Re: mini project in C using openssl
Another link: http://code.google.com/p/ssl3fuzzerapi/source/browse/#svn/trunk On Wed, Oct 27, 2010 at 6:34 AM, Anthony Gabrielson agabriels...@comcast.net wrote: Hi, Check this out, its a nice little C example: http://agabrielson.wordpress.com/2010/07/15/openssl-an-example-from-the-command-line/ Anthony On Oct 26, 2010, at 7:32 AM, g A b R i E L wrote: Hi. My name is Gabriel. I'm newbie in openssl and I need to develop a aplication in C languaje using openssl. If anyone on this mailing list can help me, and is interested in working in this mini project (for free or not) Please contact me via e-mail. Best regards gabriel
Re: Tutorial
Hi El Hachimi, You can follow ssl3fuzzerapi.googlecode.com. It is raw SSL v3 communication Thanks, Suchindra Chandrahas - Original Message From: EL HACHIMI Driss [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, February 22, 2008 8:23:18 PM Subject: Tutorial Hello, I need to set an SSL communication between a server and a client using openSSL source. However, I have to learn more about the openSSL use, and so I would need a tutorial or a sample code explaining the way to use the openSSL library. Thank you. Best Regards Driss El Hachimi Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Regarding openssl function ssl3_handshake_mac
Hi All,
Just went through this in openssl source in s3_enc.c:
static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
const char *sender, int len, unsigned char *p)
{
unsigned int ret;
int npad,n;
unsigned int i;
unsigned char md_buf[EVP_MAX_MD_SIZE];
EVP_MD_CTX ctx;
EVP_MD_CTX_init(ctx);
EVP_MD_CTX_copy_ex(ctx,in_ctx);
n=EVP_MD_CTX_size(ctx);
npad=(48/n)*n;
if (sender != NULL)
EVP_DigestUpdate(ctx,sender,len);
EVP_DigestUpdate(ctx,s-session-master_key,
s-session-master_key_length);
EVP_DigestUpdate(ctx,ssl3_pad_1,npad);
EVP_DigestFinal_ex(ctx,md_buf,i);
EVP_DigestInit_ex(ctx,EVP_MD_CTX_md(ctx), NULL);
EVP_DigestUpdate(ctx,s-session-master_key,
s-session-master_key_length);
EVP_DigestUpdate(ctx,ssl3_pad_2,npad);
EVP_DigestUpdate(ctx,md_buf,i);
EVP_DigestFinal_ex(ctx,p,ret);
EVP_MD_CTX_cleanup(ctx);
This seems to be the function for generating the final md5 and sha hashes for
client_finished messages. However, i am not able to find the handshake messages
in the above EVP_DigestUpdates. But in RFC, the handshake messages are needed
it says. Am i missing something here, or is this fine for an MD5 or SHA hash to
be sent in client_finished message? Please let me know if i am wrong!!!
Thanks and Regards,
Suchindra Chandrahas
-
Never miss a thing. Make Yahoo your homepage.
Re: Regarding openssl function ssl3_handshake_mac
OK. So, this is after the rest of the calculations. OK understood!
Thanks !
Thanks and Regards,
Suchindra Chandrahas
Marek Marcola [EMAIL PROTECTED] wrote:
On Thu, 2008-01-03 at 03:30 -0800, Suchindra Chandrahas wrote:
Hi All,
Just went through this in openssl source in s3_enc.c:
static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
const char *sender, int len, unsigned char *p)
{
unsigned int ret;
int npad,n;
unsigned int i;
unsigned char md_buf[EVP_MAX_MD_SIZE];
EVP_MD_CTX ctx;
EVP_MD_CTX_init(ctx);
EVP_MD_CTX_copy_ex(ctx,in_ctx);
n=EVP_MD_CTX_size(ctx);
npad=(48/n)*n;
if (sender != NULL)
EVP_DigestUpdate(ctx,sender,len);
EVP_DigestUpdate(ctx,s-session-master_key,
s-session-master_key_length);
EVP_DigestUpdate(ctx,ssl3_pad_1,npad);
EVP_DigestFinal_ex(ctx,md_buf,i);
EVP_DigestInit_ex(ctx,EVP_MD_CTX_md(ctx), NULL);
EVP_DigestUpdate(ctx,s-session-master_key,
s-session-master_key_length);
EVP_DigestUpdate(ctx,ssl3_pad_2,npad);
EVP_DigestUpdate(ctx,md_buf,i);
EVP_DigestFinal_ex(ctx,p,ret);
EVP_MD_CTX_cleanup(ctx);
This seems to be the function for generating the final md5 and sha
hashes for client_finished messages. However, i am not able to find
the handshake messages in the above EVP_DigestUpdates. But in RFC, the
handshake messages are needed it says. Am i missing something here, or
is this fine for an MD5 or SHA hash to be sent in client_finished
message? Please let me know if i am wrong!!!
This function may be used to calculate client CertificateVerify hash and
client/server Finished hash (depending on function parameters) . Already
calculated hash of exchanged handshake packets is contained in in_ctx
structure.
Best regards,
--
Marek Marcola
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
-
Looking for last minute shopping deals? Find them fast with Yahoo! Search.
Re: Regarding openssl function ssl3_handshake_mac
Thanks Jimmy, now i properly understood!
Thanks and Regards,
Suchindra Chandrahas
jimmy bahuleyan [EMAIL PROTECTED] wrote: Suchindra Chandrahas wrote:
Hi All,
Just went through this in openssl source in s3_enc.c:
static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
const char *sender, int len, unsigned char *p)
{
[snip]..
This seems to be the function for generating the final md5 and sha
hashes for client_finished messages. However, i am not able to find the
handshake messages in the above EVP_DigestUpdates. But in RFC, the
handshake messages are needed it says. Am i missing something here, or
is this fine for an MD5 or SHA hash to be sent in client_finished
message? Please let me know if i am wrong!!!
Thanks and Regards,
Suchindra Chandrahas
The partial hashes of handshake messages are accumulated during the
handshake. You may want to take a look at ssl3_finish_mac() and where it
is called.
-jb
--
Don't have a sig to call my own; care to donate a fortune?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
-
Looking for last minute shopping deals? Find them fast with Yahoo! Search.
Re: One last question on ClientFinished
Thanks Mererk. Will implement the same! Thanks and Regards, Suchindra Chandrahas Marek Marcola [EMAIL PROTECTED] wrote: On Fri, 2007-12-21 at 22:23 -0800, Suchindra Chandrahas wrote: Hi All, ClientFinished message has 2 hashes (md5 and sha1) of All Handshake Messages till that but not including ClientFinished message itself. In a Handshake message, i notice that there are two sections: 1. Record Layer Header (16 03 00...) 2. Handshake Protocol (, handshake message ) In the RFC for ssl v3, i notice that we should not use the record layer headers in calculating ClientFinished message Hashes. So should i take the second one mentioned above (with Handshake Type, Length, SSL Version and the message) or should i consider only the Handshake Message (the last part of 2. above)? You should use all handshake data (type,len,version,msg) in calculation of Finished digests. You should not include in this calculation ChangeCipherSpec packet because this packet is not part of handshake protocol (this packet is protocol itself). Best regards, -- Marek Marcola __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] - Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
One last question on ClientFinished
Hi All, ClientFinished message has 2 hashes (md5 and sha1) of All Handshake Messages till that but not including ClientFinished message itself. In a Handshake message, i notice that there are two sections: 1. Record Layer Header (16 03 00...) 2. Handshake Protocol (handshake type, length of handshake message ssl version handshake message) In the RFC for ssl v3, i notice that we should not use the record layer headers in calculating ClientFinished message Hashes. So should i take the second one mentioned above (with Handshake Type, Length, SSL Version and the message) or should i consider only the Handshake Message (the last part of 2. above)? Thanks a lot and Regards, Suchindra Chandrahas Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: MAC Calculation help needed
Hi Merek,
Thanks a lot for replying! I changed a lot of code and
downloaded wireshark source and made debug messages larger in number. I finally
debugged step by step and kept on rectifying the code.
Now the MAC is fine!!!
Wireshark Debug Messages Say So!
I am getting the error:
31218:error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message
size:s3_both.c:449
Saw in openssl code and this one is seen:
/* At this point we have got an MS SGC second client
* hello (maybe we should always allow the client to
* start a new handshake?). We need to restart the mac.
* Don't increment {num,total}_renegotiations because
* we have not completed the handshake. */
ssl3_init_finished_mac(s);
}
s-s3-tmp.message_type= *(p++);
n2l3(p,l);
if (l (unsigned long)max)
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
if (l (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
if (l !BUF_MEM_grow_clean(s-init_buf,(int)l+4))
{
SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
goto err;
}
It openssl expecting any parameter that i am not passing?, or does the mistake
mean something related to a part of ClientFinished message?
Thanks and Regards,
Suchindra Chandrahas
Marek Marcola [EMAIL PROTECTED] wrote: On Mon, 2007-12-17 at 19:39 -0800,
Suchindra Chandrahas wrote:
Hi All,
I am doing the following to calculate MAC
as per SSL v3 handshake:
printf(\nRESULT: Plain Record encryption:\n);
for ( i = 0; i rec_len; i ++)
printf(%x , rec[i]);
total_length = rec_len + 16
/* 16 is the size of MAC */
s2n(tot_len, p);
MD5_Init(ctx);
MD5_Update(ctx,ssl-wMACptr,16);
/* Doubtful here. wMACptr is Write MAC key of the
client. However, i am not sure whether to use wMACkey
or do a RC4_set_key(wMACptr...) and then use the
result */
MD5_Update(ctx,pad_1_md5,48);
/* The following sequence is only for 2 digit
sequence number as of now
but the total sequence number is 8 bytes
unsigned char representation */
seq[0] = (ssl-write_seq 0xff00)8;
seq[1] = ssl-write_seq 0xff;
MD5_Update(ctx, seq, 8);
ihash[0] = 0;
MD5_Update(ctx, ihash, 1);
ihash[0] = (rec_len 0xff00) 8;
ihash[1] = rec_len 0xff;
MD5_Update(ctx, ihash, 2);
MD5_Update(ctx, rec, rec_len);
MD5_Final(dgst,ctx);
//MD5_Init(ctx);
MD5_Update(ctx,ssl-wMACptr,16);
MD5_Update(ctx,pad_2_md5,48);
MD5_Update(ctx,dgst,16);
MD5_Final(dgst,ctx);
printf(\n\nRESULT: MAC Calculated:\n);
for ( i = 0; i 16; i ++)
printf(%x , dgst[i]);
for ( i = 0; i rec_len; i ++)
*p++ = rec[i];
for (i = 0; i 16; i ++)
*p++ = dgst[i];
printf(\nINFO: Record Unencrypted:\n);
for ( i = 5; i tot_len + 5; i ++)
printf(%x , buf[i]);
Does the calculation of MD5 (stream cipher is used in
this case, RC4-128), require a separate RC4_set_key()
function to be used on ssl-wMACptr (Write MAC key of
client)?
SSL record MAC calculation is independent of negotiated stream cipher
(and stream cipher is not used in this MAC calculation)
Example code of SSL packet MAC calculation:
---
/**
* Calculate SSL3 record message digest.
*
* @paramssl SSL parameters
* @paramrolelocal role
* @paramproto record layer protocol
* @parambuf buffer
* @paramlen buffer length
* @paramdgstreturn record message digest
* @return0
*/
int ssl3_md(ssl_t * ssl, int role, int proto, char *buf, int len, uint8_t *
dgst)
{
md_t md;
uint8_t *mac;
uint8_t *seq;
uint8_t tmp[3];
int i;
LOG_API4(ssl=[%p],proto=%d,len=%d,role=%d, ssl, proto, len, role);
if (role == SSL_SERVER) {
mac = ssl-server_mac;
seq = ssl-server_seq;
} else {
mac = ssl-client_mac;
seq = ssl-client_seq;
}
md_init(md, ssl-md_id);
md_update(md, mac, md.size);
md_update(md, pad_1, 40);
md_update(md, seq, 8);
tmp[0] = (uint8_t) (proto);
tmp[1] = (uint8_t) (len 8 0xFF);
tmp[2] = (uint8_t) (len 0 0xFF);
md_update(md, tmp, sizeof(tmp));
md_update(md, buf, len);
md_final(md, dgst, NULL);
md_init(md, ssl-md_id
Re: MAC Calculation help needed
Hi Merek,
In the following function,
md_update(md, pad_2, 40);
Is pad_2 and pad_1 (before), of size 40 bytes. I think i
am a wrong somewhere, cos i put them as 48 bytes for md5 and 40 bytes for sha
Please let me know if i am wrong
Thanks and Regards,
Suchindra Chandrahas
Marek Marcola [EMAIL PROTECTED] wrote: On Mon, 2007-12-17 at 19:39 -0800,
Suchindra Chandrahas wrote:
Hi All,
I am doing the following to calculate MAC
as per SSL v3 handshake:
printf(\nRESULT: Plain Record encryption:\n);
for ( i = 0; i rec_len; i ++)
printf(%x , rec[i]);
total_length = rec_len + 16
/* 16 is the size of MAC */
s2n(tot_len, p);
MD5_Init(ctx);
MD5_Update(ctx,ssl-wMACptr,16);
/* Doubtful here. wMACptr is Write MAC key of the
client. However, i am not sure whether to use wMACkey
or do a RC4_set_key(wMACptr...) and then use the
result */
MD5_Update(ctx,pad_1_md5,48);
/* The following sequence is only for 2 digit
sequence number as of now
but the total sequence number is 8 bytes
unsigned char representation */
seq[0] = (ssl-write_seq 0xff00)8;
seq[1] = ssl-write_seq 0xff;
MD5_Update(ctx, seq, 8);
ihash[0] = 0;
MD5_Update(ctx, ihash, 1);
ihash[0] = (rec_len 0xff00) 8;
ihash[1] = rec_len 0xff;
MD5_Update(ctx, ihash, 2);
MD5_Update(ctx, rec, rec_len);
MD5_Final(dgst,ctx);
//MD5_Init(ctx);
MD5_Update(ctx,ssl-wMACptr,16);
MD5_Update(ctx,pad_2_md5,48);
MD5_Update(ctx,dgst,16);
MD5_Final(dgst,ctx);
printf(\n\nRESULT: MAC Calculated:\n);
for ( i = 0; i 16; i ++)
printf(%x , dgst[i]);
for ( i = 0; i rec_len; i ++)
*p++ = rec[i];
for (i = 0; i 16; i ++)
*p++ = dgst[i];
printf(\nINFO: Record Unencrypted:\n);
for ( i = 5; i tot_len + 5; i ++)
printf(%x , buf[i]);
Does the calculation of MD5 (stream cipher is used in
this case, RC4-128), require a separate RC4_set_key()
function to be used on ssl-wMACptr (Write MAC key of
client)?
SSL record MAC calculation is independent of negotiated stream cipher
(and stream cipher is not used in this MAC calculation)
Example code of SSL packet MAC calculation:
---
/**
* Calculate SSL3 record message digest.
*
* @paramssl SSL parameters
* @paramrolelocal role
* @paramproto record layer protocol
* @parambuf buffer
* @paramlen buffer length
* @paramdgstreturn record message digest
* @return0
*/
int ssl3_md(ssl_t * ssl, int role, int proto, char *buf, int len, uint8_t *
dgst)
{
md_t md;
uint8_t *mac;
uint8_t *seq;
uint8_t tmp[3];
int i;
LOG_API4(ssl=[%p],proto=%d,len=%d,role=%d, ssl, proto, len, role);
if (role == SSL_SERVER) {
mac = ssl-server_mac;
seq = ssl-server_seq;
} else {
mac = ssl-client_mac;
seq = ssl-client_seq;
}
md_init(md, ssl-md_id);
md_update(md, mac, md.size);
md_update(md, pad_1, 40);
md_update(md, seq, 8);
tmp[0] = (uint8_t) (proto);
tmp[1] = (uint8_t) (len 8 0xFF);
tmp[2] = (uint8_t) (len 0 0xFF);
md_update(md, tmp, sizeof(tmp));
md_update(md, buf, len);
md_final(md, dgst, NULL);
md_init(md, ssl-md_id);
md_update(md, mac, md.size);
md_update(md, pad_2, 40);
md_update(md, dgst, md.size);
md_final(md, dgst, NULL);
/* increment packet sequence number */
for (i = 7; i = 0; i--) {
seq[i]++;
if (seq[i] != 0) {
break;
}
}
LOG_API4(rc=%d, 0);
return (0);
}
Best regards,
--
Marek Marcola
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
-
Never miss a thing. Make Yahoo your homepage.
MAC Calculation help needed
Hi All, I am doing the following to calculate MAC as per SSL v3 handshake: printf(\nRESULT: Plain Record encryption:\n); for ( i = 0; i rec_len; i ++) printf(%x , rec[i]); total_length = rec_len + 16 /* 16 is the size of MAC */ s2n(tot_len, p); MD5_Init(ctx); MD5_Update(ctx,ssl-wMACptr,16); /* Doubtful here. wMACptr is Write MAC key of the client. However, i am not sure whether to use wMACkey or do a RC4_set_key(wMACptr...) and then use the result */ MD5_Update(ctx,pad_1_md5,48); /* The following sequence is only for 2 digit sequence number as of now but the total sequence number is 8 bytes unsigned char representation */ seq[0] = (ssl-write_seq 0xff00)8; seq[1] = ssl-write_seq 0xff; MD5_Update(ctx, seq, 8); ihash[0] = 0; MD5_Update(ctx, ihash, 1); ihash[0] = (rec_len 0xff00) 8; ihash[1] = rec_len 0xff; MD5_Update(ctx, ihash, 2); MD5_Update(ctx, rec, rec_len); MD5_Final(dgst,ctx); //MD5_Init(ctx); MD5_Update(ctx,ssl-wMACptr,16); MD5_Update(ctx,pad_2_md5,48); MD5_Update(ctx,dgst,16); MD5_Final(dgst,ctx); printf(\n\nRESULT: MAC Calculated:\n); for ( i = 0; i 16; i ++) printf(%x , dgst[i]); for ( i = 0; i rec_len; i ++) *p++ = rec[i]; for (i = 0; i 16; i ++) *p++ = dgst[i]; printf(\nINFO: Record Unencrypted:\n); for ( i = 5; i tot_len + 5; i ++) printf(%x , buf[i]); Does the calculation of MD5 (stream cipher is used in this case, RC4-128), require a separate RC4_set_key() function to be used on ssl-wMACptr (Write MAC key of client)? I just modified Wireshark to print all the keys etc during SSL packet sniffing, and it uses 64 byte key material. However, my Write MAC key, Read MAC key, Write Key, Read Key are all fine as per comparison I am implementing an opensource ssl fuzzing client without using openssl libraries extensively Thanks for your help in advance, and Regards, Suchindra Chandrahas Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Regarding construction of MasterSecret in ssl v3 handshake
Hi Jimmy,
RFC-2246 is for TLS v1. However, i am going for SSL v3. I
don't know whether there is any function for the same. I went through
ssl3_enc.c in openssl code:
int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
int len)
{
static const unsigned char *salt[3]={
#ifndef CHARSET_EBCDIC
(const unsigned char *)A,
(const unsigned char *)BB,
(const unsigned char *)CCC,
#else
(const unsigned char *)\x41,
(const unsigned char *)\x42\x42,
(const unsigned char *)\x43\x43\x43,
#endif
};
unsigned char buf[EVP_MAX_MD_SIZE];
EVP_MD_CTX ctx;
int i,ret=0;
unsigned int n;
EVP_MD_CTX_init(ctx);
for (i=0; i3; i++)
{
EVP_DigestInit_ex(ctx,s-ctx-sha1, NULL);
EVP_DigestUpdate(ctx,salt[i],strlen((const char *)salt[i]));
EVP_DigestUpdate(ctx,p,len);
EVP_DigestUpdate(ctx,(s-s3-client_random[0]),
SSL3_RANDOM_SIZE);
EVP_DigestUpdate(ctx,(s-s3-server_random[0]),
SSL3_RANDOM_SIZE);
EVP_DigestFinal_ex(ctx,buf,n);
EVP_DigestInit_ex(ctx,s-ctx-md5, NULL);
EVP_DigestUpdate(ctx,p,len);
EVP_DigestUpdate(ctx,buf,n);
EVP_DigestFinal_ex(ctx,out,n);
out+=n;
ret+=n;
}
EVP_MD_CTX_cleanup(ctx);
return(ret);
}
I guess *p above is pointer to premaster secret. I am doing the same thing
here, only that EVP_Digest_Update is replaced MD5_Update/SHA_Update. I am not
still sure whether my algorithm is correct or not!
Thanks and Regards,
Suchindra Chandrahas
jimmy bahuleyan [EMAIL PROTECTED] wrote: Suchindra Chandrahas wrote:
Hi Jimmy,
Yes i changed the no. of bytes to 32 (both client
and server random). Also, is it ok to use openssl tls1_prf for ssl v3
handshake?
if you only want to do the prf calculation tls1_PRF() does just that for
you. It does the PRF as specified in rfc-2246, if that is what you have
in mind tls1_PRF() should work.
-jb
--
Don't have a sig to call my own; care to donate a fortune?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
-
Never miss a thing. Make Yahoo your homepage.
Re: question about use SHA function
Hi Helios, This is probably a linker issue Thanks and Regards, Suchindra Chandrahas Helios Nguyen [EMAIL PROTECTED] wrote: hello everybody, I want to use function of sha library, in my program i haved put this line #include but i got this error: : undefined reference to `SHA_Init' : undefined reference to `SHA_Update' : undefined reference to `SHA_Final' I saw in sha.h all of them is already declrated. I don't know whare is problem. can anyone tell me a clue? Thanks in advance! N. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] - Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
Regarding construction of MasterSecret in ssl v3 handshake
Hi All,
I am trying to write an SSL v3 handshake without using openssl
libraries. I have some problem with creation of MasterSecret in SSL v3. Here is
the code snippet of hardcoded client that i am experimenting with:
My ClientHello:
unsigned char buf[BUFSIZE] =
\x01 /* Client Hello Message */
\x00\x00\x29 /* Length */
\x03\x00 /* Client Version */
\x44\x44\x44\x44 /* GMT - just dummy values taken for now
*/
\x66\x66\x66\x66\x66\x66\x66\x66
\x66\x66\x66\x66\x66\x66\x66\x66
\x66\x66\x66\x66\x66\x66\x66\x66
\x66\x66\x66\x66 /* Random Bytes 28 */
\x00 /* Session ID Length */
\x00\x02 /* Cipers */
\x00\x35 /* One cipher - compatible with esx */
\x01\x00; /* Compression related details */
client_random is 28 bytes of 0x66 as of now
My Server Random is stored in ssl-server_random[28] array (excluding gmt 4
bytes)
My Client Random is stored in ssl-client_random[28] array (excluding gmt 4
bytes)
Note: I am guessing that client random and server random are 28 bytes long. I
am excluding the 4 bytes of gmt time spec from the random for calculating the
Master Secret
Master Secret Algorithm:
static const unsigned char *salt[10]={
(const unsigned char *)A,
(const unsigned char *)BB,
(const unsigned char *)CCC,
(const unsigned char *),
(const unsigned char *)E,
(const unsigned char *)FF,
(const unsigned char *)GGG,
(const unsigned char *),
(const unsigned char *)I,
(const unsigned char *)JJ
};
/*
* client_master_secret = MD5(client_premaster_secret + SHA('A' + client_random
+ server_random + client_premaster_secret)) +
* MD5(client_premaster_secret + SHA('BB' + client_random +
server_random + client_premaster_secret)) +
* MD5(client_premaster_secret + SHA('CCC' + client_random +
server_random + client_premaster_secret))
*
*/
tmp = ssl-client_master_secret;
for (i = 0; i 3; i++) {
SHA_Init(ctx1_sha);
SHA_Update(ctx1_sha, salt[i], i + 1);
SHA_Update(ctx1_sha, ssl-client_random, 28);
SHA_Update(ctx1_sha, ssl-server_random, 28);
SHA_Update(ctx1_sha, ssl-client_premaster_secret, 48);
SHA_Final(buf,ctx1_sha);
MD5_Init(ctx1_md5);
MD5_Update(ctx1_md5, ssl-client_premaster_secret, 48);
MD5_Update(ctx1_md5, buf, 20);
MD5_Final(tmp, ctx1_md5);
tmp += 16;
}
However, when i analyze using the wireshark decoder for ssl (with the key
specified), i am getting a different MasterSecret calculated in Wireshark than
that calculated by me, though both use the same mechanism
Is something wrong with the MasterSecret calculation algorithm? Can i use a
generic OpenSSL v3 PRF function to calculate the same, without defining the
other parameters of ssl connection structure (because i am only required to
calculate the MasterSecret)?
Thanks and Regards,
Suchindra Chandrahas
-
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
Regarding Client Finished message
Hi All,
I have been able to complete handshake till client_finished
message. However, i am a little confused in client_finished message. Here is
what i understand:
client finished message as given in RFC draft, is:
snip
enum { client(0x434C4E54), server(0x53525652) } Sender;
struct {
opaque md5_hash[16];
opaque sha_hash[20];
} Finished;
md5_hash MD5(master_secret + pad2 +
MD5(handshake_messages + Sender +
master_secret + pad1));
sha_hashSHA(master_secret + pad2 +
SHA(handshake_messages + Sender +
master_secret + pad1));
handshake_messagesAll of the data from all handshake messages
up to but not including this message. This
is only data visible at the handshake layer
and does not include record layer headers.
/snip
However, i am not able to understand what they mean by handshake_messages
Is it:
client_random_number sent in client_hello message [28] +
server_random_number received in server_hello_message [28] +
client_random_number sent in client_key_exchange [48 bits]
???
Also, to form a md5 hash, shall i use:
snip
MD5_CTX ctx;
MD5_Init(ctx);
and repeat
MD5_Update(ctx,handshake_messages,length of handshake_messages);
till i exhaust all messages
/snip
Is PRF function in TLS easier than this, because, i read somewhere that, in
TLS, we have:
master secret = PRF(server random number, client random number, pre master
secret)
key_material = PRF(master secret, client random number, server random number)
Please advice me if there is any tls library function that finds Pseudo Random
(PRF?)
Thanks and Regards,
Suchindra Chandrahas
-
Boardwalk for $500? In 2007? Ha!
Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games.
Re: Regarding Client Finished message
Thanks Merek. Will start working on this. Any docs that might have
implementations of this in some code snippet forms, because i am not so well
versed with MD5/Crypto libraries ?
Thanks and Regards,
Suchindra Chandrahas
Marek Marcola [EMAIL PROTECTED] wrote: Hello,
I have been able to complete handshake till
client_finished message. However, i am a little confused in
client_finished message. Here is what i understand:
client finished message as given in RFC draft, is:
enum { client(0x434C4E54), server(0x53525652) } Sender;
struct {
opaque md5_hash[16];
opaque sha_hash[20];
} Finished;
md5_hash MD5(master_secret + pad2 +
MD5(handshake_messages + Sender +
master_secret + pad1));
sha_hashSHA(master_secret + pad2 +
SHA(handshake_messages + Sender +
master_secret + pad1));
handshake_messagesAll of the data from all handshake messages
up to but not including this message. This
is only data visible at the handshake layer
and does not include record layer headers.
However, i am not able to understand what they mean by handshake_messages
Is it:
client_random_number sent in client_hello message [28] +
server_random_number received in server_hello_message [28] +
client_random_number sent in client_key_exchange [48 bits]
???
No, it is FULL handshake packets data, without SSL Record header
and without ChangeCipherSpec packet (which is not handshake packet).
Also, to form a md5 hash, shall i use:
MD5_CTX ctx;
MD5_Init(ctx);
and repeat
MD5_Update(ctx,,length of handshake_messages);
till i exhaust all messages
Yes.
Is PRF function in TLS easier than this, because, i read somewhere
that, in TLS, we have:
master secret = PRF(server random number, client random number, pre
master secret)
key_material = PRF(master secret, client random number, server random
number)
TLS PRF uses standard HMAC while SSL3 uses some special algorithm.
But you must implement PRF (witch looks similar to SSL3 method).
Best regards,
--
Marek Marcola
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
-
Catch up on fall's hot new shows on Yahoo! TV. Watch previews, get listings,
and more!
Re: Regarding Client Finished message
Thanks Merek. I have compiled a somewhat working version of it. Hope to complete by tomorrow Thanks for Matrix SSL Thanks and Regards, Suchindra Chandrahas Marek Marcola [EMAIL PROTECTED] wrote: Hello, Thanks Merek. Will start working on this. Any docs that might have implementations of this in some code snippet forms, because i am not so well versed with MD5/Crypto libraries ? If you want to look at very clear and well commented implementation of SSL you may look at MatrixSSL Best regards, -- Marek Marcola __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] - Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out.
Re: Regarding OpenSSL communication
Thanks a lot Marek! I was making mistake at: 16 - SSL3/TLS1 handshake packet (was not including this) Now i understood the whole process completely, thanks to your guidance!. If there is any document or any such thing that has such details, it would be great if you could forward it to me. Thanks a lot again, it helped me a lot! Thanks and Regards, Suchindra Chandrahas Marek Marcola [EMAIL PROTECTED] wrote: Hello, I request you to please have mercy on me. I have to communicate to SSL v3 Server using SSL v3 Client Hello Message. The following is my client hello message: \x01 \x03\x01 /* SSL Version */ \x40\x7b\xab\xc0 /* GMT */ \x32\x41\x52\xd3\x46\x63\xea\x22 \x37\x22\x33\x70\x2e\xfe\x80\x08 \xeb\x82\xe9\xcd\xba\x97\x84\xbd \xd4\x8a\x9d\xe2 /* Random Value */ \x00\x18 /* cipher specs length */ \x00\x00 /* Session ID Length */ \x00\x00\x33\x00\x00\x32\x00\x00 /* cipher specs data */ \x35\x01\x00\x80\x08\x00\x80\x06 \x00\x40\x04\x00\x80\x02\x00\x80 \x02\x01\x00 /* Compression Method */ I am somehow not getting GMT and random value details in ethereal. Is the above stuff the right SSL v3 Client Hello? Please help me out as i have to finish my project tomorrow morning! If you really want SSL2 client_hello here is example: 80 2f 01 03 01 00 06 00 00 00 20 00 00 35 00 00 2f 21 fc e5 6d 1e b9 49 78 55 ca fc 83 75 a4 75 82 5a 05 8a d2 51 8c bf dc 96 d2 fe 77 c1 60 8b 26 and this means: 80 - SSL2 handshake 2f - length of packet data (47 bytes) 01 - SSL2 client_hello packet 03 00 - SSL3 proposition 00 06 - cipher suite len 00 00 - session id len 00 20 - client_random/chalenge len (32 bytes) 00 00 35 - first cipher suite (rsa_aes256_sha1) 00 00 2f - second cipher suite (rsa_aes128_sha1) 21 fc e5 6d 1e b9 49-78 55 ca fc 83 75 a4 75 82 - client_random/challenge (to end) 5a 05 8a d2 51 8c bf-dc 96 d2 fe 77 c1 60 8b 26 This data send to server after will be properly understood. This packet is build with SSL Record Header (2 bytes) and with SSL Handshake client_hello packet (rest of data). SSL3 form of this packet will be: 16 03 00 00 2f 01 00 00-2b 03 00 46 cd dd 9e ab 47 d3 b4 6a e6 3a 00 0d-c1 3f e3 9c 17 a6 c3 3d 8d 89 63 10 6b 55 bf bd-05 4c fa 00 00 04 00 35 00 2f 01 00 which means: 16 - SSL3/TLS1 handshake packet 03 00 - SSL3 proposition in Record Layer 00 2f - length of handshake data 01 - client_hello packet 00 00-2b length of client_hello data 03 00 - SSL3 proposition in Handshake layer 46 cd dd 9e ab 47 d3 b4 6a e6 3a 00 0d-c1 3f e3 - client_random (32 bytes) 9c 17 a6 c3 3d 8d 89 63 10 6b 55 bf bd-05 4c fa 00 - session id len 00 04 - cipher suite len 00 35 - first cipher suite (rsa_aes256_sha1) 00 2f - second cipher suite (rsa_aes128_sha1) 01 - compression suite length 00 - no compression Here first 5 bytes are SSL Record and rest are SSL handshake. Best regards, -- Marek Marcola __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] - Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online.
Regarding OpenSSL communication
Hi all, I am using the following client hello message format for an SSL V3 Server: snip unsigned char buf[BUFSIZE] = \x01 /* client hello msg */ \x03\x00 /* client version */ \x00\x18 /* cipher specs length */ \x00\x00 /* session id length */ \x00\x10 /* challenge length */ \x07\x00\xc0\x05\x00\x80\x03\x00 /* cipher specs data */ \x80\x01\x00\x80\x08\x00\x80\x06 \x00\x40\x04\x00\x80\x02\x00\x80 ; /* session id data */ /snip The message i am getting at server end is: snip error:1408A0B6:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers passed /snip Can you please tell me where the error is? I have sent ciphers actually Thanks and Regards, Suchindra Chandrahas - Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us.
Re: Regarding OpenSSL communication
Hi Lutz,
I am using the following handshake for communication in ssl
v2:
snip
CLIENT
SERVER
--
--
client hello = {session id + challenge } sent --
--
server hello = { conn_id + certificate } sent
process server hello and identify conn_id
generate master key
generate key material
generate session keys using key material
{master key}pks sent ---
(master key encrypted by public key of server)
client finished = { conn_id } sent ---
---
server finished received
data transfer
/snip
However, i guess ssl3 handshake handler at server expects changecipherspec from
client side
Please let me know if i am wrong!
Thanks and Regards,
Suchindra Chandrahas
Lutz Jaenicke [EMAIL PROTECTED] wrote: Suchindra Chandrahas wrote:
Hi all,
I am using the following client hello message format
for an SSL V3 Server:
unsigned char buf[BUFSIZE] =
\x01 /* client hello msg */
\x03\x00 /* client version */
\x00\x18 /* cipher specs length */
\x00\x00 /* session id length */
\x00\x10 /* challenge length */
\x07\x00\xc0\x05\x00\x80\x03\x00 /* cipher
specs data */
\x80\x01\x00\x80\x08\x00\x80\x06
\x00\x40\x04\x00\x80\x02\x00\x80
; /* session id
data */
The message i am getting at server end is:
error:1408A0B6:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers passed
Can you please tell me where the error is?
I have sent ciphers actually
Have you tried ssldump? It should give you its interpretation of your
data.
Best regards,
Lutz
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
-
Luggage? GPS? Comic books?
Check out fitting gifts for grads at Yahoo! Search.
Re: Regarding OpenSSL communication
Hi Marek,
I request you to please have mercy on me. I have to
communicate to SSL v3 Server using SSL v3 Client Hello Message. The following
is my client hello message:
snip
\x01
\x03\x01 /* SSL Version */
\x40\x7b\xab\xc0 /* GMT */
\x32\x41\x52\xd3\x46\x63\xea\x22
\x37\x22\x33\x70\x2e\xfe\x80\x08
\xeb\x82\xe9\xcd\xba\x97\x84\xbd
\xd4\x8a\x9d\xe2 /* Random Value */
\x00\x18 /* cipher specs length */
\x00\x00 /* Session ID Length */
\x00\x00\x33\x00\x00\x32\x00\x00 /* cipher specs data */
\x35\x01\x00\x80\x08\x00\x80\x06
\x00\x40\x04\x00\x80\x02\x00\x80
\x02\x01\x00 /* Compression Method */
/snip
I am somehow not getting GMT and random value details in ethereal. Is the above
stuff the right SSL v3 Client Hello?
Please help me out as i have to finish my project tomorrow morning!
Thanks and Regards,
Suchindra Chandrahas
Marek Marcola [EMAIL PROTECTED] wrote: Hello,
I am using the following client hello message format for an
SSL V3 Server:
unsigned char buf[BUFSIZE] =
\x01 /* client hello msg */
\x03\x00 /* client version */
\x00\x18 /* cipher specs length */
\x00\x00 /* session id length */
\x00\x10 /* challenge length */
\x07\x00\xc0\x05\x00\x80\x03\x00 /* cipher specs data
*/
\x80\x01\x00\x80\x08\x00\x80\x06
\x00\x40\x04\x00\x80\x02\x00\x80
; /*
session id data */
The message i am getting at server end is:
error:1408A0B6:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers passed
This looks like SSL2 client_hello.
For that to work you must add SSL2 record header, in this case
two bytes {0x80, len} where len in length of handshake data.
You cannot use here SSL3/TLS1 record header.
And if you specified 16 bytes of chalenge/random data, you must add this
data to packet too.
Best regards,
--
Marek Marcola
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
-
Choose the right car based on your needs. Check out Yahoo! Autos new Car
Finder tool.
Re: error regaring libssl.so
I had the same issue earlier, and it got resolved once i gave -lcrypto and included -I/usr/include/openssl/rsa.h and all the .hs such as md5.h in the source You must include /usr/include/openssl/rsa.h, md5.h ... etc and linker time stuff such as -lcrypto has to be used Allen Chen [EMAIL PROTECTED] wrote: raj pansuria åé: helo i m using fedora core 6 i got the following error helo my dynamic lib file is stored at /usr/src/lib/qt-3.3/lib/lhmail.so and it required support for libssl.so and libssl.so is in /usr/lib but when i run my application i got the following strange errors ../../liblhmail.so: undefined reference to `BIO_ctrl' ../../liblhmail.so: undefined reference to `d2i_DHparams' ../../liblhmail.so: undefined reference to `X509_dup' ../../liblhmail.so: undefined reference to `ASN1_HEADER_free' ../../liblhmail.so: undefined reference to `X509_LOOKUP_file' ../../liblhmail.so: undefined reference to `ERR_print_errors' ../../liblhmail.so: undefined reference to `EVP_PKEY_set1_RSA' ../../liblhmail.so: undefined reference to `EVP_PKEY_set1_DSA' ../../liblhmail.so: undefined reference to `CRYPTO_mem_ctrl' ../../liblhmail.so: undefined reference to `RSA_free' ../../liblhmail.so: undefined reference to `DH_free' ../../liblhmail.so: undefined reference to `BIO_free' ../../liblhmail.so: undefined reference to `PKCS7_free' ../../liblhmail.so: undefined reference to `X509_LOOKUP_hash_dir' ../../liblhmail.so: undefined reference to `EVP_PKEY_free' ../../liblhmail.so: undefined reference to `BUF_MEM_free' ../../liblhmail.so: undefined reference to `i2d_DHparams' ../../liblhmail.so: undefined reference to `PEM_read_bio_PrivateKey' ../../liblhmail.so: undefined reference to `EVP_PKEY_set1_DH' ../../liblhmail.so: undefined reference to `ERR_load_crypto_strings' ../../liblhmail.so: undefined reference to `X509_LOOKUP_ctrl' ../../liblhmail.so: undefined reference to `PEM_write_bio_PKCS7' ../../liblhmail.so: undefined reference to `ASN1_dup' ../../liblhmail.so: undefined reference to `i2d_DSAparams' ../../liblhmail.so: undefined reference to `BIO_printf' ../../liblhmail.so: undefined reference to `RSAPrivateKey_dup' ../../liblhmail.so: undefined reference to `EVP_PKEY_new' ../../liblhmail.so: undefined reference to `SMIME_read_PKCS7' ../../liblhmail.so: undefined reference to `EVP_PKEY_get1_RSA' ../../liblhmail.so: undefined reference to `EVP_PKEY_get1_DH' ../../liblhmail.so: undefined reference to `BIO_free_all' ../../liblhmail.so: undefined reference to `BIO_s_file' ../../liblhmail.so: undefined reference to `BIO_s_mem' ../../liblhmail.so: undefined reference to `BIO_new_fp' ../../liblhmail.so: undefined reference to `OPENSSL_add_all_algorithms_noconf' ../../liblhmail.so: undefined reference to `PKCS7_verify' ../../liblhmail.so: undefined reference to `d2i_DSAparams' ../../liblhmail.so: undefined reference to `CRYPTO_mem_leaks' ../../liblhmail.so: undefined reference to `BIO_new' ../../liblhmail.so: undefined reference to `X509_STORE_free' ../../liblhmail.so: undefined reference to `X509_STORE_new' ../../liblhmail.so: undefined reference to `X509_STORE_add_lookup' ../../liblhmail.so: undefined reference to `PEM_read_bio_X509_AUX' ../../liblhmail.so: undefined reference to `ERR_clear_error' ../../liblhmail.so: undefined reference to `BIO_new_mem_buf' ../../liblhmail.so: undefined reference to `DSA_free' ../../liblhmail.so: undefined reference to `EVP_PKEY_type' ../../liblhmail.so: undefined reference to `PKCS7_sign' ../../liblhmail.so: undefined reference to `EVP_PKEY_get1_DSA' ../../liblhmail.so: undefined reference to `ENGINE_load_builtin_engines' collect2: ld returned 1 exit status make: *** [pop3] Error 1 what to do to solve this error amit Add |/usr/local/ssl/lib to |LD_LIBRARY_PATH or /etc/ld.so.conf|.| __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] - Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out.
Re: SSL Programming
Thanks a lot ! Let me see, i am opening it in my browser now. Seems to take too long to open Suchi Vladislav Marinov [EMAIL PROTECTED] wrote: Suchindra Chandrahas wrote: Hi All, I have to write some ssl fuzzers for a web server. Any resources or links would be nice ! I personally found very useful the following article which consists if 2 parts: http://www.linuxjournal.com/article/4822 http://www.linuxjournal.com/article/5487 Vladislav __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] - We won't tell. Get more on shows you hate to love (and love to hate): Yahoo! TV's Guilty Pleasures list.
some doubt about ssl programming
Hi All, Saw the part1 and part2. Trying to understand the stuff. I got some client examples given there. I have downloaded sclient. Upon connecting, it says : Certificate doesn't verify. Upon verification of SSL error code, the part1.pdf gives the code of check_cert that says : snip if(SSL_get_verify_result(ssl)!=X509_V_OK) 39 berr_exit(Certificate doesnt verify); /snip Does this mean that the host's certificate is not a X509 certificate ? Regards, Suchindra Chandrahas - Be a PS3 game guru. Get your game face on with the latest PS3 news and previews at Yahoo! Games.
Re: some doubt about ssl programming
Part 1 and Part 2 are the PDFs that were given in openssl.org Well, the problem is still doubtful because 1. The server certificates are recent (not expired), and 2. But they are self signed certificates (this might be a problem !) Thanks for the replies Regards, Suchindra Chandrahas Goetz Babin-Ebell [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Suchindra Chandrahas schrieb: Hi All, Hi Suchindra, Saw the part1 and part2. Trying to understand the stuff. I got some client examples given there. I have downloaded sclient. ??? Which part1 and part2 ? if(SSL_get_verify_result(ssl)!=X509_V_OK) 39 berr_exit(Certificate doesn't verify); Does this mean that the host's certificate is not a X509 certificate ? No it means that the verification of the X509 certificate verify functionality detewcted an error. Bye Goetz - -- DMCA: The greed of the few outweights the freedom of the many -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9pAt2iGqZUF3qPYRAvd9AJ9k2c9NjYsACnPKqOdz1lWm68QPFQCeOunj vjW22hsEEL150sNcdpLTYFY= =o5nx -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] - Need Mail bonding? Go to the Yahoo! Mail QA for great tips from Yahoo! Answers users.
Re: some doubt about ssl programming
Hi Vladislav, I know i should not disturb you, just a small question here. What kind of fuzzing attacks can be done on an SSL based apache web server ? I just wanted a brief idea about them Thanks and Regards, Suchindra Chandrahas - Don't pick lemons. See all the new 2007 cars at Yahoo! Autos.
Re: some doubt about ssl programming
Hi Vladislav, THANKS A LOT. I Now understoold that i must look for client certificates time, and not that which is obtained at server end. Will progress and update. Thanks a lot for your help Suchindra Chandrahas Vladislav Marinov [EMAIL PROTECTED] wrote: Hi, If you are using the certificates from the source code that is given at the mentioned link - looks like this source code was last touched on 10.01.2002 so I doubt that those certs are recent (and when I was testing them sometime in October 2006 they had expired). Another thing could be the self-signed certificates. I think you can solve that by simply loading the proper credentials in SSL_load_verify_locations(). Can you tell what error number do you get from SSL_get_verify_result() - this function returns always some value. This can be then checked in the man pages of verify(1) and you can see what is the problem. Vladislav - Original Message - From:SuchindraChandrahas To: openssl-users@openssl.org Sent: Tuesday, March 13, 2007 2:18PM Subject: Re: some doubt about sslprogramming Part 1 and Part 2 are the PDFs that were given inopenssl.org Well, the problem is still doubtful because 1. Theserver certificates are recent (not expired), and 2. But they are self signedcertificates (this might be a problem !) Thanks for the replies Regards, Suchindra Chandrahas Goetz Babin-Ebell [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Suchindra Chandrahas schrieb: Hi All, Hi Suchindra, Saw the part1 and part2. Trying to understand the stuff. I got some client examples given there. I have downloaded sclient. ??? Which part1 and part2 ? if(SSL_get_verify_result(ssl)!=X509_V_OK) 39 berr_exit(Certificate doesn't verify); Does this mean that the host's certificate is not a X509 certificate ? No it means that the verification of the X509 certificate verify functionality detewcted an error. Bye Goetz - -- DMCA: The greed of the few outweights the freedom of the many -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9pAt2iGqZUF3qPYRAvd9AJ9k2c9NjYsACnPKqOdz1lWm68QPFQCeOunj vjW22hsEEL150sNcdpLTYFY= =o5nx -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager[EMAIL PROTECTED] - Need Mail bonding? Go to the Yahoo!Mail QA for greattips from Yahoo! Answers users. - Don't get soaked. Take a quick peek at the forecast with theYahoo! Search weather shortcut.
SSL Programming
Hi All, I have to write some ssl fuzzers for a web server. Any resources or links would be nice ! Thanks a lot for help, Suchindra Chandrahas - It's here! Your new message! Get new email alerts with the free Yahoo! Toolbar.
Re: RFC2630 support
Dear madhu, Have you worked at Disc Technology Services Private Limited previously. Just got confused by the name. Please don't mind. Regards, Suchi __ Do you Yahoo!? Yahoo! Small Business - Try our new Resources site http://smallbusiness.yahoo.com/resources/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
