d2i_ASN1_BIT_STRING
Hi I am porting ocde from redhat 7.1 to redhat 8. Exixiting code that was working on 7.1 is now failing on pAsn1 = d2i_ASN1_BIT_STRING(NULL, &pVar,len); Is there anything that I need to be aware of when changing between version of gcc etc Hylton __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: RSA_verify question
--> Resent as mail did not arrive at list by 15/1/2002 Hi I have spent some more time on this and have been unable to find a solution. Has anyone been able to pass signed data from Windows to Linux and back and verify the data using RSA_Sign and RSA_Verify. If you have, your help is needed. I appear to have either exhausted or misunderstood all resouces available to me. A detailed description is in the mail below. I may be able to attach some of the windows code if required. ---Added Is there anything I need to include in the certificates that I create that will allow or disallow signing by the MS crypto API. I know Im fishing here but the keys all appear to be in order. - Thanks Hylton == Brought to you by Ananzi Mail [http://mail.ananzi.co.za] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: RSA_verify question
Hi I have found the answer. The data was revered between the 2 platforms. By reversing the string I am able to get RSA_verify to work. Hylton -Original Message- From: Hylton Tregenza Sent: 04 January 2002 11:11 To: [EMAIL PROTECTED] Subject: RSA_verify question Hi I am using RSA_verify to verify that the signiture that I am getting with a message is correct The process that I am using is as follows. Get the user public key from file and put it in a RSA structure ERR_print_errors returns no error Get Server private key from file and put in another RSA structure (I know it is not used verify but I want to sign late too) ERR_print_errors returns no error Read the signed message digest from disk and decode (pASN1-> ... used later) ERR_print_errors returns no error Create a digest of the data using (digest used EVP_sha1()) - (hard coded string for testing) EVP_DigestInit EVP_DigestUpdate EVP_DigestFinal ERR_print_errors returns no error RSA_verify(NID_sha1, (unsigned char *) &md, len_md, pASN1->data, pASN1->length, PubRsaKey); - failed : returns 0 ERR_print_errors returns 6114:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100: 6114:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:396: All data read from disk is from a MS client encoded using CryptEncodeObject. All data is read and decoded (d2i finctions) without reported error Please advise on what action I need to take to resolve this or what the problem(s) could be. My app is not too large and is attached for additional info. Hylton Tregenza __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: RSA_verify question
Hi I have spent soem more time on this and have been unable to find a solution. Has anyone been able to pass signed data from Windows to Linux and back and verify the data using RSA_Sign and RSA_Verify. If you have, your help is needed. I appear to have either exhausted or misunderstood all resouces available to me. A detailed description is in the mail below. I may be able to attach some of the windows code if required. Thanks Hylton -Original Message- From: Hylton Tregenza Sent: 04 January 2002 11:11 To: [EMAIL PROTECTED] Subject: RSA_verify question Hi I am using RSA_verify to verify that the signiture that I am getting with a message is correct The process that I am using is as follows. Get the user public key from file and put it in a RSA structure ERR_print_errors returns no error Get Server private key from file and put in another RSA structure (I know it is not used verify but I want to sign late too) ERR_print_errors returns no error Read the signed message digest from disk and decode (pASN1-> ... used later) ERR_print_errors returns no error Create a digest of the data using (digest used EVP_sha1()) - (hard coded string for testing) EVP_DigestInit EVP_DigestUpdate EVP_DigestFinal ERR_print_errors returns no error RSA_verify(NID_sha1, (unsigned char *) &md, len_md, pASN1->data, pASN1->length, PubRsaKey); - failed : returns 0 ERR_print_errors returns 6114:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100: 6114:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:396: All data read from disk is from a MS client encoded using CryptEncodeObject. All data is read and decoded (d2i finctions) without reported error Please advise on what action I need to take to resolve this or what the problem(s) could be. My app is not too large and is attached for additional info. Hylton Tregenza __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RSA_verify question
Hi I am using RSA_verify to verify that the signiture that I am getting with a message is correct The process that I am using is as follows. Get the user public key from file and put it in a RSA structure ERR_print_errors returns no error Get Server private key from file and put in another RSA structure (I know it is not used verify but I want to sign late too) ERR_print_errors returns no error Read the signed message digest from disk and decode (pASN1-> ... used later) ERR_print_errors returns no error Create a digest of the data using (digest used EVP_sha1()) - (hard coded string for testing) EVP_DigestInit EVP_DigestUpdate EVP_DigestFinal ERR_print_errors returns no error RSA_verify(NID_sha1, (unsigned char *) &md, len_md, pASN1->data, pASN1->length, PubRsaKey); - failed : returns 0 ERR_print_errors returns 6114:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100: 6114:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:396: All data read from disk is from a MS client encoded using CryptEncodeObject. All data is read and decoded (d2i finctions) without reported error Please advise on what action I need to take to resolve this or what the problem(s) could be. My app is not too large and is attached for additional info. Hylton Tregenza z.cpp Description: z.cpp
[no subject]
Hi Thanks for the responce. MSKeyblob file (attached) is the exported public key written to file I will look into the RSA_PUBKEY functions too. Hylton // a while later Update - Using the Rsa = d2i_RSA_PUBKEY(...) Rsa is null and the following error message is given. 24803:error:0D0AA007:asn1 encoding routines:d2i_X509_PUBKEY:expecting an asn1 sequence:x_pubkey.c:85:address=3221213616 offset=0 It would appear the either d2i or exporting the keyblob is not the way to go. Anyone been there and "done that"? Hylton == Brought to you by Ananzi Mail [http://mail.ananzi.co.za] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
using MS Keys to create a certificate. Help needed - detailed explanation given
Hi all I am still battling with getting a key exported as a public key blob from a MS platform into openssl on Linux to add to a certificate. I have learned that MS exports the key as a PKCS#1 structure. the key is a 512 bit (64 Byte) key. When I write this blob to file it is 84 Bytes in length. When I create a similar key with open SSL and write it to file it is only 74 bytes in length. I am trying to understand where the extra bytes come from. On openSSL I am able to see that the last 3 bytes are the exponent. The last 5 bytes and the first 5 bytes of the key remain constant. Can someone enlighten me as to what they represent. On my machine they are First 5 30 48 02 41 00 last 5 02 03 01 00 01 where 01 00 01 appears to be the exponent. If the PKCS1 format of the MS key is correct, why is it ten bytes longer. Is there a procedure/function using openssl to read this key. I am creating and writing the openssl keys like so bool MakeKeyPair() { unsigned char ucPubKey[5000]; unsigned char ucPrivKey[5000]; FILE * fp; int ret = -1; unsigned char * ucPubKeyCpy; unsigned char * ucPrivKeyCpy; int iPrivKeyLen; int iPubKeyLen; RSA * NewKeyPair = 0; int Len = 0; DEBUG_MESSAGE("SECURE", "Make Random"); RAND_egd_bytes("/dev/random", 1024); NewKeyPair = RSA_generate_key( 512, RSA_F4, NULL, NULL); Len = RSA_size(NewKeyPair); ucPubKeyCpy = ucPubKey; ucPrivKeyCpy = ucPrivKey; iPrivKeyLen = i2d_RSAPrivateKey(NewKeyPair, &ucPrivKeyCpy); iPubKeyLen = i2d_RSAPublicKey(NewKeyPair, &ucPubKeyCpy); ucPubKeyCpy = ucPubKey; ucPrivKeyCpy = ucPrivKey; DEBUG_MESSAGE("SECURE", "Write to file"); ERR_print_errors_fp(stdout); fflush(stdout); ret= i2d_RSAPublicKey( NewKeyPair, &ucPubKeyCpy); fp = fopen (PUBKEYOUT2, "wb"); fwrite ( ucPubKey , ret, 1, fp); fclose(fp); ucPubKeyCpy = ucPubKey; ucPrivKeyCpy = ucPrivKey; RSA_free(NewKeyPair); return true; } and reading the keys in as such FILE * file; unsigned char Buffer[300]; memset(&Buffer, 0, sizeof(Buffer)); file = fopen(DOLF2, "rb"); fread(Buffer, 84 ,1,file); fclose(file); unsigned char ucPubKey[2000]; unsigned char * BufferTmp; BufferTmp = Buffer; pEVP_PKEY = d2i_PublicKey(EVP_PKEY_RSA ,NULL, &BufferTmp, 84); ERR_print_errors_fp(stdout); fflush(stdout); BufferTmp = 0; With the MS Key the value of pEVP_PKEY is null. and it complains about 23339:error:0D09E082:asn1 encoding routines:d2i_RSAPublicKey:parsing:d2i_r_pu.c:92: 23339:error:0D09C00D:asn1 encoding routines:d2i_PublicKey:ASN1 lib:d2i_pu.c:89: What am I doing wrong? Is what I am trying to do possible with openssl routines or do I need to try to do my own thing. ie.If I write the 64 bit key out (leave off the other stuff) and add to the front and back of the key the 10 bytes mentioned above, the mentioned routine reads the key and creates the pEVP_PKEY structure. I do not know if I put this in a certificate and send it back the the MS machine if it is going to produce the same results. I think the answer is in undderstanding both the openssl and MS key structure. Hylton __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Test
Test == Brought to you by Ananzi Mail [http://mail.ananzi.co.za] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
MS and OpenSSL integration.
Hi all Expert help required. I need to be able to store and use the public key of a client that will be exported from an MS machine (using the CryptExportKey) function. How do I interpret this data. (I will be receiving it on a socket) and convert it to an RSA *. I will need to use it to sign message digests for that user. (hope the terminology is correct). I have seen Dr H article on the PVK file but am not sure haw to apply any of this to the public key. Any help to code, hints, web sites, sanity centres gladly accepted. Hylton __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
MS and OpenSSL integration.
[EMAIL PROTECTED] ... Sending again as original appears to be stuck somewhere Hi all Expert help required. I need to be able to store and use the public key of a client that will be exported from an MS machine (using the CryptExportKey) function. How do I interpret this data. (I will be receiving it on a socket) and convert it to an RSA *. I will need to use it to sign message digests for that user. (hope the terminology is correct). I have seen Dr H article on the PVK file but am not sure haw to apply any of this to the public key. Any help to code, hints, web sites, sanity centres gladly accepted. Hylton __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
MS and open SSL integration.
Hi all Expert help required. I need to be able to store and use the public key of a client that will be exported from an MS machine (using the CryptExportKey) function. How do I interpret this data. (I will be receiving it on a socket) and convert it to an RSA *. I will need to use it to sign message digests for that user. (hope the terminology is correct). I have seen Dr H article on the PVK file but am not sure haw to apply any of this to the public key. Any help to code, hints, web sites, sanity centres gladly accepted. Hylton __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Generating openssl keypair.
Solved. -Original Message- From: Hylton Tregenza Sent: 10 December 2001 04:06 To: [EMAIL PROTECTED] Subject: Generating openssl keypair. Hi I am trying to understand the method of generating key pais with openssl. The command openssl genrsa -des3 -out ca.key 2048 gives me a file ca.key that looks something like this. -BEGIN RSA PRIVATE KEY- MIIBPAIBAAJBAJwdEzEFhpG2QZ4CcFCvnYGgHauyPNlWkWgE+FDaKpBI/mi/sexw . . . znO8Pv9IrQc3MThDdtr4cn4bIiz9Gx7AwntIRu3qV5I= -END RSA PRIVATE KEY- My question is as follows. If this is the Private Key, where is the public key. If it is in the same file, how do I get to it? Hylton __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Generating openssl keypair.
Hi I am trying to understand the method of generating key pais with openssl. The command openssl genrsa -des3 -out ca.key 2048 gives me a file ca.key that looks something like this. -BEGIN RSA PRIVATE KEY- MIIBPAIBAAJBAJwdEzEFhpG2QZ4CcFCvnYGgHauyPNlWkWgE+FDaKpBI/mi/sexw . . . znO8Pv9IrQc3MThDdtr4cn4bIiz9Gx7AwntIRu3qV5I= -END RSA PRIVATE KEY- My question is as follows. If this is the Private Key, where is the public key. If it is in the same file, how do I get to it? Hylton __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: RSA Keys
Alex, thanks for the responce. Here's a follow up question. d2i_PublicKey has a type as the first parameter. What are they refereing to? What do they wnt in this field? Hylton -Original Message- From: Alexander Kuit [mailto:[EMAIL PROTECTED]] Sent: 03 December 2001 05:21 To: [EMAIL PROTECTED] Subject: Re: RSA Keys On 03.12.2001 11:39:54 owner-openssl-users wrote: >Hi > >Sorry for the resend. >This is a resend with the complete encoding type. > > >I am getting a file from a MS machine that contains an exported public >key. This data appears to be binary data. It has been exported with the >flag X509_ASN_ENCODING > >Trying to read the file with PEM_read_publickkey() does not appear to >work. What is the correct function or other method to use to get this >data into a RSA * struct or a EVP_PKEY structure. Preferably EVP_PKEY to >add to a certificate. PEM is the ascii version of the binary ASN/DER encoding, so PEM functions won't work. To convert a binary (der) encoding into an internal OpenSSL structure, use the d2i_* functions. In your case, probably the d2i_PublicKey() or a similar function will do. See also the FAQ for more information about the d2i_* functions. Alex. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: RSA Keys
Alex, thanks for the responce. Here's a follow up question. d2i_PublicKey has a type as the first parameter. What are they refereing to? What do they want in this field? Hylton -Original Message- From: Alexander Kuit [mailto:[EMAIL PROTECTED]] Sent: 03 December 2001 05:21 To: [EMAIL PROTECTED] Subject: Re: RSA Keys On 03.12.2001 11:39:54 owner-openssl-users wrote: >Hi > >Sorry for the resend. >This is a resend with the complete encoding type. > > >I am getting a file from a MS machine that contains an exported public >key. This data appears to be binary data. It has been exported with the >flag X509_ASN_ENCODING > >Trying to read the file with PEM_read_publickkey() does not appear to >work. What is the correct function or other method to use to get this >data into a RSA * struct or a EVP_PKEY structure. Preferably EVP_PKEY to >add to a certificate. PEM is the ascii version of the binary ASN/DER encoding, so PEM functions won't work. To convert a binary (der) encoding into an internal OpenSSL structure, use the d2i_* functions. In your case, probably the d2i_PublicKey() or a similar function will do. See also the FAQ for more information about the d2i_* functions. Alex. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Adding extensions X509_REQ or X509?
Good morning By difficulty --> From what I can make out of the docs and code it is only possible to add extensions to a X509_REQ structure and not a X509 structure. Should this be the case, how do I convert from the X509_REQ to the X509 or alternatively how do I add extensions to a X509 structure before signing it. Hylton smime.p7s Description: application/pkcs7-signature
PEM/ASN Questions
Hi. I'm getting myself confused with the different formats. I see the PEM functions are defined as PEM_ANS. Is PEM the equivalent of ANS or can ASN be represented in PEM format. The route of my problem is such. I am going to be getting a public key on a socket from a MS machine exported using the X509_ASN_ENCODING flag. I am assuming that this is binary data. Using a memory bio (BIO_s_mem()) I want to read this into a EVP_PKEY structure so that I can include the key into a certificate that I am creating. What function(s) would I need to use to accomplish this. What is the correct PKCS format to send the certificate back to the client? Any help appreciated Hylton smime.p7s Description: application/pkcs7-signature
RE: Output a file as a PKCS#7
Thank you. So simple, so powerfull. Hylton -Original Message- From: Dale Peakall [mailto:[EMAIL PROTECTED]] Sent: 26 November 2001 02:25 To: [EMAIL PROTECTED] Subject: RE: Output a file as a PKCS#7 PEM_write_X509 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] smime.p7s Description: application/pkcs7-signature
Output a file as a PKCS#7
Hi. I'm generating a certificate with in my code. I have a x509 structure that is populated and signed. If I call X50_print, a file is generated that contains the certificate but the file does not contain the BEGIN and END CERTIFICATE header and footer. Below is a sample of the file generated Certificate: Data: Version: 4 (0x3) Serial Number: 56:65:72:73:69:6f:6e:20:33 Signature Algorithm: md5WithRSAEncryption Issuer: 0.0=Namitech PTY Ltd Validity Not Before: Nov 25 07:41:30 2001 GMT Not After : Nov 25 07:41:30 2001 GMT Subject: 0.0=Subject Line Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:9a:2b:3e:f7:f3:e9:f3:33:10:07:fc:4b:a7:8c: 82:3a:7b:04:6e:bf:b7:fc:01:7c:e1:f7:63:23:db: f7:22:bb:d3:96:dd:49:9f:72:44:f5:71:f4:a4:2c: fe:04:55:f3:7f:18:1f:d1:7c:b2:33:fd:4c:c5:79: 5f:1e:fa:a6:38:9e:9b:7a:5e:ee:02:df:3f:30:ec: 8f:81:71:9c:c0:5c:7d:1c:b6:99:00:92:96:f0:5c: d0:6c:d9:46:ef:85:f8:6d:6b:c2:32:45:f1:c1:73: ed:cf:3e:d3:cc:6c:84:13:e0:09:4a:39:2e:5d:d6: etc.. What do I need to do to get the file into the format (again from with in code, not command line) -BEGIN CERTIFICATE- data -END CERTIFICATE- and what is the corect terminolgy foer these two formats please? Any help appreciated Hylton smime.p7s Description: application/pkcs7-signature
Adding a name to the certificate
Hi I'm looking for what the parameters for X509_NAME_ENTRY_create_by_NID mean. I can see what they are in the source code but is there a site where the function(s) for creating a certificate is explained. After a search on X509_NAME_ENTRY_create_by_NID using google, no reference to the open ssl site is returned (except the mail archives). Is this documented or am I using the incorrect function here Hylton smime.p7s Description: application/pkcs7-signature
RE: more inetd trouble
Hi I have come into this thread a bit late. Having just completed Inetd.d /openssl I might be able to help butI do not have the original question. Inetd uses stdin and stdout (0,1). I have noted that any debugging indormation (printf etc) sent to these ports intereferes with the comminication. In my implementation I am not using the bio functions but was able to get away with SSL_set_rfd(pSSL, fileno(stdin)); SSL_set_wfd(pSSL, fileno(stdout)); to set up the reading and writing options of SSL If I can help any more please let me know. Hylton I may be able to post portions of source code if it would be relevnt. -Original Message- From: Matthew Fleming [mailto:[EMAIL PROTECTED]] Sent: 16 November 2001 05:45 To: [EMAIL PROTECTED] Subject: more inetd trouble >>"Matthew Fleming" <[EMAIL PROTECTED]> writes: >> But what I have written is, not a standalone server program, but a >> daemon which is invoked by inetd. It seems to me that this should work >> the same as the standalone, except that the tcp_listen() and accept() >> calls should be unnecessary; inetd should hand the daemon a socket >> descriptor which should be usable in the BIO_new_socket call; and this >> socket descriptor should be accessible as fd 0, 1, or 2 (inetd makes all >> 3 descriptors available, but there is really only one socket, so each of >> the descriptors should refer to the same thing). >I'm not sure that it's safe to write file descriptor 0. > >Have you tried creating one bio for reading on stdin and one >for writing on stdout and passing them both to SSL? > >-Ekr By this I assume you mean something like the following: int sock,s; -> BIO *sbio_in, *sbio_out; SSL_CTX *ctx; SSL *ssl; int r; /* Build our SSL context*/ ctx=initialize_ctx(KEYFILE,PASSWORD); load_dh_params(ctx,DHFILE); generate_eph_rsa_key(ctx); SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, sizeof s_server_session_id_context); /* sock=tcp_listen(); while(1){ if((s=accept(sock,0,0))<0) err_exit("Problem accepting"); */ -> sbio_in=BIO_new_socket(0,BIO_NOCLOSE); -> sbio_out=BIO_new_socket(1,BIO_NOCLOSE); ssl=SSL_new(ctx); -> SSL_set_bio(ssl,sbio_in,sbio_out); if((r=SSL_accept(ssl)<=0)) berr_exit("SSL accept error"); This still does not work with inetd. Actually I don't see why you should have to use 2 sbio objects when the program is invoked by inetd, but can get away with one when the server is invoked from the command line; it seems to me that it should be the same either way. I'm strictly an amateur, but I would think that the difference between starting the program from the command line and from inetd shouldn't have to do so much with the socket descriptors, but with the things that inetd does *before* invoking the daemon (eg, Chapter 12, UNIX Network Programming, Stevens). -- Matthew Fleming, MD Associate Professor Dept. of Dermatology Medical College of Wisconsin E-mail: [EMAIL PROTECTED] S-mail: Dept. of Dermatology Medical College of Wisconsin 8701 Watertown Plank Rd. Milwaukee, WI 53226 Phone:414.456.4072 Fax:414.456.6518 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] smime.p7s Description: application/pkcs7-signature
RE: PEM_read_RSAPublicKey
Sorry, I asked to early, There is nothing wrong with the code. The file is not a public key file (or the format isd wrong) How do I extract a public key file from a certificate? Hylton -Original Message-From: Hylton Tregenza Sent: 16 November 2001 12:24To: [EMAIL PROTECTED]Subject: PEM_read_RSAPublicKey Hi I am trying to read a public key from a certificate file in PEM format. My code looks as follows. I constanty get null as a result from the call to PEM_read_RSAPublicKey #include #include #include #include #include #include #include #include "main.h" #define HOME "/home/hetregenza/projects/ssl_cert/" //#define HOME "./" #define CLIENTCERTF HOME "clientcert.pem" #define CLIENTKEYF HOME "clientkey.pem" #define SERVERCERTF HOME "servercert.pem" #define SERVERKEYF HOME "serverkey.pem" #define CASERVCERTF HOME "cacert.pem" int main(int argc, char ** argv) { void * pUser; char szUser[2000]; EVP_PKEY * pEVP_PKEY = 0; EVP_PKEY ** ppEVP_PKEY = 0; BIO_METHOD * pBIO_METHOD; BIO * pBIO = 0; RSA * pRSA = 0; RSA ** ppRSA = 0; pBIO_METHOD = BIO_s_file(); memset (&szUser, 0, sizeof(szUser)); pBIO = BIO_new_file(CLIENTCERTF, "r"); pRSA = PEM_read_bio_RSAPublicKey(pBIO, ppRSA, PasswdCallback, (void *)szUser); // get null back here. BIO_free(pBIO); return 0; } The code does not even get to the call back function. Any assistance appreciated Hylton smime.p7s Description: application/pkcs7-signature
PEM_read_RSAPublicKey
Hi I am trying to read a public key from a certificate file in PEM format. My code looks as follows. I constanty get null as a result from the call to PEM_read_RSAPublicKey #include #include #include #include #include #include #include #include "main.h" #define HOME "/home/hetregenza/projects/ssl_cert/" //#define HOME "./" #define CLIENTCERTF HOME "clientcert.pem" #define CLIENTKEYF HOME "clientkey.pem" #define SERVERCERTF HOME "servercert.pem" #define SERVERKEYF HOME "serverkey.pem" #define CASERVCERTF HOME "cacert.pem" int main(int argc, char ** argv) { void * pUser; char szUser[2000]; EVP_PKEY * pEVP_PKEY = 0; EVP_PKEY ** ppEVP_PKEY = 0; BIO_METHOD * pBIO_METHOD; BIO * pBIO = 0; RSA * pRSA = 0; RSA ** ppRSA = 0; pBIO_METHOD = BIO_s_file(); memset (&szUser, 0, sizeof(szUser)); pBIO = BIO_new_file(CLIENTCERTF, "r"); pRSA = PEM_read_bio_RSAPublicKey(pBIO, ppRSA, PasswdCallback, (void *)szUser); // get null back here. BIO_free(pBIO); return 0; } The code does not even get to the call back function. Any assistance appreciated Hylton smime.p7s Description: application/pkcs7-signature
RE: Pem_read_bio -.... expecting certificate.
Having tried my code with various other certs that came with openssl, I have to say that the problem is in my code. All certs give the same error. The only time i get a different error is if I remove the cert or physically alter the certificate header. Does SSL expect CA Cert to be in PEM format by default or do I need to tell it somewhere. any idea what I could be overlooking. any other information I should be giving? Hylton -Original Message- From: Hylton Tregenza Sent: 17 October 2001 04:32 To: [EMAIL PROTECTED] Subject: Pem_read_bio - expecting certificate. Hi all I have looked in the archives but not found an examale or assistance there. I am having difficulty with a CA certificate (created with ./CA -newca) I am getting the following error 1895:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expecting: CERTIFICATE. The certificate is included bellow. I can find nothing wrong with it. -BEGIN CERTIFICATE- MIIC4zCCAkygAwIBAgIBADANBgkqhkiG9w0BAQQFADBbMQswCQYDVQQGEwJaQTEK MAgGA1UECBMBQTEKMAgGA1UEBxMBQTEKMAgGA1UEChMBQTEKMAgGA1UECxMBQTEK MAgGA1UEAxMBQTEQMA4GCSqGSIb3DQEJARYBQTAeFw0wMTEwMTYxMzQ4MTVaFw0w MjEwMTYxMzQ4MTVaMFsxCzAJBgNVBAYTAlpBMQowCAYDVQQIEwFBMQowCAYDVQQH EwFBMQowCAYDVQQKEwFBMQowCAYDVQQLEwFBMQowCAYDVQQDEwFBMRAwDgYJKoZI hvcNAQkBFgFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDKcM9jJufpvGm CSMIuDIrmqzPn34F18KdDLn5FZ3JZCLEvVSK0g3dmtYkI3aa45QDEEZnH2uEq309 o2pHgmcMO1/jOhIzSe9QZoTYNNhaqtgxkRbukt8SIZlz2McVXEjO7Ne65hmOKtk0 d5Q1TQMm+On8r0QDOinzniUMeG+KuwIDAQABo4G2MIGzMB0GA1UdDgQWBBRuB42r x2+tzhQvQjcsTqviN/63uTCBgwYDVR0jBHwweoAUbgeNq8dvrc4UL0I3LE6r4jf+ t7mhX6RdMFsxCzAJBgNVBAYTAlpBMQowCAYDVQQIEwFBMQowCAYDVQQHEwFBMQow CAYDVQQKEwFBMQowCAYDVQQLEwFBMQowCAYDVQQDEwFBMRAwDgYJKoZIhvcNAQkB FgFBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEACInmVXY+Qs62 QmYRBgnkM8ys8dNnn17UVeHZ3clpP80udnGVWvUivmkJzZbSoiMvXgIlWNuAtGgI Aqz5LPthYy8/VUlurOjWL7xlYTBlDJQa8+c/JliAi/6LNC7oIu2lxN/hA1kbG4Pr qSIBiYNSrJaA4ktpK0bfncqSPGu/BpM= -END CERTIFICATE- openssl reads it correctly. I am doing the following in trying to read it. Please can some one point out my mistake. SSL_load_error_strings(); SSL_library_init(); // actions_to_seed_PRNG(); ERR_load_crypto_strings(); SSLeay_add_ssl_algorithms(); pMETHOD = SSLv3_client_method(); ERR_print_errors_fp(stdout); fflush(stdout);> No error here printf("%s\n", CASERVCERTF); fflush(stdout); X509_stack = SSL_load_client_CA_file(CASERVCERTF); ERR_print_errors_fp(stdout); fflush(stdout); > error shown here SSL_CTX_set_client_CA_list(pCTX, X509_stack); ERR_print_errors_fp(stdout); fflush(stdout); Thanks guys. I am lost on this one. Hylton __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: PEM_read_bio
Title: Message I am having the same problem. If I find anything I will let you know -Original Message-From: Andrew Finnell [mailto:[EMAIL PROTECTED]]Sent: 17 October 2001 04:11To: 'Openssl ([EMAIL PROTECTED])'Subject: PEM_read_bio I am getting an error message , PEM_read_bio: No start line. Now I am assuming this may have to do with the pem certificate im trying to read, but all my certificates are fine. Could anyone give me some insight on what causes this error. Thanks! -Andrew T. FinnellSoftware EngineereSecurity Inc(321) 394-2485
Pem_read_bio -.... expecting certificate.
Hi all I have looked in the archives but not found an examale or assistance there. I am having difficulty with a CA certificate (created with ./CA -newca) I am getting the following error 1895:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expecting: CERTIFICATE. The certificate is included bellow. I can find nothing wrong with it. -BEGIN CERTIFICATE- MIIC4zCCAkygAwIBAgIBADANBgkqhkiG9w0BAQQFADBbMQswCQYDVQQGEwJaQTEK MAgGA1UECBMBQTEKMAgGA1UEBxMBQTEKMAgGA1UEChMBQTEKMAgGA1UECxMBQTEK MAgGA1UEAxMBQTEQMA4GCSqGSIb3DQEJARYBQTAeFw0wMTEwMTYxMzQ4MTVaFw0w MjEwMTYxMzQ4MTVaMFsxCzAJBgNVBAYTAlpBMQowCAYDVQQIEwFBMQowCAYDVQQH EwFBMQowCAYDVQQKEwFBMQowCAYDVQQLEwFBMQowCAYDVQQDEwFBMRAwDgYJKoZI hvcNAQkBFgFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDKcM9jJufpvGm CSMIuDIrmqzPn34F18KdDLn5FZ3JZCLEvVSK0g3dmtYkI3aa45QDEEZnH2uEq309 o2pHgmcMO1/jOhIzSe9QZoTYNNhaqtgxkRbukt8SIZlz2McVXEjO7Ne65hmOKtk0 d5Q1TQMm+On8r0QDOinzniUMeG+KuwIDAQABo4G2MIGzMB0GA1UdDgQWBBRuB42r x2+tzhQvQjcsTqviN/63uTCBgwYDVR0jBHwweoAUbgeNq8dvrc4UL0I3LE6r4jf+ t7mhX6RdMFsxCzAJBgNVBAYTAlpBMQowCAYDVQQIEwFBMQowCAYDVQQHEwFBMQow CAYDVQQKEwFBMQowCAYDVQQLEwFBMQowCAYDVQQDEwFBMRAwDgYJKoZIhvcNAQkB FgFBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEACInmVXY+Qs62 QmYRBgnkM8ys8dNnn17UVeHZ3clpP80udnGVWvUivmkJzZbSoiMvXgIlWNuAtGgI Aqz5LPthYy8/VUlurOjWL7xlYTBlDJQa8+c/JliAi/6LNC7oIu2lxN/hA1kbG4Pr qSIBiYNSrJaA4ktpK0bfncqSPGu/BpM= -END CERTIFICATE- openssl reads it correctly. I am doing the following in trying to read it. Please can some one point out my mistake. SSL_load_error_strings(); SSL_library_init(); // actions_to_seed_PRNG(); ERR_load_crypto_strings(); SSLeay_add_ssl_algorithms(); pMETHOD = SSLv3_client_method(); ERR_print_errors_fp(stdout); fflush(stdout);> No error here printf("%s\n", CASERVCERTF); fflush(stdout); X509_stack = SSL_load_client_CA_file(CASERVCERTF); ERR_print_errors_fp(stdout); fflush(stdout); > error shown here SSL_CTX_set_client_CA_list(pCTX, X509_stack); ERR_print_errors_fp(stdout); fflush(stdout); Thanks guys. I am lost on this one. Hylton __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSL_accept
Hi, I am calling ssl_accept but it is not blocking. This is very new to me but as the design goes, I need the socket to block on accept. The application currently works without SSL. I am trying to add SSL to the routines allowing the user to determine if they want a secure connection to not. The origibnal app blocks too. I am following roughly outlines, the following procedure. TLSv1_client_method() SSL_CTX_new SSL_new SSL_set_fd SSL_accept. I am using the fd that was being created by the old socket routines where applicable. could someone please point me in the direction to get accept to block. I am using openssl 0.9.6 (dated sept 2000) running redhat 7.1 Hylton __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSL_accept
Hi, I am calling ssl_accept but it is not blocking. This is very new to me but as the design goes, I need the socket to block on accept. The application currently works without SSL. I am trying to add SSL to the routines allowing the user to determine if they want a secure connection to not. The origibnal app blocks too. I am following roughly outlines, the following procedure. TLSv1_client_method() SSL_CTX_new SSL_new SSL_set_fd SSL_accept. I am using the fd that was being created by the old socket routines where applicable. could someone please point me in the direction to get accept to block. I am using openssl 0.9.6 (dated sept 2000) running redhat 7.1 Hylton __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]