Re: connection problem with the version 1.0.1e

2013-10-11 Thread nehakochar 
Rajesh Malepati wrote
 On Wed, Jul 24, 2013 at 9:30 PM, kirpit lt;

 kirpit@

 gt; wrote:
 
 The server doesn't seem to care to respond to clients supporting TLS 1.2
 
 ok:
  openssl s_client -tls1 -connect emea.webservices.travelport.com:443
 
 no reply:
 openssl s_client -tls1_2 -connect emea.webservices.travelport.com:443
 
 such servers should be beaten to pulp.

Hi,
I ran into the same problem and then came across this thread. According to
http://tools.ietf.org/html/rfc5246#appendix-E:
  A TLS 1.2 client who wishes to negotiate with such older servers will
   send a normal TLS 1.2 ClientHello, containing { 3, 3 } (TLS 1.2) in
   ClientHello.client_version.  If the server does not support this
   version, it will respond with a ServerHello containing an older
   version number.

Why then the server isn't responding at all to the Client Hello for TLS1.2?
Is this expected behavior with OpenSSL 1.0.1e? If it is, then this would
need to be fixed as it is not compliant with the RFC.



--
View this message in context: 
http://openssl.6102.n7.nabble.com/connection-problem-with-the-version-1-0-1e-tp45935p46868.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: connection problem with the version 1.0.1e

2013-10-11 Thread nehakochar 
nehakochar wrote
 Is this expected behavior with OpenSSL 1.0.1e? If it is, then this would
 need to be fixed as it is not compliant with the RFC.

Correction: I am not sure if it is 1.0.1e that is the problematic version.
But would like to know if this is expected behavior (although incorrect)
with OpenSSL, and if yes, is it true for all versions (including 1.0.1e)?



--
View this message in context: 
http://openssl.6102.n7.nabble.com/connection-problem-with-the-version-1-0-1e-tp45935p46869.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Query related to d2i_X509 and X509_free

2013-10-11 Thread sandeepa sharma 
Hi,



We are using openssl-1.0.0e. I am facing a memory leak of 98 bytes when I
use d2i_X509() function. This memory leak is seen even if d2i_X509() return
NULL. I couldn't find the source code for d2i_X509() and X509_free()
function. Can you please help me in this.



int secwrap_certCheckExtKeyUsage(unsigned char *cert,   // pointer to
certificate

unsigned int certLen)   // length of
certificate

{

intiReturnStatus = OPENSSL_SECWRAP_FAILURE, iCritical;



X509 *x509Cert = NULL;

const unsigned char *pCert = cert;  // See OpenSSL
FAQ. Temp pointer recommended.

EXTENDED_KEY_USAGE *extusage = NULL;

int count;



if(cert == NULL || certLen == 0)

{

DEBUGPRINT(DEBUG_DEFAULT,%s - %d FAIL\n,__FUNCTION__,__LINE__);

return OPENSSL_SECWRAP_FAILURE; // bad
parameters

}







   x509Cert = d2i_X509(NULL, pCert, certLen);



if(x509Cert == NULL)

{

DEBUGPRINT(DEBUG_DEFAULT,%s - %d FAIL\n,__FUNCTION__,__LINE__);

return OPENSSL_SECWRAP_FAILURE; // unable to
parse cert

}



count = X509_get_ext_count(x509Cert);

if(count == 1)   // only 1 extension allowed

{

extusage = (EXTENDED_KEY_USAGE *) X509_get_ext_d2i(x509Cert,
NID_ext_key_usage, iCritical, NULL);

if(extusage != NULL  iCritical != 0)  // MUST be
Extended Key Usage and marked critical

{

if(sk_ASN1_OBJECT_num(extusage) == 1)   // only 1
purpose OID allowed

{

if(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,0)) ==
NID_code_sign)// MUST be for code signing

{

iReturnStatus = OPENSSL_SECWRAP_SUCCESS;

}

else

{

DEBUGPRINT(DEBUG_DEFAULT,%s - %d
FAIL\n,__FUNCTION__,__LINE__);

}

}

else

{

DEBUGPRINT(DEBUG_DEFAULT,%s - %d
FAIL\n,__FUNCTION__,__LINE__);

}

}

else

{

DEBUGPRINT(DEBUG_DEFAULT,%s - %d
FAIL\n,__FUNCTION__,__LINE__);

}

}

else

{

DEBUGPRINT(DEBUG_DEFAULT,%s - %d FAIL count
%d\n,__FUNCTION__,__LINE__,count);

}







if(x509Cert != NULL)

X509_free(x509Cert);





return iReturnStatus;

}



Regards,

Sandeepa Sharma

Re: Abort after free() of non-allocated pointer

2013-10-11 Thread Daode 
FYI: it's hard to believe the error is on the OpenSSL side (the
software shows timing errors (the way i use it at least), and
these are always handled properly by the OpenSSL layer), but
i have nonetheless added a 'debug-darwin64-x86_64-cc' to
'Configure' and got some debug libraries (

  206984 -rw-r--r--1 steffen  staff  211951296 11 Oct 13:18 libcrypto.a
   26808 -rw-r--r--1 steffen  staff   27450488 11 Oct 13:20 libssl.a

) to link against.  Shall this error occur again (it was the
second time i saw it) then i will (hopefully) be able to provide
better information.
Ciao,

--steffen
---BeginMessage---
Hello!  Am i right here?
It's actually hard to believe the error is on the OpenSSL side,
and i definetely should look deeper before sending this, but on
the other hand this is so deep down in the OpenSSL code...

  ?0[steffen@sherwood src]$ openssl version
  OpenSSL 1.0.1e 11 Feb 2013
  ?0[steffen@sherwood src]$ otool -L ~/usr/bin/s-nail   
  
  /Users/steffen/usr/bin/s-nail:
/usr/lib/libiconv.2.dylib (compatibility version 7.0.0, current version 
7.0.0)
/Users/steffen/usr/lib/libssl.1.0.0.dylib (compatibility version 1.0.0, 
current version 1.0.0)
/Users/steffen/usr/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, 
current version 1.0.0)
/Users/steffen/usr/lib/libidn.11.dylib (compatibility version 18.0.0, 
current version 18.10.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 
125.2.11)
  ?0[steffen@sherwood src]$ ll ~/usr/lib/*ssl*
 4 lrwxrwxr-x  1 steffen  staff  18 15 Feb  2013 
/Users/steffen/usr/lib/libssl.dylib@ - libssl.1.0.0.dylib
   596 -rw-r--r--  1 steffen  staff  609480 15 Feb  2013 
/Users/steffen/usr/lib/libssl.a
   444 -r-xr-xr-x  1 steffen  staff  452952 15 Feb  2013 
/Users/steffen/usr/lib/libssl.1.0.0.dylib*

...

  T1135 OK Returned to authenticated state. (Success)
   T1136 LOGOUT
  * BYE LOGOUT Requested
  s-nail(20015) malloc: *** error for object 0x1004beb00: pointer being freed 
was not allocated
  *** set a breakpoint in malloc_error_break to debug

  Program received signal SIGABRT, Aborted.
  0x7fff824df0b6 in __kill ()
  (gdb) bt
  #0  0x7fff824df0b6 in __kill ()
  #1  0x7fff8257f9f6 in abort ()
  #2  0x7fff82497195 in free ()
  #3  0x0001000f61f5 in CRYPTO_free ()
  #4  0x00010019bcdc in ASN1_primitive_free ()
  #5  0x00010019c0bc in ASN1_template_free ()
  #6  0x00010019bfbf in asn1_item_combine_free ()
  #7  0x00010019c0bc in ASN1_template_free ()
  #8  0x00010019bfbf in asn1_item_combine_free ()
  #9  0x00010019c0f7 in ASN1_item_free ()
  #10 0x0001000b7b80 in SSL_SESSION_free ()
  #11 0x0001000b49e5 in SSL_free ()
  #12 0x000100014519 in sclose ()
-
  #ifdef HAVE_OPENSSL
  if (sp-s_use_ssl) {
sp-s_use_ssl = 0;
SSL_shutdown(sp-s_ssl);
SSL_free(sp-s_ssl);
sp-s_ssl = NULL;
SSL_CTX_free(sp-s_ctx);
sp-s_ctx = NULL;
  }
  #endif
-
  #13 0x00010001c46e in imap_exit ()
  #14 0x00010001bd10 in imap_quit ()
  warning: Could not open object file: /Users/steffen/src/nail.git/quit.o: No 
such file or directory
  warning: Couldn't open object file '/Users/steffen/src/nail.git/quit.o'
  #15 0x00010003daed in quit ()
  #16 0x0001000274ea in setfile ()
  #17 0x0001cd90 in cfile ()
  #18 0x000100028fb8 in execute ()
  #19 0x0001000286ed in commands ()
  #20 0x00010002fd6b in main ()
  (gdb) ?

I hate debuggers and thus i am somewhat lost at this point, but if
there is something i can do, please let me know.
Thank you and ciao,

--steffen

---End Message---

Re: [openssl-users] Re: connection problem with the version 1.0.1e

2013-10-11 Thread Erwann Abalea 

Bonjour,

Le 11/10/2013 03:35, nehakochar a écrit :

Rajesh Malepati wrote

On Wed, Jul 24, 2013 at 9:30 PM, kirpit lt;
kirpit@
gt; wrote:

The server doesn't seem to care to respond to clients supporting TLS 1.2

ok:
  openssl s_client -tls1 -connect emea.webservices.travelport.com:443

no reply:
openssl s_client -tls1_2 -connect emea.webservices.travelport.com:443

such servers should be beaten to pulp.

Hi,
I ran into the same problem and then came across this thread. According to
http://tools.ietf.org/html/rfc5246#appendix-E:
   A TLS 1.2 client who wishes to negotiate with such older servers will
send a normal TLS 1.2 ClientHello, containing { 3, 3 } (TLS 1.2) in
ClientHello.client_version.  If the server does not support this
version, it will respond with a ServerHello containing an older
version number.

Why then the server isn't responding at all to the Client Hello for TLS1.2?
Is this expected behavior with OpenSSL 1.0.1e? If it is, then this would
need to be fixed as it is not compliant with the RFC.


The server and client are both compliant.

With the first command, you tell the client to use TLS1.0 only. No more, 
no less. The server is ok with it, and both negociate TLS1.0.
With the second command, you tell the client to use TLS1.2 only, again 
no more no less. The server receives a TLS1.2 negociation, replies with 
a TLS1.0 server hello message, and the client refuses it, cleanly 
(because you told it to do so).


If you want to allow only TLS1.0, TLS1.1 and TLS1.2, use -no_ssl2 
-no_ssl3 options instead.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: OpenSSL OCSP

2013-10-11 Thread Anju Ramani 
Hi, 

Could you please tell me how to do the set up of local ocsp responder as you
did it like http://ocsp_responder:3456.?
Its really urgent and time is less.




--
View this message in context: 
http://openssl.6102.n7.nabble.com/OpenSSL-OCSP-tp15350p46874.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Best practices guidance for using OpenSSL to make cetificate authorities

2013-10-11 Thread Ted Byers 
I found a Linux FAQ dealing with this subject, but it is very dated
(11.5 years old) and I do not know how much has changed since it was
last updated.  While I am a programmer, I am looking only to use
openssl to make the certificates and keys I need, and not to create
new programs using openssl (unless in the course of my studyign the
use of openssl, I find I need to write some custom code).

Here is what I want to do.  I want to create a certificate authority
to make certificates for a couple of my web servers, for the purpose
of having support for HTTPS, and if possible sign selected documents
that are then served to the user's browser (just those I selected, not
all by any means); with the ability to let the user download the
certificate to let him trust the server afterwards.  I also want to
support creating client side certificates that support encrypting and
signing emails and form data on web pages (to support non-repudiation,
with the assurance that the signed document was not altered since it
was signed).  None of the certificates I need need support for code
signing.

Do I need both root and non root CAs, or will a root CA suffice by itself.

And where should the keys and certificates be placed on Ubuntu and
Suse (I have both), and should I do all this as a normal user or as
root (NB: I am still trying to learn anough about administering Linux
that I can at least deal with the things I need to do on my Linux
boxes, so it is OK to be a little pedantic)?

I am a bit concerned about usability on the server as the FAQ I have
been reading (actually one of the clearest I have seen even though it
is old), since it says I should not remove the pass phrase from the
certificate, but I would think that would make HTTPS unusable since it
would ask the user for a password each time he asks for a resource
from the server.  At the same time, can I force a requirement that the
client side certificates require a password that has a reasonable
strength?  If so, how?

And for all this, will one opeenssl.cnf suffice, or do I have to make several?

Finally, is there a good document or example that tells me not only
what cofiguration options are available to enter in openssl.cnf, but
what values will provide me with the best security for the longest
period consistent with what is supported in the most commonly used
browsers?  Something that says something like 'This is X, and it is
for Y, but do not touch it unless you know what you're doing', and yet
provides no guidance for further reading so the user can learn what he
needs to know about all of it, is not so useful for my purposes.

NB: This is primarily for my own education.

Thank you for your time.

Ted
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Best practices guidance for using OpenSSL to make cetificate authorities

2013-10-11 Thread Ryan Hurst 
This might be useful http://unmitigatedrisk.com/?p=194

Ryan Hurst


Sent from my phone, please forgive the brevity.

 On Oct 12, 2013, at 12:53 AM, Ted Byers r.ted.by...@gmail.com wrote:
 
 I found a Linux FAQ dealing with this subject, but it is very dated
 (11.5 years old) and I do not know how much has changed since it was
 last updated.  While I am a programmer, I am looking only to use
 openssl to make the certificates and keys I need, and not to create
 new programs using openssl (unless in the course of my studyign the
 use of openssl, I find I need to write some custom code).
 
 Here is what I want to do.  I want to create a certificate authority
 to make certificates for a couple of my web servers, for the purpose
 of having support for HTTPS, and if possible sign selected documents
 that are then served to the user's browser (just those I selected, not
 all by any means); with the ability to let the user download the
 certificate to let him trust the server afterwards.  I also want to
 support creating client side certificates that support encrypting and
 signing emails and form data on web pages (to support non-repudiation,
 with the assurance that the signed document was not altered since it
 was signed).  None of the certificates I need need support for code
 signing.
 
 Do I need both root and non root CAs, or will a root CA suffice by itself.
 
 And where should the keys and certificates be placed on Ubuntu and
 Suse (I have both), and should I do all this as a normal user or as
 root (NB: I am still trying to learn anough about administering Linux
 that I can at least deal with the things I need to do on my Linux
 boxes, so it is OK to be a little pedantic)?
 
 I am a bit concerned about usability on the server as the FAQ I have
 been reading (actually one of the clearest I have seen even though it
 is old), since it says I should not remove the pass phrase from the
 certificate, but I would think that would make HTTPS unusable since it
 would ask the user for a password each time he asks for a resource
 from the server.  At the same time, can I force a requirement that the
 client side certificates require a password that has a reasonable
 strength?  If so, how?
 
 And for all this, will one opeenssl.cnf suffice, or do I have to make several?
 
 Finally, is there a good document or example that tells me not only
 what cofiguration options are available to enter in openssl.cnf, but
 what values will provide me with the best security for the longest
 period consistent with what is supported in the most commonly used
 browsers?  Something that says something like 'This is X, and it is
 for Y, but do not touch it unless you know what you're doing', and yet
 provides no guidance for further reading so the user can learn what he
 needs to know about all of it, is not so useful for my purposes.
 
 NB: This is primarily for my own education.
 
 Thank you for your time.
 
 Ted
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Increasing key size from 1024 to 2048?

2013-10-11 Thread Dave Thompson 
Not so much. Factoring reached 768 several years ago, and the consensus
seems to be that RSA-1024, 

and DSA and DH, is in danger within not too many years though not broken
now. And it often takes months 

or years to get new crypto, or even new keys, fully deployed especially when
you can't have a flag day,

so it's as well to start moving now. Although technically 1536 would
probably be enough for now,

pretty much everyone seems to feel as long as we're changing let's do 2048. 

 

From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Eric S. Eberhard
Sent: Thursday, October 10, 2013 14:02
To: openssl-users@openssl.org
Cc: int0...@safe-mail.net
Subject: Re: Increasing key size from 1024 to 2048?

 

Just curious -- what line of work is your company in?  If you were CIA or
NASA or something I'd see the need.  If you are just a business -- wow!  E

On 10/10/2013 1:37 AM, int0...@safe-mail.net wrote: 

Hi,
 
snip: as per subject

RE: [openssl-users] Re: connection problem with the version 1.0.1e

2013-10-11 Thread Dave Thompson 
 From: owner-openssl-users On Behalf Of Erwann Abalea
 Sent: Friday, October 11, 2013 08:49

 Le 11/10/2013 03:35, nehakochar a écrit :
  Rajesh Malepati wrote
  On Wed, Jul 24, 2013 at 9:30 PM, kirpit lt;kirpit@gt; wrote:
  The server doesn't seem to care to respond to clients supporting TLS
1.2
snip
  I ran into the same problem and then came across this thread. According
to
  http://tools.ietf.org/html/rfc5246#appendix-E: snip
  Why then the server isn't responding at all to the Client Hello for
TLS1.2?
  Is this expected behavior with OpenSSL 1.0.1e? If it is, then this would
  need to be fixed as it is not compliant with the RFC.
 
 The server and client are both compliant.
 
 With the first command, you tell the client to use TLS1.0 only. No more,
 no less. The server is ok with it, and both negociate TLS1.0.
 With the second command, you tell the client to use TLS1.2 only, again
 no more no less. The server receives a TLS1.2 negociation, replies with
 a TLS1.0 server hello message, and the client refuses it, cleanly
 (because you told it to do so).
 
If the server responds with a lower version, yes the client refuses it
when told to require higher. That's not what the OP described, or the 
earlier thread (and several others) said. They said *NOT ANY* response. 
I'm not sure about the particular thread cited here, but some threads 
said and experiment confirmed that s_client default (no versions 
required or prohibited) also failed the same way.

That's broken, although it's arguably not actually noncompliant. 5246 
can't impose requirements on a 4346 or 2246 implementation; note 
the old-server behavior is worded as 'will' while the 1.2-client handling 
of downrev is 2119 MUST (send alert 70). Neither earlier RFCs nor 5246 
explicitly requires the server to handle ClientHello over about 256 bytes, 
which was observed to cause the problem, although since 3546 and 4346 
it's known that this message can and does grow, and a competent 
implementation should handle that reasonably.

 If you want to allow only TLS1.0, TLS1.1 and TLS1.2, use -no_ssl2
 -no_ssl3 options instead.

1.0.0+ defaults to SSL3/TLS format so it already won't succeed in 
negotiating SSL2 even if you don't explicitly -no_ssl2. But this 
doesn't help with broken servers. As long as 1.2 is enabled, 
OpenSSL client sends the longer ClientHello. You can use -no_tls1_2 
to allow only lower versions, select a specific lower version, or restrict 
the cipherlist so that it shrinks the ClientHello small enough. 

And you should complain to the server operator(s) -- although if 
they're on old software and can't easily upgrade, that may not help.



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org