply.As Marek poited out the issue was in the way mutithreading was achievedin server. The locking of SSL context objects 'ctx' was not doneproperly. The issue is solved now.Chong ,I tried using sslv23_server_method but it didn't help .- Original Message -From: "Marek Marcola" <[EMAIL PROTECTED]>To: Sent: Wednesday, November 01, 2006 4:33 AMSubject: Re: Error accepting connections> Hello,> > I have a SSL Server application .. In a test scenario 20 clientstry> > connecting to the server simultaneously. In most of the test run> > atleast one connection fails. The server logs the following message> > for the failed connection:> >> > ** server.c:809 Error accepting SSL connection> > 14658:error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failedor> > bad record mac:s3_pkt.c:426:> >> > What is the reason for this inconsistent handshake failures?> >> > I have OpenSSL 0.9.8a .> This error can appear for a few reasons, for example:> - bad packet decryption (errors in key or cbc xor)> - bad decompression> - MAC length in packet greater than packet> - bad or NULL MAC> But in this situation I would suggest checking proper> setting of callback locking functions if your server> is multithreading. Locking is used by OpenSSL in multithreading> environment in this situation should be checked first.> (assuming that I am knowing nothing about your server).>> Best regards,> -- > Marek Marcola <[EMAIL PROTECTED]>>> __> OpenSSL Project http://www.openssl.org> User Support Mailing Listopenssl-users@openssl.org> Automated List Manager [EMAIL PROTECTED]__OpenSSL Project http://www.openssl.orgUser Support Mailing Listopenssl-users@openssl.orgAutomated List Manager [EMAIL PROTECTED]__OpenSSL Project http://www.openssl.orgUser Support Mailing Listopenssl-users@openssl.orgAutomated List Manager [EMAIL PROTECTED] Get your email and see which of your friends are online - Right on the new Yahoo.com
Error: no RSA or DSA server certificate found
I've compiled Apache 2.0.59 with OpenSSL 0.9.9[dev]. The server can run well with RSA cert but when I tried to run it with ECC cert, the server refused to start. Log files are showing: [Fri Nov 03 14:52:20 2006] [info] Init: Initializing OpenSSL library [Fri Nov 03 14:52:20 2006] [info] Init: Seeding PRNG with 144 bytes of entropy [Fri Nov 03 14:52:20 2006] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Fri Nov 03 14:52:21 2006] [info] Init: Generating temporary DH parameters (512/1024 bits) [Fri Nov 03 14:52:21 2006] [debug] ssl_scache_dbm.c(406): Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0 [Fri Nov 03 14:52:21 2006] [info] Init: Initializing (virtual) servers for SSL = [Fri Nov 03 14:52:20 2006] [info] Loading certificate & private key of SSL-aware server [Fri Nov 03 14:52:20 2006] [debug] ssl_engine_pphrase.c(469): unencrypted UNKNOWN private key - pass phrase not required [Fri Nov 03 14:52:21 2006] [info] Configuring server for SSL protocol [Fri Nov 03 14:52:21 2006] [debug] ssl_engine_init.c(405): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [Fri Nov 03 14:52:21 2006] [debug] ssl_engine_init.c(588): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] [Fri Nov 03 14:52:21 2006] [error] Oops, no RSA or DSA server certificate found?! The only thing I've changed in ssl.conf is: SSLCertificateFile conf/secp521r1.crt SSLCertificateKeyFile conf/secp521r1.key Anyone has similar problem? Thanks in advance! __ What is the internet to you? Contribute to the Yahoo! Time Capsule and be a part of internet history. http://timecapsule.yahoo.com/capsule.php?intl=sg __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
