[openssl-users] CVE-2016-2180
Hi OpenSSL team, I am using openssl-1.0.0e in my product. Here i want to know that OpenSSL is CVE-2016-2180 vulnerable or not. https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca373 65e8c7403a?diff=unified In this page showing some modifications to the function TS_OBJ_print_bio. Is these changes are fix this vulnerability? Here i don't know how to test this vulnerability. Can you please provide me with the test process or ant other information about this vulnerability to go further. I will wait for your reply. best regards, Gopi. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
X509_NAME_add_entry question
I have a X509_NAME variable which contains something like
/CN=mycn/OU=myou/O=myo
I want to modify this into
/CN=mycn/OU=yourou/O=myo
i.e. I want to change the OU from myou to yourou
Extracting the different RDNs (CN, OU O) and recreating a new X509_NAME using
X509_NAME_add_entry with loc as -1 works fine.
However, if I try to modify the existing X509_NAME by deleting the CN
from it then
inserting the modified CN in between the exiting CN O gives me problems.
This is what I tried.
- Get the index of the OU - it was 1.
- Now called X509_NAME_delete_entry with index 1 - worked fine.
- Next called X509_NAME_add_entry_by_txt with yourou OU loc as 1.
- This did insert the modified CN, but it made the OU O as a
multivalued RDN instead
of making the OU as a separate RDN.
i.e. my X509_NAME becomes /CN=my/OU=yourou+O=myo
instead of /CN=my/OU=yourou/O=myo
I debugged through the add_entry code it boiled down to the handling of the
set field in the X509_NAME_ENTRY structure.
This is the structure.
typedef struct X509_name_entry_st
{
ASN1_OBJECT *object;
ASN1_STRING *value;
int set;
int size; /* temp variable */
} X509_NAME_ENTRY;
Can someone help me understand the set member in this structure.
When you delete a NAME_ENTRY insert another on that point, the function
X509_NAME_add_entry doesn't seem to adjust the set member
of the X509_NAME_ENTRY structure like the way I think it should.
Hence the insertion causes the OU we are inserting to be
treated as a part of the previous field (CN) - i.e. it becomes
a multi-valued RDN, rather than a new RDN in the NAME.
This happens because the set field of all NAME_ENTRIES
beyond the insertion point doesn't get incremented - not sure
if this is a bug in the function or I am misunderstanding something.
I feel this is how the set member should be adjusted I think.
if(loc == -1 or loc == current size)
don't increment set field of any other node
else
increment set field of all nodes beyond insertion point.
I am referring to the X509_NAME_add_entry function sources in x509name.c
Can someone tell if this is a bug or am I misunderstanding how this is supposed
to work?
Is this the right list for this question or should I send this instead
of openssl-dev?
Thank you.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Client not sending CA's certificate
Hi all, Can anyone help me where to find sample code for "client certificate verification" regards, Siva K
no shared ciphers ?
Hi, Can anyone help me solving the following problem. Case I : I have a SSL server and SSL client program.I am able to communicate between SSL Server and SSL Client perfectly using the certificates created in Linux box. Case II : When I use ' openSSL's s_server ' listening at a port ,HTTPS request comes perfectly from IEand this server was able to write to requested page. Case III : But the problem comes when I try to connect the SSL server ( The same SSL server program which I used for communication in Case I) from IE using the url https://server's-ip-address:port/ where "server's-ip-address " is where the server is listening in the specified "port".When I try the above step I got the following error " 1341:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:769: " I think this error is because the client and server are not sharing a compatible ciphers.I have added the default ciphers in the server program using the following SSL function " SSL_set_cipher_list(ssl,SSL_DEFAULT_CIPHER_LIST) " I have loaded the "root certificate " in the browser.Server is using the certificate authenticated by this "root certificate". Please let me know how to proceed. with regards,Siva K.
How to install OpenSSL in SunOS 2.6
hi, I faced a problem when i was loading OpenSSL in SunOS 2.6.I have installed the OpenSSL in the system ,but the commands were not working.It is giving the error, "not seeded enough".I saw the FAQ and found that,if a patch file was installed, these can be solved,but even after installing that i get the same problem.Can any one help me in these problem.It is urgent please. thank u siva _ Get Your Free Email At, http://www.rediffmail.com Partcipate in crazy Re.1 auctions at http://www.rediff.com/auctions __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Question about using it outside Europe
hai i want to use Openssl software in my project which is going to installed in singapore.Is there law voilation in using this uotside Europe.If any condition is there please send me the rules to use it Get free email and a permanent address at http://www.netaddress.com/?N=1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
