from:"Daode"

Re: Verisign Problem with smtp tls

2013-12-28 Thread Daode

 |SMTP TLS, but I am not obligated to provide a comprehensive
 |justification in response to every trollish one liner, the above

Luckily there is the UDPish EDNS0 extension from RFC 2671 as in

  The default is 1280 (RFC 2671, 4.5.1.).
  The minimum is 1024 (RFC 3226, 3.; note: not 1220!).
  The maximum is 65000.

Have a nice weekend

--steffen
--- Begin Message ---
On Sat, Dec 28, 2013 at 05:56:41PM +0100, Michael Str?der wrote:

> > http://vdukhovni.github.io/ietf/draft-ietf-dane-smtp-with-dane-05.html#rfc.section.1.2
> > 
> > This is why I am working to implement and standardize SMTP with DANE TLS.
> 
> DANE itself does not help. It just shifts the trust anchor problem.
> 
> DNSSEC secures the MX lookups.

For the record:

While indeed SMTP with DANE TLS relies on DNSSEC to secure the
MX lookup, it also critically relies on DANE for two additional
pieces of information:

- Downgrade resistant STARTTLS support signalling.  Without
  this MITM attackers simply suppress STARTTLS and the sender
  proceeds in cleartext.

- TLS support signalling is combined with signalling that the
  peer can be authenticated and all the key material needed to
  perform authentication.  Sending MTAs run unattended with no
  user to "click OK".  They must not routinely fail due to
  Goedel's theorem for CA bundles (any set of trusted CAs is
  either insecure or incomplete).

- Since it is already agreed that DNSSEC must be trusted to
  protect the MX records, eliminating the CA bundle from the
  picture reduces risk AND improves reliability to the point
  where peer authentication with SMTP becomes usable.  It is
  NOT usable with CA bundles.

There are more good reasons why DANE is required as part secure
SMTP TLS, but I am not obligated to provide a comprehensive
justification in response to every trollish one liner, the above
will have to do.

-- 
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

--- End Message ---

Re: Abort after free() of non-allocated pointer

2013-10-11 Thread Daode

FYI: it's hard to believe the error is on the OpenSSL side (the
software shows timing errors (the way i use it at least), and
these are always handled properly by the OpenSSL layer), but
i have nonetheless added a 'debug-darwin64-x86_64-cc' to
'Configure' and got some debug libraries (

  206984 -rw-r--r--1 steffen  staff  211951296 11 Oct 13:18 libcrypto.a
   26808 -rw-r--r--1 steffen  staff   27450488 11 Oct 13:20 libssl.a

) to link against.  Shall this error occur again (it was the
second time i saw it) then i will (hopefully) be able to provide
better information.
Ciao,

--steffen
--- Begin Message ---
Hello!  Am i right here?
It's actually hard to believe the error is on the OpenSSL side,
and i definetely should look deeper before sending this, but on
the other hand this is so deep down in the OpenSSL code...

  ?0[steffen@sherwood src]$ openssl version
  OpenSSL 1.0.1e 11 Feb 2013
  ?0[steffen@sherwood src]$ otool -L ~/usr/bin/s-nail   
  
  /Users/steffen/usr/bin/s-nail:
/usr/lib/libiconv.2.dylib (compatibility version 7.0.0, current version 
7.0.0)
/Users/steffen/usr/lib/libssl.1.0.0.dylib (compatibility version 1.0.0, 
current version 1.0.0)
/Users/steffen/usr/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, 
current version 1.0.0)
/Users/steffen/usr/lib/libidn.11.dylib (compatibility version 18.0.0, 
current version 18.10.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 
125.2.11)
  ?0[steffen@sherwood src]$ ll ~/usr/lib/*ssl*
 4 lrwxrwxr-x  1 steffen  staff  18 15 Feb  2013 
/Users/steffen/usr/lib/libssl.dylib@ -> libssl.1.0.0.dylib
   596 -rw-r--r--  1 steffen  staff  609480 15 Feb  2013 
/Users/steffen/usr/lib/libssl.a
   444 -r-xr-xr-x  1 steffen  staff  452952 15 Feb  2013 
/Users/steffen/usr/lib/libssl.1.0.0.dylib*

...

  T1135 OK Returned to authenticated state. (Success)
  >>> T1136 LOGOUT
  * BYE LOGOUT Requested
  s-nail(20015) malloc: *** error for object 0x1004beb00: pointer being freed 
was not allocated
  *** set a breakpoint in malloc_error_break to debug

  Program received signal SIGABRT, Aborted.
  0x7fff824df0b6 in __kill ()
  (gdb) bt
  #0  0x7fff824df0b6 in __kill ()
  #1  0x7fff8257f9f6 in abort ()
  #2  0x7fff82497195 in free ()
  #3  0x0001000f61f5 in CRYPTO_free ()
  #4  0x00010019bcdc in ASN1_primitive_free ()
  #5  0x00010019c0bc in ASN1_template_free ()
  #6  0x00010019bfbf in asn1_item_combine_free ()
  #7  0x00010019c0bc in ASN1_template_free ()
  #8  0x00010019bfbf in asn1_item_combine_free ()
  #9  0x00010019c0f7 in ASN1_item_free ()
  #10 0x0001000b7b80 in SSL_SESSION_free ()
  #11 0x0001000b49e5 in SSL_free ()
  #12 0x000100014519 in sclose ()
->
  #ifdef HAVE_OPENSSL
  if (sp->s_use_ssl) {
sp->s_use_ssl = 0;
SSL_shutdown(sp->s_ssl);
SSL_free(sp->s_ssl);
sp->s_ssl = NULL;
SSL_CTX_free(sp->s_ctx);
sp->s_ctx = NULL;
  }
  #endif
<-
  #13 0x00010001c46e in imap_exit ()
  #14 0x00010001bd10 in imap_quit ()
  warning: Could not open object file: "/Users/steffen/src/nail.git/quit.o": No 
such file or directory
  warning: Couldn't open object file '/Users/steffen/src/nail.git/quit.o'
  #15 0x00010003daed in quit ()
  #16 0x0001000274ea in setfile ()
  #17 0x0001cd90 in cfile ()
  #18 0x000100028fb8 in execute ()
  #19 0x0001000286ed in commands ()
  #20 0x00010002fd6b in main ()
  (gdb) ?

I hate debuggers and thus i am somewhat lost at this point, but if
there is something i can do, please let me know.
Thank you and ciao,

--steffen

--- End Message ---

Abort after free() of non-allocated pointer

2013-10-10 Thread Daode

Hello!  Am i right here?
It's actually hard to believe the error is on the OpenSSL side,
and i definetely should look deeper before sending this, but on
the other hand this is so deep down in the OpenSSL code...

  ?0[steffen@sherwood src]$ openssl version
  OpenSSL 1.0.1e 11 Feb 2013
  ?0[steffen@sherwood src]$ otool -L ~/usr/bin/s-nail   
  
  /Users/steffen/usr/bin/s-nail:
/usr/lib/libiconv.2.dylib (compatibility version 7.0.0, current version 
7.0.0)
/Users/steffen/usr/lib/libssl.1.0.0.dylib (compatibility version 1.0.0, 
current version 1.0.0)
/Users/steffen/usr/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, 
current version 1.0.0)
/Users/steffen/usr/lib/libidn.11.dylib (compatibility version 18.0.0, 
current version 18.10.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 
125.2.11)
  ?0[steffen@sherwood src]$ ll ~/usr/lib/*ssl*
 4 lrwxrwxr-x  1 steffen  staff  18 15 Feb  2013 
/Users/steffen/usr/lib/libssl.dylib@ -> libssl.1.0.0.dylib
   596 -rw-r--r--  1 steffen  staff  609480 15 Feb  2013 
/Users/steffen/usr/lib/libssl.a
   444 -r-xr-xr-x  1 steffen  staff  452952 15 Feb  2013 
/Users/steffen/usr/lib/libssl.1.0.0.dylib*

...

  T1135 OK Returned to authenticated state. (Success)
  >>> T1136 LOGOUT
  * BYE LOGOUT Requested
  s-nail(20015) malloc: *** error for object 0x1004beb00: pointer being freed 
was not allocated
  *** set a breakpoint in malloc_error_break to debug

  Program received signal SIGABRT, Aborted.
  0x7fff824df0b6 in __kill ()
  (gdb) bt
  #0  0x7fff824df0b6 in __kill ()
  #1  0x7fff8257f9f6 in abort ()
  #2  0x7fff82497195 in free ()
  #3  0x0001000f61f5 in CRYPTO_free ()
  #4  0x00010019bcdc in ASN1_primitive_free ()
  #5  0x00010019c0bc in ASN1_template_free ()
  #6  0x00010019bfbf in asn1_item_combine_free ()
  #7  0x00010019c0bc in ASN1_template_free ()
  #8  0x00010019bfbf in asn1_item_combine_free ()
  #9  0x00010019c0f7 in ASN1_item_free ()
  #10 0x0001000b7b80 in SSL_SESSION_free ()
  #11 0x0001000b49e5 in SSL_free ()
  #12 0x000100014519 in sclose ()
->
  #ifdef HAVE_OPENSSL
  if (sp->s_use_ssl) {
sp->s_use_ssl = 0;
SSL_shutdown(sp->s_ssl);
SSL_free(sp->s_ssl);
sp->s_ssl = NULL;
SSL_CTX_free(sp->s_ctx);
sp->s_ctx = NULL;
  }
  #endif
<-
  #13 0x00010001c46e in imap_exit ()
  #14 0x00010001bd10 in imap_quit ()
  warning: Could not open object file: "/Users/steffen/src/nail.git/quit.o": No 
such file or directory
  warning: Couldn't open object file '/Users/steffen/src/nail.git/quit.o'
  #15 0x00010003daed in quit ()
  #16 0x0001000274ea in setfile ()
  #17 0x0001cd90 in cfile ()
  #18 0x000100028fb8 in execute ()
  #19 0x0001000286ed in commands ()
  #20 0x00010002fd6b in main ()
  (gdb) ?

I hate debuggers and thus i am somewhat lost at this point, but if
there is something i can do, please let me know.
Thank you and ciao,

--steffen
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Add message_id and date to encrypted mime

2013-09-30 Thread Daode

JohnSmith  wrote:
 |*I encrypt an signed mime with this openssl command:*
 |
 |smime -encrypt -aes128 -to stadl3.de -from stweb.de -subject "Nachricht" -in
 |signedmessage -out encryptedsignedmessage2 stadl2certificate.pem 
 |
 |*My problem is that the encrypted message only has from, subject and from
 |field:*
 |
 |To: sadl3.de
 |From: stweb.de
 |Subject: Nachricht
 [.]
 |
 |*How can i add an Message_id and date field?*

These fields are generated by the MTA (mail-transfer-agent), e.g.,
postfix(1), sendmail(1), exim(1) or similar.
Simply piping through to sendmail(1), as shown in the EXAMPLES
section, should thus help you out.  (I don't know Windows.)

--steffen
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Using OpenSSL in a makefile?

2013-01-01 Thread Daode

 |On Mon, Dec 31, 2012 at 1:58 PM, Walter H.  \
 |wrote:
 |> Hello,
 |>
 |> why does the following makefile not succeed?
 |>
 |> ...
 |> I have isolated the problem:
 |>
 |> openssl crl -noout -text -in $< >$@
 |> exits with exit code 1 instead of 0, why?
 |>
 |> openssl crl -noout -text -in $< -out $@
 |> does the same ..., exit code 1 instead of 0

I haven't followed this thread, but $< is not defined by POSIX
except in inference rules and .DEFAULT.
Have you checked wether the value contains anything when you use
it?

 |I'm not sure how good a work around this will be for you (lack of
 |deterministic behavior sucks), but you can place  a dash in front of
 |the command and make will ignore errors (or incorrect return codes):
 |
 |-openssl crl -noout -text -in $< >$@
 |
 |Jeff

--steffen
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: OpenSSL 1.0.1b released, invalid tar file!

2012-04-28 Thread Steffen Daode Nurpmeso

Dr. David Kirkby wrote [2012-04-27 09:43+0200]:
>[.]
> See for
> 
> ftp://ftp.berlios.de/pub/star/README.otherbugs
> 
> He has developed "star"
> 
> http://developer.berlios.de/projects/star
> 
> which he has said produces POSIX compliant tar files.

(berlios.de seems to be accessible again today.)

--steffen
Forza Figa!
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Verisign Problem with smtp tls

Re: Abort after free() of non-allocated pointer

Abort after free() of non-allocated pointer

Re: Add message_id and date to encrypted mime

Re: Using OpenSSL in a makefile?

Re: OpenSSL 1.0.1b released, invalid tar file!

6 matches

Site Navigation

Mail list logo

Footer information