TLS CA Certificate Loading in DER format
Hi, I am to use TLS for securing an application's data transfer. For development purposes I have been using a dummy set of certificates in PEM format. The currently used "SSL_CTX_load_verify_locations" API requires that the certificate be in PEM format. However, in real time scenario, the application being developed MUST make use of certificates in DER format as per the requirements. So I wanted to know whether there is a way to load CA certificates in DER format using any SSL APIs. My search till now for such an API has been unfruitful. Thanks in Advance. -- Thanks & Regards Chaitra Shankar __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: How to re-use a socket with a new SSL session?
Hi Victor, > You should be able to cleanly shut-down SSL on both sides, and > resume in a new process, provided the application protocol has > a clean session termination phase. > For example, implementing an application level "STOPTLS" verb that > the initiator may request and the responder must confirm, after which > both sides tear down TLS. The connection stays open, and the initiator > may follow-up with a "client HELLO" to resume SSL. Victor, you've just described exactly what I've been trying to do. A clean shutdown on both sides, socket connection left open, then a "client HELLO" after which both sides initiate SSL again. I just can't seem to find a method of doing it that actually works. cheers Andrew
Re: How to re-use a socket with a new SSL session?
On Fri, Sep 11, 2009 at 11:14:18AM +1000, Andrew Sumner wrote: > Hi David, > > Thanks, you've saved me from tons of frustration and wasted time chasing an > unworkable solution. The proxy idea sounds very promising, I'll check it > out. You should be able to cleanly shut-down SSL on both sides, and resume in a new process, provided the application protocol has a clean session termination phase. For example, implementing an application level "STOPTLS" verb that the initiator may request and the responder must confirm, after which both sides tear down TLS. The connection stays open, and the initiator may follow-up with a "client HELLO" to resume SSL. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: How to re-use a socket with a new SSL session?
Hi David, Thanks, you've saved me from tons of frustration and wasted time chasing an unworkable solution. The proxy idea sounds very promising, I'll check it out. cheers Andrew
RE: How to re-use a socket with a new SSL session?
Andrew Sumner wrote: > Implementing openssl I've hit a wall. > I need to initiate SSL on the connection in the > listener, before the client sends the login packet as it > obviously shouldn't be sent in the clear. > There's no way to pass the SSL objects to the new process, > so I've been trying to close the SSL session and initiate a > new one on the still-open socket from the worker process. This has ugly potential security problems. > To do this, the listener sends a packet to the client when > it starts the worker process, telling the client to shutdown > its SSL. The listener does the same (calls SSL_shutdown > then SSL_free). The worker process sends a packet in the clear > to the client on the socket (this works), then calls SSL_new, > BIO_new_socket, SSL_set_bio and SSL_accept. When the client > gets the packet in the clear from the worker process, it also > calls SSL_new, BIO_new_socket, SSL_set_bio and then SSL_connect. > So far so good, it all appears to work. Key word is appears to. This is exceptionally difficult to get right. The problem is that both ends must precisely agree on where the SSL connection ends in both half-duplex streams. There are ugly ways to fix this -- for example, send a bunch of 0xff bytes followed by an 0x00 byte and have each end ignore all 0xff bytes until it reads an 0x00 byte. But that's really, really yucky. The other possible way is to go with BIO pairs and encapsulate all the SSL data in a higher-level protocol that can separate the two SSL exchanges. Also very yucky. Here's another butt ugly solution -- in the first SSL connection, send the client a random 128-bit string. Then shutdown the connection. Have the client make a new connection, send the 128-bit string, and then negotiate SSL. When your server sees the 128-bit string, hand off the connection as an "already logged in" one. Yuck. > The client can then send messages to the server worker process > using SSL_write, and the worker receives them ok. However, > when the worker sends something to the client, nothing comes > through - SSL_read fails. > In summary, is there any way of closing an SSL session on a socket, then opening a brand new one? Yes, but that's usually a really bad solution. Here's a better one: Implement SSL in a separate process that accepts SSL connections from clients and makes local direct connections to the server. Continue to proxy the data. You can use an off-the-shelf proxy (such as sslproxy), modifying it only as/if needed. Clean, elegant, sensible. Alternatively, have the server process create a bidirectional socketpair and itself act as an SSL proxy. Hand the worker the plaintext end of that pair. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
PEAP-TLS session resumption issue with OpenSSL lib version 0.9.8k
Hi, I am seeing an issue with the OpenSSL 0.9.8k version, in which the client fails PEAP-TLS session resumption when 'fast reconnect' is disabled on the IAS server. The issue is not happening with earlier versions of OpenSSL. Has anybody seen this issue? The issue happens when the client is established TLS session with the server. The client is receiving server hello and the client is immediately responding with Client TLS cert and the server sends an alert message rejecting the client certificate. Thanks, Vani _ With Windows Live, you can organize, edit, and share your photos. http://www.windowslive.com/Desktop/PhotoGallery
How to re-use a socket with a new SSL session?
I've got a situation where a listener on the server receives a connection then the client sends a login packet. The server creates a new "worker" process as the logged in user and passes it the socket ID. The worker process takes over communication with the client (which is unaware of what's happened on the server) and the listener listens for a new connection. Its old, mature software, running on Windows that can't be changed that much (large customer base). Implementing openssl I've hit a wall. I need to initiate SSL on the connection in the listener, before the client sends the login packet as it obviously shouldn't be sent in the clear. There's no way to pass the SSL objects to the new process, so I've been trying to close the SSL session and initiate a new one on the still-open socket from the worker process. To do this, the listener sends a packet to the client when it starts the worker process, telling the client to shutdown its SSL. The listener does the same (calls SSL_shutdown then SSL_free). The worker process sends a packet in the clear to the client on the socket (this works), then calls SSL_new, BIO_new_socket, SSL_set_bio and SSL_accept. When the client gets the packet in the clear from the worker process, it also calls SSL_new, BIO_new_socket, SSL_set_bio and then SSL_connect. So far so good, it all appears to work. The client can then send messages to the server worker process using SSL_write, and the worker receives them ok. However, when the worker sends something to the client, nothing comes through - SSL_read fails. In summary, is there any way of closing an SSL session on a socket, then opening a brand new one? regards, Andrew
Re: Apache https config problem
This is not an Apache support list. However, if you're getting "file does not exist", then your entire configuration is in need of a lot of work. -Kyle H On Thu, Sep 10, 2009 at 5:39 AM, wrote: > > > > From: majord...@openssl.org To: dbrahman...@intelliquip.com Date: 09/10/2009 > 08:24 AM Subject: Welcome to openssl-users > -- > > Hi, > > I have installed apache 2.2.13 (apache_2.2.13-win32-x86-openssl-0.9.8k.msi) > and I am struggling to get the https to work. > > The app works in http mode but fails to load in https mode where it shows > 404 on IE browser. > > Please help. > > The error log shows this msg- [error] [client x.x.x.x] File does not exist: > C:/../../ > > Following are settings in .conf files- > > *conf/httpd.conf :* > DocumentRoot & are set to my app's base deployed directory > > *conf/extra/httpd-ssl.conf:* > SSLEngine on > SSLMutex none > > DocumentRoot is set to my app's base deployed directory > SSLCertificateFile, SSLCertificateKeyFile paths are correct. > > > *conf/extra/httpd-vhosts.conf:* > NameVirtualHost * > > ServerName myservername >JkMount.. > JkMount.. > > > Thanks in advance > > Durga Prasad > > Welcome to the openssl-users mailing list! > > Please save this message for future reference. Thank you. > > If you ever want to remove yourself from this mailing list, > you can send mail to with the following > command in the body of your email message: > >unsubscribe openssl-users > > or from another account, besides dbrahman...@intelliquip.com: > >unsubscribe openssl-users dbrahman...@intelliquip.com > > If you ever need to get in contact with the owner of the list, > (if you have trouble unsubscribing, or have questions about the > list itself) send email to . > This is the general rule for most mailing lists when you need > to contact a human. > > Here's the general information for the list you've subscribed to, > in case you don't already have it: > > This open mailing list is used for discussions between > the OpenSSL users. Everyone can post. > > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > >
No shortcuts (was: Re: Is openssl crypto library thread-safe?)
(OT) * Mark wrote on Thu, Sep 10, 2009 at 15:54 +0100: > > No offense, but that's what the mailing list is for. > > Granted, a search might have yielded the answer as well... > > but if anything, the question should make you feel good > > because it's one mess you won't be cleaning up. > > No offense, but I disagree. This list is for questions > specific to OpenSSL programming, not for questions like "should > I do what the documentation says". Asking such a question > shows a fundamental misunderstanding on correct programming > techniques. Unfortunately this is all too common IME. Yes, since this came up again I cannot resist to tell that I really liked your statement about bad results when trying to go shortcuts and that it is not worth it. Very true. Also for designs (like trying to optimise or simplify patterns). ...what a waste when (after hours of debugging some race condition) suddenly finding some _lock() function just consisting of "/* TODO */" but no code... oki, Steffen --[ end of message ]--->8=== __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Apache https config problem
From: majord...@openssl.org To: dbrahman...@intelliquip.com Date: 09/10/2009 08:24 AM Subject: Welcome to openssl-users Hi, I have installed apache 2.2.13 (apache_2.2.13-win32-x86-openssl-0.9.8k.msi) and I am struggling to get the https to work. The app works in http mode but fails to load in https mode where it shows 404 on IE browser. Please help. The error log shows this msg- [error] [client x.x.x.x] File does not exist: C:/../../ Following are settings in .conf files- conf/httpd.conf : DocumentRoot & are set to my app's base deployed directory conf/extra/httpd-ssl.conf: SSLEngine on SSLMutex none DocumentRoot is set to my app's base deployed directory SSLCertificateFile, SSLCertificateKeyFile paths are correct. conf/extra/httpd-vhosts.conf: NameVirtualHost * ServerName myservername JkMount.. JkMount.. Thanks in advance Durga Prasad Welcome to the openssl-users mailing list! Please save this message for future reference. Thank you. If you ever want to remove yourself from this mailing list, you can send mail to with the following command in the body of your email message: unsubscribe openssl-users or from another account, besides dbrahman...@intelliquip.com: unsubscribe openssl-users dbrahman...@intelliquip.com If you ever need to get in contact with the owner of the list, (if you have trouble unsubscribing, or have questions about the list itself) send email to . This is the general rule for most mailing lists when you need to contact a human. Here's the general information for the list you've subscribed to, in case you don't already have it: This open mailing list is used for discussions between the OpenSSL users. Everyone can post. OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: A PKI in a web page
Hi, You can have a look at PHPki (http://sourceforge.net/projects/phpki) : it's has the advantage of publishing a CRL and certificates on a web pages, plus enrollment and revocation pages. It's based on PHP and it invokes the openssl utility with conf files created on the fly for each operation. I have been using it for a year now and it was easy to modify it to accommodate my own requirements (like supporting SHA1 instead of the default MD5 and adding new templates). I hope it can be useful for you as it is for me. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr jehan procaccia wrote: > Good initiative I'll give it a try ... > although I am looking for "intermediate" size PKI free software, > I am a bit confused with large scale software like openca or ejbca , > too complex :-( > I used to operate my pki with a perl-openssl package from > http://devel.it.su.se/pub/jsp/polopoly.jsp?d=1026&a=3290 > but it dates from 2005 without evolution ... > Now that I am about to re-create a new root, I'am looking for a new > software very close to openssl with command line interface, but still > able to publish crl and certs on a web page . > any advice ? > > Regards . > > Richard Salz a écrit : >> >From my blog, at >> https://www.ibm.com/developerworks/mydeveloperworks/blogs/soma/entry/a_pki_in_a_web_page10 >> >> >> I'm making available my small set of web pages and Perl script that >> implement a self-service PKI built around OpenSSL. The Perl script >> and config are under 250 lines and the couple of web pages involved >> are under 200 lines; there's also a couple of screen shots to guide >> someone through installing a cert on Microsoft Windows. It's all in >> the public domain. Enjoy. >> >> -- >> STSM, DataPower CTO >> WebSphere Appliance Architect >> http://www.ibm.com/software/integration/datapower/ >> __ >> OpenSSL Project http://www.openssl.org >> User Support Mailing Listopenssl-users@openssl.org >> Automated List Manager majord...@openssl.org >> > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RSA OAEP encrypt with a label
Hello, On Thu, Sep 10, 2009 at 08:34:56AM +0200, Einar Thorsrud wrote: > > I do not find any possibility to add the label to the > > RSA_public_encrypt() function, but it could perhaps be achieved > > otherwise? > > Could the label perhaps be related to the *p parameter in > > int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen, > const unsigned char *f,int fl, > const unsigned char *p,int pl); > > This however, is really just a shot in the dark on my behalf, > as I am unable to find any reference to "label" related to RSA > in the OpenSSL source code. I've just had a quick look at the code and to me it seems like you're right. The PKCS#1 v2.1 document says on page 18, 2a and 2c that for applying the OEAP padding, the label is used as input to a hash function. The function's output is concatenated with other data in DB, DB = lhash||ps||0x01||m I would say this is what happens in RSA_padding_add_PKCS1_OAEP() (p is called param in my version): EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL); (digest function's output is db, its length is SHA_DIGEST_LENGTH) the following line clears the remaining part of db that is filled later as described above. memset(db + SHA_DIGEST_LENGTH, 0, emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); Best regards, Martin __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: A PKI in a web page
Good initiative I'll give it a try ... although I am looking for "intermediate" size PKI free software, I am a bit confused with large scale software like openca or ejbca , too complex :-( I used to operate my pki with a perl-openssl package from http://devel.it.su.se/pub/jsp/polopoly.jsp?d=1026&a=3290 but it dates from 2005 without evolution ... Now that I am about to re-create a new root, I'am looking for a new software very close to openssl with command line interface, but still able to publish crl and certs on a web page . any advice ? Regards . Richard Salz a écrit : >From my blog, at https://www.ibm.com/developerworks/mydeveloperworks/blogs/soma/entry/a_pki_in_a_web_page10 I'm making available my small set of web pages and Perl script that implement a self-service PKI built around OpenSSL. The Perl script and config are under 250 lines and the couple of web pages involved are under 200 lines; there's also a couple of screen shots to guide someone through installing a cert on Microsoft Windows. It's all in the public domain. Enjoy. -- STSM, DataPower CTO WebSphere Appliance Architect http://www.ibm.com/software/integration/datapower/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Is openssl crypto library thread-safe?
> > No offense, but I disagree. This list is for questions specific to OpenSSL > programming, not for questions like "should I do what the documentation says". > Asking such a question shows a fundamental misunderstanding on correct > programming > techniques. Unfortunately this is all too common IME. It's OK, you can be wrong. Whether you like it or not, that question was about OpenSSL programming. The documentation for this project is not always up to date on these and other issues and it's reasonable to ask for clarification or confirmation. Ben __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Is openssl crypto library thread-safe?
> On Thu, Sep 10, 2009 at 6:29 AM, Mark > <2d3ww4...@sneakemail.com> wrote: > > > > I am always very concerned when I read questions like this. The > > documentation says to implement the callbacks. Therefore you must > > do so. > > No offense, but that's what the mailing list is for. Granted, a > search might have yielded the answer as well... but if anything, the > question should make you feel good because it's one mess you won't be > cleaning up. No offense, but I disagree. This list is for questions specific to OpenSSL programming, not for questions like "should I do what the documentation says". Asking such a question shows a fundamental misunderstanding on correct programming techniques. Unfortunately this is all too common IME. Mark __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Is openssl crypto library thread-safe?
On Thu, Sep 10, 2009 at 6:29 AM, Mark <2d3ww4...@sneakemail.com> wrote: > > I am always very concerned when I read questions like this. The > documentation says to implement the callbacks. Therefore you must > do so. No offense, but that's what the mailing list is for. Granted, a search might have yielded the answer as well... but if anything, the question should make you feel good because it's one mess you won't be cleaning up. Ben __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Is openssl crypto library thread-safe?
> We are planning to make use of openssl crypto library in > multithreaded environment. > > We found in the openssl website that " > OpenSSL can safely be used in multi-threaded applications > provided that at least two callback functions are set, > locking_function and threadid_func." And from FAQ, its stated > that "Openssl is thread safe with limitations [ SSL > connections may not be used concurrently in many threads]" . > > So, can someone let us know that the functions mentioned > above are MT safe without implementing the two callback functions. I am always very concerned when I read questions like this. The documentation says to implement the callbacks. Therefore you must do so. I have often be called in to sort bugs out which have turned out to be caused by programmers taking shortcuts. It's just not worth it. Mark. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Is openssl crypto library thread-safe?
On Thu, Sep 10, 2009, deiva shanmugam wrote: > Hi, > > Thanks for the response, steve. > > So, irrepective of creating the openssl object per thread or globally for > all threads, callback functions should be implemented to make the > application thread safe? > Yes: the error queue requires it and just about every part of OpenSSL uses the error queue. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: fipscanister.lib with symbols
On Thu, Sep 10, 2009, pankaj227 wrote: > > /Zi option needs to be added to CFLAGS. May be it can be considered as a > default option for debug builds of Windows in future releases of OpenSSL > since debugging normally requires stepping into the code. > It is in 1.0.0. Note that a debugging version violates the security policy because you need to change the build process. That shouldn't matter because a production version of the library is normally used when a validated version is needed. Also note that debugging and in particular introducing breakpoints can intefere with the FIPS mode integrity test, meaning you get errors attempting to enter FIPS mode under a debugger. The test would need to be disabled while debuging. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: fipscanister.lib with symbols
/Zi option needs to be added to CFLAGS. May be it can be considered as a default option for debug builds of Windows in future releases of OpenSSL since debugging normally requires stepping into the code. pankaj227 wrote: > > Hi, > > I want to use fipscanister.lib along with debugging information (symbols) > in Visual C++. I have changed the following line in do_fips.bat as > follows: > > perl util\mk1mf.pl dll debug %ASM% %TARGET% >ms\ntdll.mak > > This creates out32dll.dbg folder. > > I am not able to step into the code using the debug fipscanister.lib. Is > there any way to include symbol information so that I can step into > it.(i.e enabling source level debugging) > > Pankaj > > > -- View this message in context: http://www.nabble.com/fipscanister.lib-with-symbols-tp25306170p25381019.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Implementation of API SSL_shutdown
Hi, Can any one tell when where can I see the implemenataion of SSL API " SSL_shutdown " Thanks in advance. -- View this message in context: http://www.nabble.com/Implementation-of-API-SSL_shutdown-tp25380103p25380103.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: send encrypted data to remote server
Goetz Babin-Ebell wrote: > I think you have terrible mixed up you requirements and your (broken) > solution. > As far as I understood, you want: > > 1) Only one entity may be able to generate data. > 2) Only a fixed set of entities may be able to read > ~ the generated data. > > The answer to 1) is data signing done with the signers private key > and verified by the signers public key that is distributed to all > recipients. > The answer to 2) is encryption. One of the possible ways to do that > is encrypting the data for all public key of all recipients. > The public keys of all recipients must be present when the > data is encrypted. Yup, you got it right. I guess I'll go with the above ideas. Thanks a lot for the pointers. I was trying to achieve this in a single step, with only I having the public key and all the clients have the private key. That way, both the requirement are satisfied. Of course, it mixes up the names and sounds ridiculous. But names are just strings and in PKI, if you encrypt with 1 key, the other key is the only way to get back at the original content. So theoretically, the single step must be possible. But, both GnuPG and OpenSSL doesn't give me 2 files, with the private and public keys, just on their own. The public key is always embedded into the private key also. It seems http://search.cpan.org/~vipul/Crypt-RSA-1.99/lib/Crypt/RSA.pm fits my requirements perfectly and it works fine. Thanks to your help once again and also to other guys, David Schwartz and Paul Allen too :) cheers, skar. -- -- The life so short, the craft so long to learn. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org