CRL help please
Hiya, I've a client/server system using openssl with verified certificates. It's not a browser/Web server. The CA, server and client certificates are all built using the openssl proggie. Ive run into a problem where the certificate verification fails 30 days after I've built the new CA and set everything up. The expiry dates on the certificates are a few years down the track so I'm thinking it's the 30 day CRL limit in my .cnf file that's causing the problem. I'm looking for some help understanding the mechanics of CRL usage. All I've been able to find on the archives deal with browsers and web servers. I'm hoping someone can spare a few IQ points to help me out here. (1) Where does the CRL reside. Server, Client or Both ? (2) Is the check made on the server or client side ? (3) How do I present openssl with a new CRL ? (4) Will openssl handle CRL verification or do I do this in the verify exit ? (5) Does anyone have a cookbook or some code I can crib from ? Thanks in advance for any help on this. Gregory Nicholls. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
ADH + certs on same SSLCTX ??
Hiya, Quick one for those in the know. Can I use both verified certificates and anon-DH sessions with the same SSLCTX ???. I'm guessing that I have to check the cipher whilst in the callback function and give the green light if it's an anon-DH cipher. I'd appreciate someone either confirming I'm on the right track or lifting me bodily and dumping me where I should be. Thanks, Greg. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: put me out of my misery please
grumble must be NT's bloody runtime then. If I try to fopen a NULL filename it blows up. I changed s_server.c so that it only calls load_dh_param() if there's a real file. Guess what. Now it works .. . . Thanks, G. Lutz Jaenicke wrote: On Wed, Nov 01, 2000 at 02:01:01PM -0500, Gregory Nicholls wrote: Umm no it doesn't. At least not on my system. I get an error while it's trying to execute a load_dh_param() function (at line 652 in s_server.c ... trying to fopen() a NULL file). That's why I put in the no_dhe. Hmm. First: it does work. I have tried it myself before posting :-) Having this said, if you don't specify any file with dh-parameters (and there is no server.pem=s_cert_file), s_server uses the compiled in default parameters, see line 660. Server-output= lutzpc 37: /usr/local/ssl/bin/openssl s_server -nocert -cipher ADH-RC4-MD5 Using default temp DH parameters ACCEPT -BEGIN SSL SESSION PARAMETERS- MHUCAQECAgMBBAIAGAQgo15AlCo4PyRACx1vmLt6AnPwazDMVz9RgEgcOzINL88E MMUt+h43t5I9hC5XlQFalJYvDF2KWUGcBx6EpUHNsAi5Dche7TuDx2btOdTOcw6X F6EGAgQ6AHUyogQCAgEspAYEBAE= -END SSL SESSION PARAMETERS- Shared ciphers:ADH-RC4-MD5 CIPHER is ADH-RC4-MD5 ERROR shutting down SSL CONNECTION CLOSED Client-output= lutzpc 29: openssl s_client -cipher ADH-RC4-MD5 CONNECTED(0003) --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 275 bytes and written 164 bytes --- New, TLSv1/SSLv3, Cipher is ADH-RC4-MD5 SSL-Session: Protocol : TLSv1 Cipher: ADH-RC4-MD5 Session-ID: A35E40942A383F24400B1D6F98BB7A0273F06B30CC573F5180481C3B320D2FCF Session-ID-ctx: Master-Key: C52DFA1E37B7923D842E5795015A94962F0C5D8A59419C071E84A541CDB008B90DC85EED3B83C766ED39D4CE730E9717 Key-Arg : None Start Time: 973108530 Timeout : 300 (sec) Verify return code 0 (ok) --- Oh, I am talking about OpenSSL 0.9.6. To use ADH ciphers, the PRNG must be seeded. The examples I have just listed were from my Linux-box at home (has /dev/urandom). Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Question on PRNG's and entropy
Michael Wojcik wrote: Hmm. Seeding PRNGs on Windows and Unix are pretty well-understood problems; there's Yarrow for Windows (www.counterpane.com) and egd for Unix, Yeah but both of these are external processes. We can't (for various reasons) rely on, or require the installation of, any such. Frankly, if you use something like hash(variable message content + hi-res time) to generate seed material, it'll be pretty hard to predict the PRNG, unless the attacker can mount a known-plaintext attack. Stir some more entropy into the pool if you can, but chances are there will be weaker points for attackers (like subverting someone on the inside). This was where I was heading with the original inquiry. I'm looking for something that can be built into the portable library code. It seems from then comments made so far that this would be an acceptable method for us. We're not protecting nuclear secrets (and hence don't need to hide our data behind a vending machine ...). G. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Is ADH included by default into 0.9.5a ??
Ah excellent. Thank you. G. Lutz Jaenicke wrote: On Wed, Sep 06, 2000 at 01:33:50PM -0400, Gregory Nicholls wrote: I'm using ssl0.9.5a on Winnt. I ran openssl ciphers -v to look for a list that would use ADH. All the ciphers came up with an authentication scheme, either RSA or DSS. Have I missed something ?? Yes. ADH ciphers are not enabled by default. You must explicitely enable them with "openssl ciphers -v ADH". Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Question on PRNG's and entropy
Hiya, I've read the past items on this list, looking for a good non-interactive source of entropy for the PRNG. Now I've a (possibly very) stupid question. The data I need to encrypt is your basic bit of user data going from system A to system B. Now given that the whole point of encrypting this is to prevent someone from reading the data, is there any reason why I can't select a random bit out of each user message, perform some incantation on it and use this to seed the PRNG ?? I mean, if someone can predict the contents of the data well enough to work out what my seed is, surely they've defeated the purpose of the encryption anyway .. true ??? Given that I'm cryptographically ignorant, I don't want to do this if there's some great gaping flaw. Thanks, G. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Question on PRNG's and entropy
Hiya, Michael Wojcik wrote: How do you select a "random bit" of a message if you don't have a source of randomness in the first place? From a cryptographic perspective, you'd best assume an attacker knows which bit of the message you're using, even without knowing what the message contains. Fair point. I was thinking along the lines of msglen/n where I'd pick n(hardcoded) out of a hat. The msg lengths won't be predictable but I guess they probably won't be cryptographically random sigh. Also, note that a crypto PRNG seed should ideally contain considerable entropy. Are these messages themselves unpredictable enough to provide sufficient seed material? They obviously have some standard header portion that I was proposing to omit. As to the contents I can't say. Depends on the application. I mean, if someone can predict the contents of the data well enough to work out what my seed is, surely they've defeated the purpose of the encryption anyway .. true ??? That's a very big assumption. An attacker could know enough about the structure or probable contents of the message to greatly reduce the actual amount of entropy in the seed, without being able to guess the message. (Perhaps details in the message are important, but the message is known to always be English text.) An attacker might be able to inject a known-plaintext attack and defeat the PRNG seeding entirely. (Bob is a legitimate user of your system, but he's secretly trying to crack it as well, so he can read other people's data.) Of course, there are many ways to sanitize the sampled data to reduce the attacker's effective knowledge about it - hashing it, for example. That's certainly better than the original Netscape time+pid+ppid approach. Ultimately it's a question of your threat model. Does your model try to account for serious attacks by knowledgeable people with lots of resources? If not, how you seed your PRNG isn't something to lose a lot of sleep over. If so, then you'd be better off hiring crypto and security experts to vet your application. I don't think we're concerned about serious high-resource attacks, after all, we're not going to use authentication but use ADH instead. I'm not sure if this is an attempt by management to tick the encryption box or a serious attempt at supplying a useful option. I'm trying to do the best I can within the constraints. The seed is the toughest bit. We're supplying a library that won't have user interaction. It also needs to run on about 10 different architectures (from NT through Unix to MVS and AS400). The only time I'll get user interaction is during installation sigh. Thanks, g. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
embarrassing question
I'm trying to work my way through the whole certificate business and I've a small question. How can I view/print/see the contents of a certificate request before I sign it??? I tried the X509 -text option but it failed unless the certificate was already signed. (said it expected a trusted cert). Thanks, G. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
BIO help please ??
Hi, I'm writing a little program-ette using the SSL library and I'm hoping to be able to manage both SSL connections and non-SSL connections using BIO stuff. Now I can follow the SSL stuff (with difficulty) however I haven't been able to figure out how to make a normal non-SSL connection using the BIO functions. I found references to stuff like BIO_do_connect() however I can't find an example or a reference to how to use this. Could some kind soul supply the proper incantations (or reference) for this ?? I am of course, assuming that the BIO functions _do_ have the underlying socket capabilities. TIA, Greg. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Commercial SSL in the US
Hiya, You could wait 'till Sept 20th this year when the RSA patents expire . . . . G. Gerard Monsen wrote: Wow. I'm at a loss here. Does anyone know of any way that my (tiny) company can legally use SSL for commercial purposes in the US without paying an obscene amount of money to RSA or buying an obscenely expensive web server system from a vendor? We were going to use an Apache web server with its OpenSSL interface, but the Apache documentation indicates that this is not allowed for commercial purposes in the US. Any help you can give would be appreciated. Gerard Monsen Integrated Litigation Solutions Oakland, CA __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
splitting openssl processing between threads ?
Hi all, I'm in the process of designing what is effectively an ssl tunnel between 2 systems. I'd like to know if it's possible to seperate the session handling functions of openssl from the crypto ones. Something like process A handles the encryption of data and passes the encrypted data to process B who is responsible for the establishing the session and sending the data. I realise that some data must be exchanged between the 2 processes (algorithms and probably some other stuff I don't know about yet), however I'm wondering if there's any thread or process bindings that would affect this sort of design. Thanks in advance for any insight. Gregory Nicholls __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL-0.9.5 MS Visual C++ Project files
"Andrew W. Gray" wrote: OpenSSL-0.9.5 MS Visual C++ Project files Available If you're not using Windows NT, 95 or 2000 you can delete this now. Hiya, Just wanted to thank you for this. I used it and it was _damn_ easy. One comment, probably something I screwed up but . . The links all failed until I built the assembler stuff using ms/do_masm. Is this me or Thanks again for some _truly_ excellent work, Greg. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]