error: ASN1_mbstring_copy:string too long:a_mbstr.c:154:maxsize=2 _only_ when using config file and prompt off

2010-04-13 Thread Alex Lam 
Hi all,

For some strange reasons, when I disable prompt in the cnf file, I run into
the  "error: ASN1_mbstring_copy:string too
long:a_mbstr.c:154:maxsize=2" error.
Digging around on the net showed that my counter code is longer that 2
characters, which is not true. The following is my country name.

[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
countryName_min= 2
countryName_max= 2

However, if I enable prompt, and just hit ENTER for the same default value,
everything went fine.

any idea what is going wrong here?

thanks,
alex.

Re: DTLS ClientHello exchange broken by renegotiation patch in 0.9.8l

2009-11-17 Thread Alex Lam 
Hi Steve,

Is there a 0.9.8m with the DTLS and TLS reneg fix planned in the near
future?

I tried the head of branch from OpenSSL_0_9_8-stable as adviced.

First there was compilation issue due to FIPS issue which
I overcame with ./config no-fips

Then, I run into a segfault on s_server :-(

Thanks,
Alex.

$ ./openssl s_server -dtls1 -debug
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
read from 0x6cab10 [0x6d0160] (18437 bytes => 99 (0x63))
 - 16 fe ff 00 00 00 00 00-00 00 00 00 56 01 00 00   V...
0010 - 4a 00 00 00 00 00 00 00-4a fe ff 4b 03 52 c1 19   J...J..K.R..
0020 - c6 ae 8c 7d aa 05 42 5e-87 a8 55 ec 2a 78 2e 39   ...}..B^..U.*x.9
0030 - d0 cb 89 cb 9b 7b 67 0a-ce 7f 2a 00 00 00 22 00   .{g...*...".
0040 - 39 00 38 00 35 00 16 00-13 00 0a 00 33 00 32 00   9.8.5...3.2.
0050 - 2f 00 07 00 15 00 12 00-09 00 14 00 11 00 08 00   /...
0060 - 06 01 ..
0063 - 
write to 0x6cab10 [0x6da350] (48 bytes => 48 (0x30))
 - 16 fe ff 00 00 00 00 00-00 00 00 00 23 03 00 00   #...
0010 - 17 00 00 00 00 00 00 00-17 fe ff 14 7e cd 68 70   ~.hp
0020 - c4 25 fc 74 4d 61 cd fd-ec d6 7e 86 82 36 de 88   .%.tMa~..6..
read from 0x6cab10 [0x6d0160] (18437 bytes => 119 (0x77))
 - 16 fe ff 00 00 00 00 00-00 00 01 00 6a 01 00 00   j...
0010 - 5e 00 01 00 00 00 00 00-5e fe ff 4b 03 52 c1 19   ^...^..K.R..
0020 - c6 ae 8c 7d aa 05 42 5e-87 a8 55 ec 2a 78 2e 39   ...}..B^..U.*x.9
0030 - d0 cb 89 cb 9b 7b 67 0a-ce 7f 2a 00 14 7e cd 68   .{g...*..~.h
0040 - 70 c4 25 fc 74 4d 61 cd-fd ec d6 7e 86 82 36 de   p.%.tMa~..6.
0050 - 88 00 22 00 39 00 38 00-35 00 16 00 13 00 0a 00   ..".9.8.5...
0060 - 33 00 32 00 2f 00 07 00-15 00 12 00 09 00 14 00   3.2./...
0070 - 11 00 08 00 06 01 ..
0077 - 
write to 0x6cab10 [0x6da350] (15 bytes => 15 (0xF))
 - 15 fe ff 00 00 00 00 00-00 00 01 00 02 02 2f  ../
Segmentation fault


On Wed, Nov 11, 2009 at 3:58 PM, Dr. Stephen Henson wrote:

> On Wed, Nov 11, 2009, Alex Lam wrote:
>
> > Hi all,
> >
> > The patch that disable renegotiation has broken DTLS's ClientHello
> exchange
> > in 0.9.8l.
> > Server sends an Alert together with HelloVerifyRequest...
> >
>
> As mentioned in the announcement 0.9.8l is based on 0.9.8k which has a very
> broken DTLS implementation. Please try the 0.9.8-stable snapshots which
> have
> all the DTLS fixes and provisional reneg extension.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
>

DTLS ClientHello exchange broken by renegotiation patch in 0.9.8l

2009-11-11 Thread Alex Lam 
Hi all,

The patch that disable renegotiation has broken DTLS's ClientHello exchange
in 0.9.8l.
Server sends an Alert together with HelloVerifyRequest...

Thanks,
Alex.

alexl-lnx2:~/openssl-098l/openssl/apps> ./openssl s_server -dtls1 -debug
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
read from 0x6ca6e0 [0x6cfd10] (18437 bytes => 99 (0x63))
 - 16 fe ff 00 00 00 00 00-00 00 00 00 56 01 00 00   V...
0010 - 4a 00 00 00 00 00 00 00-4a fe ff 4a fb 13 fd 30   J...J..J...0
0020 - ba 23 a9 1c 33 79 70 82-63 e1 2f a8 c4 3e 52 49   .#..3yp.c./..>RI
0030 - 09 0f 31 ff e6 08 20 96-31 c3 26 00 00 00 22 00   ..1... .1.&...".
0040 - 39 00 38 00 35 00 16 00-13 00 0a 00 33 00 32 00   9.8.5...3.2.
0050 - 2f 00 07 00 15 00 12 00-09 00 14 00 11 00 08 00   /...
0060 - 06 01 ..
0063 - 
write to 0x6ca6e0 [0x6d9f00] (28 bytes => 28 (0x1C))
 - 16 fe ff 00 00 00 00 00-00 00 00 00 0f 03 00 00   
0010 - 03 00 00 00 00 00 00 00-03 fe ff  ...
001c - 
write to 0x6ca6e0 [0x6d9f00] (15 bytes => 15 (0xF))
 - 15 fe ff 00 00 00 00 00-00 00 01 00 02 02 28  ..(
ERROR
5875:error:1408A044:SSL routines:SSL3_GET_CLIENT_HELLO:internal
error:s3_srvr.c:
725:
shutting down SSL
CONNECTION CLOSED
ACCEPT
read from 0x6ca6e0 [0x6cfd10] (18437 bytes => 99 (0x63))
 - 16 fe ff 00 00 00 00 00-00 00 01 00 56 01 00 00   V...
0010 - 4a 00 01 00 00 00 00 00-4a fe ff 4a fb 13 fd 30   J...J..J...0
0020 - ba 23 a9 1c 33 79 70 82-63 e1 2f a8 c4 3e 52 49   .#..3yp.c./..>RI
0030 - 09 0f 31 ff e6 08 20 96-31 c3 26 00 00 00 22 00   ..1... .1.&...".
0040 - 39 00 38 00 35 00 16 00-13 00 0a 00 33 00 32 00   9.8.5...3.2.
0050 - 2f 00 07 00 15 00 12 00-09 00 14 00 11 00 08 00   /...
0060 - 06 01 ..
0063 - 

===

alexl-lnx2:~/openssl-098l/openssl/apps> ./openssl s_client -dtls1 -debug
CONNECTED(0003)
write to 0x6ca8a0 [0x6d46e0] (99 bytes => 99 (0x63))
 - 16 fe ff 00 00 00 00 00-00 00 00 00 56 01 00 00   V...
0010 - 4a 00 00 00 00 00 00 00-4a fe ff 4a fb 13 fd 30   J...J..J...0
0020 - ba 23 a9 1c 33 79 70 82-63 e1 2f a8 c4 3e 52 49   .#..3yp.c./..>RI
0030 - 09 0f 31 ff e6 08 20 96-31 c3 26 00 00 00 22 00   ..1... .1.&...".
0040 - 39 00 38 00 35 00 16 00-13 00 0a 00 33 00 32 00   9.8.5...3.2.
0050 - 2f 00 07 00 15 00 12 00-09 00 14 00 11 00 08 00   /...
0060 - 06 01 ..
0063 - 
read from 0x6ca8a0 [0x6cfed0] (18437 bytes => 28 (0x1C))
 - 16 fe ff 00 00 00 00 00-00 00 00 00 0f 03 00 00   
0010 - 03 00 00 00 00 00 00 00-03 fe ff  ...
001c - 
write to 0x6ca8a0 [0x6da0c0] (99 bytes => 99 (0x63))
 - 16 fe ff 00 00 00 00 00-00 00 01 00 56 01 00 00   V...
0010 - 4a 00 01 00 00 00 00 00-4a fe ff 4a fb 13 fd 30   J...J..J...0
0020 - ba 23 a9 1c 33 79 70 82-63 e1 2f a8 c4 3e 52 49   .#..3yp.c./..>RI
0030 - 09 0f 31 ff e6 08 20 96-31 c3 26 00 00 00 22 00   ..1... .1.&...".
0040 - 39 00 38 00 35 00 16 00-13 00 0a 00 33 00 32 00   9.8.5...3.2.
0050 - 2f 00 07 00 15 00 12 00-09 00 14 00 11 00 08 00   /...
0060 - 06 01 ..
0063 - 
read from 0x6ca8a0 [0x6cfed0] (18437 bytes => 15 (0xF))
 - 15 fe ff 00 00 00 00 00-00 00 01 00 02 02 28  ..(
5876:error:14102410:SSL routines:DTLS1_READ_BYTES:sslv3 alert handshake
failure:d1_pkt.c:963:SSL alert number 40
5876:error:1410C0E5:SSL routines:DTLS1_WRITE_APP_DATA_BYTES:ssl handshake
failure:d1_pkt.c:1153:
alexl-lnx2:~/openssl-HOB/openssl-098l/openssl/apps>

OpenSSL 0.9.8l

2009-08-07 Thread Alex Lam 
Hi all,

Just wondering if there is any plan to release OpenSSL 0.9.8l ?
If so, do we know when?

I'd like to stay with the 0.9.8 branch, but I do see some fixes double
committed from the 1.0.0 branch.

Thanks,
Alex.

How do you detect OpenSSL rekey

2009-07-01 Thread Alex Lam 
Hi all,

Is there a way in which an application is made aware the  SSL / TLS / DTLS
connection rekeyed?

Thanks,
alex

Session resumption with DTLS - does it work?

2008-02-26 Thread Alex Lam 
Hi,

When I hit "R" on openssl s_server and s_client, the session is torn down
and not resumed.
May I assume DTLS session resumption is broken? Or  not supported in
s_server and s_client?

Thanks,
alex.

Re: How to reestablish a DTLS connection?

2008-02-26 Thread Alex Lam 
Datagram is stateless, so to be able to detect a broken session, the
application will need to support heart-beat.

Alex



On Wed, Feb 20, 2008 at 5:31 AM, João Pedro Patriarca <[EMAIL PROTECTED]>
wrote:

>  Hi,
>
>
>
> After a DTLS connection established a peer fails (e.g. the client). The
> other peer (e.g. the server) maintains the connection state ignoring
> client's failure. When the client starts up and tries to establish a new
> connection, the server ignore the received packets because they aren't
> processed with the previous security parameters. How the DTLS protocol can
> be used to reestablish a new connection when the clients starts up again?
>
>
>
> Thanks in advance,
>
> João Pedro Patriarca
>

Re: SSL Error connecting to cia.gov

2007-10-24 Thread Alex Lam 
Try this..

./openssl s_client -tls1 -connect www.cia.gov:443


On 10/24/07, Lutz Jaenicke <[EMAIL PROTECTED]> wrote:
>
> Isolating the problem is more or less simple:
>   openssl s_client -connect www.cia.gov:443
> shows the intermittent failures as well, so we can rule out all
> applications (curl, wget, ...). Has to be some basic thing.
>
> I tend to observe the failure with s_client not on the first attempt but
> on the nth attempt in a row. I would guess(!) that it may be some
> DoS protection measure that prevents too many new connections
> (from the same site).
> Firefox (and other browsers) would use session caching so that the
> server could see that it is actually the same client coming in again.
> This of course could only be seen after the client hello with a
> proposed session to be reused comes in and could not be done at
> the firewall level.
> Again: this is just a GUESS!
>
> Best regards,
> Lutz
>
> Alex Lam wrote:
> > That's TLSv1, not SSLv2.
> >
> > : 01 03 01 00 63 00 00 00 10 00 00 39 00 00 38 00 c..9..8.
> > 0010: 00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00 .5..
> > 0020: 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f .3..2../
> > 0030: 00 00 45 00 00 44 00 00 41 00 00 07 05 00 80 03 ..E..D..A...
> > 0040: 00 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00 
> > 0050: 12 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08 [EMAIL PROTECTED]
> > 0060: 00 00 06 04 00 80 00 00 03 02 00 80 c9 f7 89 ff 
> > 0070: 74 f1 92 59 c8 a0 f1 ba ab c0 dd 89 t..Y
> >
> > On 10/23/07, *Jake Goulding* <[EMAIL PROTECTED]
> > <mailto:[EMAIL PROTECTED]>> wrote:
> >
> > Hey all:
> >
> > We use curl to retrieve webpages, and recently started receiving an
> > intermittent (40-60% of the time) error when retrieving a page
> > from the
> > CIA. About two weeks ago, they switched to running https only,
> > with the
> > http URLs being forwarded to the https equivalents.
> >
> > The error we receive is:
> >
> > $ curl 'https://www.cia.gov/about-cia/faqs/'
> > curl: (35) Unknown SSL protocol error in connection to
> > www.cia.gov:443 <http://www.cia.gov:443>
> >
> > Using the --trace option, I see this:
> >
> > == Info: About to connect() to www.cia.gov <http://www.cia.gov>
> > port 443 (#0)
> > == Info:   Trying 198.81.129.100.. . == Info: connected
> > == Info: Connected to www.cia.gov <http://www.cia.gov>
> > (198.81.129.100 <http://198.81.129.100>) port 443 (#0)
> > == Info: successfully set certificate verify locations:
> > == Info:   CAfile: /etc/ssl/certs/ca- certificates.crt
> >   CApath: none
> > == Info: SSLv2, Client hello (1):
> > => Send SSL data, 124 bytes (0x7c)
> > : 01 03 01 00 63 00 00 00 10 00 00 39 00 00 38 00
> c..9..8.
> > 0010: 00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00
> > .5..
> > 0020: 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f
> .3..2../
> > 0030: 00 00 45 00 00 44 00 00 41 00 00 07 05 00 80 03
> ..E..D..A...
> > 0040: 00 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00
> > 
> > 0050: 12 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08
> [EMAIL PROTECTED]
> > 0060: 00 00 06 04 00 80 00 00 03 02 00 80 c9 f7 89 ff
> 
> > 0070: 74 f1 92 59 c8 a0 f1 ba ab c0 dd 89 t..Y
> > == Info: Unknown SSL protocol error in connection to
> > www.cia.gov:443 <http://www.cia.gov:443>
> > == Info: Closing connection #0
> >
> > Unfortunately, I don't grok SSL hex  :-) .
> >
> > I have tried this and received the same error with the following
> > versions:
> > curl-7.12.1-8.rhel4 / openssl-0.9.7a-43.14
> > curl-7.12.1-11.el4 / openssl-0.9.7a-43.16
> > curl-7.16.1 / openssl-0.9.8e
> > curl-7.17.0 / openssl-0.9.8f
> >
> > Firefox does not seem to have any issues with this page.
> >
> > I asked the curl mailing list about this error, and got the
> following
> > response:
> >
> > > This is apparently has nothing to do with curl. I got the same
> > > intermittent errors with lynx, w3m, wget, you name it. I am using
> > > OpenSSL 0.9.8g 19 Oct 2007.
> >
> > Any help would be greatly appreciated. Please let me know if I can
> > provide

Re: SSL Error connecting to cia.gov

2007-10-23 Thread Alex Lam 
That's TLSv1, not SSLv2.

: 01 03 01 00 63 00 00 00 10 00 00 39 00 00 38 00 c..9..8.
0010: 00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00 .5..
0020: 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f .3..2../
0030: 00 00 45 00 00 44 00 00 41 00 00 07 05 00 80 03 ..E..D..A...
0040: 00 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00 
0050: 12 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08 [EMAIL PROTECTED]
0060: 00 00 06 04 00 80 00 00 03 02 00 80 c9 f7 89 ff 
0070: 74 f1 92 59 c8 a0 f1 ba ab c0 dd 89 t..Y

On 10/23/07, Jake Goulding <[EMAIL PROTECTED]> wrote:
>
> Hey all:
>
> We use curl to retrieve webpages, and recently started receiving an
> intermittent (40-60% of the time) error when retrieving a page from the
> CIA. About two weeks ago, they switched to running https only, with the
> http URLs being forwarded to the https equivalents.
>
> The error we receive is:
>
> $ curl 'https://www.cia.gov/about-cia/faqs/'
> curl: (35) Unknown SSL protocol error in connection to www.cia.gov:443
>
> Using the --trace option, I see this:
>
> == Info: About to connect() to www.cia.gov port 443 (#0)
> == Info:   Trying 198.81.129.100... == Info: connected
> == Info: Connected to www.cia.gov (198.81.129.100) port 443 (#0)
> == Info: successfully set certificate verify locations:
> == Info:   CAfile: /etc/ssl/certs/ca-certificates.crt
>   CApath: none
> == Info: SSLv2, Client hello (1):
> => Send SSL data, 124 bytes (0x7c)
> : 01 03 01 00 63 00 00 00 10 00 00 39 00 00 38 00 c..9..8.
> 0010: 00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00 .5..
> 0020: 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f .3..2../
> 0030: 00 00 45 00 00 44 00 00 41 00 00 07 05 00 80 03 ..E..D..A...
> 0040: 00 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00 
> 0050: 12 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08 [EMAIL PROTECTED]
> 0060: 00 00 06 04 00 80 00 00 03 02 00 80 c9 f7 89 ff 
> 0070: 74 f1 92 59 c8 a0 f1 ba ab c0 dd 89 t..Y
> == Info: Unknown SSL protocol error in connection to www.cia.gov:443
> == Info: Closing connection #0
>
> Unfortunately, I don't grok SSL hex  :-) .
>
> I have tried this and received the same error with the following versions:
> curl-7.12.1-8.rhel4 / openssl-0.9.7a-43.14
> curl-7.12.1-11.el4 / openssl-0.9.7a-43.16
> curl-7.16.1 / openssl-0.9.8e
> curl-7.17.0 / openssl-0.9.8f
>
> Firefox does not seem to have any issues with this page.
>
> I asked the curl mailing list about this error, and got the following
> response:
>
> > This is apparently has nothing to do with curl. I got the same
> > intermittent errors with lynx, w3m, wget, you name it. I am using
> > OpenSSL 0.9.8g 19 Oct 2007.
>
> Any help would be greatly appreciated. Please let me know if I can
> provide more information.
>
> Thanks!
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   [EMAIL PROTECTED]
>

Re: SSL handshake problem.

2007-10-09 Thread Alex Lam 
Hi Alessandro,

You will need to set up a handful of cipher & certificate related settings
before server and client will join.
I suggest you take a look at the apps/s_server.c and apps/s_client.c

regards,
alex

On 10/9/07, Alessandro Baggi <[EMAIL PROTECTED]> wrote:
>
> I'm trying to make a client/server application with ssl connection but
> the handshake doesn't work.
>
> Reading the manual page I've tried to do this to make ssl connection:
>
> Server layer:
>
> SSL_CTX *ssl = NULL;
> SSL *new = NULL;
> socketdescriptor = socketcreation();
> bind(...);
> listen(...);
> accept(...);
> ssl = SSL_CTX_new(SSLv3_server_method());
> new = SSL_new(ssl);
> SSL_set_fd(ssl, socketdescriptor);
> SSL_accept(new);
>
> Client layer:
>
> SSL_CTX *ssl = NULL;
> SSL *new = NULL;
> socketdescriptor = socketcreation(...);
> connect(..);
> ssl = SSL_CTX_new(SSLv3_client_method());
> new = SSL_new(ssl);
> SSL_set_fd(ssl, socketdescriptor);
> SSL_connect(new);
>
> When I try to get SSL connection Server give me an error on SSL_accept,
> that return -1 with message: Operation not permitted and Client give me
> on SSL_connect 0 with the same message.
> What is the right way to make an ssl connection?
>
> Thanks in advice.
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   [EMAIL PROTECTED]
>

Re: DTLS non-compliant list (based on snapshot 20070801)

2007-10-09 Thread Alex Lam 
Hi Andy,

4347, section 4.2.6
"However, in order to remove sensitivity to fragmentation, the Finished MAC
MUST be computed as if each handshake message had been send as a single
fragment."

My interpretation is that you re-assemble all fragments and fix the
handshake
header as if it is a single fragment before MAC calculation. (ie. with
frag_len = len, frag_offset = 0)

Thanks,
Alex.

On 9/26/07, Andy Polyakov <[EMAIL PROTECTED]> wrote:
>
> > 4) Handshake "headers" are omitted in the signature computation in
> > both CertificateVerify and Finished messages.
> > (RFC 4347 does not clearly state what is to be included. However,
> > according to the TLS v1.1 (RFC 4346), it shall be the complete handshake
> > message, starting from Handshake.msg_type. However, OpenSSL starts at
> > Handshake.body)
>
> 4347 specifies that signature computation must be insensitive to
> fragmentation. Handshake header is not same as in TLS and payload is
> therefore natural choice for such invariant. Would you suggest to hash
> fictitious header with message type and length? Have you asked for
> comment on this elsewhere? A.
> __
> OpenSSL Project http://www.openssl.org
> Development Mailing List   [EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>

DTLS non-compliant list (based on snapshot 20070801)

2007-08-06 Thread Alex Lam 
Hi all,

There had been a number of email threads on both the user and dev mailing
lists regarding DTLS non-RFC-compliance.
So, I think it is better to group them together to raise awareness and
ensure interoperability with other DTLS stacks.
I have verified these on snapshot-2007 08 01

1) Incorrect version number, 0x0100 is used instead of 0xFEFF.

2) When ClientHello is sent in response to HelloVerifyRequest, the random
field is different from that sent in the first ClientHello (ref. Sec 4.2.1)

3) Initial ClientHello and HelloVerifyRequest are included in the signature
computation for both CertificateVerify and Finished messages.
(While Sec 4.2.1 states that the initial ClientHello and HelloVerifyRequest
is to be excluded in the signature for Finished, it doesn't mention
excluding them in the CertificateVerify. My interpretation is that they
should also be excluded because a server should not keep state of the client
until a ClientHello with valid cookie is received.)

4) Handshake "headers" are omitted in the signature computation in
bothCertificateVerify and Finished messages.
(RFC 4347 does not clearly state what is to be included. However, according
to the TLS v1.1 (RFC 4346), it shall be the complete handshake message,
starting from Handshake.msg_type. However, OpenSSL starts at Handshake.body)

5) ChangeCipherSpec is 2 octets longer than expected.

According to the email threads, most of these problems have patches, but
they were not submitted.

Feel free to comment/add/delete this list.

Regards,
Alex