DSA and DH key validation

[Jitendra Pawar]

How to validate DSA and DH generated keys from openssl command line
interface.
Since we can validate the rsa keys using '-check' option in rsa command .
Do we have same provision for DSA and DH keys.



-- 
Thanks & Regards
 Jitendra Pawar

RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism.

[Bhat, Jayalakshmi Manjunath]

Hi Jeff,

Thanks for the reply. I don’t want to enable SSLv2, but would like to support 
SSLv3, TLS 1.0.  Code where I am creating the SSL context and setting the 
options looks  as shown below

ssl_ctx = SSL_CTX_new(SSLv23_client_method());
if (ssl_ctx != NULL)
SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL|SSL_OP_NO_SSLv2);
.. .. .. .. .. ..
.. .. .. .. ..

When I try to connect to a server that supports only SSLv3, client does not 
fallback, rather it fails with an alert "protocol version".  Because client 
sends client hello with protocol version of TLS 1.0, that server does not 
support.  Is this the right behavior? Or should I modifiy the client app to try 
with lower protocol version when I receive this alert. My understanding is 
OpenSSL stack will not perform any fallback. It is up to applications to handle 
it.


Regards
Jaya

-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Jeffrey Walton
Sent: Monday, October 29, 2012 11:05 PM
To: openssl-users@openssl.org
Subject: Re: Need inputs/suggestions on SSL/TLS protocol version fallback 
mechanism.

> SSL_CTX_set_options, should I indicate protocols using this function?.
Before you do that, please realize TLS 1.0 is the least broken of the protocols 
you are trying to enable. You really want all TLS 1.2 clients, but its not 
widely implemented in clients and servers. I can tell you that a number of 
organizations will not want an SSL2/SSL3 clients accessing their corporate data.

Differences Between SSLv2, SSLv3, and TLS, www.yaksman.org/~lweith/ssl.pdf 
Analysis of the SSL 3.0 Protocol, www.schneier.com/paper-ssl.html.

Jeff

On Mon, Oct 29, 2012 at 10:27 AM, Bhat, Jayalakshmi Manjunath 
 wrote:
> Hi Charles,
>
> Thank you for the reply.  I am not setting any option using 
> SSL_CTX_set_options, should I indicate protocols using this function?.
>
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills
> Sent: Monday, October 29, 2012 7:40 PM
> To: openssl-users@openssl.org
> Subject: RE: Need inputs/suggestions on SSL/TLS protocol version 
> fallback mechanism.
>
> Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL, 
> SSL_OP_NO_SSLv3, etc.) to indicate the protocols you are willing to accept?
>
> BTW, openssl-users (not –dev) is the proper forum for this sort of 
> questions.
>
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Bhat, 
> Jayalakshmi Manjunath
> Sent: Monday, October 29, 2012 5:27 AM
> To: openssl-...@openssl.org; openssl-users@openssl.org
> Subject: Need inputs/suggestions on SSL/TLS protocol version fallback 
> mechanism.
>
> I have a client application that uses SSL23_client_method(). When the 
> client is getting connected to server that supports TLS 1.0 there are no 
> issues.
> When the client is getting connected to server that supports only 
> SSLv3.0, connection is getting aborted with protocol number error.
>
> I have couple of question around this issue.
>
> 1.   If I like to support the fallback mechanism,  I need to implement
> the same in the client application. SSL client state machine in 
> OpenSSL does not implement any fallback.
>
> 2.   I did not see any recommendation in SSL/TLS RFC to implement the
> fallback mechanism. I wanted to know are there any side effects in 
> OpenSSL library if fallback mechanism is implemented.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
:��I"Ϯ��r�m
(Z+�K�+1���x��h[�z�(Z+���f�y���f���h��)z{,���

RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism.

[Bhat, Jayalakshmi Manjunath]

Hi Jeff,

Thanks for the reply. I don’t want to enable SSLv2, but would like to support 
SSLv3, TLS 1.0.  Code where I am creating the SSL context and setting the 
options looks  as shown below

ssl_ctx = SSL_CTX_new(SSLv23_client_method());
if (ssl_ctx != NULL)
SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL|SSL_OP_NO_SSLv2);
.. .. .. .. .. ..
.. .. .. .. ..

When I try to connect to a server that supports only SSLv3, client does not 
fallback, rather it fails with an alert "protocol version".  Because client 
sends client hello with protocol version of TLS 1.0, that server does not 
support.  Is this the right behavior? Or should I modifiy the client app to try 
with lower protocol version when I receive this alert. My understanding is 
OpenSSL stack will not perform any fallback. It is up to applications to handle 
it.


Regards
Jaya

 


-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Jeffrey Walton
Sent: Monday, October 29, 2012 11:05 PM
To: openssl-users@openssl.org
Subject: Re: Need inputs/suggestions on SSL/TLS protocol version fallback 
mechanism.

> SSL_CTX_set_options, should I indicate protocols using this function?.
Before you do that, please realize TLS 1.0 is the least broken of the protocols 
you are trying to enable. You really want all TLS 1.2 clients, but its not 
widely implemented in clients and servers. I can tell you that a number of 
organizations will not want an SSL2/SSL3 clients accessing their corporate data.

Differences Between SSLv2, SSLv3, and TLS, www.yaksman.org/~lweith/ssl.pdf 
Analysis of the SSL 3.0 Protocol, www.schneier.com/paper-ssl.html.

Jeff

On Mon, Oct 29, 2012 at 10:27 AM, Bhat, Jayalakshmi Manjunath 
 wrote:
> Hi Charles,
>
> Thank you for the reply.  I am not setting any option using 
> SSL_CTX_set_options, should I indicate protocols using this function?.
>
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills
> Sent: Monday, October 29, 2012 7:40 PM
> To: openssl-users@openssl.org
> Subject: RE: Need inputs/suggestions on SSL/TLS protocol version 
> fallback mechanism.
>
> Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL, 
> SSL_OP_NO_SSLv3, etc.) to indicate the protocols you are willing to accept?
>
> BTW, openssl-users (not –dev) is the proper forum for this sort of 
> questions.
>
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Bhat, 
> Jayalakshmi Manjunath
> Sent: Monday, October 29, 2012 5:27 AM
> To: openssl-...@openssl.org; openssl-users@openssl.org
> Subject: Need inputs/suggestions on SSL/TLS protocol version fallback 
> mechanism.
>
> I have a client application that uses SSL23_client_method(). When the 
> client is getting connected to server that supports TLS 1.0 there are no 
> issues.
> When the client is getting connected to server that supports only 
> SSLv3.0, connection is getting aborted with protocol number error.
>
> I have couple of question around this issue.
>
> 1.   If I like to support the fallback mechanism,  I need to implement
> the same in the client application. SSL client state machine in 
> OpenSSL does not implement any fallback.
>
> 2.   I did not see any recommendation in SSL/TLS RFC to implement the
> fallback mechanism. I wanted to know are there any side effects in 
> OpenSSL library if fallback mechanism is implemented.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl-users] Re: Reference material on how to do certificate validation with OpenSSL

[Jeffrey Walton]

On Mon, Oct 29, 2012 at 4:02 PM, Erwann Abalea
 wrote:
> Where's the failure here?
> hostname_matched is set to HOSTNAME_VALIDATION_ERR at initialization, and in
> case of a NULL hostname or certificate it is returned by the function,
> unmodified.
My bad - you were right. I fetched the document again and some parts
were rewritten. The re-written document did not include the function
with HOSTNAME_VALIDATION_ERR. I'm not sure how I missed
hostname_matched was a return variable (I think I zero'd in on the
name, which implied a match).

Jeff

> Le 27/10/2012 21:00, Jeffrey Walton a écrit :
>
>> On Sat, Oct 27, 2012 at 11:00 AM, Alban D.  wrote:
>>>
>>> Hi everyone,
>>>
>>> iSEC Partners just released a paper that provides detailed guidelines
>>> and sample code on how to properly do certificate validation with
>>> OpenSSL:
>>>
>>> http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html
>>>
>>> It is not trivial and so I thought this reference material could be
>>> useful to people on this mailing list.
>>
>> ] int validate_hostname(char *hostname, X509 *server_cert) {
>> ]   int hostname_matched = HOSTNAME_VALIDATION_ERR;
>> ]   if((hostname == NULL) || (server_cert == NULL))
>> ]  goto error;
>> ] ...
>> ]   error:
>> ] return hostname_matched;
>> ] }
>> You failed open rather than closed. Its not a good choice of
>> strategies for high integrity software.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl-users] Re: Reference material on how to do certificate validation with OpenSSL

[Jeffrey Walton]

On Mon, Oct 29, 2012 at 4:02 PM, Erwann Abalea
 wrote:
> Where's the failure here?
> hostname_matched is set to HOSTNAME_VALIDATION_ERR at initialization, and in
> case of a NULL hostname or certificate it is returned by the function,
> unmodified.
HOSTNAME_VALIDATION_ERR is not mentioned in
https://github.com/iSECPartners/ssl-conservatory/raw/master/everything-you-wanted-to-know-about-openssl.pdf.

Jeff

> Le 27/10/2012 21:00, Jeffrey Walton a écrit :
>
>> On Sat, Oct 27, 2012 at 11:00 AM, Alban D.  wrote:
>>>
>>> Hi everyone,
>>>
>>> iSEC Partners just released a paper that provides detailed guidelines
>>> and sample code on how to properly do certificate validation with
>>> OpenSSL:
>>>
>>> http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html
>>>
>>> It is not trivial and so I thought this reference material could be
>>> useful to people on this mailing list.
>>
>> ] int validate_hostname(char *hostname, X509 *server_cert) {
>> ]   int hostname_matched = HOSTNAME_VALIDATION_ERR;
>> ]   if((hostname == NULL) || (server_cert == NULL))
>> ]  goto error;
>> ] ...
>> ]   error:
>> ] return hostname_matched;
>> ] }
>> You failed open rather than closed. Its not a good choice of
>> strategies for high integrity software.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Trouble with Windows DLL

[Charles Mills]

Aha! Got it, I think. Thanks. Was not aware that one could do this sort of
thing. Neat trick. GetProcAddress() is documented only for locating
functions in a DLL, but I guess __declspec(dllexport) causes the name to be
exported in such a way that GetProcAddress() can find it.

> OpenSSL_Applink is OpenSSL specific as the name indicates, not to mention
that the file applink.c is part of the OpenSSL distro and install.

Well, yeah, of course I knew that. But just because you distroed something
called OpenSSL_printf would not mean that printf was OpenSSL-specific, which
is more or less the question that I asked (whether *applink* was
SSL-specific).

Charles

-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Monday, October 29, 2012 11:52 AM
To: openssl-users@openssl.org
Subject: RE: Trouble with Windows DLL

> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Friday, 26 October, 2012 11:08

> 1. Pardon my ignorance. So _Applink is a generic Windows facility, not 
> OpenSSL-specific? Can you point me to a link or something that 
> explains. I could not find anything.

OpenSSL_Applink is OpenSSL specific as the name indicates, not to mention
that the file applink.c is part of the OpenSSL distro and install.
GetModuleHandle() and GetProcAddress() are Windows generic; look at the code
in ms/uplink.c. 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: PEM_read_PrivateKey

[Dave Thompson]

> From: owner-openssl-us...@openssl.org On Behalf Of Leonardo Laface de
Almeida
> Sent: Monday, 29 October, 2012 16:20

> The problem I've got is quite simple. The callback I pass 
> throught this
> function is not called. 
> Someone could please help me figure out why? I've wrote as 
> OpenSSL page
> tells. Am I doing something wrong? Is thera a best way for 
> doing this? 
> 
What page is that? Your posted code is quite unlike any 
OpenSSL example (or actual) code I've seen.


> EVP_PKEY *pkey;
> BIO *bio;
> 
There's no reason (this) bio variable should be global,  
and pkey maybe not.

> typedef struct pw_cb_data
> {
> const void *password;
> const char *prompt_info;
> } PW_CB_DATA;
> 
> static int rsa_cb(char *buf, int size, int rwflag, void *u)
> {
> int len;
> PW_CB_DATA *cb_data = (PW_CB_DATA *)u;
> 
> //Programm doesn't enter here!!
> len = strlen((char *)cb_data->password);
> 
> if (len <= 0)
> return 0;
> 
> /* if too long, truncate */
> if (len > size)
> len = size;
> 
> memcpy(buf, cb_data->password, len);
> 
> return len;
> }
> 
Using a callback to set a caller-supplied C-style string is 
a waste of time. You can _read*PrivateKey(,,NULL,password).

> int main()
> {
> PW_CB_DATA cb_data; 
> int ret = 1;
> 
> (...)
> memcpy(&kprPath[0],"path_to_Kpr",pathlen);
> kprPath[pathlen] = '\0';
> 
> memcpy(&kprPath[0],"Kpr_password",passlen);
> kprPath[passlen] = '\0';
> 
> if (ret)
> bio = BIO_new(BIO_s_file());
> 
> if (bio == NULL)
> ret = 0;
> 
> if (ret && !BIO_read_filename(bio,&kprPath[0]))
> ret = 0;
> 
The code above set kprPath to "Kpr_password" 
which I doubt is the correct filename.

> cb_data.password = &passwd[0];
> cb_data.prompt_info = &kprPath[0];
> 
It might be the correct "prompt", but 
your callback doesn't use the .prompt_info .
It does use .password, and your code doesn't 
set .password to anything valid at all.

> if (ret)
> 
> pkey=PEM_read_bio_PrivateKey(bio,NULL,(pem_password_cb *)rsa_cb,
> &cb_data); 
> 
> if (pkey != NULL)
> ret = 0;
> 
If pretty much any OpenSSL routine returns an error indicateion, 
and here read*PrivateKey == NULL is an error indication, you should 
look at the error queue: http://www.openssl.org/support/faq.html#PROG6
I bet you'll see that you didn't give it the correct filename.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RES: PEM_read_PrivateKey

[Leonardo Laface de Almeida]

@Gerardo,

I'm having a problem with this function and I will use your thread for some
support.

@All

The problem I've got is quite simple. The callback I pass throught this
function is not called. I inserted a breakpoint into cb and it's not called
at all.

I'm using OpenSSL 1.0.1c. I'm sure about it (My App gets OpenSSL version,
now).

Someone could please help me figure out why? I've wrote as OpenSSL page
tells. Am I doing something wrong? Is thera a best way for doing this? 

Thanks,
Leonardo

My code (c++):


#include "openssl/bio.h"
#include "openssl/err.h"
#include "openssl/evp.h"
#include "openssl/pem.h"

EVP_PKEY *pkey;
BIO *bio;

typedef struct pw_cb_data
{
const void *password;
const char *prompt_info;
} PW_CB_DATA;

static int rsa_cb(char *buf, int size, int rwflag, void *u)
{
int len;
PW_CB_DATA *cb_data = (PW_CB_DATA *)u;

//Programm doesn't enter here!!
len = strlen((char *)cb_data->password);

if (len <= 0)
return 0;

/* if too long, truncate */
if (len > size)
len = size;

memcpy(buf, cb_data->password, len);

return len;
}

int main()
{
PW_CB_DATA cb_data; 
int ret = 1;

(...)
memcpy(&kprPath[0],"path_to_Kpr",pathlen);
kprPath[pathlen] = '\0';

memcpy(&kprPath[0],"Kpr_password",passlen);
kprPath[passlen] = '\0';

if (ret)
bio = BIO_new(BIO_s_file());

if (bio == NULL)
ret = 0;

if (ret && !BIO_read_filename(bio,&kprPath[0]))
ret = 0;

cb_data.password = &passwd[0];
cb_data.prompt_info = &kprPath[0];

if (ret)
pkey=PEM_read_bio_PrivateKey(bio,NULL,(pem_password_cb *)rsa_cb,
&cb_data); 

if (pkey != NULL)
  ret = 0;

//ret is equal 0 and pkey is NULL here.
(...)

return ret;
}

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl-users] Reference material on how to do certificate validation with OpenSSL

[Erwann Abalea]

Bonjour,

In the 4.2 paragraph, talking about revocation, you explicitely write 
that your code examples don't check for revocation. Depending on your 
target audience, this might not be a wise choice.
In the same part, you're referring to a post by Ben Laurie about how 
hard it is to detect revoked certificates, and thus how "useless" it is 
to revoke a certificate, because applications don't check for 
revocation, or do it with a soft-fail behavior. That's something public 
CAs want to be changed, and the lack of revocation check in your 
examples won't help.


--
Erwann ABALEA

Le 27/10/2012 17:00, Alban D. a écrit :

Hi everyone,

iSEC Partners just released a paper that provides detailed guidelines
and sample code on how to properly do certificate validation with
OpenSSL:
http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html

It is not trivial and so I thought this reference material could be
useful to people on this mailing list.

Thanks,

Alban D.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl-users] Re: Reference material on how to do certificate validation with OpenSSL

[Erwann Abalea]

Where's the failure here?
hostname_matched is set to HOSTNAME_VALIDATION_ERR at initialization, 
and in case of a NULL hostname or certificate it is returned by the 
function, unmodified.


--
Erwann ABALEA

Le 27/10/2012 21:00, Jeffrey Walton a écrit :

On Sat, Oct 27, 2012 at 11:00 AM, Alban D.  wrote:

Hi everyone,

iSEC Partners just released a paper that provides detailed guidelines
and sample code on how to properly do certificate validation with
OpenSSL:
http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html

It is not trivial and so I thought this reference material could be
useful to people on this mailing list.

] int validate_hostname(char *hostname, X509 *server_cert) {
]   int hostname_matched = HOSTNAME_VALIDATION_ERR;
]   if((hostname == NULL) || (server_cert == NULL))
]  goto error;
] ...
]   error:
] return hostname_matched;
] }
You failed open rather than closed. Its not a good choice of
strategies for high integrity software.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Incore adjust?

[TJ]

In the previous version of the FIPS module (openssl-fips-1.2.3), the
incore script had an incore_adjust value. The new version
(openssl-fips-2.0.1) is a perl script and I cannot see how to adjust
the offset for our processor.  Can anyone point me in the right
direction here?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Trouble with Windows DLL

[Dave Thompson]

> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Friday, 26 October, 2012 11:08

> 1. Pardon my ignorance. So _Applink is a generic Windows facility, not
> OpenSSL-specific? Can you point me to a link or something 
> that explains. I could not find anything.

OpenSSL_Applink is OpenSSL specific as the name indicates, not to mention 
that the file applink.c is part of the OpenSSL distro and install.
GetModuleHandle() and GetProcAddress() are Windows generic; 
look at the code in ms/uplink.c. 
> 
> 2. While searching, I did find this:
> http://msdn.microsoft.com/en-us/library/windows/desktop/ms6825
> 86(v=vs.85).as
> px It's a definitive explanation of a topic that was 
> discussed here recently
> (this thread?): "how does Windows determine which copy of a 
> DLL to use?" One
> thing of note: it is decidedly NOT true that "if you put the 
> DLL in the same
> folder as the EXE that is the one that will always get used." 
> Ridiculously
> complex, but a definitive explanation, FWIW.
> 
> Charles
> 
> -Original Message-
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
> Sent: Thursday, October 25, 2012 2:00 PM
> To: openssl-users@openssl.org
> Subject: RE: Trouble with Windows DLL
> 
> > From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> > Sent: Wednesday, 24 October, 2012 19:08
> 
> > > The code for "uplink" looks to me like it looks for 
> > _Applink ONLY in the .exe
> > 
> > It *HAS* to be a .exe? OpenSSL has logic that depends on 
> what type of
> > executable is calling it? If I had a .exe that worked with 
> OpenSSL I could
> > not necessarily turn it into a .DLL that exported services 
> to calling
> > programs?
> > 
> No, OpenSSL on Windows does not have logic that depends on 
> the caller, 
> that's why this DOESN'T work. The simplest "upward" dynamic lookup in 
> Windows looks only in the .exe. In order to look in the .dll, OpenSSL 
> would need more complicated code to figure out is that was 
> called from 
> a .dll and not the .exe, and WHICH particular .dll because you could 
> have multiple .dll's compiled differently, and lookup there.
> 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
> 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: sslv3 alert bad certificate:s3_pkt.c:1065:SSL alert number 42

[Dave Thompson]

> From: owner-openssl-us...@openssl.org On Behalf Of Anamitra Dutta Majumdar
(anmajumd)
> Sent: Friday, 26 October, 2012 19:13
> To: openssl-users@openssl.org
> Subject: Re: sslv3 alert bad certificate:s3_pkt.c:1065:SSL alert number 42

> This is a close box without a server operator.
> Is there a way to determine why the [client] cert chain was
> Disliked.
> 
1. Be psychic, or divine. Or guess, and be very lucky.

2. Find out something about the server.

3. Find out something about other users who succeed, if any. 
Look for similarities or differences. Note that the server's 
decision about whether to accept a cert can be based on more 
than what's in the cert, either intentionally or by mistake.
It might reasonably be (partly) based on the client machine 
address and/or DNS. It might less unreasonably be based on 
time of day, or phase of moon, or how many other users are 
connected, or how many have been connected in the past.

4. Keep in mind the server's rejection of your cert (chain) may 
be mistaken. It might be that your cert is actually good but 
the server is misconfigured, or in a bad state, or has a bug.
If the server is wrong and no one can fix it, you can't use it 
unless you can figure out what the problem is and it can be 
avoided or worked around. And if you don't know the correct 
operation figuring out incorrect behaviour is hugely harder.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Certificate lookup

[Dave Thompson]

> From: owner-openssl-us...@openssl.org On Behalf Of flowher
> Sent: Saturday, 27 October, 2012 09:03
> To: openssl-users@openssl.org
> Subject: Certificate lookup
> 
> I'm using 'openssl verify -CApath /something/cert CERT_TO_VERIFY' to
> verify certificate chains. 
> I just found out that some certificates are positively 
> verified even if
> I do not provide argument '-CApath /something/cert'. Root 
> cause of such
> behavior is the fact that openssl uses certificates in 
> /etc/ssl/certs in
> order look for certificates. Is it possible to disable this lookup?
> I already tried to set OPENSSL_CONF=/dev/null, but after I found out
> that it can only be used to specify alternative location for
> openssl.cnf, which is also weird for me. Do you know why 'openssl
> verify' looks in /etc/ssl/openssl.cnf? I mean - what exactly 
> it tries to
> find in this file?
> 
'verify' doesn't use any config settings, thus doesn't need any 
config file unless you use it to load modules and I don't know 
any modules you'd want to load for 'verify' but I don't know all.

The default or specified truststore is unrelated to the default 
or specified config file, except both defaults are in OPENSSLDIR, 
which varies by build and platform and may be /etc/ssl for you.
Last I looked at this you can change the default truststore 
(file and dir) only by setting OPENSSLDIR at build time.

Almost as you found, specifying -CApath and -CAfile overrides 
the defaults; you must specify both to override both, if both 
default file and dir exist and you want neither. 


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: PEM_read_PrivateKey

[Dr. Stephen Henson]

On Mon, Oct 29, 2012, Gerardo Ganis wrote:

> 
> Dear OpenSSL Users,
> 
> Could someone confirm that when loading private keys in memory using
> PEM_read_PrivateKey
> 
>  EVP_PKEY *evpp = PEM_read_PrivateKey(fk, 0, 0, 0);
> 
> the full key is filled in, i.e. evpp points to a complete
> (public+private) key?
> By analyzing the structure after the call it looks so, but since it
> is not documented, I was wondering
> whether it is something on which I can count on; if not what is the
> advised way to load a complete
> key in memory?
> 

Yes. The data read in either contains the public key components (RSAPrivateKey
for example) or the public key components are calculated (e.g. DSA
and PKCS#8).

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Reference material on how to do certificate validation with OpenSSL

[Jeffrey Walton]

On Mon, Oct 29, 2012 at 11:04 AM, Jakob Bohm  wrote:
> On 10/27/2012 10:58 PM, Jeffrey Walton wrote:
>>
>> On Sat, Oct 27, 2012 at 11:00 AM, Alban D.  wrote:
>>>
>>> Hi everyone,
>>>
>>> iSEC Partners just released a paper that provides detailed guidelines
>>> and sample code on how to properly do certificate validation with
>>> OpenSSL:
>>>
>>> http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html
>>>
>>> It is not trivial and so I thought this reference material could be
>>> useful to people on this mailing list.
>>
>>
>> ] Supporting wildcard certificates requires manually parsing
>> ] the name to find the wildcard character, ensuring that it is
>> ] in a valid location within the domain, and then trying to
>> ] match the pattern with the server's expected hostname.
>> Don''t do it because it violates the Principal of Least Privilege. Why
>> should users be asked to trust the receptionist's machine in the lobby
>> or a developer's machine with nearly anything installed?
>>
>> If you are in a multi-domain environment (such as Apache with virtual
>> hosts), use multiple certificates or Server Name Indication (SNI).
>>
>
> You obviously don't understand the proper uses and necessity of
> wildcard certificates:
Actually, I do. Its not a risk I am willing to accept. As a security
architect, I am more than happy to kick software that follows the
practice.

Jeff
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: RSA quintuple vs. xmldsig mismatch

[Wim Lewis]

On 29 Oct 2012, at 8:44 AM, Miroslav Mikluš wrote:
> The xmldsig (http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue)
> use the first form of RSA representation with respect to the :
> http://tools.ietf.org/html/rfc3447#section-3.2


The RSAKeyValue element contains a public key, but the quintuple representation 
is a way to represent a private key. So RSAKeyValue corresponds to (n,e) from 
RFC3447 section 3.1, not 3.2.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism.

[Jeffrey Walton]

> SSL_CTX_set_options, should I indicate protocols using this function?.
Before you do that, please realize TLS 1.0 is the least broken of the
protocols you are trying to enable. You really want all TLS 1.2
clients, but its not widely implemented in clients and servers. I can
tell you that a number of organizations will not want an SSL2/SSL3
clients accessing their corporate data.

Differences Between SSLv2, SSLv3, and TLS, www.yaksman.org/~lweith/ssl.pdf
Analysis of the SSL 3.0 Protocol, www.schneier.com/paper-ssl.html.

Jeff

On Mon, Oct 29, 2012 at 10:27 AM, Bhat, Jayalakshmi Manjunath
 wrote:
> Hi Charles,
>
> Thank you for the reply.  I am not setting any option using
> SSL_CTX_set_options, should I indicate protocols using this function?.
>
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills
> Sent: Monday, October 29, 2012 7:40 PM
> To: openssl-users@openssl.org
> Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback
> mechanism.
>
> Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL,
> SSL_OP_NO_SSLv3, etc.) to indicate the protocols you are willing to accept?
>
> BTW, openssl-users (not –dev) is the proper forum for this sort of
> questions.
>
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Bhat, Jayalakshmi
> Manjunath
> Sent: Monday, October 29, 2012 5:27 AM
> To: openssl-...@openssl.org; openssl-users@openssl.org
> Subject: Need inputs/suggestions on SSL/TLS protocol version fallback
> mechanism.
>
> I have a client application that uses SSL23_client_method(). When the client
> is getting connected to server that supports TLS 1.0 there are no issues.
> When the client is getting connected to server that supports only SSLv3.0,
> connection is getting aborted with protocol number error.
>
> I have couple of question around this issue.
>
> 1.   If I like to support the fallback mechanism,  I need to implement
> the same in the client application. SSL client state machine in OpenSSL does
> not implement any fallback.
>
> 2.   I did not see any recommendation in SSL/TLS RFC to implement the
> fallback mechanism. I wanted to know are there any side effects in OpenSSL
> library if fallback mechanism is implemented.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism.

[Bhat, Jayalakshmi Manjunath]

Hi  Charles,

I was under the assumption that I can turn of protocols using this options. 
Since I wanted to give a try, without turning off any protocol, did not give 
attention towards this call. Let me give a try.

Thank you
Jaya
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Charles Mills
Sent: Monday, October 29, 2012 8:47 PM
To: openssl-users@openssl.org
Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback 
mechanism.

You should at least look into it. I am not sure what the defaults are without 
looking at the docs. Try setting SSL_OP_ALL (sounds good to me) | 
SSL_OP_NO_SSLv2 (SSL v2 is considered to be badly flawed). That should (IIRC) 
leave you able to accept SSL v3, TLS v1, and TLS v1.1.

Charles
From: owner-openssl-us...@openssl.org 
[mailto:owner-openssl-us...@openssl.org]
 On Behalf Of Bhat, Jayalakshmi Manjunath
Sent: Monday, October 29, 2012 7:28 AM
To: openssl-users@openssl.org
Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback 
mechanism.

Hi Charles,

Thank you for the reply.  I am not setting any option using 
SSL_CTX_set_options, should I indicate protocols using this function?.

Regards
Jaya
From: owner-openssl-us...@openssl.org 
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills
Sent: Monday, October 29, 2012 7:40 PM
To: openssl-users@openssl.org
Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback 
mechanism.

Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL, SSL_OP_NO_SSLv3, 
etc.) to indicate the protocols you are willing to accept?

BTW, openssl-users (not -dev) is the proper forum for this sort of questions.

Charles
From: owner-openssl-us...@openssl.org 
[mailto:owner-openssl-us...@openssl.org]
 On Behalf Of Bhat, Jayalakshmi Manjunath
Sent: Monday, October 29, 2012 5:27 AM
To: openssl-...@openssl.org; 
openssl-users@openssl.org
Subject: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism.

Hi All,

I have a client application that uses SSL23_client_method(). When the client is 
getting connected to server that supports TLS 1.0 there are no issues. When the 
client is getting connected to server that supports only SSLv3.0, connection is 
getting aborted with protocol number error.

I have couple of question around this issue.


1.   If I like to support the fallback mechanism,  I need to implement the 
same in the client application. SSL client state machine in OpenSSL does not 
implement any fallback.

2.   I did not see any recommendation in SSL/TLS RFC to implement the 
fallback mechanism. I wanted to know are there any side effects in OpenSSL 
library if fallback mechanism is implemented.

https server using openssl

[Indtiny s]

 Hi,
I have CCM chiper suite in the openssl and for some other requirement I
have write my own simple webserver... Can somebody help me to develop
simple openssl based webserver ..

I just need to support the POST operation at my server side
i.e , in my requirement , client will post the data to web server , here
server should receive the data and provide the HTTP response as 201 to
client .

How to start implementing this with the help of openssl ..?

Rgds
Indu

PEM_read_PrivateKey

[Gerardo Ganis]

Dear OpenSSL Users,

Could someone confirm that when loading private keys in memory using
PEM_read_PrivateKey

 EVP_PKEY *evpp = PEM_read_PrivateKey(fk, 0, 0, 0);

the full key is filled in, i.e. evpp points to a complete
(public+private) key?
By analyzing the structure after the call it looks so, but since it
is not documented, I was wondering
whether it is something on which I can count on; if not what is the
advised way to load a complete
key in memory?

Thank you in advance for any advise.

Gerardo Ganis   

-- 
+--+
  Gerardo GANISCERN, PH Dept, SFT group, CH 1211 Geneve 23  
   room: 32-RC-017, tel: +41 22 7676439
   email: gerardo.ga...@cern.ch, fax: +41 22 7669133
+--+

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RSA quintuple vs. xmldsig mismatch

[Miroslav Mikluš]

Hi all,

The xmldsig (http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue)
use the first form of RSA representation with respect to the :
http://tools.ietf.org/html/rfc3447#section-3.2

It looks like rsa.h use the quintuple representation only,
is there a way how to work with the (n, d) form in openssl ?

Or there is a way how to transform the first form to the second one ?

nice day,
Miro



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: How to display certs from CA path

[Jakob Bohm]

(Remember to start a new thread, not replying to some ancient
thread).

(Remember to put a non-blank subject in your mails, so we all
have an idea what is about)

On 10/22/2012 6:51 PM, Kevin Butters wrote:

Is there an SSL command that can be used to display CA cert information
extracted from the certificate path associated with a cert?



This is usually a two step process:

1. Find the certs in the CA path.  Depending on what you have,
you could use one of the following commands

  openssl verify -verbose -purpose any somecertificate.pem

  openssl s_client -connect someserver.example.com:443 -showcerts < NUL

  openssl pkcs7 -noout -print_certs -text -in somemail.pem

  openssl cms (some args) somemail.pem

2. Display each certificate with the command

  openssl x509 -noout -text -in onecert.pem

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism.

[Charles Mills]

You should at least look into it. I am not sure what the defaults are
without looking at the docs. Try setting SSL_OP_ALL (sounds good to me) |
SSL_OP_NO_SSLv2 (SSL v2 is considered to be badly flawed). That should
(IIRC) leave you able to accept SSL v3, TLS v1, and TLS v1.1. 

 

Charles

From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Bhat, Jayalakshmi
Manjunath
Sent: Monday, October 29, 2012 7:28 AM
To: openssl-users@openssl.org
Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback
mechanism.

 

Hi Charles,

 

Thank you for the reply.  I am not setting any option using
SSL_CTX_set_options, should I indicate protocols using this function?. 

 

Regards

Jaya

From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills
Sent: Monday, October 29, 2012 7:40 PM
To: openssl-users@openssl.org
Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback
mechanism.

 

Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL,
SSL_OP_NO_SSLv3, etc.) to indicate the protocols you are willing to accept?

 

BTW, openssl-users (not -dev) is the proper forum for this sort of
questions.

 

Charles

From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Bhat, Jayalakshmi
Manjunath
Sent: Monday, October 29, 2012 5:27 AM
To: openssl-...@openssl.org; openssl-users@openssl.org
Subject: Need inputs/suggestions on SSL/TLS protocol version fallback
mechanism.

 

Hi All,

 

I have a client application that uses SSL23_client_method(). When the client
is getting connected to server that supports TLS 1.0 there are no issues.
When the client is getting connected to server that supports only SSLv3.0,
connection is getting aborted with protocol number error.

 

I have couple of question around this issue.

 

1.   If I like to support the fallback mechanism,  I need to implement
the same in the client application. SSL client state machine in OpenSSL does
not implement any fallback. 

2.   I did not see any recommendation in SSL/TLS RFC to implement the
fallback mechanism. I wanted to know are there any side effects in OpenSSL
library if fallback mechanism is implemented.

Re: Reference material on how to do certificate validation with OpenSSL

[Jakob Bohm]

On 10/27/2012 10:58 PM, Jeffrey Walton wrote:

On Sat, Oct 27, 2012 at 11:00 AM, Alban D.  wrote:

Hi everyone,

iSEC Partners just released a paper that provides detailed guidelines
and sample code on how to properly do certificate validation with
OpenSSL:
http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html

It is not trivial and so I thought this reference material could be
useful to people on this mailing list.


] Supporting wildcard certificates requires manually parsing
] the name to find the wildcard character, ensuring that it is
] in a valid location within the domain, and then trying to
] match the pattern with the server's expected hostname.
Don''t do it because it violates the Principal of Least Privilege. Why
should users be asked to trust the receptionist's machine in the lobby
or a developer's machine with nearly anything installed?

If you are in a multi-domain environment (such as Apache with virtual
hosts), use multiple certificates or Server Name Indication (SNI).



You obviously don't understand the proper uses and necessity of
wildcard certificates:

1. Many existing clients support no form of SNI (there are two forms
for HTTP) or use protocols that will have difficulty supporting it.

2. The business model of commercial CAs make it economically
infeasible for sites to acquire separate certificates for each low
visibility service, such as enabling STARTTLS on SMTP to a backup MX.
But acquiring a wildcard cert shared by all such services is
affordable and does not require a purchase bureaucracy every time an
additional server is brought online.

3. Being covered by a wildcard certificates name match does not give
a computer access to the private key needed to actually use that
certificate.  The security model is that the wildcard cert identifies
the organization, and the organization only installs the private key
on trusted servers.


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism.

[Bhat, Jayalakshmi Manjunath]

Hi Charles,

Thank you for the reply.  I am not setting any option using 
SSL_CTX_set_options, should I indicate protocols using this function?.

Regards
Jaya
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Charles Mills
Sent: Monday, October 29, 2012 7:40 PM
To: openssl-users@openssl.org
Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback 
mechanism.

Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL, SSL_OP_NO_SSLv3, 
etc.) to indicate the protocols you are willing to accept?

BTW, openssl-users (not -dev) is the proper forum for this sort of questions.

Charles
From: owner-openssl-us...@openssl.org 
[mailto:owner-openssl-us...@openssl.org]
 On Behalf Of Bhat, Jayalakshmi Manjunath
Sent: Monday, October 29, 2012 5:27 AM
To: openssl-...@openssl.org; 
openssl-users@openssl.org
Subject: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism.

Hi All,

I have a client application that uses SSL23_client_method(). When the client is 
getting connected to server that supports TLS 1.0 there are no issues. When the 
client is getting connected to server that supports only SSLv3.0, connection is 
getting aborted with protocol number error.

I have couple of question around this issue.


1.   If I like to support the fallback mechanism,  I need to implement the 
same in the client application. SSL client state machine in OpenSSL does not 
implement any fallback.

2.   I did not see any recommendation in SSL/TLS RFC to implement the 
fallback mechanism. I wanted to know are there any side effects in OpenSSL 
library if fallback mechanism is implemented.

Any help on this points are appreciated.

Regards
Jayalakshmi

Re: Reference material on how to do certificate validation with OpenSSL

[Michel]

Thanks,

Also it can be usefull to go back to the book 'Network Security with 
OpenSSL', pages 128 to 138.


Michel.

Le 27/10/2012 17:00, Alban D. a écrit :

Hi everyone,

iSEC Partners just released a paper that provides detailed guidelines
and sample code on how to properly do certificate validation with
OpenSSL:
http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html

It is not trivial and so I thought this reference material could be
useful to people on this mailing list.

Thanks,

Alban D.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism.

[Charles Mills]

Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL,
SSL_OP_NO_SSLv3, etc.) to indicate the protocols you are willing to accept?

 

BTW, openssl-users (not -dev) is the proper forum for this sort of
questions.

 

Charles

From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Bhat, Jayalakshmi
Manjunath
Sent: Monday, October 29, 2012 5:27 AM
To: openssl-...@openssl.org; openssl-users@openssl.org
Subject: Need inputs/suggestions on SSL/TLS protocol version fallback
mechanism.

 

Hi All,

 

I have a client application that uses SSL23_client_method(). When the client
is getting connected to server that supports TLS 1.0 there are no issues.
When the client is getting connected to server that supports only SSLv3.0,
connection is getting aborted with protocol number error.

 

I have couple of question around this issue.

 

1.   If I like to support the fallback mechanism,  I need to implement
the same in the client application. SSL client state machine in OpenSSL does
not implement any fallback. 

2.   I did not see any recommendation in SSL/TLS RFC to implement the
fallback mechanism. I wanted to know are there any side effects in OpenSSL
library if fallback mechanism is implemented.

 

Any help on this points are appreciated.

 

Regards

Jayalakshmi

 

 

 

Need inputs/suggestions on SSL/TLS protocol version fallback mechanism.

[Bhat, Jayalakshmi Manjunath]

Hi All,

I have a client application that uses SSL23_client_method(). When the client is 
getting connected to server that supports TLS 1.0 there are no issues. When the 
client is getting connected to server that supports only SSLv3.0, connection is 
getting aborted with protocol number error.

I have couple of question around this issue.


1.   If I like to support the fallback mechanism,  I need to implement the 
same in the client application. SSL client state machine in OpenSSL does not 
implement any fallback.

2.   I did not see any recommendation in SSL/TLS RFC to implement the 
fallback mechanism. I wanted to know are there any side effects in OpenSSL 
library if fallback mechanism is implemented.

Any help on this points are appreciated.

Regards
Jayalakshmi