Re: documentation on installation
Perhaps not on an OpenSSL list?You might try stackoverflow.comCharlesSent from a mobile; please excuse the brevity. Original message From: Dawn Cassara Date: 8/5/19 5:53 PM (GMT-05:00) To: openssl-users@openssl.org Subject: documentation on installation Where would I find the easiest, most comprehensive installation instructions for Windows 2012 r2?-- Dawn Cassara832-224-6826 / 314-332-0279Houston / St. Louis Reputation Management http://HoustonRepManagement.com http://StLouisRepManagement.com
Re: [openssl-users] in the department of "ain't no perfect"
Temporary solutions that "work" tend to become permanent solutions. That's how products end up shipping with hard-coded admin passwords or similar back doors. Charles -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Hubert Kario Sent: Wednesday, January 16, 2019 6:47 AM To: Eliot Lear Cc: openssl-users@openssl.org Subject: Re: [openssl-users] in the department of "ain't no perfect" On Wednesday, 16 January 2019 13:22:53 CET Eliot Lear wrote: > Hi Hubert > > On 16.01.19 12:27, Hubert Kario wrote: > > For maintaining signatures that need to be valid long into the > > future standards like CAdES should be used. They keep time of > > signing in timestamps signed by trusted time-stamping authorities, > > along with the rest of revocation data necessary to verify the original > > signature. > > Understood. At this point in the maturity cycle of the technology, > we're just not there yet. My choices are, have people ignore invalid > signatures in their entirety or provide something more nuanced for now. you don't have to start with implementing the full CAdES-LTA, you can start with just adding support for timestamping, the CAdES-T using time from the signature to verify it is as good as ignoring the certificate expiration date - if you need to make the signatures verifiable now, do that, not use the false sense of security of using easily fakeable date -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] in the department of "ain't no perfect"
Leaping into something where I really don't know what I am talking about, does not code signing do that routinely? I can install software signed with a certificate that has expired, provided it had not expired when the code was signed. Does that help, or it is just useless chatter about something you already knew? Charles -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Eliot Lear Sent: Tuesday, January 15, 2019 7:29 AM To: openssl-users@openssl.org Subject: [openssl-users] in the department of "ain't no perfect" I realize things haven't been made easy to do this on purpose, and that there's even a comment in one of the man pages to that effect, but here goes... I have an application that requires long-lived signatures, perhaps long past the point where the signer's cert has expired. I'd like a way to extract the signature date from a CMS structure. With all the opaque structs that have been introduced in the last few releases, it's not clear to me how to do that. Any examples or guidance (other than don't do that)? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Close TCP socket after SSL_clear()?
Thanks @Michael. I read up on TIME_WAIT Assassination. I think that sort of thing may have been the problem I was trying to fix. After an "error" disconnection, the customer was reporting that their client could not re-connect. I had trouble getting good traces out of the customer, but I suspect the problem was that the underlying TCP connection was still hanging. I have never in my life touched SO_LINGER. There is no socket duplication, fork(), or the like. Thanks again, Charles -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Michael Wojcik Sent: Saturday, January 12, 2019 6:20 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Close TCP socket after SSL_clear()? > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Charles Mills > Sent: Friday, January 11, 2019 17:06 > > >SSL_shutdown(connection) || SSL_shutdown(connection); > > I like it! (Not!) > > I don't pretend to be a bits and bytes expert on TCP protocol. You can't be > an expert on everything. > > So I will listen to expert advice. I know 99% of you all are 'nix guys and > this is a Windows problem. I am seeing OTOH where my Windows doc says > closesocket() does an abortive termination, and OTOH a discussion of a > graceful closesocket() with SO_LINGER/SO_DONTLINGER. > > (1) This code is (at the application level) purely a receiver of data and > (2) without the TLS layer in place it is hard to picture any meaningful data > transfer and (3) we are in a session cleanup situation anyway -- so it seems > to me that an abortive disconnect is perfectly fine. Am I wrong? Yes, you're wrong. You don't want an abortive disconnect. A TCP connection can be closed in four (or five) ways: 1. Normal close, which involves the FIN / FIN-ACK / ACK sequence. When the last ACK is received, both sides know that all data has been received by the peer stack, and at the point when the corresponding ACK was generated, the peer "believed" it would be able to deliver the data to the application eventually. (That is, the stack hadn't been informed that the application's identifier for the connection - the socket - had been closed.) 2. Abortive close, which involves a RST from one side to the peer, and that's it. RST is a one-way, unacknowledged flow. There are a number of reasons why it's undesirable, some of which I'll go into below. 3. Abortive close due to network management message: the stack receives an ICMP message indicating a packet could not be delivered, such as HOST_UNREACH. From the application's point of view, the result is similar to #2, except for the particular error code it sees. 4. Timeout from TCP retransmit, either for an application send or, if it's enabled, TCP keepalive. 5. Arguably a separate case: 1-3 but generated by a middlebox, such as as a router, or an application firewall. In other words, the connection is forced closed by someone spoofing the peer. From the application's point of view, that makes no difference. Applications should almost never use an abortive close. TCP is intended to be a reliable (best-effort) stream transport, and it can only meet its (already weak) service guarantees if you let it acknowledge all application data and close the conversation cleanly. Now, when you have a higher-level conversation protocol such as TLS, and the higher-level protocol has already negotiated end-of-conversation, that may not seem important; the peers have agreed that they're not going to send anything more. That assumes, however, that the peers are well-behaved. And it is at the very least notionally cleaner to let the conversation close normally. Beyond that, an abortive close can cause TIME_WAIT Assassination, which is a Bad Thing. If you don't know what TIME_WAIT Assassination is, that's a sign you shouldn't be doing abortive closes. Don't invoke extraordinary behavior you don't understand. Now, all that said: Winsock closesocket will NOT do an abortive disconnect if you have not mucked with the SO_LINGER socket option (which you should not do unless you understand TCP). I don't know what documentation you saw that claims otherwise, but it's wrong. Calling shutdown before closesocket won't hurt anything, but (if you use the pattern that we've discussed in this thread) won't do anything useful either, in most cases. One case I forgot in my previous discussion: It's worth remembering that close/closesocket operates on a single reference to the connection, while shutdown operates on the connection itself. That is, the logic for close/closesocket is notionally something like this: close the descriptor/handle decrement the conversation's reference count if the reference count is 0 if connection is still open for sending shutdown(SHUT_WR) if connection is still open for receiving shutdown(SHUT_RD) In the c
Re: [openssl-users] Close TCP socket after SSL_clear()?
>SSL_shutdown(connection) || SSL_shutdown(connection); I like it! (Not!) I don't pretend to be a bits and bytes expert on TCP protocol. You can't be an expert on everything. So I will listen to expert advice. I know 99% of you all are 'nix guys and this is a Windows problem. I am seeing OTOH where my Windows doc says closesocket() does an abortive termination, and OTOH a discussion of a graceful closesocket() with SO_LINGER/SO_DONTLINGER. (1) This code is (at the application level) purely a receiver of data and (2) without the TLS layer in place it is hard to picture any meaningful data transfer and (3) we are in a session cleanup situation anyway -- so it seems to me that an abortive disconnect is perfectly fine. Am I wrong? Thanks for all of your help. Charles -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Michael Wojcik Sent: Friday, January 11, 2019 12:48 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] Close TCP socket after SSL_clear()? > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Karl Denninger > Sent: Friday, January 11, 2019 13:04 >if (!SSL_shutdown(connection)) { >SSL_shutdown(connection) >} Or if you really want to baffle future maintainers: SSL_shutdown(connection) || SSL_shutdown(connection); > The underlying handle is still open at the OS level after this, so on Unix anyway you want > to notify the OS that the socket is invalid for further I/O and then close it. > ... >shutdown(slave_socket[x].fd, SHUT_RDWR); >close(slave_socket[x].fd); Maybe I'm missing something, but I don't see much advantage to calling shutdown(SHUT_RDRW) and then immediately calling close(). close will implicitly do what shutdown does, in the normal case, including trying to send unsent data and waiting (for a while) for any remaining ACKs. If there's unsent or un-ACK'd data, shutdown will attempt to send it until the TCP retransmit limit is reached; that's normally longer than the linger time for the socket, so shutdown could try harder, and by the same token block longer, than close. But the same effect can be achieved by setting a longer linger time for the socket and just calling close. Similarly, if linger has been disabled (by setting the SO_LINGER option appropriately), then close will just abort the connection (i.e. send an RST, rather than a FIN, and not wait for the corresponding FIN-ACK; or if the peer sent the FIN, send an RST rather than a FIN-ACK and not wait for the last ACK). But anyone who disables linger on a TLS connection gets what they deserve. shutdown is generally useful if: - You only want a half-close (which is rarely used, even when it would be useful, and isn't generally appropriate for a TLS connection). - You want a full close, but you want to be able to retrieve the error information from the socket if the close fails. In that case, use shutdown, followed by getsockopt(SO_ERROR) if shutdown returns an error, followed by close. But your code is ignoring the return value from shutdown and not using getsockopt(SO_ERROR). The real question is: will the application do anything differently if any remaining outbound data - which there shouldn't be because at this point we've tried to do a blocking SSL_shutdown - can't be sent, and the closing FIN / FIN-ACK / ACK handshake completed, within the default linger time? And if so, will the application do anything that can't be achieved by just increasing the linger time? I think it'd be nice if more non-trivial applications used shutdown(SHUT_RDWR) + getsockopt(SO_ERROR) + close, and reported the error (if there is one) for diagnostic purposes. But beyond that there isn't a lot most applications can do, and for most a simple close is probably going to be fine. But as I said I may have overlooked some good reason for this particular code pattern. -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Close TCP socket after SSL_clear()?
@Karl, thanks, I'm not sure of anything. This was my first OpenSSL project and I just hacked on it until it "worked." It's been working for years but now we are seeing a re-connection error. So, it sounds like . Do the SSL_shutdown() a second time if it returns 0. . Lose the SSL_clear() . There is an SSL_free() in there following the snippet I pasted - leave it in there . Clean up the underlying socket appropriately. Looks like perhaps shutdown(socket, SD_BOTH) is the Windows equivalent of SHUT_RDWR - followed by closesocket() Thanks again! Charles From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Karl Denninger Sent: Friday, January 11, 2019 10:04 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Close TCP socket after SSL_clear()? On 1/10/2019 17:07, Charles Mills wrote: On Windows, for a new session, I am issuing a Windows accept() followed by SSL_new(), SSL_set_fd() and so forth. When the session sees some sort of an abnormal receive condition, I am doing int retCode = SSL_get_shutdown(sessionSSL); if ( retCode & SSL_RECEIVED_SHUTDOWN ) { SSL_shutdown(sessionSSL); } else { SSL_clear(sessionSSL); } Questions: 1. Do I also need to do a closesocket() (equivalent to UNIX close()) on the Windows socket? 2. Does anyone want to critique the above logic in any other way? The code basically "works" but I see evidence that a Windows TCP session is still open following an SSL error. Thanks, Charles Mills Are you sure you want to use SSL_clear() in the first place? It retains the session's settings which is only useful if the *exact* same peer is going to reconnect on the same SSL object. If a *different* peer connects there's a decent shot that the connection will fail. You also likely want to call SSL_shutdown(connection) again IF the first call returns zero; the first one sends a notification and if the other end hasn't closed yet returns zero. The second waits for a termination, either normal notification or abnormal, from the other end. if (!SSL_shutdown(connection)) { SSL_shutdown(connection) } The underlying handle is still open at the OS level after this, so on Unix anyway you want to notify the OS that the socket is invalid for further I/O and then close it. Code snippet (took_error is a flag that says "this connection is no longer needed", it's could be either an error in the higher level code or a "we're all done, let this connection go" indication): if (slave_socket[x].took_error) { slave_socket[x].connected = 0; /* Connection is void */ if (slave_socket[x].ssl_fd != NULL) { /* If there's a valid SSL connection */ if (!SSL_shutdown(slave_socket[x].ssl_fd)) { SSL_shutdown(slave_socket[x].ssl_fd); } SSL_free(slave_socket[x].ssl_fd); slave_socket[x].ssl = 0; /* We are not in SSL mode */ } shutdown(slave_socket[x].fd, SHUT_RDWR); close(slave_socket[x].fd); . Clean up the rest of the things you need to do when the connection ends Since the next connection may come from a different peer I do not use SSL_clear but rather SSL_free. The call to shutdown() tells the OS to send any data queued on the socket, wait for an ACK and then send FIN. -- Karl Denninger k...@denninger.net The Market Ticker [S/MIME encrypted email preferred] -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Close TCP socket after SSL_clear()?
On Windows, for a new session, I am issuing a Windows accept() followed by SSL_new(), SSL_set_fd() and so forth. When the session sees some sort of an abnormal receive condition, I am doing int retCode = SSL_get_shutdown(sessionSSL); if ( retCode & SSL_RECEIVED_SHUTDOWN ) { SSL_shutdown(sessionSSL); } else { SSL_clear(sessionSSL); } Questions: 1. Do I also need to do a closesocket() (equivalent to UNIX close()) on the Windows socket? 2. Does anyone want to critique the above logic in any other way? The code basically "works" but I see evidence that a Windows TCP session is still open following an SSL error. Thanks, Charles Mills -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Question on necessity of SSL_CTX_set_client_CA_list
Those darned customers are asking for it! I do understand the privacy exposure. Don't know if the customers do or do not. Charles -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Viktor Dukhovni Sent: Monday, December 3, 2018 12:40 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] Question on necessity of SSL_CTX_set_client_CA_list > On Dec 3, 2018, at 3:35 PM, Charles Mills wrote: > > OCSP and OCSP stapling are currently higher on my wish list than this. Good luck with OCSP, the documentation could definitely be better, and various projects get it wrong. IIRC curl gets OCSP right, so you could look there for example code, some other projects go through the motions, but don't always achieve a robust result. [ FWIW, I don't care much for OCSP, it's often not required, so it is then not clear what security properties it provides. ] -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Question on necessity of SSL_CTX_set_client_CA_list
> zOS does, for example, at least if you're using the RACF security provider. Ha! Spoken like a Micro Focus guy! One of the most likely clients for this server is in fact implemented on z/OS. Just FYI, the key variable is not so much RACF: (a.) RACF is just (in this case) a certificate store, not a TLS implementation; and (b.) I think the other two ESM's (CA TSS and ACF2) are 99% equivalent in their certificate facilities. The TLS implementation is named System SSL (sometimes known as GSK). That is the TLS library, roughly parallel to OpenSSL. (In fact I don't know of any other TLS implementation on z/OS other than the OpenSSL port -- but there could be some.) GSK also implements its own certificate store, but I don't think it is widely used in production. Yes, there would be lots of certificates in the certificate store, but at least in the case of the client I wrote, you configure it in advance to use a particular named certificate, so the server application itself does not have any choice at run time. It is "one certificate, take it or leave it." Thanks for the heads-up on Windows. I develop for both platforms, but I am much less familiar with all of the ins and outs of Windows. OCSP and OCSP stapling are currently higher on my wish list than this. Charles -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Michael Wojcik Sent: Monday, December 3, 2018 10:58 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Question on necessity of SSL_CTX_set_client_CA_list > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Charles Mills > Sent: Monday, December 03, 2018 10:55 > > Got it. Thanks. I would think the basic client case is "one certificate, one CA" I'm going to disagree somewhat with this assumption, but not necessarily with your decision. That assumption is probably safe for some use cases, but not all. For example, Windows-based clients that use Microsoft's TLS implementation (SChannel, via CAPI or CNG or any of the various wrapper APIs, including the .NET Framework) have access to all the "personal" certificates in the Windows per-machine and per-user certificate stores. In a Windows domain environment, certificates may be added to those stores by central administration, as well as being created or added locally. So such clients could have quite a few client certificates available to them. Some other TLS implementations can optionally use the Windows certificate stores. I believe Netscape's NSS can be configured to do so, for example. A suitable JSSE provider is included with the standard Windows JRE and JDK distributions. And OpenSSL itself has a CAPI engine that can (probably) be used to pull client certificates from the Windows stores. (I say "probably" because when we went to use the OpenSSL CAPI engine some years ago, we ran into some issues caused by Microsoft's awkward provider mechanism and how it interacts with private-key storage, and I ended up enhancing the OpenSSL CAPI module in various ways. So I don't recall what exactly works with it out of the box.) There are other environments which similarly provide centralized storage of certificates (and corresponding private keys) to all clients. zOS does, for example, at least if you're using the RACF security provider. Perhaps more importantly, as Viktor noted, some clients won't send a certificate at all unless they have one signed by a CA on the server's list, or at least only if the server sends a non-empty list. The list is also useful for clients that want to help the user select from among a set of certificates. > so I think I will roll with what we have (especially since the product has been > out there for years with no reported problems in this area -- although I think > client certificate usage is rare) but keep the issue in mind if a problem comes > up. Despite what I wrote above, the important thing, of course, is what your users need. If they haven't needed a server that sends a CA list, there's a good chance they won't need one any time soon. Often there are better things to address first. TLS configuration is important, but certainly for the software projects I work on there are any number of important areas for further work. You can't do everything at once. -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] [EXTERNAL] Re: Self-signed error when using SSL_CTX_load_verify_locations CApath
LOL. Amen to that. It has gotten a WHOLE lot better. I started with OpenSSL somewhere around 2010 and the documentation was EXTREMELY sparse to say the list. Lots of functions documented as "under construction." Charles -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Michael Wojcik Sent: Monday, December 3, 2018 10:58 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] [EXTERNAL] Re: Self-signed error when using SSL_CTX_load_verify_locations CApath > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Charles Mills > Sent: Monday, December 03, 2018 10:53 > > I appreciate it. OpenSSL is of course a great product but it can be a little > mystifying to debug. If I were ever to write a book about OpenSSL, "a great product but a little mystifying" would be an appropriate epigraph. Maybe Ivan should use it for the next edition of his OpenSSL Cookbook. (Recommended, by the way, or its larger sibling Bulletproof TLS; find them at feistyduck.com.) Not that it hasn't gotten better over the years: better encapsulation and abstraction, a lot more convenience functionality, a lot more explanation and samples on the OpenSSL wiki (which I think didn't even exist when I first started using OpenSSL). I have great appreciation for the team's efforts. But SSL/TLS is a great big ball of hair to begin with, and while I have tremendous respect for Eric Young, Steven Hensen, and the rest of the original contributors, the OpenSSL source is not exactly a monument to readability. (Though even in the early versions there were some important steps in that direction, like mostly consistent, safe naming conventions for external identifiers, thank goodness.) -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Question on necessity of SSL_CTX_set_client_CA_list
Got it. Thanks. I would think the basic client case is "one certificate, one CA" so I think I will roll with what we have (especially since the product has been out there for years with no reported problems in this area -- although I think client certificate usage is rare) but keep the issue in mind if a problem comes up. Charles -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Viktor Dukhovni Sent: Sunday, December 2, 2018 5:50 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] Question on necessity of SSL_CTX_set_client_CA_list > On Dec 2, 2018, at 7:38 PM, Charles Mills wrote: > > I have an OpenSSL (v1.1.0f) server application that processes client > certificates. > > The doc for SSL_CTX_load_verify_locations() states “In server mode, when > requesting a client certificate, the server must send the list of CAs of > which it will accept client certificates. This list is not influenced by the > contents of CAfile or CApath and must explicitly be set using the > SSL_CTX_set_client_CA_list family of functions.” > > The application makes no calls to SSL_CTX_set_client_CA_list() yet receives > client certificates without errors. > > Can someone please explain the discrepancy. I’m especially wondering if I > have set a trap that will spring down the road: “yes it works, but if a user > does X then it will not work.” The default list is empty. Some client implementations, IIRC Java's TLS stack or at least some Java TLS toolkits, will not use a client certificate unless the server's list is non-empty, and perhaps may also require that it include a CA name that matches an issuer of their certificate. Other clients have but one default certificate and use it regardless of the server's CA list. Your mileage may vary. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] [EXTERNAL] Re: Self-signed error when using SSL_CTX_load_verify_locations CApath
I appreciate it. OpenSSL is of course a great product but it can be a little mystifying to debug. I am a developer and I understand the problem of "layering" and virtualization, where the component that realizes there is a problem is so far removed that it does not know what the underlying real problem is. That said, I would suggest that "Provided chain ends with untrusted self-signed certificate" still does not really convey "no relevant CA certificate found in the provided path." Charles -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Michael Wojcik Sent: Monday, December 3, 2018 7:22 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] [EXTERNAL] Re: Self-signed error when using SSL_CTX_load_verify_locations CApath > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Viktor Dukhovni > Sent: Saturday, December 01, 2018 13:53 > > On Sat, Dec 01, 2018 at 07:12:24PM +, Michael Wojcik wrote: > > > > Are there compatibility concerns around changing error message > > > text for which users may have created regex patterns in scripts? > > > > > > I agree the text could be better, but not sure in what releases > > > if any to change the text, since the change may cause issues > > > for some users. > > > > Sure, this is always a concern. Maybe the change could be considered for > > OpenSSL 3.0, since that's a major release. > > Care to create a PR against the "master" branch? Something > along the lines of: > > "Provided chain ends with untrusted self-signed certificate" > > or better. Here "untrusted" might mean not trusted for the requested > purpose, but more precise is not always more clear. I should be able to do that. (My OpenSSL contributor paperwork is still in progress, but since this PR wouldn't include any actual code, I don't think I need to wait for that.) May be a few days before I get a chance to do it. -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Question on necessity of SSL_CTX_set_client_CA_list
Do I need to say no calls to SSL_CTX_set_client_CA_list() nor any of the three related functions listed on the man page? Charles From: Charles Mills [mailto:charl...@mcn.org] Sent: Sunday, December 2, 2018 4:38 PM To: 'openssl-users@openssl.org' Subject: Question on necessity of SSL_CTX_set_client_CA_list I have an OpenSSL (v1.1.0f) server application that processes client certificates. The doc for SSL_CTX_load_verify_locations() states "In server mode, when requesting a client certificate, the server must send the list of CAs of which it will accept client certificates. This list is not influenced by the contents of CAfile or CApath and must explicitly be set using the SSL_CTX_set_client_CA_list family of functions." The application makes no calls to SSL_CTX_set_client_CA_list() yet receives client certificates without errors. Can someone please explain the discrepancy. I'm especially wondering if I have set a trap that will spring down the road: "yes it works, but if a user does X then it will not work." Thanks! Charles -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Self-signed error when using SSL_CTX_load_verify_locations CApath
Sorry, I do not have a packet capture tool configured. I have a verify callback with a lot of trace messages. I can see that it is only entered once; X509_STORE_CTX_get_error_depth() is 1. Does that tell us anything useful? Charles -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Kyle Hamilton Sent: Saturday, December 1, 2018 10:29 PM To: openssl-users Subject: Re: [openssl-users] Self-signed error when using SSL_CTX_load_verify_locations CApath Wireshark and other packet capture tools can help you determine exactly what's in the chain sent by the client. If the self-signed root isn't being sent, then the "self-signed certificate in certificate chain" error should never have been sent, and a bug report on that issue would be appropriate. If the root is being sent, though, having some idea of what you're doing when constructing your sessions could help us to figure out why it is when you didn't intend it to be. -Kyle H On Sat, Dec 1, 2018 at 1:47 PM Charles Mills wrote: > > > It was found in the chain of certificates sent by the client to the > > server for validation > > Again, I could be wrong but that is my point. I do not think the client is > sending a chain of certificates, but rather only one, the CA-signed client > certificate. (I wrote and configured the client, and generated the > certificate, and loaded it into the certificate store.) > > Charles > > -Original Message- > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Viktor Dukhovni > Sent: Saturday, December 1, 2018 12:47 PM > To: openssl-users@openssl.org > Subject: Re: [openssl-users] Self-signed error when using > SSL_CTX_load_verify_locations CApath > > On Sat, Dec 01, 2018 at 12:29:42PM -0800, Charles Mills wrote: > > > I could easily be wrong -- you guys know more about certificates than I > ever > > will -- but I do not *think* there is any self-signed certificate in this > > scenario. There should be exactly two certificates in this discussion: > > > > 1. The client certificate. It is not self-signed (in the correct sense of > > the term, as opposed to the erroneous popular sense): it is signed by my > > "in-house" CA. > > > > 2. The CA certificate. Yes, it is a root and self-signed, but you didn't > > find it, right? > > You seem to be stuck on a narrow meaning of the word "found". The > self-signed certificate *was* found, but not in the trust-store. > > It was found in the chain of certificates sent by the client to the > server for validation. That's what the error message is telling > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Question on necessity of SSL_CTX_set_client_CA_list
I have an OpenSSL (v1.1.0f) server application that processes client certificates. The doc for SSL_CTX_load_verify_locations() states "In server mode, when requesting a client certificate, the server must send the list of CAs of which it will accept client certificates. This list is not influenced by the contents of CAfile or CApath and must explicitly be set using the SSL_CTX_set_client_CA_list family of functions." The application makes no calls to SSL_CTX_set_client_CA_list() yet receives client certificates without errors. Can someone please explain the discrepancy. I'm especially wondering if I have set a trap that will spring down the road: "yes it works, but if a user does X then it will not work." Thanks! Charles -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Self-signed error when using SSL_CTX_load_verify_locations CApath
> It was found in the chain of certificates sent by the client to the > server for validation Again, I could be wrong but that is my point. I do not think the client is sending a chain of certificates, but rather only one, the CA-signed client certificate. (I wrote and configured the client, and generated the certificate, and loaded it into the certificate store.) Charles -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Viktor Dukhovni Sent: Saturday, December 1, 2018 12:47 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] Self-signed error when using SSL_CTX_load_verify_locations CApath On Sat, Dec 01, 2018 at 12:29:42PM -0800, Charles Mills wrote: > I could easily be wrong -- you guys know more about certificates than I ever > will -- but I do not *think* there is any self-signed certificate in this > scenario. There should be exactly two certificates in this discussion: > > 1. The client certificate. It is not self-signed (in the correct sense of > the term, as opposed to the erroneous popular sense): it is signed by my > "in-house" CA. > > 2. The CA certificate. Yes, it is a root and self-signed, but you didn't > find it, right? You seem to be stuck on a narrow meaning of the word "found". The self-signed certificate *was* found, but not in the trust-store. It was found in the chain of certificates sent by the client to the server for validation. That's what the error message is telling -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Self-signed error when using SSL_CTX_load_verify_locations CApath
I could easily be wrong -- you guys know more about certificates than I ever will -- but I do not *think* there is any self-signed certificate in this scenario. There should be exactly two certificates in this discussion: 1. The client certificate. It is not self-signed (in the correct sense of the term, as opposed to the erroneous popular sense): it is signed by my "in-house" CA. 2. The CA certificate. Yes, it is a root and self-signed, but you didn't find it, right? (Because of my error in not running the hash utility.) If you found it what is the problem? Does the hashing process imply trust? Then the error message should be "untrusted CA certificate," no? (There is only one certificate in the CApath folder.) Am I missing something? Charles -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Viktor Dukhovni Sent: Friday, November 30, 2018 4:37 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] Self-signed error when using SSL_CTX_load_verify_locations CApath > On Nov 30, 2018, at 7:25 PM, Charles Mills wrote: > > Well, it ought then to say "I couldn't find any certificates at all" rather > than "I found a self-signed certificate" when it did not. A self-signed certificate was found, in the chain being verified. The message should likely be more clear (perhaps along the lines suggested by Michael Wojcik), but it is not incorrect. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Self-signed error when using SSL_CTX_load_verify_locations CApath
Well, it ought then to say "I couldn't find any certificates at all" rather than "I found a self-signed certificate" when it did not. I used to manage product developers. Sometimes I would point out a need for product improvement and they would say "the code doesn't work that way." I would reply "I understand. I'm asking you to change the code." Charles -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Viktor Dukhovni Sent: Friday, November 30, 2018 3:35 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] Self-signed error when using SSL_CTX_load_verify_locations CApath > On Nov 30, 2018, at 5:00 PM, Charles Mills wrote: > > "Self-signed certificate in certificate chain" does not to me convey "No certificate hash links" (or "CA certificate not found in hash links"). That's not really possible, because the code that's doing certificate validation works with an abstract certificate store API, and does not know whether a particular certificate should or should not have been listed a trust-anchor in some store. All we know is that we've reached a self-signed certificate in the chain (so no further issuers can be found) and it is not in any of the trust stores, so verification fails. Perhaps we could document the errors in a bit more depth, but I don't think it is possible to tell you that your CApath was missing some specific symlink. -- -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Self-signed error when using SSL_CTX_load_verify_locations CApath
Thank you, yes, that solved it. May I respectfully suggest that you consider improving the error message? "Self-signed certificate in certificate chain" does not to me convey "No certificate hash links" (or "CA certificate not found in hash links"). Charles -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Viktor Dukhovni Sent: Friday, November 30, 2018 10:22 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Self-signed error when using SSL_CTX_load_verify_locations CApath > On Nov 30, 2018, at 12:47 PM, Charles Mills wrote: > > I am using a client certificate that was signed by my “homegrown” CA (which > uses the OpenSSL utility). When I point to the CA .PEM with > SSL_CTX_load_verify_locations CAfile it works perfectly. When instead I use > CApath to point to a folder that contains only that one .PEM file it fails. See the documentation of c_rehash. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Self-signed error when using SSL_CTX_load_verify_locations CApath
(Apologies if a duplicate - I think I mis-sent the first attempt.) I wrote a TLS server application that runs under Windows and has been working successfully for years. I am currently using OpenSSL 1.1.0f. When I wrote the code I only supported a single CA file for client certificates. I pass the file name in through SSL_CTX_load_verify_locations CAfile and with CApath NULL. Recently I was asked to add support for multiple CA files. I updated my parameter handling to support a CA path, and I can now pass the path instead using SSL_CTX_load_verify_locations CApath. I am using a client certificate that was signed by my "homegrown" CA (which uses the OpenSSL utility). When I point to the CA .PEM with SSL_CTX_load_verify_locations CAfile it works perfectly. When instead I use CApath to point to a folder that contains only that one .PEM file it fails. My verify callback is driven with -Error with certificate at depth: 1 err 19:self signed certificate in certificate chain error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed:ssl\statem\statem_srvr.c:2893: Yes, the CA certificate is a root certificate and is self-signed. But it works as a CAfile. Can someone give me some guidance here? FWIW I specify SSL_CTX_set_verify(sslContext, SSL_VERIFY_PEER, verify_callback); Thanks, Charles -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Should I stop using locking callbacks in OpenSSL 1.1.0x ?
Not to disagree of course, but you can always put printf's in your callbacks to confirm. CharlesSent from a mobile; please excuse the brevity. Original message From: "Salz, Rich via openssl-users"Date: 4/13/18 3:22 PM (GMT-05:00) To: openssl-users@openssl.org Subject: Re: [openssl-users] Should I stop using locking callbacks in OpenSSL 1.1.0x ? Does this mean I can safely remove all usages of the above functions from my application code? I'd appreciate if someone could explain the above comment in a little more detail or confirm what I'm saying. Or has anyone else been in the same situation? Yes. Do not use the locking callbacks. OpenSSL uses system-native threads and locks now. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Help with making a SHA >1 certificate
The CA’s certificate validity is Not After : Nov 18 17:39:38 2024 GMT Charles From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of warron.french Sent: Monday, November 6, 2017 4:02 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] Help with making a SHA >1 certificate Charles, I am no expert either - sorry. However, the question about why is your signed certificate at least not getting to be over 1 year in "length?" What is the duration of the CA's certificate? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Help with making a SHA >1 certificate
Please forgive my ignorance here. I'm really not a certificate expert. I'm a software developer trying to make certificates to use in a testing situation. I've got some scripts that I have been using for years. I've just upgraded to 1.10f (but there are no upgrade issues that I know of - that's not the problem). My last test certificate expired. So I am trying to make another one. All I seem to be able to make are SHA-1 signed certificates, but I'm trying to load them into a FIPS-140 (non-OpenSSL) key repository and it is failing, I think because of the SHA-1. Here is how I am making the certificate. What do I have to do differently to make a SHA-512 (or at least some SHA > 1) certificate? C:\OpenSSL-Win32-110f\bin\openssl.exe req -newkey rsa:2048 -sha512 -keyout %1.key.pem -out %1.req.pem -config openssl_edited_win32_default.cfg -extensions usr_cert -reqexts usr_cert -nodes -days 3650 C:\OpenSSL-Win32-110f\bin\openssl req -text -in %1.req.pem -sha512 C:\OpenSSL-Win32-110f\bin\openssl.exe ca -in %1.req.pem -config CMC_root_config.cnf -out %1.pem -verbose -cert CMC_root.pem -keyfile CMC_root.key.pem -passin pass:password Here is what I end up with: Signature Algorithm: sha1WithRSAEncryption Issuer: CN=Charles Mills Consulting, LLC, ST=California, C=US/emailAddress=charl...@mcn.org, O=Charles Mills Consulting, LLC Validity Not Before: Nov 6 19:13:09 2017 GMT Not After : Nov 6 19:13:09 2018 GMT Subject: CN=Charles Mills Consulting, LLC, ST=California, C=US/emailAddress=charl...@mcn.org, O=CZAGENT_Nov2017 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) While we're at it, why doesn't my -days 3650 seem to have any effect? Thanks! Charles -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Replacing CRYPTO_NUM_LOCKS on migration 101 to 110
Works like a champ! Threaded code is handling 800 TLS server sessions with nary a callback in sight. Charles From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Paul Dale Sent: Wednesday, October 18, 2017 5:04 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] Replacing CRYPTO_NUM_LOCKS on migration 101 to 110 Yes. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia From: Charles Mills [mailto:charl...@mcn.org] Sent: Thursday, 19 October 2017 7:20 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Replacing CRYPTO_NUM_LOCKS on migration 101 to 110 Wow! Thanks. You are saying to just drop out this array, and the two CRYPTO_set_..._callback() functions, and the functions they reference? Charles From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Paul Dale Sent: Wednesday, October 18, 2017 2:14 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] Replacing CRYPTO_NUM_LOCKS on migration 101 to 110 OpenSSL 1.1.x handle the locking themselves. You don't need to install the locking call backs and don't need to provide locking functionality. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia From: Charles Mills [mailto:charl...@mcn.org] Sent: Thursday, 19 October 2017 6:09 AM To: openssl-users@openssl.org Subject: [openssl-users] Replacing CRYPTO_NUM_LOCKS on migration 101 to 110 I am migrating a multi-threaded Windows application from OpenSSL 1.0.1h to 1.1.0f. I am using the Shining Light pre-built Windows DLLs. The code, which I wrote some time ago, has a statement HANDLE Comm::sslMutexArray[CRYPTO_NUM_LOCKS]; The array is referenced by my sslLockingFunction. When I compile with the 1.1.0f headers I get at undefined symbol on CRYPTO_NUM_LOCKS. Is my understanding of http://www.manpagez.com/man/3/CRYPTO_num_locks/osx-10.3.php correct? Basically, I need to replace the static array sslMutexArray[CRYPTO_NUM_LOCKS] with a malloc() or new to get an array of the size returned by a call to CRYPTO_num_locks(void)? Is that correct? Anything else I need to do in this regard? Thanks, Charles -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Where is mttest.c?
Got it. Thanks, Charles -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Richard Levitte Sent: Thursday, October 19, 2017 12:19 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Where is mttest.c? In message <131801d34857$50fe15e0$f2fa41a0$@mcn.org> on Wed, 18 Oct 2017 14:23:18 -0700, "Charles Mills" <charl...@mcn.org> said: charlesm> Sorry – OpenSSL is not what I do every day. charlesm> charlesm> I see in the man pages a reference to crypto/threads/mttest.c. That's the 1.0.2 manpages, right? charlesm> I’ve got the 1.1.0f tar and the crypto directory does not charlesm> contain a threads directory. Where do I find mttest.c? You don't. It's been removed in 1.1.0, and as far as I can see, you won't find any reference to mttest.c in the 1.1.0 docs... -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Where is mttest.c?
Sorry - OpenSSL is not what I do every day. I see in the man pages a reference to crypto/threads/mttest.c. I've got the 1.1.0f tar and the crypto directory does not contain a threads directory. Where do I find mttest.c? Thanks, Charles -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Replacing CRYPTO_NUM_LOCKS on migration 101 to 110
Wow! Thanks. You are saying to just drop out this array, and the two CRYPTO_set_..._callback() functions, and the functions they reference? Charles From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Paul Dale Sent: Wednesday, October 18, 2017 2:14 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] Replacing CRYPTO_NUM_LOCKS on migration 101 to 110 OpenSSL 1.1.x handle the locking themselves. You don't need to install the locking call backs and don't need to provide locking functionality. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia From: Charles Mills [mailto:charl...@mcn.org] Sent: Thursday, 19 October 2017 6:09 AM To: openssl-users@openssl.org Subject: [openssl-users] Replacing CRYPTO_NUM_LOCKS on migration 101 to 110 I am migrating a multi-threaded Windows application from OpenSSL 1.0.1h to 1.1.0f. I am using the Shining Light pre-built Windows DLLs. The code, which I wrote some time ago, has a statement HANDLE Comm::sslMutexArray[CRYPTO_NUM_LOCKS]; The array is referenced by my sslLockingFunction. When I compile with the 1.1.0f headers I get at undefined symbol on CRYPTO_NUM_LOCKS. Is my understanding of http://www.manpagez.com/man/3/CRYPTO_num_locks/osx-10.3.php correct? Basically, I need to replace the static array sslMutexArray[CRYPTO_NUM_LOCKS] with a malloc() or new to get an array of the size returned by a call to CRYPTO_num_locks(void)? Is that correct? Anything else I need to do in this regard? Thanks, Charles -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Replacing CRYPTO_NUM_LOCKS on migration 101 to 110
I am migrating a multi-threaded Windows application from OpenSSL 1.0.1h to 1.1.0f. I am using the Shining Light pre-built Windows DLLs. The code, which I wrote some time ago, has a statement HANDLE Comm::sslMutexArray[CRYPTO_NUM_LOCKS]; The array is referenced by my sslLockingFunction. When I compile with the 1.1.0f headers I get at undefined symbol on CRYPTO_NUM_LOCKS. Is my understanding of http://www.manpagez.com/man/3/CRYPTO_num_locks/osx-10.3.php correct? Basically, I need to replace the static array sslMutexArray[CRYPTO_NUM_LOCKS] with a malloc() or new to get an array of the size returned by a call to CRYPTO_num_locks(void)? Is that correct? Anything else I need to do in this regard? Thanks, Charles -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
RE: SSL alert number 51
I posted the certificates. What's next? Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Matt Caswell Sent: Wednesday, November 19, 2014 3:35 PM To: openssl-users@openssl.org Subject: Re: SSL alert number 51 On 19/11/14 22:57, Charles Mills wrote: Dave - Thanks much. Either there's a bug somewhere or you are being attacked (MitM'ed). Unlikely I am being MitM'ed -- the connection is over a VPN. (Why TLS when there is already a VPN in place? I am testing TLS software and the VPN is a fact of life and my only client to server link. Do you mean the server, running 1.0.1h on Win7, produced this error message, or some client talking *to* such a server produced the error? Statement was kind of ambiguous, wasn't it? The server, which is OpenSSL 1.0.1h 5 Jun 2014, produced this message, when the client attempted to connect. The client is application software that uses the IBM GSK crypto library on z/OS. The error message at the client end is Error code 9 returned from GSK function gsk_secure_socket_init(): Cryptographic processing error. It is my code that produces that exact message, but the 9 comes back from the indicated method and the text comes from a system function, gsk_strerror(9). The documentation says 9 Cryptographic processing error. Explanation: An error is detected by a cryptographic function. This error may also occur if key sizes that are non-FIPS are used during an SSL handshake while operating in FIPS mode. My guess is that this last sentence is the cause of your problem. User response: If the error occurred while executing in FIPS mode, check that only FIPS key sizes are used. Collect a System SSL trace containing the error and then contact your service representative. I can connect between the client and the server using the set of parameters under test. They negotiate TLSV1.1 and what you call DHE-RSA-AES256-SHA and FIPS 140-2 places restrictions on the size of the RSA key that you can use. I'm not a FIPS 140-2 expert but I believe you have to be compliant with the various other FIPS standards including FIPS 186-4(?): This Standard specifies three choices for the length of the modulus (i.e.,nlen): 1024, 2048 and 3072 bits. Federal Government entities shall generate digital signatures using one or more of these choices. So how big is your RSA key on the server? Are you able to post the certificate? Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: SSL alert number 51
Thanks. I guess I may have to open a problem with IBM. The IBM documentation clearly lists a number of cipher suites (at they call them) that use SHA1 (including the one we (IBM+OpenSSL) default to as being FIPS 140-2 compliant. GSK appears to only support SHA1 and MD5, and MD4 is pretty clearly not FIP 140-2 compliant. Hmm. I had this note partly composed when Dr. Henson's reply came in. I am thoroughly mystified. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Matt Caswell Sent: Friday, November 21, 2014 7:04 AM To: openssl-users@openssl.org Subject: Re: SSL alert number 51 On 21/11/14 14:43, Charles Mills wrote: I posted the certificates. What's next? Charles The key sizes look ok to me. As I said I'm no FIPS expert, but this page http://wiki.openssl.org/index.php/FIPS_mode_and_TLS says the following: The RSA key in the certificate has to be of suitable size (2048 bits minimum) as do all other keys in the chain and none of the CAs can sign using SHA1. But your certificates say: Signature Algorithm: sha1WithRSAEncryption So I'm wondering if that is the problem? Failing that you may need to approach IBM since the alert is being generated from their code. Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: SSL alert number 51
Thanks guys for all of the clues! I got it working! Long story. Wow, FIPS is a moving target. I re-did my root CA with SHA 256, and my server certificate. I had to move my testing from z/OS V1R13 to z/OS V2R1 -- *apparently* V1R13 does not support TLS V1.2 which as you intimated at some point may be required for things that FIPS requires. (A corollary would seem to be that z/OS V1R13 does not support current FIPS requirements but don't quote me on that.) Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Friday, November 21, 2014 11:00 AM To: openssl-users@openssl.org Subject: Re: SSL alert number 51 On Fri, Nov 21, 2014, Charles Mills wrote: Thanks. I guess I may have to open a problem with IBM. The IBM documentation clearly lists a number of cipher suites (at they call them) that use SHA1 (including the one we (IBM+OpenSSL) default to as being FIPS 140-2 compliant. GSK appears to only support SHA1 and MD5, and MD4 is pretty clearly not FIP 140-2 compliant. Hmm. I had this note partly composed when Dr. Henson's reply came in. I am thoroughly mystified. Could try to connect your client to OpenSSL's s_server utility with the -state (or for 1.0.2 -trace)? If we can find out what message is triggering that error it might give some hints. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: SSL alert number 51
To set the record straight, I am told that a PTF (IBMese for patch) is required for z/OS V1R13 to support TLS v1.2. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills Sent: Friday, November 21, 2014 12:07 PM To: openssl-users@openssl.org Subject: RE: SSL alert number 51 Thanks guys for all of the clues! I got it working! Long story. Wow, FIPS is a moving target. I re-did my root CA with SHA 256, and my server certificate. I had to move my testing from z/OS V1R13 to z/OS V2R1 -- *apparently* V1R13 does not support TLS V1.2 which as you intimated at some point may be required for things that FIPS requires. (A corollary would seem to be that z/OS V1R13 does not support current FIPS requirements but don't quote me on that.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
SSL alert number 51
Good day - Can anyone offer some clues on 10280:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error:.\ssl\s3_pkt.c:1275:SSL alert number 51 OpenSSL 1.01h is the server, running on Windows 7 Pro 64 bit. Thanks, Charles
RE: SSL alert number 51
Dave - Thanks much. Either there's a bug somewhere or you are being attacked (MitM'ed). Unlikely I am being MitM'ed -- the connection is over a VPN. (Why TLS when there is already a VPN in place? I am testing TLS software and the VPN is a fact of life and my only client to server link. Do you mean the server, running 1.0.1h on Win7, produced this error message, or some client talking *to* such a server produced the error? Statement was kind of ambiguous, wasn't it? The server, which is OpenSSL 1.0.1h 5 Jun 2014, produced this message, when the client attempted to connect. The client is application software that uses the IBM GSK crypto library on z/OS. The error message at the client end is Error code 9 returned from GSK function gsk_secure_socket_init(): Cryptographic processing error. It is my code that produces that exact message, but the 9 comes back from the indicated method and the text comes from a system function, gsk_strerror(9). The documentation says 9 Cryptographic processing error. Explanation: An error is detected by a cryptographic function. This error may also occur if key sizes that are non-FIPS are used during an SSL handshake while operating in FIPS mode. User response: If the error occurred while executing in FIPS mode, check that only FIPS key sizes are used. Collect a System SSL trace containing the error and then contact your service representative. I can connect between the client and the server using the set of parameters under test. They negotiate TLSV1.1 and what you call DHE-RSA-AES256-SHA and GSK calls Cipher Suite 39 - SSL V3.0 AES SHA-1(ephemeral Diffie-Hellman) RSA. It works provided I do not turn on FIPS 140-2 mode. If I turn on FIPS 140-2 mode with rc = gsk_fips_state_set(GSK_FIPS_STATE_ON); and use otherwise identical parameters then this error occurs. (Cipher Suite 39 is a valid FIPS 140-2 cipher suite, according to the IBM GSK documentation.) I don't think that an s_client test would be terribly informative, seeing as I can connect with the actual client software. Back to you ... Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Wednesday, November 19, 2014 2:20 PM To: openssl-users@openssl.org Subject: RE: SSL alert number 51 From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills Sent: Wednesday, November 19, 2014 14:08 10280:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error:.\ssl\s3_pkt.c:1275:SSL alert number 51 http://tools.ietf.org/html/rfc5246.html#section-7.2 decrypt_error A handshake cryptographic operation failed, including being unable to correctly verify a signature or validate a Finished message. This message is always fatal. Either there's a bug somewhere or you are being attacked (MitM'ed). OpenSSL 1.01h is the server, running on Windows 7 Pro 64 bit. Do you mean the server, running 1.0.1h on Win7, produced this error message, or some client talking *to* such a server produced the error? In either case, what is in the error output or log of the opposite peer? If you try to connect s_client to the server, or the client to s_server, respectively, does it work or what error info does it give you? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: SSL alert number 51
- DHE is 1024 - RSA is 2048 Server certificate: Certificate: Data: Version: 3 (0x2) Serial Number: 13 (0xd) Signature Algorithm: sha1WithRSAEncryption Issuer: CN=Charles Mills Consulting, LLC, ST=California, C=US/emailAddress=charles m...@mcn.org, O=Charles Mills Consulting, LLC Validity Not Before: Nov 19 17:06:26 2014 GMT Not After : Nov 19 17:06:26 2015 GMT Subject: CN=Charles Mills Consulting, LLC, ST=California, C=US/emailAddress=charle s...@mcn.org, O=X201NOTEBOOK_Server Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c2:31:37:47:60:74:b9:b7:f1:3e:31:40:d4:5b: 76:0b:a6:fb:d7:0d:75:87:3e:70:9b:1b:93:d2:a1: 0c:94:68:ba:ee:75:eb:28:28:de:16:25:32:d3:7a: 8c:4a:3f:39:1e:82:b6:5a:8a:89:75:cc:cc:77:87: af:8f:9c:c6:dc:b2:40:5c:8a:0a:74:3e:f1:f5:9f: da:23:b7:4d:a5:b7:48:7b:44:aa:58:8f:42:34:41: a2:51:22:50:50:74:28:99:5f:56:b5:f8:77:26:8e: a1:96:f3:28:10:7c:bf:75:37:a6:45:e7:3a:a2:63: 4f:ec:39:b0:12:51:90:18:7e:e2:a1:9e:76:c7:77: bd:ab:cf:0c:d2:d0:e8:cb:a8:fc:c3:85:94:41:ed: 53:82:f5:0c:32:dc:0d:80:e5:2d:34:f1:9c:e4:98: 2d:93:20:6b:57:78:87:3e:5e:c5:50:45:5a:ac:af: dc:bd:38:c1:3d:31:2c:18:bc:4f:f2:7e:cf:f0:ba: 94:57:54:3e:89:2a:af:37:73:08:4d:b7:e3:e1:bb: 9a:86:6d:f6:73:a3:22:d8:d9:c7:8d:2a:32:8a:be: fa:36:66:54:c1:3a:7a:bd:e6:b8:2b:72:65:1f:c3: 5c:91:ca:bc:44:7b:0b:d2:8f:1c:73:75:ff:5d:ce: cf:31 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Alternative Name: DNS:X201NOTEBOOK_Server, DNS:10.17.40.*, DNS:10.17.40.* X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 7B:A3:68:D6:1D:26:59:91:5D:21:1B:45:99:C4:B2:92:BF:46:1D:29 Signature Algorithm: sha1WithRSAEncryption 61:2e:16:1c:b5:90:72:e8:b6:1c:00:82:5f:7f:70:69:14:e3: 6b:fc:4c:3d:7f:24:f1:85:73:16:21:58:7e:46:4f:b5:97:d3: 5e:92:f0:4e:70:be:28:41:12:65:1e:fd:12:f3:43:d5:96:44: 60:96:3e:52:d8:1f:ae:8b:52:a1:bc:4f:1b:1a:59:2b:8f:5a: 49:1e:21:4b:14:f1:d1:84:b3:fb:58:48:04:27:5f:ac:28:73: 3b:81:c3:39:72:0a:6b:3e:c4:58:a9:a9:75:78:a1:f0:4e:6d: e7:4e:a2:71:22:9d:11:1a:a8:38:03:8c:ff:5c:9d:e0:a2:3a: 39:39:0b:fb:c2:7a:ec:42:4e:fb:fe:53:c1:63:b1:c6:2d:59: 14:82:4f:07:05:9d:91:96:e9:bd:15:c0:ba:f4:da:54:81:2e: 11:f8:b9:86:00:a2:09:fc:7a:f5:c5:2d:44:06:c8:cc:2a:ad: b8:d7:12:90:43:7a:74:81:64:6b:19:db:00:d1:f6:cf:da:b9: c7:49:5e:4d:18:65:6d:ef:c0:0d:b9:9c:d1:27:27:b6:64:0c: 11:5c:0d:a9:54:90:38:aa:61:63:f1:88:ae:d4:1b:40:98:96: 3c:13:e9:97:8e:9f:a4:01:f5:a4:ff:4d:4a:c7:2e:a6:56:63: 82:c0:57:7b -BEGIN CERTIFICATE- MIIETDCCAzSgAwIBAgIBDTANBgkqhkiG9w0BAQUFADCBkzEmMCQGA1UEAwwdQ2hh cmxlcyBNaWxscyBDb25zdWx0aW5nLCBMTEMxEzARBgNVBAgMCkNhbGlmb3JuaWEx CzAJBgNVBAYTAlVTMR8wHQYJKoZIhvcNAQkBFhBjaGFybGVzbUBtY24ub3JnMSYw JAYDVQQKDB1DaGFybGVzIE1pbGxzIENvbnN1bHRpbmcsIExMQzAeFw0xNDExMTkx NzA2MjZaFw0xNTExMTkxNzA2MjZaMIGJMSYwJAYDVQQDDB1DaGFybGVzIE1pbGxz IENvbnN1bHRpbmcsIExMQzETMBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMC VVMxHzAdBgkqhkiG9w0BCQEWEGNoYXJsZXNtQG1jbi5vcmcxHDAaBgNVBAoME1gy MDFOT1RFQk9PS19TZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDCMTdHYHS5t/E+MUDUW3YLpvvXDXWHPnCbG5PSoQyUaLrudesoKN4WJTLTeoxK PzkegrZaiol1zMx3h6+PnMbcskBcigp0PvH1n9ojt02lt0h7RKpYj0I0QaJRIlBQ dCiZX1a1+HcmjqGW8ygQfL91N6ZF5zqiY0/sObASUZAYfuKhnnbHd72rzwzS0OjL qPzDhZRB7VOC9Qwy3A2A5S008ZzkmC2TIGtXeIc+XsVQRVqsr9y9OME9MSwYvE/y fs/wupRXVD6JKq83cwhNt+Phu5qGbfZzoyLY2ceNKjKKvvo2ZlTBOnq95rgrcmUf w1yRyrxEewvSjxxzdf9dzs8xAgMBAAGjgbIwga8wCQYDVR0TBAIwADA2BgNVHREE LzAtghNYMjAxTk9URUJPT0tfU2VydmVyggoxMC4xNy40MC4qggoxMC4xNy40MC4q MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAsBglghkgBhvhCAQ0EHxYd T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFHujaNYdJlmR XSEbRZnEspK/Rh0pMA0GCSqGSIb3DQEBBQUAA4IBAQBhLhYctZBy6LYcAIJff3Bp FONr/Ew9fyTxhXMWIVh+Rk+1l9NekvBOcL4oQRJlHv0S80PVlkRglj5S2B+ui1Kh vE8bGlkrj1pJHiFLFPHRhLP7WEgEJ1+sKHM7gcM5cgprPsRYqal1eKHwTm3nTqJx Ip0RGqg4A4z/XJ3gojo5OQv7wnrsQk77/lPBY7HGLVkUgk8HBZ2Rlum9FcC69NpU gS4R+LmGAKIJ/Hr1xS1EBsjMKq241xKQQ3p0gWRrGdsA0fbP2rnHSV5NGGVt78AN uZzRJye2ZAwRXA2pVJA4qmFj8Yiu1BtAmJY8E+mXjp+kAfWk/01Kxy6mVmOCwFd7 -END CERTIFICATE- Underlying root: Certificate: Data: Version: 3 (0x2
RE: SSL alert number 51
To be perfectly clear, the server is not OpenSSL itself but application code that calls OpenSSL. The code is stable and in production and, as I said, works if I do *not* turn on FIPS on the client. I could trace through the calls if necessary. Also, I will be out of the office all day Thursday so this is probably my last reply for ~36 hours. Thanks for your help. I really appreciate what you folks do. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills Sent: Wednesday, November 19, 2014 4:53 PM To: openssl-users@openssl.org Subject: RE: SSL alert number 51 - DHE is 1024 - RSA is 2048 Server certificate: Certificate: Data: Version: 3 (0x2) Serial Number: 13 (0xd) Signature Algorithm: sha1WithRSAEncryption Issuer: CN=Charles Mills Consulting, LLC, ST=California, C=US/emailAddress=charles m...@mcn.org, O=Charles Mills Consulting, LLC Validity Not Before: Nov 19 17:06:26 2014 GMT Not After : Nov 19 17:06:26 2015 GMT Subject: CN=Charles Mills Consulting, LLC, ST=California, C=US/emailAddress=charle s...@mcn.org, O=X201NOTEBOOK_Server Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c2:31:37:47:60:74:b9:b7:f1:3e:31:40:d4:5b: 76:0b:a6:fb:d7:0d:75:87:3e:70:9b:1b:93:d2:a1: 0c:94:68:ba:ee:75:eb:28:28:de:16:25:32:d3:7a: 8c:4a:3f:39:1e:82:b6:5a:8a:89:75:cc:cc:77:87: af:8f:9c:c6:dc:b2:40:5c:8a:0a:74:3e:f1:f5:9f: da:23:b7:4d:a5:b7:48:7b:44:aa:58:8f:42:34:41: a2:51:22:50:50:74:28:99:5f:56:b5:f8:77:26:8e: a1:96:f3:28:10:7c:bf:75:37:a6:45:e7:3a:a2:63: 4f:ec:39:b0:12:51:90:18:7e:e2:a1:9e:76:c7:77: bd:ab:cf:0c:d2:d0:e8:cb:a8:fc:c3:85:94:41:ed: 53:82:f5:0c:32:dc:0d:80:e5:2d:34:f1:9c:e4:98: 2d:93:20:6b:57:78:87:3e:5e:c5:50:45:5a:ac:af: dc:bd:38:c1:3d:31:2c:18:bc:4f:f2:7e:cf:f0:ba: 94:57:54:3e:89:2a:af:37:73:08:4d:b7:e3:e1:bb: 9a:86:6d:f6:73:a3:22:d8:d9:c7:8d:2a:32:8a:be: fa:36:66:54:c1:3a:7a:bd:e6:b8:2b:72:65:1f:c3: 5c:91:ca:bc:44:7b:0b:d2:8f:1c:73:75:ff:5d:ce: cf:31 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Alternative Name: DNS:X201NOTEBOOK_Server, DNS:10.17.40.*, DNS:10.17.40.* X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 7B:A3:68:D6:1D:26:59:91:5D:21:1B:45:99:C4:B2:92:BF:46:1D:29 Signature Algorithm: sha1WithRSAEncryption 61:2e:16:1c:b5:90:72:e8:b6:1c:00:82:5f:7f:70:69:14:e3: 6b:fc:4c:3d:7f:24:f1:85:73:16:21:58:7e:46:4f:b5:97:d3: 5e:92:f0:4e:70:be:28:41:12:65:1e:fd:12:f3:43:d5:96:44: 60:96:3e:52:d8:1f:ae:8b:52:a1:bc:4f:1b:1a:59:2b:8f:5a: 49:1e:21:4b:14:f1:d1:84:b3:fb:58:48:04:27:5f:ac:28:73: 3b:81:c3:39:72:0a:6b:3e:c4:58:a9:a9:75:78:a1:f0:4e:6d: e7:4e:a2:71:22:9d:11:1a:a8:38:03:8c:ff:5c:9d:e0:a2:3a: 39:39:0b:fb:c2:7a:ec:42:4e:fb:fe:53:c1:63:b1:c6:2d:59: 14:82:4f:07:05:9d:91:96:e9:bd:15:c0:ba:f4:da:54:81:2e: 11:f8:b9:86:00:a2:09:fc:7a:f5:c5:2d:44:06:c8:cc:2a:ad: b8:d7:12:90:43:7a:74:81:64:6b:19:db:00:d1:f6:cf:da:b9: c7:49:5e:4d:18:65:6d:ef:c0:0d:b9:9c:d1:27:27:b6:64:0c: 11:5c:0d:a9:54:90:38:aa:61:63:f1:88:ae:d4:1b:40:98:96: 3c:13:e9:97:8e:9f:a4:01:f5:a4:ff:4d:4a:c7:2e:a6:56:63: 82:c0:57:7b -BEGIN CERTIFICATE- MIIETDCCAzSgAwIBAgIBDTANBgkqhkiG9w0BAQUFADCBkzEmMCQGA1UEAwwdQ2hh cmxlcyBNaWxscyBDb25zdWx0aW5nLCBMTEMxEzARBgNVBAgMCkNhbGlmb3JuaWEx CzAJBgNVBAYTAlVTMR8wHQYJKoZIhvcNAQkBFhBjaGFybGVzbUBtY24ub3JnMSYw JAYDVQQKDB1DaGFybGVzIE1pbGxzIENvbnN1bHRpbmcsIExMQzAeFw0xNDExMTkx NzA2MjZaFw0xNTExMTkxNzA2MjZaMIGJMSYwJAYDVQQDDB1DaGFybGVzIE1pbGxz IENvbnN1bHRpbmcsIExMQzETMBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMC VVMxHzAdBgkqhkiG9w0BCQEWEGNoYXJsZXNtQG1jbi5vcmcxHDAaBgNVBAoME1gy MDFOT1RFQk9PS19TZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDCMTdHYHS5t/E+MUDUW3YLpvvXDXWHPnCbG5PSoQyUaLrudesoKN4WJTLTeoxK PzkegrZaiol1zMx3h6+PnMbcskBcigp0PvH1n9ojt02lt0h7RKpYj0I0QaJRIlBQ dCiZX1a1+HcmjqGW8ygQfL91N6ZF5zqiY0/sObASUZAYfuKhnnbHd72rzwzS0OjL qPzDhZRB7VOC9Qwy3A2A5S008ZzkmC2TIGtXeIc+XsVQRVqsr9y9OME9MSwYvE/y fs/wupRXVD6JKq83cwhNt+Phu5qGbfZzoyLY2ceNKjKKvvo2ZlTBOnq95rgrcmUf w1yRyrxEewvSjxxzdf9dzs8xAgMBAAGjgbIwga8wCQYDVR0TBAIwADA2BgNVHREE
RE: I can't believe how much this sucks
It tends to be a shortcoming of many, many types of software documentation that it is feature-oriented rather than task-oriented. That is, it does a good job of saying this switch does this, that parm specfies that and a poor job of answering the question I want to accomplish X. What the heck do I do? Examples are good, but they are not the only, and perhaps not the best, way of presenting task-oriented documentation. (The trouble with an example is one sometimes finds oneself asking do I HAVE to do it that way, or did that writer just CHOOSE to do it that way?) Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John Zavgren Sent: Monday, November 19, 2012 6:45 AM To: openssl-users@openssl.org Subject: Re: I can't believe how much this sucks Thomas: You make very good suggestions. Of them all (aside from the use of tact in approaching the developers :-) ), I think that easy-to-follow code examples would improve the openSSL experience more than anything else you identify. These examples could even provide a natural context for the cookbook usage examples, and then we'd achieve two of your objectives. I can recall situations where I had to incorporate a cartographic calculation in code I was writing, e.g., compute a signature, and was unable to find any examples, and the man pages were a poor starting point. They are good for learning the individual library procedures, but they aren't good for pulling them together to create a working software module. (In fact, when I needed to learn how to compute a signature, I downloaded the openVPN source code and read it.) So, what is a list of easy-to-follow code examples? Here are some suggestions: 1.) read private key and a message from a file: encrypt message with private key, write encrypted buffer to (another) file. 2.) read cert and private key, read file, compute signature, etc. 3.) read file, read signature, read ca certs, validate signature. 4.) Example 3 + check CRL. 5.) Example 3 + check with OCSP responder. ??? I'm sure there are a LOT of CA related examples that would help, because I find the creation of a CA to be one of the more painful exercises. On Sun, Nov 18, 2012 at 11:19 PM, Thomas J. Hruska shineli...@shininglightpro.com wrote: On 11/13/2012 11:34 AM, Sanford Staab wrote: I have been struggling with openssl for a few months now writing batch scripts on windows trying to make a .net web client with a client certificate work with 2-way ssl against an apache web server. Do you guys just want to continue to answer questions on this alias and not FIX the docs somewhat over time? I could go into a litany of how much information is just missing from the docs with INCOMPLETE everywhere. (see this link for one of the 900k+ hits on a google search of openssl+docs+suck for how much hell you guys are putting people through trying to figure out this tool) openssl is used all over the world by tons of people (so I feel dumb having problems here - but I know from Google I am not alone.) but it is just unbelievable to me that the docs remain so terse and useless for so many years. I have sent email to this alias previously asking how I can help with this. It seems to me there should be an openssl docs forum where content from this eventually finds its way into the online docs themselves. A tool is only as good as people are able to use it. The OpenSSL dev team consists of fairly old-school *NIX folks. It is a low-level library and certificate generation and manipulation tool that has gained significant notoriety for its reliability, stability, and security. The primary documentation is manpages. This is an outdated method of documenting software and, as I've found, the primary source of many complaints. In this regard, it is time to move on. I can't remember the last time I had to fire up 'man'. I'm much more apt to just run a Google search. Given my experience with end-users of this product, I've come to the conclusion that there are three distinct forms of documentation needed for OpenSSL: - API documentation. This is already fairly complete but hard to find everything and needs someone to go over it and update it. Areas that are entirely missing need to be fleshed out. It is also time to consider an alternative format to the traditional manpage. - Cookbook usage examples. 'openssl' command-line commands to accomplish common tasks in a cookbook format. I can point people to third-party sites (madboa comes to mind). However this sort of thing should really be on the OpenSSL website. - Complete, easy-to-follow code examples for a variety of common programming tasks. There are the test programs, but I view those more for testing the library for consistency against itself than demonstration on how to code against the library. There's a difference. The OpenSSL website should always have the definitive collection in a copy-and-paste ready format.
RE: I can't believe how much this sucks
That article is unbelievably scary, and your analysis is spot on. I admit it: I sometimes assume that if the C compiler “likes” (matches to a declaration) what I have coded then it must be correct – given the absence of documentation. Did you see the example in the article of the API where a parameter of 1 meant No and 2 meant Yes, and a programmer had coded it passing a value of true, intending it to mean Yes, but which the compiler (of course) accepted and the function saw as a parameter of 1 (= No)? Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Sanford Staab(Gmail) Sent: Thursday, November 15, 2012 5:27 AM To: openssl-users@openssl.org Subject: Re: I can't believe how much this sucks It’s interesting that this article shows that LACK OF GOOD DOCUMENTATION and POOR API DESIGN are at the heart of this problem. I have noticed over the years that much of our society has changed its very idea of what a good application is. It used to be that if something could not be easily understood or behaved badly or unexpectedly, people would see this as a bug in need of fixing. With the rise in software complexity, requirements for budgets and schedules, we have now evolved to a society of hoop jumpers who see software as good enough if they can find a path to make it do what they want. Developers have followed suit, practically forced to do so, and we now have massive amounts of broken code on broken code on broken code. Ownership of code (ie really taking responsibility for it) is unheard of because the onerous burden of being responsible for your work is simply an open door to a lawyer that wants to steal the fruit of your labor. It is no wonder under these circumstances that “security by obscurity” has become the defacto standard of the day. The true bug here is our justice system unfortunately. I think it is high time for a v2 of openssl, a rewrite almost from scratch, removing support for older protocols and ciphers and simplifying it down with full TDD from start to finish to really correct this problem. And of course, probably not gonna happen. But thanks for listening. Sandy -Original Message- From: Marco Molteni (mmolteni) Sent: Thursday, November 15, 2012 4:42 AM To: openssl-users@openssl.org Subject: Re: I can't believe how much this sucks Another amen. I am a professional programmer. I am grateful for OpenSSL. At the same time, each time I have to use it directly (as opposed to use a few of the good C++ wrappers) I know I will be going down to hell and fight for my life, and when I will come back, my hairs will be grayer :-) Lack of good documentation is a problem for any software library, but in this case lack of documentation can also cause security vulnerabilities because the user of the API misunderstood it. As Charles, I propose as food for though the very recent, very good paper on the security risks of (among other things) wrong APIs and wrong documentation: The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software, available at http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf marco.m On 13.11.2012 19:49 , Charles Mills charl...@mcn.org wrote: AMEN! Why is it easier to answer dumb question after dumb question here rather than to document the darned product once? (Never mind the cumulative labor of all the programmers trying to figure out and debug the same problems again and again and again, all over the world.) Consider http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf. Doesn’t *some* of the responsibility for these (severe and scary!) problems fall on the lack of clear documentation? It’s a GREAT product and I love it and am grateful but why after years and years do the man pages still say “under construction”? Charles :��IϮ��r�m (���Z+�K‑�+1���x ��h���[�z�(���Z+� ��f�y�‑�f���h��)z{,���
RE: I can't believe how much this sucks
AMEN! Why is it easier to answer dumb question after dumb question here rather than to document the darned product once? (Never mind the cumulative labor of all the programmers trying to figure out and debug the same problems again and again and again, all over the world.) Consider http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf. Doesn’t *some* of the responsibility for these (severe and scary!) problems fall on the lack of clear documentation? It’s a GREAT product and I love it and am grateful but why after years and years do the man pages still say “under construction”? Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Sanford Staab Sent: Tuesday, November 13, 2012 10:35 AM To: openssl-users@openssl.org Subject: I can't believe how much this sucks I have been struggling with openssl for a few months now writing batch scripts on windows trying to make a .net web client with a client certificate work with 2-way ssl against an apache web server. Do you guys just want to continue to answer questions on this alias and not FIX the docs somewhat over time? I could go into a litany of how much information is just missing from the docs with INCOMPLETE everywhere. (see this link http://www.wolmarans.com/drupal/?q=node/22 for one of the 900k+ hits on a google search of “openssl+docs+suck” for how much hell you guys are putting people through trying to figure out this tool) openssl is used all over the world by tons of people (so I feel dumb having problems here – but I know from Google I am not alone.) but it is just unbelievable to me that the docs remain so terse and useless for so many years. I have sent email to this alias previously asking how I can help with this. It seems to me there should be an openssl docs forum where content from this eventually finds its way into the online docs themselves. A tool is only as good as people are able to use it. So let me get specific here – one simple specific question (of many that I have) that has me clueless: The command of: openssl s_client -connect www.pawnmasterpro.com:443 -CApath ssl\certs -cert ssl\certs\client_1.crt -key ssl\keys\client_1.key -pass file:ssl\keys\Client_1_pwd.txt results in output containing: No client certificate CA names sent from the docs for the s_client command, –cert option says: -cert certname The certificate to use, if one is requested by the server. The default is not to use a certificate. My guess from this is that this command is referring to the CLIENT SSL certificate - no? If my assumption is correct, then why am I getting this error? Or is this a notification of something normal and I should be looking elsewhere? I have checked the Apache httpd-ssl.cnf file I am using and verified that all the certificate related parts are filled in and I have verified the integrity of all the certificates referenced by it. I have been able to do straight one-way SSL with the server as well with both IE and Chrome browsers. Two-way SSL fails with the server logs indicating that the client “refused” the connection. I am using a self-signed CA which was used to sign the server certificate. The client certificate is also signed by the same CA self-signed certificate. Apache error logs give me this: [Tue Nov 13 12:38:56 2012] [error] [client 127.0.0.1] Invalid method in request Which is about as useful as the openssl docs are. I am also seeing this in openssl’s s_client output: verify error:num=19:self signed certificate in certificate chain From what I think I understand, this should not be a showstopper problem as all root CA certs would naturally be self-signed no? Full output of this operation with the –showcerts command is attached for reference. I have read through many forum examples of how to do this and it seems simple enough but then when it doesn’t work, figuring out what things MEAN and how to address what is wrong proves to be be very difficult indeed.
RE: I can't believe how much this sucks
EXACTLY! Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Sanford Staab Sent: Tuesday, November 13, 2012 12:53 PM To: openssl-users@openssl.org Subject: Re: I can't believe how much this sucks Couldn’t agree more Ted. I think the bar on open-source product documentation has been going way up over time. If I were these guys, I’d get it right so I wouldn’t have to keep bothering to answer so many questions over and over. From: Ted Byers mailto:r.ted.by...@gmail.com Sent: Tuesday, November 13, 2012 2:49 PM To: openssl-users@openssl.org Subject: Re: I can't believe how much this sucks On Tue, Nov 13, 2012 at 2:02 PM, Lee Fisher blib...@gmail.com wrote: For things that the peer support forum and the existing documentation don't cover, you have the source code, which is definitive. Additionally, there are professional OpenSSL consultants you can use for help. It would be more productive to submit bugs and patches, instead of a litany :-) Even so, some of those closely involved in the project ought to be doing a better job of documenting the product. Telling people to hire consultants is even worse than telling people to read the code. I develop software for a living, and I would be ashamed of any attempt to release even one of my products without a proper reference manual, complete design documentation, including a reasonable suite of UML documents (in the case of an open source product since good coders benefit from good design documentation - which, admittedly, I have not produced) and a thorough tutorial. I have had feedback on some of my products that the end users found my interface so intuitive that they did not look at the documentation I'd provided even once, but I do not see that as an excuse for not producing proper documentation. In my view, the documentation for a product is as much a part of the product as the code in the product. The product is not ready for release until the documentation is as complete and polished as is the code. Peer support is hardly a good, or cost effective, substitute for good documentation; and contrary to what some coders I have met, and worked with, have claimed, the source code is often not adequate documentation. Yes, you see what the code is doing, but tracing execution paths through it can be a tedious nightmare; especially if the coder that produced it wrote the code as a candidate for an obfuscated coding contest (something, BTW, I would regard as grounds for dismissal if obfuscation is the only justification the code can offer for it). In my own coding, the only libraries I use often are those that are well documented. Life is just too short to waste on libraries that are poorly documented (unless someone wants to pay me to do so - but they'd be paying a significant premium for such a tedious, and usually frustrating, task). I am not criticising the documentation for openssl, and will not; but I would encourage those who are responsible for maintaining and improving openssl to not neglect the documentation. It would be a mistake to leave that for someone else to do, for when that happens, it is certain that the documentation will suffer. just my $0.02, as a coder with decades of coding experience. Cheers Ted
RE: Find the difference in (milli|micro)seconds between two ASN1_TIME values
A struct tm is only granular down to whole seconds, right? Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Wednesday, November 07, 2012 9:33 AM To: openssl-users@openssl.org Subject: Re: Find the difference in (milli|micro)seconds between two ASN1_TIME values On Wed, Nov 07, 2012, Graham Leggett wrote: Hi all, I would like to know how long a CRL has until it expires in seconds (or milli or microseconds, don't care, I can convert), and am struggling to find a formally supported way to do this. What I would like to do is return the difference between a given ASN1_TIME and the current time, or two ASN1_TIME values (don't care which, I can generate an ASN1_TIME from the current time). Does openssl offer a function to do this, or will I be forced to write my own? There isn't currently a function to do this but there is a commented out (and largely untested) function in crypto/asn1/a_time.c to convert an ASN1_TIME structure to a struct tm and a function to diff two tm structures called OPENSSL_gmtime_diff. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: https server using openssl
Absolutely! Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Andrey Koltsov Sent: Tuesday, October 30, 2012 4:08 AM To: openssl-users@openssl.org Cc: Indtiny s Subject: Re: https server using openssl Hi. I think that you should write simple HTTP server first and add SSL support to it afterwards. Best regards, Andrey Koltsov software developer 29.10.2012 20:49, Indtiny s пишет: Hi, I have CCM chiper suite in the openssl and for some other requirement I have write my own simple webserver... Can somebody help me to develop simple openssl based webserver .. I just need to support the POST operation at my server side i.e , in my requirement , client will post the data to web server , here server should receive the data and provide the HTTP response as 201 to client . How to start implementing this with the help of openssl ..? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism.
Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL, SSL_OP_NO_SSLv3, etc.) to indicate the protocols you are willing to accept? BTW, openssl-users (not -dev) is the proper forum for this sort of questions. Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Bhat, Jayalakshmi Manjunath Sent: Monday, October 29, 2012 5:27 AM To: openssl-...@openssl.org; openssl-users@openssl.org Subject: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism. Hi All, I have a client application that uses SSL23_client_method(). When the client is getting connected to server that supports TLS 1.0 there are no issues. When the client is getting connected to server that supports only SSLv3.0, connection is getting aborted with protocol number error. I have couple of question around this issue. 1. If I like to support the fallback mechanism, I need to implement the same in the client application. SSL client state machine in OpenSSL does not implement any fallback. 2. I did not see any recommendation in SSL/TLS RFC to implement the fallback mechanism. I wanted to know are there any side effects in OpenSSL library if fallback mechanism is implemented. Any help on this points are appreciated. Regards Jayalakshmi
RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism.
You should at least look into it. I am not sure what the defaults are without looking at the docs. Try setting SSL_OP_ALL (sounds good to me) | SSL_OP_NO_SSLv2 (SSL v2 is considered to be badly flawed). That should (IIRC) leave you able to accept SSL v3, TLS v1, and TLS v1.1. Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Bhat, Jayalakshmi Manjunath Sent: Monday, October 29, 2012 7:28 AM To: openssl-users@openssl.org Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism. Hi Charles, Thank you for the reply. I am not setting any option using SSL_CTX_set_options, should I indicate protocols using this function?. Regards Jaya From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills Sent: Monday, October 29, 2012 7:40 PM To: openssl-users@openssl.org Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism. Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL, SSL_OP_NO_SSLv3, etc.) to indicate the protocols you are willing to accept? BTW, openssl-users (not -dev) is the proper forum for this sort of questions. Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Bhat, Jayalakshmi Manjunath Sent: Monday, October 29, 2012 5:27 AM To: openssl-...@openssl.org; openssl-users@openssl.org Subject: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism. Hi All, I have a client application that uses SSL23_client_method(). When the client is getting connected to server that supports TLS 1.0 there are no issues. When the client is getting connected to server that supports only SSLv3.0, connection is getting aborted with protocol number error. I have couple of question around this issue. 1. If I like to support the fallback mechanism, I need to implement the same in the client application. SSL client state machine in OpenSSL does not implement any fallback. 2. I did not see any recommendation in SSL/TLS RFC to implement the fallback mechanism. I wanted to know are there any side effects in OpenSSL library if fallback mechanism is implemented.
RE: Trouble with Windows DLL
Aha! Got it, I think. Thanks. Was not aware that one could do this sort of thing. Neat trick. GetProcAddress() is documented only for locating functions in a DLL, but I guess __declspec(dllexport) causes the name to be exported in such a way that GetProcAddress() can find it. OpenSSL_Applink is OpenSSL specific as the name indicates, not to mention that the file applink.c is part of the OpenSSL distro and install. Well, yeah, of course I knew that. But just because you distroed something called OpenSSL_printf would not mean that printf was OpenSSL-specific, which is more or less the question that I asked (whether *applink* was SSL-specific). Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Monday, October 29, 2012 11:52 AM To: openssl-users@openssl.org Subject: RE: Trouble with Windows DLL From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills Sent: Friday, 26 October, 2012 11:08 1. Pardon my ignorance. So _Applink is a generic Windows facility, not OpenSSL-specific? Can you point me to a link or something that explains. I could not find anything. OpenSSL_Applink is OpenSSL specific as the name indicates, not to mention that the file applink.c is part of the OpenSSL distro and install. GetModuleHandle() and GetProcAddress() are Windows generic; look at the code in ms/uplink.c. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: add hash signature as part of the stream on which this hash is based on
Isn't that a little like the guy who committed suicide, cut himself up in little pieces, and flushed himself down the toilet? Some checksums are computed such that the checksum is part of the message, and if all if well, the checksum of the entire message including the appended sum is 0 or 0x or some such, but the original checksum I think is always computed on what came before it. The bi-sync CRC-16 (boy, am I dating myself!) was computed that way IIRC. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Michael Zintakis Sent: Saturday, October 27, 2012 9:31 AM To: openssl-users@openssl.org Subject: add hash signature as part of the stream on which this hash is based on Maybe a bit daft of me to ask this, but is it possible to calculate a hash on a stream of bytes where the resulting hash is considered to be part of that stream? In other words, lets assume that I have a stream which is, say, 64 bytes long in total, consisting of 48 bytes of payload, plus 16-byte for the hash and that hash has been calculated based on the *entire* stream (payload+hash) of 64 bytes. Would that be possible to produce with openssl or is this a bit of a chicken-and-egg scenario? Thanks! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Trouble with Windows DLL
1. Pardon my ignorance. So _Applink is a generic Windows facility, not OpenSSL-specific? Can you point me to a link or something that explains. I could not find anything. 2. While searching, I did find this: http://msdn.microsoft.com/en-us/library/windows/desktop/ms682586(v=vs.85).as px It's a definitive explanation of a topic that was discussed here recently (this thread?): how does Windows determine which copy of a DLL to use? One thing of note: it is decidedly NOT true that if you put the DLL in the same folder as the EXE that is the one that will always get used. Ridiculously complex, but a definitive explanation, FWIW. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Thursday, October 25, 2012 2:00 PM To: openssl-users@openssl.org Subject: RE: Trouble with Windows DLL From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills Sent: Wednesday, 24 October, 2012 19:08 The code for uplink looks to me like it looks for _Applink ONLY in the .exe It *HAS* to be a .exe? OpenSSL has logic that depends on what type of executable is calling it? If I had a .exe that worked with OpenSSL I could not necessarily turn it into a .DLL that exported services to calling programs? No, OpenSSL on Windows does not have logic that depends on the caller, that's why this DOESN'T work. The simplest upward dynamic lookup in Windows looks only in the .exe. In order to look in the .dll, OpenSSL would need more complicated code to figure out is that was called from a .dll and not the .exe, and WHICH particular .dll because you could have multiple .dll's compiled differently, and lookup there. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Trouble with Windows DLL
Not sure if it is relevant but are you calling SSL_library_init()? Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Mitchell, Daniel F Sent: Tuesday, October 23, 2012 12:05 PM To: openssl-users@openssl.org Subject: Trouble with Windows DLL Hello, I am trying to use openssl in a Windows DLL. However, on the first openssl call I make after these: CRYPTO_malloc_init(); OpenSSL_add_all_algorithms(); I get the no OPENSSL_Applink error. I read the FAQ, and I have compiled with /MD, I have included applink.c in my code (and it is a c program, so no extern), and I have the latest versions of libeay32.dll, libssl32.dll, and ssleay32.dll in the sys32 folder, where my dll is. My dll is being called by a windows executable, so I don't know if that could have anything to do with it, since I have no real control over that. Does anyone know of any other reasons I could be getting this error?
RE: Trouble with Windows DLL
Is libssl32.dll possibly the poster's DLL that he refers to in his note? The code for uplink looks to me like it looks for _Applink ONLY in the .exe It *HAS* to be a .exe? OpenSSL has logic that depends on what type of executable is calling it? If I had a .exe that worked with OpenSSL I could not necessarily turn it into a .DLL that exported services to calling programs? Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Wednesday, October 24, 2012 12:19 PM To: openssl-users@openssl.org Subject: RE: Trouble with Windows DLL From: owner-openssl-us...@openssl.org On Behalf Of Mitchell, Daniel F Sent: Tuesday, 23 October, 2012 15:05 I am trying to use openssl in a Windows DLL. However, on the first openssl call I make after these: CRYPTO_malloc_init(); OpenSSL_add_all_algorithms(); I get the no OPENSSL_Applink error. I read the FAQ, and I have compiled with /MD, I have included applink.c in my code (and it is a c program, so no extern), and I have the latest versions of libeay32.dll, libssl32.dll, and ssleay32.dll in the sys32 folder, Aside: The openssl libraries on Windows are libeay32 and ssleay32. I don't know what libssl32 is. where my dll is. My dll is being called by a windows executable, so I don't know if that could have anything to do with it, since I have no real control over that. This probably doesn't work. The code for uplink looks to me like it looks for _Applink ONLY in the .exe. If you supply your library to be *static* linked with the app it should work, but you get all the features of static linking, good and bad -- bigger .exe (rarely matters nowadays); possible name conflicts; can't update separately. Otherwise you must avoid all openssl calls that use uplink/applink; basically this is anything that uses a FILE* opened by your program. If you handle the file I/O yourself -- for example, read a DER cert file into memory and call d2i_X509 instead of opening the file and calling d2i_X509_fp, OR you have openssl *open* the files by explicitly calling BIO_new_file or equivalent and using the BIO* instead of using any FILE*, it should be okay. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Wild card SSL; use on multiple Apache servers
Nor does *.domain.com work for domain.com, correct? Just out of curiosity, do you perceive a trust constrain there (for any real-world situation)? Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Wednesday, October 24, 2012 11:38 AM To: openssl-users@openssl.org Subject: RE: Wild card SSL; use on multiple Apache servers From: owner-openssl-us...@openssl.org On Behalf Of Alan Buxey Sent: Wednesday, 24 October, 2012 03:00 To: aurfal...@gmail.com; openssl-users@openssl.org Subject: Re: Wild card SSL; use on multiple Apache servers The wildcard is for a particular domain (* is value for any host within it) . If your other server is in a different domain, then it won't work. Right. Because the CA only verified your control of the domain that it issued the cert for; if you get a cert for fredsmith.com and could use it on a server that impersonates www.amazon.com you could steal billions of dollars from millions of people. And an added point which is not obvious to some people, it's only implemented for one level. *.domain.com works for www.domain.com ftp.domain.com silly.domain.com but NOT www.foo.domain.com . Even though this wouldn't actually violate the trust constraint in any situation I can imagine. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: How can I pass data to a running instance of OpenSSL CLI on Windows within a batch file?
Msdn.com is excellent. Good advice, few flames. -- Sent from my mobile phone. Please excuse my brevity. Charles Jeremy Farrell jeremy.farr...@oracle.com wrote: If you start openssl.exe, that's the mode it's in by default - waiting for commands from stdin, writing the output from those commands to stdout. Isn't that what you're looking for? If you're looking for advice on the programming details of attaching to its stdin and stdout and sending/receiving that data from another program, you'd probably be better asking on a general Windows programming list where there'll be more people with that sort of expertise. Regards, jjf From: Funnell, Leon [mailto:leon.funn...@catlin.com] Sent: Monday, October 22, 2012 10:52 AM To: openssl-users@openssl.org Subject: How can I pass data to a running instance of OpenSSL CLI on Windows within a batch file? We have Windows application which passes data to OpenSSL.exe to encrypt as a Windows command, then scrapes the encrypted data back from the output. The Windows app can call external Windows commands but we cannot call APIs or extend the functionality programmatically. Functionally it works, but it doesn’t scale as each time you call OpenSSL.exe it takes about a second and spikes the CPU. The application we are using is required to process 6000 records every hour. I have two tests set up: 1. A batch file which runs 6000 times, repeatedly running the following command: Openssl.exe aes-256-cbc -a -e -k eiccmkjd94jfgniw03ljkdlfutcnv320 –in test.txt 2. A text file with the following line repeated 6000 times, which I paste into the OpenSSL CLI: aes-256-cbc -a -e -k eiccmkjd94jfgniw03ljkdlfutcnv320 –in test.txt When I use the batch file which invokes OpenSSL.exe 6000 times, it takes several hours to complete and spikes the CPU significantly. It seems to be the initialisation of the OpenSSL.exe program rather than the encryption however, as if I paste in the text file to the OpenSSL.exe CLI it completes in several seconds and takes very little CPU. What I need is a way of running OpenSSL.exe as a process which I can pass parameters to on STDIN, and output parameters to STDOUT. I would like to be able to call another batch file or program with the unencrypted data as the input parameter which would then pass this to the running “service”, retrieve the encrypted data result from this “service” and pass it as the output. Can anyone enlighten me on a potential solution for this? Thanks and Regards, Leon Funnell This e-mail is confidential and intended solely for the use of the individual(s) to whom it is addressed. If you are not the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, copying of, or any action taken in reliance upon it, is strictly prohibited and may be illegal. Catlin Underwriting Agencies Limited and Catlin Insurance Company (UK) Ltd. are authorised and regulated by the Financial Services Authority. The registered office of Catlin Underwriting Agencies Limited (incorporated and registered in England and Wales with company number 1815126) and Catlin Insurance Company (UK) Ltd. (incorporated and registered in England and Wales with company number 5328622) is 20 Gracechurch Street, London, EC3V 0BG. Catlin Risk Solutions Limited is an Appointed Representative of Catlin Underwriting Agencies Limited.
RE: Building an exportable OpenSSL application
OK. Misunderstood the earlier answer. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Thursday, October 18, 2012 12:26 AM To: openssl-users@openssl.org Subject: RE: Building an exportable OpenSSL application From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills Sent: Wednesday, 17 October, 2012 09:47 snip [Using ShiningLight Windows build] If you link with lib/VC/* (or lib/MinGW/*) you get implicit dynamic linking. If you link with lib/VC/static/* you get static linking. Thanks. Did not exactly understand that point. I am in fact using lib/VC/*. I may change that to MinGW so that the intention is more obvious. I wouldn't advise that. The (two) VC directories are built for VC++ and the MinGW directory is built for MinGW. MinGW (unlike Cygwin) tries to be mostly pretty much compatible with VC++ but I wouldn't rely on it being totally so. Better to use as designed. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Generating rsakey using openssl as lib
I can't give you a total solution but Well, I've called SSLeay_version(SSLEAY_VERSION) from lib, and I've got OpenSSL 0.9.8a 11 Oct 2005. That's confirm it's a version problem. My question now is, what shall I make for removing all Openssl versions from my pc. After no OpenSSL installed or compiled, then I will start from beginning with version 1.0.1. Exactly! Welcome to the club. A good number of the products one trials or purchases over the years install their own copy of the OpenSSL DLLs *somewhere*. Use the Windows Start search function and key in ssleay32.dll and/or libeay32.dll and see how many hits you get! You could start by uninstalling or deleting any products you are sure you are not using. (Don't just delete them all!) Perhaps that will solve the problem. Else, you are *probably* going to get the correct DLL if you put it right in the same folder with your .exe. Copy your DLLs from wherever you built them to wherever you are building your application. It's a little complicated with VS because of the multiple folders: project, Debug, and Release -- but play around and you should be able to get it right. You are in my experience on the right track using SSLeay_version(). I would leave it in my code and printf the results on every execution. You never know when someone is going to install *something* and mess you up. Good luck! Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Leonardo Laface de Almeida Sent: Thursday, October 18, 2012 5:57 AM To: openssl-users@openssl.org Subject: RES: Generating rsakey using openssl as lib Hi, That doesn't prove it's finding the *correct* openssl. Most (and usual) kinds of SSL connections work on older versions. Do you get TLSv1.1 or TLSv1.2 connections, or at least request them properly even if your server doesn't agree? That would prove version 1.0.1. My lib is server for SSL connections. From SSL_get_version(ssl) after SSL_accept(ssl) I got the string: TLSv1. I got this connection using a web browser. This means it is TLS 1.0, write? Does your app run briefly and exit, or does/can it wait or do something that takes a reasonably long time? If the latter, get ProcessExplorer from technet.microsoft.com/en-us/sysinternals and use it to examine your running application process to check the full paths of the DLLs used. (Or there are other tools that can do this, but ProcessExplorer is the one I am familar with.) The application runs and doesn't exit. The App starts trying to load mylib. Without those functions (EVP_PKEY_CTX*), the App loads mylib and uses properly all exported functions. With those functions, the App can't load mylib. Then, no function from lib can be called. I can debug mylib and App. From both the behavior is the same. I've downloaded the openssl*.tar file and extracted to C:/Openssl. Then, I've used Visual Studio 2010 for cross-compiling. I followed the instructions in INSTALL.W32 file (pretty good, by the way). Then, I've copied the following directories from C:\Openssl\ to C:\My_LIB_proj\lib\Openssl\: include lib Then, I've imported the libeay32.lib and ssleay32.lib as usual in c programming. I've also included C:\My_LIB_proj\lib\Openssl\include to included paths. Is something missing? That should be good for compiling and linking your app. Unless VS has changed recently, just adding an import .lib to a project is used for linking but does *not* make it run with the matching .dll, although other settings may do that. (I'm back on 2003, and MS changes this kind of stuff a lot.) Are you running your app in VS, or from CMD or similar? That may also affect the search rules. Note: this is not cross-compiling, just normal compiling. I'm using QT Creator for both, App and Mylib. In linux, I will use the same IDE. Lib Configuration: win32:LIBS += -L$$PWD/lib/Openssl/lib -llibeay32 win32:LIBS += -L$$PWD/lib/Openssl/lib -lssleay32 INCLUDEPATH += $$PWD/lib/Openssl/lib DEPENDPATH += $$PWD/lib/Openssl/lib INCLUDEPATH += $$PWD/lib/Openssl/include DEPENDPATH += $$PWD/lib/Openssl/include Note: $$PWD - is path to C:/mylib/ For testing, I have pointed mylib to C:/Openssl/lib (instead of C:/MyLib/lib/Openssl/lib). I've got the same behavior as above. --- Well, I've called SSLeay_version(SSLEAY_VERSION) from lib, and I've got OpenSSL 0.9.8a 11 Oct 2005. That's confirm it's a version problem. My question now is, what shall I make for removing all Openssl versions from my pc. After no OpenSSL installed or compiled, then I will start from beginning with version 1.0.1. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Building an exportable OpenSSL application
Thanks much. Knew all of that from a technology point of view and from other platforms but did not know the proper Windows/UNIX terms. I was worried by the assertion that static linking to .lib's and the use of DLLs was inconsistent. at runtime the OS finds those .dll's using moderately complicated search rules, which can be an issue if you have multiple versions in different places Yes, and I found that various products I have licensed or trialed over the past few years have each installed their own OpenSSL DLLs of various versions in various places. SSLeay_version(SSLEAY_VERSION) is a big help in figuring out which DLL is actually getting used. If you link with lib/VC/* (or lib/MinGW/*) you get implicit dynamic linking. If you link with lib/VC/static/* you get static linking. Thanks. Did not exactly understand that point. I am in fact using lib/VC/*. I may change that to MinGW so that the intention is more obvious. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Tuesday, October 16, 2012 5:53 PM To: openssl-users@openssl.org Subject: RE: Building an exportable OpenSSL application From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills Sent: Tuesday, 16 October, 2012 11:41 If you are linking to OpenSSL DLLs, then your application isn't statically linked against OpenSSL. .lib files can simply be references to exports in .dll files. This is an important point. Can we be absolutely clear? My picture of how this works is that the .lib files contain small stubs so that while the application code has the illusion of making a static call to SSL_whatever() in reality that is a tiny stub that actually calls code in a DLL. There is no functional code in the .lib, only stubs that link to functional code in the DLLS. Am I wrong? This is a critical point. Yes, plus. To be exact, there are really three ways: - traditional (since like 1950) static linking, with .lib on Windows or .a on Unix containing actual code and static data. The linker copies referenced code and data to your Windows .exe or Unix executable. - implicit dynamic linking, with .lib on Windows containing stubs that point to code (and sometimes data, but that's usually poor practice) in a .dll. This type of .lib is called an import library. The linker pulls the stubs into your .exe and and also includes a list of the .dll files; at runtime the OS finds those .dll's using moderately complicated search rules, which can be an issue if you have multiple versions in different places, although in my (limited) experience the simple solution of putting .dll's in the same directory as the .exe always works. On Unix similar but there's no import library; you link directly against .so .sl etc, and the linker puts the imports in the executable. - explicit dynamic linking: instead just calling XYZ_whatever, the source code of the app calls OS routines to get pointers to the routines in the dynamic library and then calls using those pointers. For Windows the routines are LoadLibrary or a variant and GetProcAddress; for Unix they are dlopen and dlsym. This is more work, but has the advantage your program can continue if the desired dyn lib or routine is not available, instead of dying. To add to the confusion, implicit and explicit dynlibs are sometimes called static and dynamic, but even a static dynlib is still dynamic as far as execution is concerned. BTW, thanks for the Shining Light Windows build. It's what I am using. Note the Shining Light builds provide all options. If you link with lib/VC/* (or lib/MinGW/*) you get implicit dynamic linking. If you link with lib/VC/static/* you get static linking. Or you can code explicitly and use the .dll's directly. In most cases dynamic linking is preferable, usually implicit, and it sounds like for you especially so, but all options work. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Building an exportable OpenSSL application
I have a Windows-only OpenSSL application developed in VS 2010. I have now been tasked with creating parallel regular and exportable (from the US) distributions of the application. I UNDERSTAND YOU CAN'T GIVE LEGAL ADVICE. I'M ONLY LOOKING FOR TECHNICAL INPUT HERE. The application statically links to libeay32XX.lib and ssleay32XX.lib. The application starts out by calling applink(). The distribution includes libeay32.dll and ssleay32.dll. Am I correct in the following premises? - All of the actual encryption algorithms are in libeay32.dll? (And ssleay32.dll?) As I describe my architecture above, my distributed main executable does not contain actual encryption algorithms; they're only in the DLL(s)? - It should be possible to create and distribute a weak encryption only build of libeay32.dll? Personal confession/personal advice time: I have 44 years of experience as a programmer, 40 of it as a successful commercial product developer, but no knowledge of make beyond a grasp of the purpose and concept. (Most of those 44 years are on a platform with no tradition of make; the remainder are exclusively with the MS VS IDE and its predecessors. Make fun of me if you wish.) Question: assuming I am correct that I need to build my own version of libeay32.dll, do you think it's a shorter path to learn make, or to try to do it with MS VS 2010? I am guessing the former. Is there somewhere a ready to roll MS VS project that builds the DLLs? Is there a configure (is that the right term?) option for weak encryption only? I see the no-specific cipher flag but is there a no-strong-ciphers sort of option? I know that SSL_CTX_set_cipher_list() supports the LOW and EXP keywords so OpenSSL must know what are the so-called export ciphers. Would appreciate any additional miscellaneous tips. Charles __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Building an exportable OpenSSL application
If you are linking to OpenSSL DLLs, then your application isn't statically linked against OpenSSL. .lib files can simply be references to exports in .dll files. This is an important point. Can we be absolutely clear? My picture of how this works is that the .lib files contain small stubs so that while the application code has the illusion of making a static call to SSL_whatever() in reality that is a tiny stub that actually calls code in a DLL. There is no functional code in the .lib, only stubs that link to functional code in the DLLS. Am I wrong? This is a critical point. BTW, thanks for the Shining Light Windows build. It's what I am using. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Thomas J. Hruska Sent: Tuesday, October 16, 2012 8:02 AM To: openssl-users@openssl.org Subject: Re: Building an exportable OpenSSL application On 10/16/2012 7:25 AM, Charles Mills wrote: I have a Windows-only OpenSSL application developed in VS 2010. I have now been tasked with creating parallel regular and exportable (from the US) distributions of the application. I UNDERSTAND YOU CAN'T GIVE LEGAL ADVICE. I'M ONLY LOOKING FOR TECHNICAL INPUT HERE. The application statically links to libeay32XX.lib and ssleay32XX.lib. The application starts out by calling applink(). The distribution includes libeay32.dll and ssleay32.dll. If you are linking to OpenSSL DLLs, then your application isn't statically linked against OpenSSL. .lib files can simply be references to exports in .dll files. Am I correct in the following premises? - All of the actual encryption algorithms are in libeay32.dll? (And ssleay32.dll?) As I describe my architecture above, my distributed main executable does not contain actual encryption algorithms; they're only in the DLL(s)? - It should be possible to create and distribute a weak encryption only build of libeay32.dll? Anyone could simply install different binaries and delete yours. Personal confession/personal advice time: I have 44 years of experience as a programmer, 40 of it as a successful commercial product developer, but no knowledge of make beyond a grasp of the purpose and concept. (Most of those 44 years are on a platform with no tradition of make; the remainder are exclusively with the MS VS IDE and its predecessors. Make fun of me if you wish.) Question: assuming I am correct that I need to build my own version of libeay32.dll, do you think it's a shorter path to learn make, or to try to do it with MS VS 2010? I am guessing the former. Is there somewhere a ready to roll MS VS project that builds the DLLs? No there isn't. Well, okay, there is some ancient VS workspace but no one uses it. It is better to follow the README.WIN32 instructions. Is there a configure (is that the right term?) option for weak encryption only? I see the no-specific cipher flag but is there a no-strong-ciphers sort of option? I know that SSL_CTX_set_cipher_list() supports the LOW and EXP keywords so OpenSSL must know what are the so-called export ciphers. A better approach is to dynamically link against OpenSSL and then call that function with the export cipher list in your export build. That way, you can easily replace just the OpenSSL DLLs as new versions come out AND it keeps people from replacing your DLLs with other DLLs and causing unintended side effects. It seems cleaner to me anyway. Would appreciate any additional miscellaneous tips. Charles -- Thomas Hruska Shining Light Productions Home of BMP2AVI and Win32 OpenSSL. http://www.slproweb.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: top 10 mistakes when using libopenssl?
Oh-oh. I'm not calling OpenSSL_add_all_algorithms() or anything real similar. I call SSL_library_init() and SSL_load_error_strings() and set up the Locking callback but that's it. It seems to work. Both my client code and my server code interoperate with non-OpenSLL TLS implementation without error, and report the use of strong SSL/TLS cipher suites. What am I missing? Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Sunday, October 14, 2012 3:56 AM To: openssl-users@openssl.org Subject: Re: top 10 mistakes when using libopenssl? On Sat, Oct 13, 2012, Ken Goldman wrote: On 10/10/2012 8:08 PM, Kyle Hamilton wrote: Suggestions from my experience: If you include the library, #1 for novices has to be: 1 - Using strlen() to get the length of encrypted data. I'd add... Forgetting to call OpenSSL_add_all_algorithms or similar. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: top 10 mistakes when using libopenssl?
Whew! g Thanks. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Monday, October 15, 2012 9:51 AM To: openssl-users@openssl.org Subject: Re: top 10 mistakes when using libopenssl? On Mon, Oct 15, 2012, Charles Mills wrote: Oh-oh. I'm not calling OpenSSL_add_all_algorithms() or anything real similar. I call SSL_library_init() and SSL_load_error_strings() and set up the Locking callback but that's it. SSL_library_init() counts as similar to OpenSSL_add_all_algorithms() so that's fine. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL cert authority with no database
I hit this EXACT problem. The *wrong* ways to solve it are to keep deleting the database or deleting records from the database. The right way to solve it is to revoke certificates that you want to re-issue. I just happen to have a (Windows - sorry if you're not Windows) .BAT file to do just that, and as a side benefit, it maintains a CRL that you can play with. (You do intend to support CRLs, right?) rem revoke a certificate and re-issue the CRL rem unable to write 'random state' seems to be normal rem pass the name of the PEM file to be revoked as the only argument openssl.exe ca -revoke %1 -config myConfig.cnf -keyfile myRoot.key.pem -passin pass:the_password openssl.exe ca -gencrl -out myRevocations.crl -config myConfig.cnf -keyfile myRoot.key.pem -passin pass:the_password pause Check status of certificate revocation and CRL generation (CRL *success* outputs no messages) Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Derek Cole Sent: Thursday, October 11, 2012 3:14 PM To: openssl-users@openssl.org Subject: OpenSSL cert authority with no database Hello, Is there a way to sign certificates with your own CA, and NOT have to use a database file to keep track of them? For development purposes, I end up creating the same cert multiple times, and trying to sign it which will cause me to get the TXT_DB error number 2 sometimes, which does not allow the signing of the cert to proceed. Thanks!
RE: Best practice for client cert name checking
Thanks. My boss is not technical. I am the CTO of this product. Our customers are your basic commercial customers. Yes, I picture that they would be their own CA. Why pay Verisign if you don't have a bunch of people sitting at their PCs trying to buy widgets from your Web site, and wondering if they can trust it. Yes, I support a local CRL file. I think our customers' situation is likely a LOT like yours: relatively few machines, possibly distant and possibly on the public Internet. It's basically an unattended box to unattended box product, so the problem is identifying machines, not people. Yes, IP addresses change. Obviously if someone is changing IP addresses a lot they would have to change the whitelist a lot. I've got other fish to fry at the moment, but I kind of like the idea of offering if and only if the 'names' on the whitelist are IP addresses then one (possibly wildcarded in the low-order node) must compare equal to the incoming IP address, and the incoming IP address must also compare equal to a (possibly wildcarded) name in the certificate. This would *help* (everything is a help, right, nothing is absolute) with the problem of a client certificate that got away into the wild, right? Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Wednesday, October 10, 2012 12:48 PM To: openssl-users@openssl.org Subject: RE: Best practice for client cert name checking From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills Sent: Monday, 08 October, 2012 07:47 Dave, any thoughts on my original question? My thread kind of got hi-jacked. Not much, but since you ask: -Original Message- From: Charles Mills [mailto:charl...@mcn.org] Sent: Saturday, October 06, 2012 9:52 AM To: openssl-users@openssl.org Subject: Best practice for client cert name checking I have recently written a product that incorporates SSL/TLS server code that processes client certificates. I designed what I thought made sense at the time but now I am wondering if what I did was best. Whatever you, or your users/boss/customers/etc., need. The technical question is do you use -- that is, have your clients use -- public CAs (like Verisign etc.) or a CA that you control (operate or contract with)? If the latter, maybe you can limit issuance so that any cert issued by this CA and not revoked is a good client. (Although for openssl revocation checking to be accurate, either you must have some method to update CRLs often enough or you must implement OCSP.) In the product's configuration file the sysadmin may optionally include a whitelist of client names. If the sysadmin does so, then the server requests a client certificate. At least one of the names (subject O= and Alternative names, including wildcards) in the certificate must match one of the names in the whitelist or I reject the session. For public certs you may want CN (Common Name) as well as or even instead of O (Organization). Something I saw recently got me to wondering whether I should have made some sort of provision for checking IP addresses: perhaps verifying that the client IP address appeared in the Alternative names in the client certificate as well as in the whitelist? Or perhaps that the IP address matched an alternative name and the subject name appeared in the whitelist? I wouldn't. In much of today's internet IP addresses are not very stable at identifying machines, and even less so people. But it's up to your users/etc what they need, or want. FWIW, I work in a back-end environment where the systems that connect are relatively few and very stable, though distant, so we just have our own CA which issues certs to only valid clients. Your situation is likely different. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Firefox unhappy with my self signed Cert
How do you specify the name (URL) of the Web site in Firefox? Do you use exactly the same name as you use with the test client (and the name in the certificate)? Firefox is saying the certificate is for myserver but you are specifying a different name when you open the site. The name has to be exactly the same as one of the names (including alternates) in the certificate. (You can wildcard the last node in the alternate names.) myserver is not the same as myserver.com Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Derek Cole Sent: Thursday, October 11, 2012 4:03 PM To: openssl-users@openssl.org Subject: Firefox unhappy with my self signed Cert Hello, I sort of posted about this earlier, but I think this is a more concise question (as the previous replies were helpful for me to start debugging the problem). i have a server that is running a custom app that can accept a SSL connection. I generate a cert on each server, that is signed by my own CA. I tested whether this worked or not by using the openssl s_client and s_server commands, and it actually worked to connect to the server using those commands. I started the server with a PEM file that contained the signed cert request, as well as the private key for that cert request. This allowed me to start the server with openssl s_server -accept 443 -cert myfile.cert and on the client side openssl s_client -connect myserver:443 -CAfile my_server_cert.pem This gave me a verify code of zero, so I thought I was good to go. I installed my_server_cert.pem as a trusted authority in firefox, however, it still prompts that it is an Untrusted Connection and has the button to add security exception. When I click this button, I noticed that under Certificate Status it says Wrong Site and This iste attempts to identify itself iwth invalid information I'd prefer my clients to not have this pop-up when they are connecting to my servers. From the server side, when I debug the app, I see I get the sslv3 alert bad certificate error at first, and then the next connection's are SSL_accepted() as the client requests cert status and such, until i'm finally done adding the security exception, and my final SSL_accept() finally gets a return of 1 which I was hoping for. Is this just a firefox bug or what? I have noticed too, that I am able to launch my custom app, and use openssl s_client -connect to connect to that same server, same certs, and it gives me verify code zero. Thanks for any insight.
RE: Firefox unhappy with my self signed Cert
The wildcard is the lowest-level component of a DNS name, which is at the left as written; in You're right (left?) of course. I was somehow picturing it incorrectly in my mind. I quick went and looked at my wildcard comparison code and it is correct (whew!). In my other thread about checking client IP addresses I was picturing a lowest-level/RIGHTmost wildcard on the IP address: e.g. 192.168.1.* That's lowest level conceptually but I guess not what the standard or convention provides for. BTW, a good quick discussion of wildcard certificate names: http://support.godaddy.com/help/article/567/what-is-a-wildcard-ssl-certifica te (They'd love to sell you one; this is not an endorsement.) Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Thursday, October 11, 2012 5:13 PM To: openssl-users@openssl.org Subject: RE: Firefox unhappy with my self signed Cert From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills Sent: Thursday, 11 October, 2012 19:40 Some minor points: How do you specify the name (URL) of the Web site in Firefox? Do you use exactly the same name as you use with the test client (and the name in the certificate)? OP's test client was openssl s_client, which does NOT check hostname, so that one doesn't matter. URL in Firefox/etc and name in cert do. Firefox is saying the certificate is for myserver but you are specifying a different name when you open the site. The name has to be exactly the same as one of the names (including alternates) in the certificate. (You can wildcard the last node in the alternate names.) myserver is not the same as myserver.com You can use wildcard in either Subject or SubjectAlternativeNames. The wildcard is the lowest-level component of a DNS name, which is at the left as written; in abstract that might be considered last but I think most people wouldn't call it that. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Best practice for client cert name checking
Dave, any thoughts on my original question? My thread kind of got hi-jacked. Charles -Original Message- From: Charles Mills [mailto:charl...@mcn.org] Sent: Saturday, October 06, 2012 9:52 AM To: openssl-users@openssl.org Subject: Best practice for client cert name checking I have recently written a product that incorporates SSL/TLS server code that processes client certificates. I designed what I thought made sense at the time but now I am wondering if what I did was best. In the product's configuration file the sysadmin may optionally include a whitelist of client names. If the sysadmin does so, then the server requests a client certificate. At least one of the names (subject O= and Alternative names, including wildcards) in the certificate must match one of the names in the whitelist or I reject the session. Something I saw recently got me to wondering whether I should have made some sort of provision for checking IP addresses: perhaps verifying that the client IP address appeared in the Alternative names in the client certificate as well as in the whitelist? Or perhaps that the IP address matched an alternative name and the subject name appeared in the whitelist? Comments? Charles __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Best practice for client cert name checking
Aren't you talking here about the client's validation of the server's credentials? That's useful information, but my question was about server validation of client certificates ... Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeffrey Walton Sent: Monday, October 08, 2012 11:13 AM To: OpenSSL Users List Subject: Re: Best practice for client cert name checking On Mon, Oct 8, 2012 at 9:25 AM, Mark H. Wood mw...@iupui.edu wrote: On Mon, Oct 08, 2012 at 07:42:04AM +, Marco Molteni (mmolteni) wrote: try searching for certificate pinning. If you are familiar with ssh, it is the same concept of the StrictHostKeyChecking option (although obviously SSH and TLS are completely distinct protocols and by default SSH doesn't use X.509 certs). The idea is: with a standard TLS connection, acting as TLS client, you connect to an host for the first time and you receive its certificate. The standard TLS verifications are successful (meaning: the certificate really belongs to the host and it has been issued by a CA you trust). When the connection is closed, a normal TLS client will forget the certificate. On the other hand, certificate pinning remembers the certificate. Pinning means storing locally such certificate and associate it to the hostname you connected to. If the next time you connect the certificate has changed, a system supporting certificate pinning will warn you. I believe this is what the Certificate Patrol plugin for Firefox is doing, if you want to see it in action. This plug-in pins certificates (not public keys), and creates a lot of spurious noise on some sites (for example, Google and Gmail). It desensitizes the user. I've been running experiments on Google and Gmail for the last couple of years. If you are pinning for those sites, you definitely want to pin public keys. Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Best practice for client cert name checking
Trying to achieve client authentication. Should I have said certificate signed by a CA known to the server? Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Ben Laurie Sent: Saturday, October 06, 2012 10:38 AM To: openssl-users@openssl.org Subject: Re: Best practice for client cert name checking On Sat, Oct 6, 2012 at 2:52 PM, Charles Mills charl...@mcn.org wrote: I have recently written a product that incorporates SSL/TLS server code that processes client certificates. I designed what I thought made sense at the time but now I am wondering if what I did was best. In the product's configuration file the sysadmin may optionally include a whitelist of client names. If the sysadmin does so, then the server requests a client certificate. At least one of the names (subject O= and Alternative names, including wildcards) in the certificate must match one of the names in the whitelist or I reject the session. Something I saw recently got me to wondering whether I should have made some sort of provision for checking IP addresses: perhaps verifying that the client IP address appeared in the Alternative names in the client certificate as well as in the whitelist? Or perhaps that the IP address matched an alternative name and the subject name appeared in the whitelist? Comments? You don't say what you're trying to achieve! But whatever it is, none of the above makes a lot of sense - anyone can make a cert with whatever subject and alternate names they want... __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Best practice for client cert name checking
I have recently written a product that incorporates SSL/TLS server code that processes client certificates. I designed what I thought made sense at the time but now I am wondering if what I did was best. In the product's configuration file the sysadmin may optionally include a whitelist of client names. If the sysadmin does so, then the server requests a client certificate. At least one of the names (subject O= and Alternative names, including wildcards) in the certificate must match one of the names in the whitelist or I reject the session. Something I saw recently got me to wondering whether I should have made some sort of provision for checking IP addresses: perhaps verifying that the client IP address appeared in the Alternative names in the client certificate as well as in the whitelist? Or perhaps that the IP address matched an alternative name and the subject name appeared in the whitelist? Comments? Charles __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Best practice for client cert name checking
Thanks. I'm a relative newbie to this whole topic. Can you point me to a resource that describes pin in the sense you use it below? The word is too common for the Google to be much help. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeffrey Walton Sent: Saturday, October 06, 2012 4:40 PM To: openssl-users@openssl.org Subject: Re: Best practice for client cert name checking On Sat, Oct 6, 2012 at 9:52 AM, Charles Mills charl...@mcn.org wrote: I have recently written a product that incorporates SSL/TLS server code that processes client certificates. I designed what I thought made sense at the time but now I am wondering if what I did was best. In the product's configuration file the sysadmin may optionally include a whitelist of client names. If the sysadmin does so, then the server requests a client certificate. At least one of the names (subject O= and Alternative names, including wildcards) in the certificate must match one of the names in the whitelist or I reject the session. Something I saw recently got me to wondering whether I should have made some sort of provision for checking IP addresses: perhaps verifying that the client IP address appeared in the Alternative names in the client certificate as well as in the whitelist? Or perhaps that the IP address matched an alternative name and the subject name appeared in the whitelist? You have a pre-existing relationship. There is no need to confer trust to a third party (the CAs). There's no need to use naming and location services (DNS) since its a weak assurance at best. To improve the security posture, pin the certificate or public keys. Because the relationship already exists, you already know what the public keys are. No need to trust a third party, and no need to depend upon DNS, no need to tolerate other infrastructure failures. Problems with PKI in general: www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf History of PKI and CA failures: http://wiki.cacert.org/Risk/History Reasons to Pin in mobile: http://lists.owasp.org/pipermail/owasp-mobile-security-project/2012-August/000345.html Google also Pins their public keys on the desktop. Its the reason Chrome did not suffer Diginotar's failure. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Documentation for TXT_DB errors?
I hear you (whoever you are!). It's a playpen CA. I'm a software developer. These certificates will never be allowed out into the wild. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of lists Sent: Thursday, October 04, 2012 11:43 AM To: openssl-users@openssl.org Subject: Re: Documentation for TXT_DB errors? On 10/03/2012 05:49 AM, Dave Thompson wrote: I deleted index.txt and reset serial.txt to 00 and that solved the problem. Hope that was not a terrible idea. In my opinion, reusing serials is a *very bad* idea in general. It is definitely deprecated and maybe forbidden in some legal context (I work in Italy, no officially appointed CA would reuse serials here). Think about the existence of an OpenSSL function named X509_issuer_and_serial_hash. It exists exactly because serials are intended to be unique and combining them with the CA (the hash is for leveraging the output) makes easy to have a unique identifier for certificates in a system; I personally use it. Just to present another example, OCSP can be queried by a serial number (of the certified that is to be verified). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL running on Windows XP/2003/7
http://www.openssl.org/related/binaries.html Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of engineermike Sent: Friday, October 05, 2012 9:37 AM To: openssl-users@openssl.org Subject: OpenSSL running on Windows XP/2003/7 Hello, I've been asked to create a certificate following a video that was made with step by step instructions. The video is using OpenSSL on a windows machine. I can't seem to locate the program for a windows machine. Can someone send me a link to the version of the program that will run on Windows? Thanks in advance Mike
RE: Documentation for TXT_DB errors?
Dave, as always, thanks. Unlike most(?) other modules in openssl, txt_db does NOT use the ERR_ module with its error strings I love OpenSSL and I'm not going to tell you how to run your organization but better documentation would probably mean both wider acceptance and fewer dumb questions from folks like me! Does any line in index.txt have col 3 (serial) 1C? No. Here is a cut and paste of the entire left hand side of index.txt. R 130821124505Z 120822123411Z 0B unknown /CN=C R 130822123506Z 120822124611Z 0C unknown /CN=C V 130822124721Z 0D unknown /CN=Charles Mills R 130822125501Z 120823201015Z 0E unknown /CN=C R 130822135246Z 120822185456Z 0F unknown /CN=C R 130822185636Z 120822190409Z 10 unknown /CN=C R 130822190502Z 120823201600Z 11 unknown /CN=C R 130823201708Z 120824133410Z 12 unknown /CN=C R 130824133506Z 120824145025Z 13 unknown /CN=C R 130824134844Z 120824135333Z 14 unknown /CN=C V 130824135429Z 15 unknown /CN=Charles Mills V 130824152620Z 16 unknown /CN=Charles Mills R 130830225706Z 120830235325Z 17 unknown /CN=C R 13083117Z 120831231148Z 18 unknown /CN=C R 130831233626Z 120904174701Z 19 unknown /CN=C R 130905130939Z 120905182554Z 1A unknown /CN=C R 130912152715Z 120912155806Z 1B unknown /CN=C R 120919161159Z 121001143321Z 93E150296A86E7C7 you should have 27 or 28 (respectively) lines in index.txt Early on in my use of OpenSSL, when I (a.) understood even less than I do now and (b.) issued lots of practice certificates I solved the duplicate certificate problem by repeatedly deleting and re-creating index.txt. My bad. Perhaps I should both delete it ONE more time and reset serial to 00? This is a total playpen situation. I have no pretense of being any sort of real CA at this time. The usual name for the serial file is just serial no .txt Definitely serial.txt. Not sure how that happened. Something in the Win32 pre-built distribution that I got? If the file doesn't exist this can't work. Was the error nonexistent file, or something else, and if so what? Non-existent file. Was not sure if revoke started from the file or from the index. Did you configure that on? Config file in use says unique_subject = no Further, there is no requirement the subject DN be unique. Wow, I ran into lots of trouble with that issue. That's how I got into re-creating the index file (which I now know was wrong, but nonetheless that is why I did it). Any idea why I would have had certificate requests rejected as duplicates then? Aside: I'm pretty sure you don't need the .nnn i.e. .2 here, since openssl treats subjectAltName as one Hmmm. It's working so I don't think I'll touch it. I know it took a lot of hacking to get it to work. Again, may I repeat my plea for documentation? Why do open source projects attract plenty of coders but not tech writers? Aren't there tech writers who would love to make a contribution to open source? thanks and take care, Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Monday, October 01, 2012 6:02 PM To: openssl-users@openssl.org Subject: RE: Documentation for TXT_DB errors? From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills Sent: Monday, 01 October, 2012 10:12 Is there specific documentation anywhere for TXT_DB errors? AFAIK only $sourcetree/crypto/txt_db/txt_db.h Unlike most(?) other modules in openssl, txt_db does NOT use the ERR_ module with its error strings capability; bummer. I'm not a total newbie at this but I am not an expert. I have issued server certificates before but now I am stuck on a TXT_DB error 2. 2 is DB_ERROR_INDEX_CLASH . serial.txt exists and contains 1C. index.txt exists and contains 17 (decimal) lines. Does any line in index.txt have col 3 (serial) 1C? All certs from a CA (at least under a given CA key+cert if you chain with AKI, as is generally best practice but optional in openssl) must have unique serials, and openssl 'ca' enforces this with an in-memory index on data in file (normally and a bit misleadingly) index.txt, in addition to using file serial which if not interfered with assigns sequential thus unique values. If serial(.txt?) started from 00 or 01, and only 'ca' updated it, and you didn't delete any lines from index.txt or replace that with a copy/version that is missing lines (like a backup), you should have 27 or 28 (respectively) lines in index.txt, for each serial value through hex 1B in sequence. The usual name for the serial file is just serial no .txt. I assume either this is a typo or you changed the config so that serial.txt is actually being used. If not, look at the file that is actually being used
RE: Documentation for TXT_DB errors?
I deleted index.txt and reset serial.txt to 00 and that solved the problem. Hope that was not a terrible idea. I understand that I have lost the ability to revoke any previous certificates. I won't edit index.txt again. Charles -Original Message- From: Charles Mills [mailto:charl...@mcn.org] Sent: Tuesday, October 02, 2012 9:03 AM To: 'openssl-users@openssl.org' Subject: RE: Documentation for TXT_DB errors? Dave, as always, thanks. Unlike most(?) other modules in openssl, txt_db does NOT use the ERR_ module with its error strings I love OpenSSL and I'm not going to tell you how to run your organization but better documentation would probably mean both wider acceptance and fewer dumb questions from folks like me! Does any line in index.txt have col 3 (serial) 1C? No. Here is a cut and paste of the entire left hand side of index.txt. R 130821124505Z 120822123411Z 0B unknown /CN=C R 130822123506Z 120822124611Z 0C unknown /CN=C V 130822124721Z 0D unknown /CN=Charles Mills R 130822125501Z 120823201015Z 0E unknown /CN=C R 130822135246Z 120822185456Z 0F unknown /CN=C R 130822185636Z 120822190409Z 10 unknown /CN=C R 130822190502Z 120823201600Z 11 unknown /CN=C R 130823201708Z 120824133410Z 12 unknown /CN=C R 130824133506Z 120824145025Z 13 unknown /CN=C R 130824134844Z 120824135333Z 14 unknown /CN=C V 130824135429Z 15 unknown /CN=Charles Mills V 130824152620Z 16 unknown /CN=Charles Mills R 130830225706Z 120830235325Z 17 unknown /CN=C R 13083117Z 120831231148Z 18 unknown /CN=C R 130831233626Z 120904174701Z 19 unknown /CN=C R 130905130939Z 120905182554Z 1A unknown /CN=C R 130912152715Z 120912155806Z 1B unknown /CN=C R 120919161159Z 121001143321Z 93E150296A86E7C7 you should have 27 or 28 (respectively) lines in index.txt Early on in my use of OpenSSL, when I (a.) understood even less than I do now and (b.) issued lots of practice certificates I solved the duplicate certificate problem by repeatedly deleting and re-creating index.txt. My bad. Perhaps I should both delete it ONE more time and reset serial to 00? This is a total playpen situation. I have no pretense of being any sort of real CA at this time. The usual name for the serial file is just serial no .txt Definitely serial.txt. Not sure how that happened. Something in the Win32 pre-built distribution that I got? If the file doesn't exist this can't work. Was the error nonexistent file, or something else, and if so what? Non-existent file. Was not sure if revoke started from the file or from the index. Did you configure that on? Config file in use says unique_subject = no Further, there is no requirement the subject DN be unique. Wow, I ran into lots of trouble with that issue. That's how I got into re-creating the index file (which I now know was wrong, but nonetheless that is why I did it). Any idea why I would have had certificate requests rejected as duplicates then? Aside: I'm pretty sure you don't need the .nnn i.e. .2 here, since openssl treats subjectAltName as one Hmmm. It's working so I don't think I'll touch it. I know it took a lot of hacking to get it to work. Again, may I repeat my plea for documentation? Why do open source projects attract plenty of coders but not tech writers? Aren't there tech writers who would love to make a contribution to open source? thanks and take care, Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Monday, October 01, 2012 6:02 PM To: openssl-users@openssl.org Subject: RE: Documentation for TXT_DB errors? From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills Sent: Monday, 01 October, 2012 10:12 Is there specific documentation anywhere for TXT_DB errors? AFAIK only $sourcetree/crypto/txt_db/txt_db.h Unlike most(?) other modules in openssl, txt_db does NOT use the ERR_ module with its error strings capability; bummer. I'm not a total newbie at this but I am not an expert. I have issued server certificates before but now I am stuck on a TXT_DB error 2. 2 is DB_ERROR_INDEX_CLASH . serial.txt exists and contains 1C. index.txt exists and contains 17 (decimal) lines. Does any line in index.txt have col 3 (serial) 1C? All certs from a CA (at least under a given CA key+cert if you chain with AKI, as is generally best practice but optional in openssl) must have unique serials, and openssl 'ca' enforces this with an in-memory index on data in file (normally and a bit misleadingly) index.txt, in addition to using file serial which if not interfered with assigns sequential thus unique values. If serial(.txt?) started from 00 or 01, and only 'ca' updated it, and you didn't
Documentation for TXT_DB errors?
Is there specific documentation anywhere for TXT_DB errors? I'm not a total newbie at this but I am not an expert. I have issued server certificates before but now I am stuck on a TXT_DB error 2. serial.txt exists and contains 1C. index.txt exists and contains 17 (decimal) lines. Unless I am confused the CN I am trying to issue for is unique. A revoke for the_cn_name.PEM fails. However some of the additional DNS in the certificate are not unique. Is that a problem? In other words, I am trying to issue foo.PEM for CN=foo. foo.PEM does not exist and O=foo does not appear in index.txt. But I am trying to issue the certificate with DNS.2=bar. I may already have outstanding unrevoked certificates with DNS.2=bar. Is that a problem? What should I be looking for that accounts for TXT_DB error 2 in this situation? Is there authoritative documentation I should be reading? Thanks much, Charles __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: facing problem in installation of openssl-0.9.7d
Well, as the messages say, you specified /WX - treat any warning as a fatal error. You got a warning -- /G5 is deprecated - and, just as you asked, VC treated it as a fatal error. Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Ahmad Sent: Wednesday, September 26, 2012 2:46 AM To: openssl-users@openssl.org Subject: facing problem in installation of openssl-0.9.7d I am having some error when i try to install openssl-0.9.7d. from the VC++ environment at a prompt when i run this command nmake -f ms\ntdll.mak I get following errors 1 file(s) copied. cl /Fotmp32dll\cryptlib.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDI AN -DDSO_WIN32 -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll -DOPENSSL_ NO_KRB5 -D_WINDLL -DOPENSSL_BUILD_SHLIBCRYPTO -c .\crypto\cryptlib.c cl : Command line warning D9002 : ignoring unknown option '/G5' cryptlib.c C:\Program Files\Microsoft Visual Studio 10.0\VC\INCLUDE\errno.h(92) : error C22 20: warning treated as error - no 'object' file generated C:\Program Files\Microsoft Visual Studio 10.0\VC\INCLUDE\errno.h(92) : warning C 4005: 'EADDRINUSE' : macro redefinition tmp32dll\e_os.h(156) : see previous definition of 'EADDRINUSE' NMAKE : fatal error U1077: 'C:\Program Files\Microsoft Visual Studio 10.0\VC\BI N\cl.EXE' : return code '0x2' Stop. How can these errors be solved ? Please help in this issue. Regards, -- Ahmad
RE: error iin x509v3.h compiled with visual studio
What is the code in x509v3.h in the vicinity of lines 180 to 200? My line 192 does not have a ')' in it. Do you get any errors *preceding* the errors in x509v3.h? Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of david preetham Sent: Tuesday, September 25, 2012 6:02 AM To: openssl-users@openssl.org Subject: error iin x509v3.h compiled with visual studio am trying to build wpa_supplicant which is referencing openssl header file x509v3.h on Visual studio 2005. while i am building compiler hitting x509v3.h header file and finding hell lot of errors. Can anybody please help me. 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_supplicant-1 .0\src\tls\x509v3.h(192) : error C2059: syntax error : '(' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_supplicant-1 .0\src\tls\x509v3.h(200) : error C2059: syntax error : 'type' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_supplicant-1 .0\src\tls\x509v3.h(204) : error C2059: syntax error : '}' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_supplicant-1 .0\src\tls\x509v3.h(205) : error C2059: syntax error : '}' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_supplicant-1 .0\src\tls\x509v3.h(211) : error C2061: syntax error : identifier 'GENERAL_NAME' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_supplicant-1 .0\src\tls\x509v3.h(212) : error C2059: syntax error : '}' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_supplicant-1 .0\src\tls\x509v3.h(231) : error C2059: syntax error : '(' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_supplicant-1 .0\src\tls\x509v3.h(232) : error C2059: syntax error : '}' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_supplicant-1 .0\src\tls\x509v3.h(249) : error C2061: syntax error : identifier 'DIST_POINT_NAME' ...continues.. regards, David Preetham
Re: error iin x509v3.h compiled with visual studio
I'll send you my exact VS 2010 .h sequence tomorrow. -- Sent from my mobile phone. Please excuse my brevity. Charles Dr. Stephen Henson st...@openssl.org wrote: On Tue, Sep 25, 2012, david preetham wrote: am trying to build wpa_supplicant which is referencing openssl header file x509v3.h on Visual studio 2005. while i am building compiler hitting x509v3.h header file and finding hell lot of errors. Can anybody please help me. 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_supplicant-1.0\src\tls\x509v3.h(192) : error C2059: syntax error : '(' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_supplicant-1.0\src\tls\x509v3.h(200) : error C2059: syntax error : 'type' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_supplicant-1.0\src\tls\x509v3.h(204) : error C2059: syntax error : '}' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_supplicant-1.0\src\tls\x509v3.h(205) : error C2059: syntax error : '}' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_supplicant-1.0\src\tls\x509v3.h(211) : error C2061: syntax error : identifier 'GENERAL_NAME' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_supplicant-1.0\src\tls\x509v3.h(212) : error C2059: syntax error : '}' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_supplicant-1.0\src\tls\x509v3.h(231) : error C2059: syntax error : '(' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_supplicant-1.0\src\tls\x509v3.h(232) : error C2059: syntax error : '}' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_supplicant-1.0\src\tls\x509v3.h(249) : error C2061: syntax error : identifier 'DIST_POINT_NAME' ...continues.. This is caused by clashes between the OpenSSL and some Windows header files. There are some #undefs in various OpenSSL header files which should work around this in crypto/x509.h for example: #undef X509_NAME #undef X509_CERT_PAIR #undef X509_EXTENSIONS but they may not be being picked up in this case or there may be some new ones. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: error iin x509v3.h compiled with visual studio
The following compiles without error in MS VS 2010 C++. Yes, I know string is in there twice: no reason, it just is. #include targetver.h // Watch out! winsock2 and friends has to be ahead of most things #include Ws2tcpip.h // Ws2tcpip always needs Ws2_32.lib. You can put it here or in the linker input #pragma comment (lib, Ws2_32.lib) #include Mswsock.h #include stdio.h #include tchar.h #include string #include iostream #include fstream #include list #include process.h/* _beginthread, _endthread */ #include conio.h #include Windows.h // #include Shlwapi.h for PathRemoveFileSpec; requires Shlwapi.lib #include Shlwapi.h #pragma comment (lib, Shlwapi.lib) #include string // SSL #include openssl\ssl.h #include openssl\crypto.h #include openssl\err.h #include openssl\rand.h #include openssl\x509v3.h targetver.h is #include SDKDDKVer.h which is too long to paste here and hopefully not the active ingredient. Probably VS version dependent anyway. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Tuesday, September 25, 2012 5:23 PM To: openssl-users@openssl.org Subject: Re: error iin x509v3.h compiled with visual studio On Tue, Sep 25, 2012, david preetham wrote: am trying to build wpa_supplicant which is referencing openssl header file x509v3.h on Visual studio 2005. while i am building compiler hitting x509v3.h header file and finding hell lot of errors. Can anybody please help me. 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_suppli 1cant-1.0\src\tls\x509v3.h(192) : error C2059: syntax error : '(' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_suppli 1cant-1.0\src\tls\x509v3.h(200) : error C2059: syntax error : 'type' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_suppli 1cant-1.0\src\tls\x509v3.h(204) : error C2059: syntax error : '}' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_suppli 1cant-1.0\src\tls\x509v3.h(205) : error C2059: syntax error : '}' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_suppli 1cant-1.0\src\tls\x509v3.h(211) : error C2061: syntax error : identifier 'GENERAL_NAME' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_suppli 1cant-1.0\src\tls\x509v3.h(212) : error C2059: syntax error : '}' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_suppli 1cant-1.0\src\tls\x509v3.h(231) : error C2059: syntax error : '(' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_suppli 1cant-1.0\src\tls\x509v3.h(232) : error C2059: syntax error : '}' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_suppli 1cant-1.0\src\tls\x509v3.h(249) : error C2061: syntax error : identifier 'DIST_POINT_NAME' ...continues.. This is caused by clashes between the OpenSSL and some Windows header files. There are some #undefs in various OpenSSL header files which should work around this in crypto/x509.h for example: #undef X509_NAME #undef X509_CERT_PAIR #undef X509_EXTENSIONS but they may not be being picked up in this case or there may be some new ones. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: error iin x509v3.h compiled with visual studio
Oh! Also, 1. whenever I have problems with VS I *always* suspect precompiled header issues. Try turning off pre-compiled headers, do a Clean, and a Rebuild, and see if the problems go away. 2. Watch out for Unicode issues. This project is compiled Use multi-byte character set which is MS-speak for not Unicode. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills Sent: Tuesday, September 25, 2012 9:33 PM To: openssl-users@openssl.org Subject: RE: error iin x509v3.h compiled with visual studio The following compiles without error in MS VS 2010 C++. Yes, I know string is in there twice: no reason, it just is. #include targetver.h // Watch out! winsock2 and friends has to be ahead of most things #include Ws2tcpip.h // Ws2tcpip always needs Ws2_32.lib. You can put it here or in the linker input #pragma comment (lib, Ws2_32.lib) #include Mswsock.h #include stdio.h #include tchar.h #include string #include iostream #include fstream #include list #include process.h/* _beginthread, _endthread */ #include conio.h #include Windows.h // #include Shlwapi.h for PathRemoveFileSpec; requires Shlwapi.lib #include Shlwapi.h #pragma comment (lib, Shlwapi.lib) #include string // SSL #include openssl\ssl.h #include openssl\crypto.h #include openssl\err.h #include openssl\rand.h #include openssl\x509v3.h targetver.h is #include SDKDDKVer.h which is too long to paste here and hopefully not the active ingredient. Probably VS version dependent anyway. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Tuesday, September 25, 2012 5:23 PM To: openssl-users@openssl.org Subject: Re: error iin x509v3.h compiled with visual studio On Tue, Sep 25, 2012, david preetham wrote: am trying to build wpa_supplicant which is referencing openssl header file x509v3.h on Visual studio 2005. while i am building compiler hitting x509v3.h header file and finding hell lot of errors. Can anybody please help me. 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_suppli 1cant-1.0\src\tls\x509v3.h(192) : error C2059: syntax error : '(' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_suppli 1cant-1.0\src\tls\x509v3.h(200) : error C2059: syntax error : 'type' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_suppli 1cant-1.0\src\tls\x509v3.h(204) : error C2059: syntax error : '}' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_suppli 1cant-1.0\src\tls\x509v3.h(205) : error C2059: syntax error : '}' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_suppli 1cant-1.0\src\tls\x509v3.h(211) : error C2061: syntax error : identifier 'GENERAL_NAME' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_suppli 1cant-1.0\src\tls\x509v3.h(212) : error C2059: syntax error : '}' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_suppli 1cant-1.0\src\tls\x509v3.h(231) : error C2059: syntax error : '(' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_suppli 1cant-1.0\src\tls\x509v3.h(232) : error C2059: syntax error : '}' 1D:\Interworking\wpa_supplicant-1.0.tar\wpa_supplicant-1.0\wpa_suppli 1cant-1.0\src\tls\x509v3.h(249) : error C2061: syntax error : identifier 'DIST_POINT_NAME' ...continues.. This is caused by clashes between the OpenSSL and some Windows header files. There are some #undefs in various OpenSSL header files which should work around this in crypto/x509.h for example: #undef X509_NAME #undef X509_CERT_PAIR #undef X509_EXTENSIONS but they may not be being picked up in this case or there may be some new ones. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Digital certificate with more than 1 year validity
Looking at my bat files, yes, I say –days 3650 on an openssl x509 –req Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills Sent: Tuesday, September 18, 2012 8:08 PM To: openssl-users@openssl.org; openssl-users@openssl.org Subject: Re: Digital certificate with more than 1 year validity I do it all the time. -days 3650 as I recall. -- Sent from my mobile phone. Please excuse my brevity. Charles Wim Lewis w...@omnigroup.com wrote: On 17 Sep 2012, at 9:13 PM, Santhosh AP wrote: Kindly help us to create digital certificate having more than 365 day’s validity. At present we are using OpenSSL 0.9.7a Feb 19 2003 version. Kindly confirm is it possible to cross the certificate validity more than 1 year, if it’s possible how to do it. I don't think there is anything preventing you from specifying a longer validity period, either on the command line to the 'ca' command or in the relevant ca section of the config file. (Some documentation says to specify it when creating the CSR, but this is wrong: the CSR does not carry that information as far as I know. The validity period is chosen by the CA when it creates the certificate.)
RE: Memory issues with ssl handshake
Try plugging your code to exit after the first OpenSSL function, then after the second, and so forth, and see if you can get down to the simplest case. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Thomas Sent: Monday, September 17, 2012 11:36 AM To: Michel Cc: openssl-users@openssl.org Subject: Re: Memory issues with ssl handshake Hi again, I've changed the code to reuse the SSL contexts but in terms of memory consumption/release it did not change much - if anything at all. By the way, is there a way to unload a certificate once it has been loaded into a SSL context via SSL_CTX_use_certificate() ? I didn't find anything in the docs and simply specifying NULL as cert parameter caused a crash in OpenSSL. The only places left that cause memory leaks are reported inside OpenSSL as in at 0x68EAC8B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==27041==by 0x6C472DB: default_malloc_ex (mem.c:79) ==27041==by 0x6C4795F: CRYPTO_malloc (mem.c:306) ==27041==by 0x6C73940: bn_expand_internal (bn_lib.c:336) ==27041==by 0x6C73AE0: bn_expand2 (bn_lib.c:451) ==27041==by 0x6C73BB2: BN_set_bit (bn_lib.c:730) ==27041==by 0x6C7E16E: BN_MONT_CTX_set (bn_mont.c:514) ==27041==by 0x6C7E402: BN_MONT_CTX_set_locked (bn_mont.c:552) ==27041==by 0x6C95B56: RSA_eay_mod_exp (rsa_eay.c:782) ==27041==by 0x6C96422: RSA_eay_private_decrypt (rsa_eay.c:565) ==27041==by 0x6C97EDF: RSA_private_decrypt (rsa_lib.c:303) ==27041==by 0x6942918: ssl3_get_client_key_exchange (s3_srvr.c:2038) ==27041==by 0x6946693: ssl3_accept (s3_srvr.c:529) ==27041==by 0x69513CA: ssl3_read_bytes (s3_pkt.c:941) ==27041==by 0x694C688: ssl3_read_internal (s3_lib.c:3274) ==27041==by 0x69642E8: SSL_read (ssl_lib.c:954) Sometimes these are flagged still reachable and sometimes indirectly lost, usually both types are reported as I get a large amount of these traces. One thing I noticed is that all goes well if I cause the code to run sequentially (e.g. cause requests to come one ater another). Yet it starts eating up memory like crazy if I cause several (HTTPS) requests to come at once. I'm at a loss here. Valgrind insists the leaks happen in OpenSSL code. I'll be happy to supply more information if anyone has an idea of how to approach this. Regards, Thomas On 09/13/2012 12:30 PM, Michel wrote: Hi again Thomas, Do you really need to free your context each time you free your TLS session ? I believe it is not needed and at least not usual. If you need several *DIFFERENT* contexts, implying different TLS configurations/setup, wich, I think, is not so common, you can keep them 'alive' during all your app 'run', even in multi-threaded programs. It would allow you to access some activity informations like the ones documented in : http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html Hope this helps, Regards Le 13/09/2012 10:39, Thomas a écrit : Hi Michel, Thanks for trying to help, I really appreciate it :-) Does your app setup and free a context each time a client is connecting ? The context is created only when a client requests a HTTPS connection and is destroyed together with the SSL session once the connection goes down. It is rather related to connections then to clients since one client can open several connections but I think you implied one connection per client and then the answer is 'yes'. I will try freeing the session before the context and come back with the results. Regards, Thomas __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Digital certificate with more than 1 year validity
I do it all the time. -days 3650 as I recall. -- Sent from my mobile phone. Please excuse my brevity. Charles Wim Lewis w...@omnigroup.com wrote: On 17 Sep 2012, at 9:13 PM, Santhosh AP wrote: Kindly help us to create digital certificate having more than 365 day’s validity. At present we are using OpenSSL 0.9.7a Feb 19 2003 version. Kindly confirm is it possible to cross the certificate validity more than 1 year, if it’s possible how to do it. I don't think there is anything preventing you from specifying a longer validity period, either on the command line to the 'ca' command or in the relevant ca section of the config file. (Some documentation says to specify it when creating the CSR, but this is wrong: the CSR does not carry that information as far as I know. The validity period is chosen by the CA when it creates the certificate.) This is more of a openssl-users question than a openssl-dev question, so I've cc:'d that list; it's probably best if replies go there. _ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: openssl on a home LAN
It's true. I think you are a Web developer and need to generate certificates for your Web site was mentioned. Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Gayathri Sundar Sent: Thursday, September 13, 2012 6:01 AM To: openssl-users@openssl.org Subject: Re: openssl on a home LAN Charles, I think he wanted to use SSL for data transfer between 2 computers. What you have used is the PKI infrastructure. Infact even for SSL there are sample client and server codes in the examples folder, but that does not hook into your application. Thanks --Gayathri On Wed, Sep 12, 2012 at 1:29 PM, Steven Madwin smad...@adobe.com wrote: Hi John, As an aside to what Gayathri said, I'm not a developer, but I have used OpenSSL to create a complete PKI universe for testing. Using the pre-compiled, downloadable installer I've been able to create Root certificates, Intermediate CA certificates, and end-entity certificates of all shapes and sizes (e.g. DSA, RSA, EC with varying key sizes). I've also used it to manage revocation checking by creating CRLs and running it as an (admittedly, a very light weight) OCSP server. I even used it once to create an SSL certificate for an internal server :) My point is, although the primary use seems to be incorporating the OpenSSL libraries into your compiled code so you can take advantage of its cryptographic capabilities, even someone who is not a computer scientist can use OpenSSL from the command line to do a lot of work. What it really boils down to is what is it that you are looking to do? Steve From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John A. Wallace Sent: Wednesday, September 12, 2012 9:58 AM To: openssl-users@openssl.org Subject: RE: openssl on a home LAN Hi, Gayathri, I appreciate the clarification. It was helpful, yes. I think my confusion stemmed from the fact that in the past while installing one or another program, I found it to say that OpenSSL must be installed on your system for this program to work properly. Okay, I think I got it now, the light has made it into my obstinate, thick skull. Clarity is a beautiful thing, thank you. John From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Gayathri Sundar Sent: Wednesday, September 12, 2012 10:07 AM To: openssl-users@openssl.org Subject: Re: openssl on a home LAN Hi John, I definitely do not agree with charles's email, but what I think he meant is, you need to write programs to use OpenSSL. Its an installable library, which you need to invoke from your application using its exposed APIs and recompile your code, link OpenSSL library and execute for it to work. Its not a SSL solution if that is what your looking for. Just installing OpenSSL is not going to give u SSL. Thanks --Gayathri On Tue, Sep 11, 2012 at 8:36 PM, John A. Wallace jw72...@verizon.net wrote: Charlie, Frankly, you condescending manner is starting to annoy me, considerably. Furthermore, your name is not on this page as one of the moderators of this group: http://www.openssl.org/about/. Moreover, I don't believe I need your permission to hang out here. You need to read the link I provided you all the way to the end, it says that this group is for 1. Developers 2. OpenSSL usage 3. Installation problems Now inasmuch as my question pertained to OpenSSL Usage, i.e., number 2 above, well I think that makes my asking it a legitimate question for this group. If you don't like it, you can just learn to use your reading program and ignore me. Thank you very much. J John From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills Sent: Tuesday, September 11, 2012 3:22 PM To: openssl-users@openssl.org Subject: RE: openssl on a home LAN Right. Are you an application developer? In other words, do you write computer programs? Does the following mean anything to you? int main(int argc, char *argv[]) { printf(hello world\n); return 0; } Or alternatively, are you a Web site operator? Do you host a Web site that others access? If the answer to both of these questions is No, then you are welcome to hang out here but the answer to your original question, whether there is any point in using openssl is No. Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John A. Wallace Sent: Tuesday, September 11, 2012 12:07 PM To: openssl-users@openssl.org Subject: RE: openssl on a home LAN Hi. I am not trying to be mean or something, but you may want to take a look at this page: http://www.openssl.org/support/community.html Focusing on the part that describes this list, one can read this about its purpose: Application Development, OpenSSL Usage, Installation Problems, etc. That looks
RE: certificate validation issues with openssl 1.0.0 and expired certificates in cafile
Would it make sense to delete the expired certificate from the Windows store? Duplicate expired/non expired CA certificates sounds to me like a problem waiting to happen. Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Ashok C Sent: Thursday, September 13, 2012 12:49 AM To: openssl-users@openssl.org Subject: Re: certificate validation issues with openssl 1.0.0 and expired certificates in cafile Sending again as the previous email did not appear in list. Is there some problem with the mailing list? -- Ashok On Wed, Sep 12, 2012 at 2:59 PM, Ashok C ash@gmail.com wrote: Hi, I don't think this question was answered. Could you please reply? -- Ashok On Tue, Jul 31, 2012 at 11:13 PM, Klaus Darilion klaus.mailingli...@pernau.at wrote: Hi! I wrote a small program which dumps all root certificates from Windows certificate store into a file. Then I use openssl to connect to Google and validate its certificate: openssl s_client -connect www.google.com:443 -CAfile dump.crt When using openssl0.9.8k or openssl0.9.8x everything works as expected. When using openssl1.0.0g or openssl 1.0.1c the certificate validation fails with: Verify return code: 10 (certificate has expired) CONNECTED(016C) depth=2 C = US, O = VeriSign, Inc., OU = Class 3 Public Primary Certification Authority verify error:num=10:certificate has expired notAfter=Jan 7 23:59:59 2004 GMT verify return:0 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com i:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA 1 s:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority When analyzing the cafile with the dumped certificates from Windows certificate store, I found out that there are two certificates for Verisign with identical subject, whereas one is expired, the other not. X.509 Certificate Information: Version: 1 Serial Number (hex): 00e49efdf33ae80ecfa5113e19a4240232 Issuer: C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority Validity: Not Before: Mon Jan 29 00:00:00 UTC 1996 Not After: Wed Jan 07 23:59:59 UTC 2004 Subject: C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority Subject Public Key Algorithm: RSA X.509 Certificate Information: Version: 1 Serial Number (hex): 70bae41d10d92934b638ca7b03ccbabf Issuer: C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority Validity: Not Before: Mon Jan 29 00:00:00 UTC 1996 Not After: Tue Aug 01 23:59:59 UTC 2028 Subject: C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority Subject Public Key Algorithm: RSA Thus, it seems that openssl 0.9.8 just ignores the expired certificate and searches if there is another valid one whereas openssl 1.0.0 stop with the first expired certificate. Is the new behavior the intended behavior? Is it possible to have the old behavior also in new openssl versions? Thanks Klaus __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: openssl on a home LAN
A thousand pardons. You totally misapprehend my intent. I guess that's a classic hazard of e-mail, isn't it? You're right, I make no pretense of being a moderator. It's a forum, and I'm just a citizen trying to help you out by answering the question you asked in the forum. I won't bother you again. P.S. The name is Charles. Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John A. Wallace Sent: Tuesday, September 11, 2012 6:37 PM To: openssl-users@openssl.org Subject: RE: openssl on a home LAN Charlie, Frankly, you condescending manner is starting to annoy me, considerably. Furthermore, your name is not on this page as one of the moderators of this group: http://www.openssl.org/about/. Moreover, I don't believe I need your permission to hang out here. You need to read the link I provided you all the way to the end, it says that this group is for 1. Developers 2. OpenSSL usage 3. Installation problems Now inasmuch as my question pertained to OpenSSL Usage, i.e., number 2 above, well I think that makes my asking it a legitimate question for this group. If you don't like it, you can just learn to use your reading program and ignore me. Thank you very much. J
RE: Memory issues with ssl handshake
Not sure if it help at all but FWIW I am using Windows pre-built OpenSSL dll's with server client certificates, CAs, DH keys, and a CRL, and I am seeing no memory leaks whatsoever in Visual Studio 2010. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Thomas Eckert Sent: Wednesday, September 12, 2012 7:59 AM To: openssl-users@openssl.org Subject: Memory issues with ssl handshake Hi, Valgrind gives me a *lot* of messages like this ==19021== 2,056 bytes in 2 blocks are indirectly lost in loss record 186 of 190 ==19021==at 0x68EAC8B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==19021==by 0x6C472DB: default_malloc_ex (mem.c:79) ==19021==by 0x6C4795F: CRYPTO_malloc (mem.c:306) ==19021==by 0x6C73940: bn_expand_internal (bn_lib.c:336) ==19021==by 0x6C73AE0: bn_expand2 (bn_lib.c:451) ==19021==by 0x6C73BB2: BN_set_bit (bn_lib.c:730) ==19021==by 0x6C7E16E: BN_MONT_CTX_set (bn_mont.c:514) ==19021==by 0x6C7E402: BN_MONT_CTX_set_locked (bn_mont.c:552) ==19021==by 0x6C97053: RSA_eay_public_decrypt (rsa_eay.c:693) ==19021==by 0x6C97F1F: RSA_public_decrypt (rsa_lib.c:309) ==19021==by 0x6C98BEB: int_rsa_verify (rsa_sign.c:182) ==19021==by 0x6C98F57: RSA_verify (rsa_sign.c:284) ==19021==by 0x6949E16: ssl3_get_key_exchange (s3_clnt.c:1562) ==19021==by 0x694BF5F: ssl3_connect (s3_clnt.c:335) ==19021==by 0x6964AB9: SSL_connect (ssl_lib.c:933) ==19021==by 0x6953FDD: ssl23_connect (s23_clnt.c:693) ==19021==by 0x6963FBC: SSL_do_handshake (ssl_lib.c:2368) ==19021==by 0x8060D14: ssl_connect (ssl.c:1078) Compared to the above they vary only in one line, e.g. ==19021== 1,024 bytes in 2 blocks are indirectly lost in loss record 181 of 190 ==19021==at 0x68EAC8B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==19021==by 0x6C472DB: default_malloc_ex (mem.c:79) ==19021==by 0x6C4795F: CRYPTO_malloc (mem.c:306) ==19021==by 0x6C73940: bn_expand_internal (bn_lib.c:336) ==19021==by 0x6C73AE0: bn_expand2 (bn_lib.c:451) ==19021==by 0x6C73D53: BN_copy (bn_lib.c:506) ==19021==by 0x6C7DFCA: BN_MONT_CTX_set (bn_mont.c:421) ==19021==by 0x6C7E402: BN_MONT_CTX_set_locked (bn_mont.c:552) ==19021==by 0x6C97053: RSA_eay_public_decrypt (rsa_eay.c:693) ==19021==by 0x6C97F1F: RSA_public_decrypt (rsa_lib.c:309) ==19021==by 0x6C98BEB: int_rsa_verify (rsa_sign.c:182) ==19021==by 0x6C98F57: RSA_verify (rsa_sign.c:284) ==19021==by 0x6949E16: ssl3_get_key_exchange (s3_clnt.c:1562) ==19021==by 0x694BF5F: ssl3_connect (s3_clnt.c:335) ==19021==by 0x6964AB9: SSL_connect (ssl_lib.c:933) ==19021==by 0x6953FDD: ssl23_connect (s23_clnt.c:693) ==19021==by 0x6963FBC: SSL_do_handshake (ssl_lib.c:2368) ==19021==by 0x8060D14: ssl_connect (ssl.c:1078) The application in question is a http proxy and is leaking memory heavily. Actually, Valgrind also reports many entries as still reachable instead of indirectly lost but even those regions are mentioned by Valgrind like the above two blocks. I doubt OpenSSL has such blatant memory leaks but I have been searching for the leaks for some time now and just cannot find anything - also due to the fact that Valgrind reports all the leaks like above, which is not really helpful. I do realize that for detailed help I would need to give some code on how the connections are set up but that code is pretty large. So best would be some hint as to where to look for or what regions of code to supply. Looking for hints as to what is going wrong I went through some of the OpenSSL functions mentioned above and after leaving my code and entering OpenSSL code the only thing being passed around the functions is the actual SSL object - and no buffers of any kind. So I suppose the source of the problem lies in setting up the object, it's context or what ever is stuck to it. The first thing I checked on was how the SSL connections are torn down in my application: ERR_remove_state(0); SSL_CTX_free(ssl-ctx); SSL_free(ssl); The first line was added only after starting the search for the leaks and I'm still not sure if that line doesn't break anything. I did find some minor leaks in my code along the way (e.g. a forgotten ASN1_INTEGER_free()) but they were neither easy to find - because Valgrind also reported them like the above two blocks, meaning in the wrong place! - nor did they change much. Does anyone have some tips for me ? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: openssl on a home LAN
Thanks. Take care. Good luck with your home LAN. Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John A. Wallace Sent: Wednesday, September 12, 2012 9:51 AM To: openssl-users@openssl.org Subject: RE: openssl on a home LAN No problem and no hard feelings. Take care and have a good day. Thanks. John From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills Sent: Wednesday, September 12, 2012 11:14 AM To: openssl-users@openssl.org Subject: RE: openssl on a home LAN A thousand pardons. You totally misapprehend my intent. I guess that's a classic hazard of e-mail, isn't it? You're right, I make no pretense of being a moderator. It's a forum, and I'm just a citizen trying to help you out by answering the question you asked in the forum. I won't bother you again. P.S. The name is Charles. Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John A. Wallace Sent: Tuesday, September 11, 2012 6:37 PM To: openssl-users@openssl.org Subject: RE: openssl on a home LAN Charlie, Frankly, you condescending manner is starting to annoy me, considerably. Furthermore, your name is not on this page as one of the moderators of this group: http://www.openssl.org/about/. Moreover, I don't believe I need your permission to hang out here. You need to read the link I provided you all the way to the end, it says that this group is for 1. Developers 2. OpenSSL usage 3. Installation problems Now inasmuch as my question pertained to OpenSSL Usage, i.e., number 2 above, well I think that makes my asking it a legitimate question for this group. If you don't like it, you can just learn to use your reading program and ignore me. Thank you very much. J
RE: openssl on a home LAN
Do you write computer programs, or are you a home user of personal computers? If you don't write computer programs, then using OpenSSL at the level addressed by this mailing list is not what you are looking for. Some of the products you might buy might use OpenSSL under the covers, but you would get support generally directly from the companies that produce those products, not this mailing list. Not trying to be mean or off-putting. If I have missed the mark please let me know. Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John A. Wallace Sent: Tuesday, September 11, 2012 9:36 AM To: openssl-users@openssl.org Subject: openssl on a home LAN I am trying to figure out whether there is any point in using openssl on a home LAN between two computers. Would that improve on security in any way? Would I be limited in the types of OS connections? I mean, could I connect Windows with Linux? Also, if I want to make such a connection between two OS running in virtual machines, could that be done too? Thanks.
RE: openssl on a home LAN
Right. Are you an application developer? In other words, do you write computer programs? Does the following mean anything to you? int main(int argc, char *argv[]) { printf(hello world\n); return 0; } Or alternatively, are you a Web site operator? Do you host a Web site that others access? If the answer to both of these questions is No, then you are welcome to hang out here but the answer to your original question, whether there is any point in using openssl is No. Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John A. Wallace Sent: Tuesday, September 11, 2012 12:07 PM To: openssl-users@openssl.org Subject: RE: openssl on a home LAN Hi. I am not trying to be mean or something, but you may want to take a look at this page: http://www.openssl.org/support/community.html Focusing on the part that describes this list, one can read this about its purpose: Application Development, OpenSSL Usage, Installation Problems, etc. That looks clear to me in that this list would provide support for the type of question I just asked, or did I misunderstand you? J Thanks. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills Sent: Tuesday, September 11, 2012 12:52 PM To: openssl-users@openssl.org Subject: RE: openssl on a home LAN Do you write computer programs, or are you a home user of personal computers? If you don't write computer programs, then using OpenSSL at the level addressed by this mailing list is not what you are looking for. Some of the products you might buy might use OpenSSL under the covers, but you would get support generally directly from the companies that produce those products, not this mailing list. Not trying to be mean or off-putting. If I have missed the mark please let me know. Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John A. Wallace Sent: Tuesday, September 11, 2012 9:36 AM To: openssl-users@openssl.org Subject: openssl on a home LAN I am trying to figure out whether there is any point in using openssl on a home LAN between two computers. Would that improve on security in any way? Would I be limited in the types of OS connections? I mean, could I connect Windows with Linux? Also, if I want to make such a connection between two OS running in virtual machines, could that be done too? Thanks.
RE: Parsing X509 certificate subjectAltName
bool Comm::isAltNameMatch(X509 *certificate, const char *nodeName) { // there is alternative code on page 136 of O'Reilly OpenSSL unsigned char *pBuffer = NULL; int length = 0; GENERAL_NAMES *subjectAltNames; bool b; subjectAltNames = (GENERAL_NAMES*) X509_get_ext_d2i(certificate, NID_subject_alt_name, NULL, NULL); if ( subjectAltNames ) { int numberOfAlts; int i; // get number of names. Supposed to be at least one, but don't count on it numberOfAlts = sk_GENERAL_NAME_num (subjectAltNames); // loop through all of the alternate names for ( i = 0; i numberOfAlts; i++) { // get a handle to alternative name i const GENERAL_NAME *pName = sk_GENERAL_NAME_value (subjectAltNames, i); // what did we get? switch (pName-type) { case GEN_DNS: case GEN_URI: case GEN_IPADD: ASN1_STRING_to_UTF8(pBuffer, pName-d.ia5); b = isWildcardedCNcompare(reinterpret_castchar *(pBuffer), nodeName); OPENSSL_free(pBuffer); if ( b ) return true; break; case GEN_OTHERNAME: case GEN_EMAIL: case GEN_X400: case GEN_DIRNAME: case GEN_EDIPARTY: case GEN_RID: default: break; } } } // fall through or no alt names return false; } Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Kenneth Goldman Sent: Tuesday, September 11, 2012 2:14 PM To: openssl-users@openssl.org Subject: Parsing X509 certificate subjectAltName I'm 90% deep into parsing an X509 certificate, but I can't find sample code for the last piece. I found the extension, and located the ASN1_OBJECT with nid 85, OID 2.5.29.17, the subjectAltName. From the dumpasn output, I see that this is an octet string of a sequence, etc. I have to pull out the three OIDs '2.23.133.2. [1, 2, and 3]' which are presumably in the ASN1_OBJECT. Can anyone point me to sample code or a hint? ~~ 515 3: . . . . . OBJECT IDENTIFIER subjectAltName (2 5 29 17) : . . . . . . (X.509 extension) 01 01 FF 520 1: . . . . . BOOLEAN TRUE 04 4A 30 48 A4 46 30 44 31 42 30 14 06 05 67 81 05 02 01 13 0B 69 64 3A 523 74: . . . . . OCTET STRING, encapsulates { 30 48 A4 46 30 44 31 42 30 14 06 05 67 81 05 02 01 13 0B 69 64 3A 35 37 525 72: . . . . . . SEQUENCE { A4 46 30 44 31 42 30 14 06 05 67 81 05 02 01 13 0B 69 64 3A 35 37 34 35 527 70: . . . . . . . [4] { 30 44 31 42 30 14 06 05 67 81 05 02 01 13 0B 69 64 3A 35 37 34 35 34 33 529 68: . . . . . . . . SEQUENCE { 31 42 30 14 06 05 67 81 05 02 01 13 0B 69 64 3A 35 37 34 35 34 33 30 30 531 66: . . . . . . . . . SET { 30 14 06 05 67 81 05 02 01 13 0B 69 64 3A 35 37 34 35 34 33 30 30 533 20: . . . . . . . . . . SEQUENCE { 06 05 67 81 05 02 01 535 5: . . . . . . . . . . . OBJECT IDENTIFIER '2 23 133 2 1' 13 0B 69 64 3A 35 37 34 35 34 33 30 30 542 11: . . . . . . . . . . . PrintableString 'id:57454300' : . . . . . . . . . . . } 30 18 06 05 67 81 05 02 02 13 0F 4E 50 43 54 34 32 78 2F 4E 50 43 54 35 555 24: . . . . . . . . . . SEQUENCE { 06 05 67 81 05 02 02 557 5: . . . . . . . . . . . OBJECT IDENTIFIER '2 23 133 2 2' 13 0F 4E 50 43 54 34 32 78 2F 4E 50 43 54 35 30 78 564 15: . . . . . . . . . . . PrintableString 'NPCT42x/NPCT50x' : . . . . . . . . . . . } 30 10 06 05 67 81 05 02 03 13 07 69 64 3A 30 33 39 31 581 16: . . . . . . . . . . SEQUENCE { 06 05 67 81 05 02 03 583 5: . . . . . . . . . . . OBJECT IDENTIFIER '2 23 133 2 3' 13 07 69 64 3A 30 33 39 31 590 7: . . . . . . . . . . .
RE: Parsing X509 certificate subjectAltName
Thanks! Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Tuesday, September 11, 2012 3:46 PM To: openssl-users@openssl.org Subject: Re: Parsing X509 certificate subjectAltName On Tue, Sep 11, 2012, Charles Mills wrote: { case GEN_DNS: case GEN_URI: case GEN_IPADD: ASN1_STRING_to_UTF8(pBuffer, pName-d.ia5); b = isWildcardedCNcompare(reinterpret_castchar *(pBuffer), nodeName); Don't do that with the GEN_IPADD: it isn't an IA5String it is an OCTETSTRING representing the IP address in a format described by RFC3280 et al. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Does this mailinglist work?
Yes, it works. It may be moderated. Please be patient. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Carlo Wood Sent: Monday, September 10, 2012 10:34 AM To: openssl-users@openssl.org Subject: Does this mailinglist work? I just sent a long mail... but it doesn't seem to appear on the list :/ -- Carlo Wood ca...@alinoe.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: crash when calling ERR_print_errors_fp()
Try ERR_print_errors_fp(stderr) -- eliminates issues with your file. If that works, then it's your file pointer. Note Dave's point about flushing the file. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Thursday, September 06, 2012 4:46 PM To: openssl-users@openssl.org Subject: RE: crash when calling ERR_print_errors_fp() From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar Sent: Thursday, 06 September, 2012 16:29 When i give file pointer as input to API(ERR_print_errors_fp()) nothing is getting written to the FILE during a SSL handshake failure. Any inputs why things are failing. If you are on Windows and app doesn't have OpenSSL_applink, OpenSSL won't (can't) write to the file, but it should give a message on stderr and should not crash. http://www.openssl.org/support/faq.html#PROG2 at the end. On all systems make sure the fp is open (for write) before, and is flushed or closed after. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: PEM_read_bio_RSA_PUBKEY
Is it possible that PEM_read_bio_RSA_PUBKEY uses BIO_gets internally Sometimes the best answer to that sort of question -- sadly, perhaps, but true nonetheless -- is to look at the source code. Not so hard to read as I had at first supposed. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Carolin Latze Sent: Tuesday, September 04, 2012 5:03 AM To: openssl-users@openssl.org Subject: RE: PEM_read_bio_RSA_PUBKEY Hi, I went on reading about this error and figured out that the socket bio does not support the BIO_gets method. Is it possible that PEM_read_bio_RSA_PUBKEY uses BIO_gets internally and is therefore not really compatible with a socket bio? In order to verify that I created a buffer BIO (BIO_f_buffer()) on top of the socket bio for the read function. And this just works. Is this the desired way to do this? I can live with it, but since it was not documented (or maybe I just missed it), I did not expect it. best regards and thanks a lot again for the help Carolin Hi Dave thanks a lot for the explanation. That makes a lot clearer to me. I added some code to read out possible errors and there is none on the write method. However there is a strange one on read: error code pubkey: 537297017 in bio_lib.c line 297. error data: error string: error:20068079:BIO routines:BIO_gets:unsupported method error code pubkey: 151441516 in pem_lib.c line 696. error data: error string: error:0906D06C:PEM routines:PEM_read_bio:no start line For me that sounds as if it does not fine the - BEGIN PUBKEY line. So I checked with wireshark and it is there. The PEM string is distributed over 3 packets but it is continuous data (there is no other data in those packets). So where does this error come from? Any ideas? I cannot do anything about the method here, right? BTW I checked that this error is really triggered by the read function and not by any BIO function before that function. best regards Carolin From: owner-openssl-us...@openssl.org On Behalf Of Carolin Latze Sent: Monday, 03 September, 2012 13:39 I try to send an RSA public from one entity to another using socket BIOs. I use PEM_write_bio_RSA_PUBKEY and PEM_read_bio_RSA_PUBKEY to do that. I also tried with PEM_{write|read}_bio_RSAPublicKey. Both have the same behaviour in my case. The write function seems to work just fine. I am able to see the public key on the wire (using wireshark). However, the read function just crashes. It looks as if it reads an endless amount of data and I have no idea why. Are those function actually meant to send data over a socket bio? The PEM routines are meant to send or store over practically any channel. The DER routines are meant to send/store over any 8-bit clean channel, which many socket protocols also do. (TCP/IP itself and a plain socket does, but some protocols built on top of TCP/IP like SMTP and HTTP don't, while some like FTP do.) Either pair should work, but mixing them should not. The RSAPublicKey routines use the raw PKCS#1 format, and the RSA_PUBKEY routines use the generic X.509 PublicKeyInfo format which *contains* the PKCS#1. Although semantically equivalent, these are not the same thing. But if you get this (or pretty much anything else) wrong, the read routine shouldn't crash. It should return null with error information stored in the error queue; this is not the same as either crashing or reading endlessly. In fact reading endlessly wouldn't crash either by my definition so I can't guess what you mean actually happens. This is how I call them: on party A: RSA rsa; init rsa, generate keys PEM_write_bio_RSA_PUBKEY(sockbio,rsa); on party B: rsa = RSA_new(); PEM_read_bio_RSAPublicKey(sockbio,rsa,0,0); Something wrong with the way I call the functions? If you are mismatching RSA_PUBKEY to RSAPublicKey see above. Even if not, you definitely should check for error on the read routine and at least display something. The write routine is much less likely to fail, but even so as general good practice you should check it too. Nit: personally in C I would write NULL rather than 0 for a null pointer -- just so it's visible to humans, although it makes no difference to the compiler. Unfortunately C++ doesn't support this until recently. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL
C API to determine OpenSSL version?
Is there a C-callable function that an application may call to determine the version of the OpenSSL library with which it is linked? Thanks, Charles __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: C API to determine OpenSSL version?
Never mind. Found it: http://www.openssl.org/docs/crypto/SSLeay_version.html Hard to search for. Google SSL version and you get a lot of irrelevant hits. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills Sent: Tuesday, September 04, 2012 2:23 PM To: openssl-users@openssl.org Subject: C API to determine OpenSSL version? Is there a C-callable function that an application may call to determine the version of the OpenSSL library with which it is linked? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Verify depth / get chain length
When I come through my verify_callback routine, I get called successively with descending certificate depths: the first time through X509_STORE_CTX_get_error_depth() is 1 and the second time it is 0. So it would seem to me that the depth/length of the whole chain is available as the value of X509_STORE_CTX_get_error_depth() on the first pass through the verify_callback. Or perhaps I have misunderstood the question. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Sven Anders Sent: Monday, September 03, 2012 12:57 AM To: openssl-users@openssl.org Subject: Verify depth / get chain length Hello, I'm using the OpenSSL library for a HTTP proxy. I want to verify the server's certificates and I use the verify-callback for this. This works without problems. My question is: Is it possible to get the depth of the whole certificates chain in the verify function? I know, that I can get the current depth of the certificate that is currently checked, but can I get the depth/length of the whole chain? If this is not possible, is it possible to call a callback before the verify-callback to get the depth? Regards Sven Anders -- Sven Anders and...@anduras.de () UTF-8 Ribbon Campaign /\ Support plain text e-mail ANDURAS intranet security AG Messestrasse 3 - 94036 Passau - Germany Web: www.anduras.de - Tel: +49 (0)851-4 90 50-0 - Fax: +49 (0)851-4 90 50-55 Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. - Benjamin Franklin __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
SSL_CTX_set_default_verify_paths and Windows?
Is there documentation for SSL_CTX_set_default_verify_paths()? It's declared here http://www.openssl.org/docs/ssl/ssl.html but there's no description and no link that I see. I have an application working on Windows using explicit PEM certificate files: SSL_CTX_load_verify_locations(SslCtx, myCert.pem, NULL); My interest is in the possibility of using the built-in certificate store in Windows. Is that possible with OpenSSL? Is SSL_CTX_set_default_verify_paths() relevant? Is there an overview document somewhere? Thanks much, Charles __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Creating a SSH Key pair - public and private for my Windows 2008 server app so it can communicate with a partner sftp site
You can do this with the openssl.exe utility. I am less than an expert but the doc is here: http://www.openssl.org/docs/apps/openssl.html Take a look at openssl.exe req -newkey Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ML Harmon Sent: Friday, August 31, 2012 1:26 AM To: openssl-users@openssl.org Subject: Creating a SSH Key pair - public and private for my Windows 2008 server app so it can communicate with a partner sftp site I have a Windows 2008 server that runs an application I use to transfer files to my business partner's site via sftp. I need to generate a SSH key pair with openssl and then send my partner the public key while I keep the private key. I don't know how to do this with openssl, can someone help me? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Creating a SSH Key pair - public and private for my Windows 2008 server app so it can communicate with a partner sftp site
Hmm. That does seem odd. Use openssl genrsa to generate the private key. Use openssl rsa -pubout to generate the public key from the private key. Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ML Harmon Sent: Friday, August 31, 2012 12:10 PM To: openssl-users@openssl.org Subject: Re: Creating a SSH Key pair - public and private for my Windows 2008 server app so it can communicate with a partner sftp site I was good with openssl until this link. http://www.openssl.org/docs/HOWTO/keys.txt It says openssl creates one file for both the public and private keys. That doesn't make sense to me. See my above link. With OpenSSL, the private key contains the public key information as well, so a public key doesn't need to be generated separately. So how to I send my business partner the public key and I keep the private key if they are both in one file? So I am missing something here, I expected 2 files for my key a public and private. On Fri, Aug 31, 2012 at 11:39 AM, Charles Mills charl...@mcn.org wrote: You can do this with the openssl.exe utility. I am less than an expert but the doc is here: http://www.openssl.org/docs/apps/openssl.html Take a look at openssl.exe req -newkey Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ML Harmon Sent: Friday, August 31, 2012 1:26 AM To: openssl-users@openssl.org Subject: Creating a SSH Key pair - public and private for my Windows 2008 server app so it can communicate with a partner sftp site I have a Windows 2008 server that runs an application I use to transfer files to my business partner's site via sftp. I need to generate a SSH key pair with openssl and then send my partner the public key while I keep the private key. I don't know how to do this with openssl, can someone help me? __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Creating a SSH Key pair - public and private for my Windows 2008 server app so it can communicate with a partner sftp site
Ah well. I tried to help. which is .exe only on Windows The OP said he was on Win 2K8. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Friday, August 31, 2012 3:58 PM To: openssl-users@openssl.org Subject: RE: Creating a SSH Key pair - public and private for my Windows 2008 server app so it can communicate with a partner sftp site From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills Sent: Friday, 31 August, 2012 12:39 To: openssl-users@openssl.org Subject: RE: Creating a SSH Key pair - public and private for my Windows 2008 server app so it can communicate with a partner sftp site You can do this with the openssl.exe utility. I am less than an expert but the doc is here: http://www.openssl.org/docs/apps/openssl.html Take a look at openssl.exe req -newkey Not really. req -newkey creates a keypair AND a CSR. A CSR is useless for SSH which uses no certificates. openssl commandline (which is .exe only on Windows) can generate a keypair with the traditional per-algorithm utilities like genrsa and gendsa (or dsaparam -genkey), or since 1.0.0 with the generic (and extensible) genpkey . But in both cases it creates files in OpenSSL-supported formats which may not be suitable for SSH software. In particular, the common OpenSSH implementation uses OpenSSL format for privatekey, but for publickey uses a format (basically base64 of several bignums) which OpenSSL doesn't know. The OpenSSH ssh-keygen utility can create this publickey format, or an RFC interchange format with PEM wrapper, from the OpenSSL privatekey, but ssh-keygen can also generate the keypair in the first place avoiding any explicit use of OpenSSL. Other SSH software I've seen usually doesn't use OpenSSL formats for either key. Usually it's best to use the keygen features of the SSH program(s). If that isn't available, but some kind of key-import is, we need to know exactly what format(s) that key-import accepts. Or on Windows possibly it uses the MS keystore, in which case the MS utilities (inetcpl and friends) can read PKCS12 (aka PFX) which OpenSSL commandline can create (in a second step). But OP still needs to send his publickey in a format the partner accepts, and I've never seen any SSH software that accepts OpenSSL format publickey. They commonly do accept the traditional and/or RFC format, which could be created with about a page of C or somewhat less perl; I recall someone posted code for that in the list a few years ago, if you want to search for it. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: SSL_CTX_set_default_verify_paths and Windows?
Dave, thanks much. OK, SSL_CTX_set_default_verify_paths() won't do anything for me. There is definitely an engine for MS CAPI I ran into some references to capi and e_capi researching this question on the Google but I could not find any big picture. Or of course you could just read the certs from MS truststore and put them in a file or dir in OpenSSL format That sounds like the way I will go if the customers want this. I'm not enough of an expert to undertake the extension. I think I might be able to do it as a pipe and not have to actually write the files to disk. Maybe. You know what would be a cool feature for OpenSSL (yeah, LOL, I'm sure you know a thousand)? If there were an API whereby one could set a callback routine that would get a particular type of data (certificate, key, CA cert, CRL, etc.) when OpenSSL needed it. Then it would be pretty trivial to read the data from some privately known store such as the Windows truststore. Thanks again. Amazing package. Enjoying working with it for the first time. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Friday, August 31, 2012 3:58 PM To: openssl-users@openssl.org Subject: RE: SSL_CTX_set_default_verify_paths and Windows? From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills Sent: Friday, 31 August, 2012 12:00 To: openssl-users@openssl.org Subject: SSL_CTX_set_default_verify_paths and Windows? Is there documentation for SSL_CTX_set_default_verify_paths()? It's declared here http://www.openssl.org/docs/ssl/ssl.html but there's no description and no link that I see. UTSL (although in this case you must go through several layers). _set_default_verify is effectively _load_verify_locations using env vars SSL_CERT_FILE SSL_CERT_DIR if they exist and otherwise X509_get_default_cert_{file,dir}() which return a compiled-in file and directory normally file cert.pem and subdir certs under OPENSSLDIR, which is configurable at build time and can be seen with commandline openssl version -d . If you're using the ShiningLight builds (as I am) they seem to make OPENSSLDIR /usr/local/ssl, a directory that doesn't normally exist on Windows systems (it does on many Unixes). It is still a file and/or directory in OpenSSL format, not MS. I have an application working on Windows using explicit PEM certificate files: SSL_CTX_load_verify_locations(SslCtx, myCert.pem, NULL); My interest is in the possibility of using the built-in certificate store in Windows. Is that possible with OpenSSL? Is SSL_CTX_set_default_verify_paths() relevant? Is there an overview document somewhere? 1. OpenSSL X509_STORE logic (like several others) is extensible, i.e. you write code implementing the same interface and plug it in. I'm sure it's possible to write a store that fetches from MS instead of from a file or directory like the builtin ones do. But this looks like a pretty big job. Someone else may already have done this, but if so I haven't heard or seen of it. 2. OpenSSL has an ENGINE feature that was originally created to handle hardware devices mostly doing low-level crypto operations (a digest, a symmetric encrypt or decrypt, a publickey encrypt or decrypt, etc.) It has gradually been adding more functions, rather like a scifi movie monster feeding on nuclear bomb radiation. There is definitely an engine for MS CAPI, and I thought I had heard mention that the engine interface was adding at least some truststore function. But looking in 1.0.1c I don't see any trace of such, so maybe I misunderstood or maybe it isn't cooked yet. Or of course you could just read the certs from MS truststore and put them in a file or dir in OpenSSL format. The only downside of that I see is that you won't honor new inserts (or possibly deletes) unless and until you repeat the process. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org