Re: A question about the “localhost.key” and “localhost.crt” files.
The filenames themselves are insignificant. You can name them anything you want. The apache configuration file(s) contain key/value pairs where SSLCertificateFile specifies the path to the file containing your certificate and SSLCertificateKeyFile specifies the path to the file containing your private key. There is no requirement that these filenames match the name of your server. It sounds to me like you don't understand how certificates work. I suggest you read a certificate tutorial such as this one: http://www.steves-internet-guide.com/ssl-certificates-explained/ Once you understand how certificates work, I suggest reading the apache documentation available here: https://httpd.apache.org/docs/current/ and, specifically, the documentation for mod_ssl available here: https://httpd.apache.org/docs/current/mod/mod_ssl.html Regards, Tom.III On Fri, Sep 4, 2020 at 3:20 AM Jason Long via openssl-users < openssl-users@openssl.org> wrote: > Hello, > I think “localhost.crt” and “localhost.key” files using by Apache and they > are mandatory for get a HTTPS certificate. Some tools like "Certbot" need > them. > If these files deleted then how can I regenerate them? Is below command OK? > > # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout > /etc/pki/tls/private/localhost.key -out /etc/ssl/certs/localhost.crt > > I found "/usr/libexec/httpd-ssl-gencerts" tool. Is it OK too? > > The "localhost" is the name of my server? If my server name in > "/etc/hosts" file is "my-example.net" then these files name must be > "my-example.net.key" and "my-example.net.crt" ? > > I'm thankful if anyone answer to my questions clearly. > > Thank you. >
A question about the “localhost.key” and “localhost.crt” files.
Hello, I think “localhost.crt” and “localhost.key” files using by Apache and they are mandatory for get a HTTPS certificate. Some tools like "Certbot" need them. If these files deleted then how can I regenerate them? Is below command OK? # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out /etc/ssl/certs/localhost.crt I found "/usr/libexec/httpd-ssl-gencerts" tool. Is it OK too? The "localhost" is the name of my server? If my server name in "/etc/hosts" file is "my-example.net" then these files name must be "my-example.net.key" and "my-example.net.crt" ? I'm thankful if anyone answer to my questions clearly. Thank you.
Re: [openssl-users] Posting a question
That's odd. I've been waiting for a post that I sent on Friday to appear. Nothing so far. The list seems to be far more active now than on Friday. On Sun, Apr 29, 2018 at 5:44 PM, Salz, Rich via openssl-users < openssl-users@openssl.org> wrote: > >- I have posted my question into the forum. Please kindly approve it >as soon as possible. > > > > Which forum? > > > > The fact that you were able to post to the openssl-users mailing list > means you should just post your question, well, to the openssl-users > mailing list. ☺ > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Posting a question
* I have posted my question into the forum. Please kindly approve it as soon as possible. Which forum? The fact that you were able to post to the openssl-users mailing list means you should just post your question, well, to the openssl-users mailing list. ☺ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Posting a question
Hello, I have posted my question into the forum. Please kindly approve it as soon as possible. Thanking you, BR, Anil Kumar Reddy Morthala -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] A question DH parameter generation and usage
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Jakob Bohm > Sent: Thursday, December 07, 2017 01:44 > > > Actually in some of my code, I have found that the callback can > still be useful by examining the SSL session argument to > heuristically identify likely client side DH size capability and > thus choose between modernDH parameter sizes. Interesting idea. We might look into doing something similar someday. > P.S. Forcing use of common DH parameters in TLS 1.3 would directly > make all TLS 1.3 implementations vulnerable to LogJam. That would > be absurd. That's what TLSv1.3 does, as of the latest I-D (and several previous revisions). Technically, it's not vulnerable to LogJam - LogJam is a downgrade attack, to a 512-bit "export" group, and the smallest group in RFC 7919 is 2048 bits. Using the same parameters across all implementations makes TLSv1.3 theoretically vulnerable to the WeakDH part of the LogJam/WeakDH attack class, but the presumption is that for even well-resourced adversaries a 2048-bit group is intractable. The WeakDH paper suggests breaking a 1024-bit group is feasible, but 2048 is obviously far more expensive. (The exact relationship isn't straightforward to determine, but it's exponential.) For the paranoid, RFC 7919 / TLSv1.3 give you groups up to 8192 bits. I am myself not entirely keen on this aspect of TLSv1.3, but this version of TLS has had much more cryptological analysis and engineering than any previous one. I'm sure this issue was discussed at length. I've seen more than one recommendation to use RFC 7919 groups, rather than arbitrary ones, even for older TLS versions. This is a change from the original WeakDH recommendations. (The "Imperfect Forward Secrecy" paper came out in October 2015, and RFC 7919 in August 2016.) -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] A question DH parameter generation and usage
On 06/12/2017 20:25, Michael Wojcik wrote: From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Viktor Dukhovni Sent: Wednesday, December 06, 2017 13:21 On Dec 6, 2017, at 8:51 AM, Michael Wojcik wrote: Note: If you use OpenSSL 1.0.x and you use the DH parameter callback, be aware that the callback isn't invoked in a useful manner by OpenSSL. (It always asks for a 1024-bit group, unless an export cipher suite was selected, which should never happen.) This is misleading. The callback does not really ask for a 1024-bit group, rather it passes one of two key-size hints "512" for export ciphers and 1024 for non-export ciphers. Therefore, one can return any reasonable group size instead of 1024 bits. Yes, that's what I meant. Sorry if I was unclear. (We have code that still uses the callback, but passes back a group of size configurable by the administrator, and defaulting to 2048 bits. As the OpenSSL docs now recommend, we ignore the size and export parameters to the callback.) In fact, now that export ciphers have gone the way of the dodo, the best thing to do is probably just set a single group of your preferred size in all your SSL_CTX structures and forget about the callback. Sure, provided one is sure that this will not lead to (DH) private key re-use. In sufficiently recent OpenSSL releases single DH use is the default and IIRC cannot be disabled. But older releases may more reliably avoid DH key re- use when the group is provided via the tmp_dh callback. Oh, that's right. There's some option to set to tell OpenSSL 1.0.2 to tell it not to reuse DH keys, isn't there. Let's see... it's SSL_OP_SINGLE_DH_USE. But the man page for SSL_CTX_set_tmp_dh and SSL_CTX_set_tmp_dh_callback (and the SSL-specific versions) seems to imply that SSL_OP_SINGLE_DH_USE isn't necessary if either of those functions were used. In any case, since 1.0.2f, SSL_OP_SINGLE_DH_USE is always on and cannot be disabled (CVE-2016-0701). That's probably why I'd forgotten about it. In sum: The simplest thing is to choose a single DH group that meets your requirements (probably at least 2048 bits, and either coming from RFC 7919 or a good run of openssl dhparam), then set that in each new context with SLS_CTX_set_tmp_dh. Actually in some of my code, I have found that the callback can still be useful by examining the SSL session argument to heuristically identify likely client side DH size capability and thus choose between modernDH parameter sizes. P.S. Forcing use of common DH parameters in TLS 1.3 would directly make all TLS 1.3 implementations vulnerable to LogJam. That would be absurd. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] A question DH parameter generation and usage
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Viktor Dukhovni > Sent: Wednesday, December 06, 2017 13:21 > > > On Dec 6, 2017, at 8:51 AM, Michael Wojcik > wrote: > > > > > > Note: If you use OpenSSL 1.0.x and you use the DH parameter callback, be > > aware that the callback isn't invoked in a useful manner by OpenSSL. (It > > always asks for a 1024-bit group, unless an export cipher suite was > > selected, > > which should never happen.) > > This is misleading. The callback does not really ask for a 1024-bit group, > rather it passes one of two key-size hints "512" for export ciphers and 1024 > for non-export ciphers. Therefore, one can return any reasonable group size > instead of 1024 bits. Yes, that's what I meant. Sorry if I was unclear. (We have code that still uses the callback, but passes back a group of size configurable by the administrator, and defaulting to 2048 bits. As the OpenSSL docs now recommend, we ignore the size and export parameters to the callback.) > > In fact, now that export ciphers have gone the way of the dodo, the best > > thing to do is probably just set a single group of your preferred size in > > all your > > SSL_CTX structures and forget about the callback. > > Sure, provided one is sure that this will not lead to (DH) private key re-use. > In sufficiently recent OpenSSL releases single DH use is the default and IIRC > cannot be disabled. But older releases may more reliably avoid DH key re- > use when the group is provided via the tmp_dh callback. Oh, that's right. There's some option to set to tell OpenSSL 1.0.2 to tell it not to reuse DH keys, isn't there. Let's see... it's SSL_OP_SINGLE_DH_USE. But the man page for SSL_CTX_set_tmp_dh and SSL_CTX_set_tmp_dh_callback (and the SSL-specific versions) seems to imply that SSL_OP_SINGLE_DH_USE isn't necessary if either of those functions were used. In any case, since 1.0.2f, SSL_OP_SINGLE_DH_USE is always on and cannot be disabled (CVE-2016-0701). That's probably why I'd forgotten about it. In sum: The simplest thing is to choose a single DH group that meets your requirements (probably at least 2048 bits, and either coming from RFC 7919 or a good run of openssl dhparam), then set that in each new context with SLS_CTX_set_tmp_dh. -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] A question DH parameter generation and usage
> On Dec 6, 2017, at 8:51 AM, Michael Wojcik > wrote: > > > Note: If you use OpenSSL 1.0.x and you use the DH parameter callback, be > aware that the callback isn't invoked in a useful manner by OpenSSL. (It > always asks for a 1024-bit group, unless an export cipher suite was selected, > which should never happen.) This is misleading. The callback does not really ask for a 1024-bit group, rather it passes one of two key-size hints "512" for export ciphers and 1024 for non-export ciphers. Therefore, one can return any reasonable group size instead of 1024 bits. See for example: https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_dh.c#L227 where the "1024-bit" group returned by the tmp_dh callback is a 2048-bit group. The text at: http://www.postfix.org/FORWARD_SECRECY_README.html#dfn_fs http://www.postfix.org/FORWARD_SECRECY_README.html#tls_fs may be helpful to some users not familiar with forward secrecy in TLS. > In fact, now that export ciphers have gone the way of the dodo, the best > thing to do is probably just set a single group of your preferred size in all > your SSL_CTX structures and forget about the callback. Sure, provided one is sure that this will not lead to (DH) private key re-use. In sufficiently recent OpenSSL releases single DH use is the default and IIRC cannot be disabled. But older releases may more reliably avoid DH key re-use when the group is provided via the tmp_dh callback. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] [openssl-dev] A question DH parameter generation and usage
Hi Rich, Thanks for the reply. We are planning to use DHE_RSA based ciphers. Regards Jaya On Wed, Dec 6, 2017 at 7:20 PM, Salz, Rich via openssl-users < openssl-users@openssl.org> wrote: > You can re-use the keys, but then you get no forward secrecy, and sessions > generated with one connection are vulnerable to another. > > > > Why are you using DH? Unless you have compelling reasons (interop with > legacy), you really should use ECDHE. > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] [openssl-dev] A question DH parameter generation and usage
Hi Michael, Thanks for very detailed answers. This will surely help me to investigate further. Regards Jaya On Wed, Dec 6, 2017 at 7:37 PM, Michael Wojcik < michael.woj...@microfocus.com> wrote: > > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On > Behalf Of Salz, Rich via openssl-users > > Sent: Wednesday, December 06, 2017 08:50 > > > You can re-use the keys, but then you get no forward secrecy, and > sessions generated with one connection are > > vulnerable to another. > > If you reuse keys, yes; but you still get PFS if you only reuse the same > group and generate ephemeral keys (assuming sufficient group strength, > where "sufficient" depends on the size of the group and its value to > well-resourced attackers). I thought that was what the original poster was > asking about. > > > Why are you using DH? Unless you have compelling reasons (interop with > legacy), you really should use ECDHE. > > Interop would be the usual reason. And since supporting DHE properly is a > small fixed cost (generate a group or pick one from RFC 7919, hard-code it, > and set it in each SSL_CTX), you might as well do it, no? > > But I agree that the ECDHE suites are generally preferable when the client > supports them. I know there's some NSA FUD around ECC since they pulled it > from the Suite B recommendations in 2015.[1] I still think the published > evidence supports using ECC, though. On the other hand, and per today's > other thread on the subject, there may be legal concerns around the use of > ECC. > > > [1] Matt Green has a nice discussion of this, including a link to the > great paper Koblitz and Menezes wrote about it, here: https://blog. > cryptographyengineering.com/2015/10/22/a-riddle-wrapped-in-curve/ > > -- > Michael Wojcik > Distinguished Engineer, Micro Focus > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] [openssl-dev] A question DH parameter generation and usage
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Salz, Rich via openssl-users > Sent: Wednesday, December 06, 2017 08:50 > You can re-use the keys, but then you get no forward secrecy, and sessions > generated with one connection are > vulnerable to another. If you reuse keys, yes; but you still get PFS if you only reuse the same group and generate ephemeral keys (assuming sufficient group strength, where "sufficient" depends on the size of the group and its value to well-resourced attackers). I thought that was what the original poster was asking about. > Why are you using DH? Unless you have compelling reasons (interop with > legacy), you really should use ECDHE. Interop would be the usual reason. And since supporting DHE properly is a small fixed cost (generate a group or pick one from RFC 7919, hard-code it, and set it in each SSL_CTX), you might as well do it, no? But I agree that the ECDHE suites are generally preferable when the client supports them. I know there's some NSA FUD around ECC since they pulled it from the Suite B recommendations in 2015.[1] I still think the published evidence supports using ECC, though. On the other hand, and per today's other thread on the subject, there may be legal concerns around the use of ECC. [1] Matt Green has a nice discussion of this, including a link to the great paper Koblitz and Menezes wrote about it, here: https://blog.cryptographyengineering.com/2015/10/22/a-riddle-wrapped-in-curve/ -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] A question DH parameter generation and usage
For TLSv1.3, servers are no longer allowed to specify arbitrary DH groups (for finite-field or EC DH). They must use one of the named groups. So for 1.3, there's no point in generating your own groups; conforming implementations can't use them. For finite-field DH, those are the groups specified by RFC 7919. For ECDH there's a list in the draft TLSv1.3 spec (see section 4.2.8.2), which is available at the usual places. For TLS prior to 1.3, I agree with Jakob, whose recommendations are essentially the same as the original set coming from the WeakDH researchers. Since the publication of RFC 7919, some people have been recommending using only those groups, because they're believed to be trustworthy; I don't find that a compelling argument. But it's likely that TLSv1.3 (and its successors, presumably continuing the ban on arbitrary groups) will eventually come to dominate, making the question irrelevant in practice. In short: Use "openssl dhparam" to generate a suitable group or groups, or use the group or groups of appropriate size from RFC 7919. Hard-code these in your server. Note: If you use OpenSSL 1.0.x and you use the DH parameter callback, be aware that the callback isn't invoked in a useful manner by OpenSSL. (It always asks for a 1024-bit group, unless an export cipher suite was selected, which should never happen.) In fact, now that export ciphers have gone the way of the dodo, the best thing to do is probably just set a single group of your preferred size in all your SSL_CTX structures and forget about the callback. -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] [openssl-dev] A question DH parameter generation and usage
You can re-use the keys, but then you get no forward secrecy, and sessions generated with one connection are vulnerable to another. Why are you using DH? Unless you have compelling reasons (interop with legacy), you really should use ECDHE. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] A question DH parameter generation and usage
Hi Jakob and Paul, Thank you so much for the reply. We have the RSA certificates. I wanted to understand how generally DH parameters are generated. Thanks for the detailed answers. Regards Jayalakshmi On Wed, Dec 6, 2017 at 12:48 AM, Jakob Bohm wrote: > On 06/12/2017 07:02, Jayalakshmi bhat wrote: > >> Hi, >> >> We are planning to use DHE_RSA TLS ciphers into our product. I have few >> questions on using DH parameter. We would like to use DH-2048. >> >> our product includes both TLS client and server applications. Thus any >> time there will be considerable number of active connectioons. >> >> I believe we can use same DH parameter for all the server connections. Is >> my understanding correct? Is there any risk in using same parameter for all >> the server connections. >> >> Another question is what is guidelines/document should be followed to >> derive DH parameter. >> >> Any input is appreciated. >> >> >> In TLS and SSL 3 (current versions, not sure about GoogleTLS 1.3), > DHE parameters are chosen exclusively by the server, so most rules > will be about servers. > > Current best practice on clients is to reject parameters of less > than 1000 bits, parameters with fewer bits than they pretend (e.g. > parameters claiming to be 1024 bits, but the most significant 32 > bits are all 0, making them really less than 993 bits), parameters > that are glaringly non-prime (e.g. even numbers) and parameters > that cause the DHE calculation to result in an unreasonably number > such as 1 (indicating rigged parameters). I hope that OpenSSL > client code already does such checks by default, otherwise someone > should point out how to make it do so. > > Current best practice on servers is to use DHE parameters such as > those generated by openssl dhparam, or the equivalent API function. > > Current best practice on general purpose servers is to use at least > 2048 bit DH parameters except when talking to clients that can't do > that, such as the TLS code in Oracle Java 6. Going above 2048 bits > is good, but some common clients don't work significantly above > that number (for example, some versions of the Mozilla NSS code > have a built in maximum of 2236 bits). > > Current best practice on servers is to use DHE parameters that are > used by few other servers, at least in a given timespan. Thus for > servers that will be deployed in small numbers, just generate your > own parameters at build time using >openssl dhparam -C > dh.inc > then include dh.inc in your source code. For servers that will > be deployed in large numbers, load the dh parameters from files in > the format generated by > openssl dhparam > dh.pem > and include scripts or other code that will replace the file > contents daily or weekly (overwriting the old parameters only after > the new ones are ready). The exim mail server does this if you > follow the instructions. > > Enjoy > > Jakob > -- > Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com > Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 > This public discussion message is non-binding and may contain errors. > WiseMo - Remote Service Management for PCs, Phones and Embedded > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] A question DH parameter generation and usage
On 06/12/2017 07:02, Jayalakshmi bhat wrote: Hi, We are planning to use DHE_RSA TLS ciphers into our product. I have few questions on using DH parameter. We would like to use DH-2048. our product includes both TLS client and server applications. Thus any time there will be considerable number of active connectioons. I believe we can use same DH parameter for all the server connections. Is my understanding correct? Is there any risk in using same parameter for all the server connections. Another question is what is guidelines/document should be followed to derive DH parameter. Any input is appreciated. In TLS and SSL 3 (current versions, not sure about GoogleTLS 1.3), DHE parameters are chosen exclusively by the server, so most rules will be about servers. Current best practice on clients is to reject parameters of less than 1000 bits, parameters with fewer bits than they pretend (e.g. parameters claiming to be 1024 bits, but the most significant 32 bits are all 0, making them really less than 993 bits), parameters that are glaringly non-prime (e.g. even numbers) and parameters that cause the DHE calculation to result in an unreasonably number such as 1 (indicating rigged parameters). I hope that OpenSSL client code already does such checks by default, otherwise someone should point out how to make it do so. Current best practice on servers is to use DHE parameters such as those generated by openssl dhparam, or the equivalent API function. Current best practice on general purpose servers is to use at least 2048 bit DH parameters except when talking to clients that can't do that, such as the TLS code in Oracle Java 6. Going above 2048 bits is good, but some common clients don't work significantly above that number (for example, some versions of the Mozilla NSS code have a built in maximum of 2236 bits). Current best practice on servers is to use DHE parameters that are used by few other servers, at least in a given timespan. Thus for servers that will be deployed in small numbers, just generate your own parameters at build time using openssl dhparam -C > dh.inc then include dh.inc in your source code. For servers that will be deployed in large numbers, load the dh parameters from files in the format generated by openssl dhparam > dh.pem and include scripts or other code that will replace the file contents daily or weekly (overwriting the old parameters only after the new ones are ready). The exim mail server does this if you follow the instructions. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] [openssl-dev] A question DH parameter generation and usage
For DHE_RSA, you first need a pair of RSA certificate/key for signing. And you if want to use specific DH parameters, you can use the SSL_CTX_set_tmp_dh API, there is documentation describing how to use this function. DH parameter could be generated by OpenSSL in many ways, one of the common way is by using the openssl-dhparam command line tool. Check the -help option of that command. BTW: seems this email should be sent to openssl-users list only... > On 6 Dec 2017, at 14:02, Jayalakshmi bhat wrote: > > Hi, > > We are planning to use DHE_RSA TLS ciphers into our product. I have few > questions on using DH parameter. We would like to use DH-2048. > > our product includes both TLS client and server applications. Thus any time > there will be considerable number of active connectioons. > > I believe we can use same DH parameter for all the server connections. Is my > understanding correct? Is there any risk in using same parameter for all the > server connections. > > Another question is what is guidelines/document should be followed to derive > DH parameter. > > Any input is appreciated. > > Thanks and Regards > Jayalakshmi. > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev signature.asc Description: Message signed with OpenPGP -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] A question DH parameter generation and usage
Hi, We are planning to use DHE_RSA TLS ciphers into our product. I have few questions on using DH parameter. We would like to use DH-2048. our product includes both TLS client and server applications. Thus any time there will be considerable number of active connectioons. I believe we can use same DH parameter for all the server connections. Is my understanding correct? Is there any risk in using same parameter for all the server connections. Another question is what is guidelines/document should be followed to derive DH parameter. Any input is appreciated. Thanks and Regards Jayalakshmi. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] a question on SSL_MAX_BUF_FREELIST_LEN_DEFAULT
Hi All, We are using OpenSSL on a multihome device. Device has 4 interfaces. Each network interface creates one SSL context (SSL_CTX) and supports 16 connections. As per OpenSSL implementation Each SSL context can maintain a free buffer list of 32. And this retained till SSL context (SSL_CTX) is deleted. I wanted to know is there any reason behind defining #define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 . Can I reduce it to say 4 or some smaller value. Also can I use OpenSSL_malloc/OpenSSL_free instead of freelist_extract/freelist_insert in ssl3_setup_read_buffer/ssl3_setup_write_buffer. Are there any side effects? Any help is appreciated. Thanks in advance. Regards Jayalakshmi ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] A question to the VMS folks out there (SSL_TASK)
Hi, this is a question to the VMS folks out there. A few days ago, I took SSL_TASK out of the OpenSSL master branch (that is, the files crypto/bio/bss_rtcp.c and ssl/ssl_task.c). It never really belonged in OpenSSL but stayed there for reasons only historians can tell at this point. I'm currently having a hg repo with the files as part of the vms-ports effort (https://sourceforge.net/p/vms-ports/ssl_task/), but I'm starting to wonder if anyone is still using this stuff or if it's just dead code by now. The answer will make all the difference to my willingness to keep this code alive or not. Cheers, Richard -- Richard Levitte rich...@levitte.org http://richard.levitte.org/ "Life is a tremendous celebration - and I'm invited!" -- from a friend's blog, translated from Swedish ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: A question on EVP_PKEY_copy_parameters
On Wed, Jun 12, 2013 at 12:02:52PM -0700, anu.engineer wrote: > Just before signing the certificate the code executes this fragment > > pktmp=X509_get_pubkey(ret); > if (EVP_PKEY_missing_parameters(pktmp) && > !EVP_PKEY_missing_parameters(pkey)) > EVP_PKEY_copy_parameters(pktmp,pkey); > EVP_PKEY_free(pktmp); I think that call to EVP_PKEY_copy_parameters should be checked for success, otherwise failure to copy the parameters may go unnoticed. > My Question : > > 1) What parameters are we talking about here? This is in part for GOST R 34.10. Per RFC 4491 section 2.3.1 when the parameters are missing, they are inherited from the issuing certificate. It looks like OpenSSL wants to avoid creating certificates with missing parameters. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: A question on EVP_PKEY_copy_parameters
Hi Dave, This is a very detailed and excellent answer, Thank you very much Anu On Wed, Jun 12, 2013 at 6:59 PM, Dave Thompson wrote: > >From: owner-openssl-us...@openssl.org On Behalf Of anu.engineer > >Sent: Wednesday, 12 June, 2013 15:03 > > > I am reading thru the ca.c in the apps directory to understand how > >to issue a certificate using OpenSSL and I came across this fragment > >of code which I am struggling to understand. > > >Just before signing the certificate the code executes this fragment > [indentation partially restored] > >pktmp=X509_get_pubkey(ret); > >if (EVP_PKEY_missing_parameters(pktmp) && > > !EVP_PKEY_missing_parameters(pkey)) > > EVP_PKEY_copy_parameters(pktmp,pkey); > >EVP_PKEY_free(pktmp); > > >I looked up the man pages and the notes section talk about > > >The main purpose of the functions EVP_PKEY_missing_parameters() > >and EVP_PKEY_copy_parameters() is to handle public keys in certificates > >where the parameters are sometimes omitted from a public key > >if they are inherited from the CA that signed it. > > >1) What parameters are we talking about here ? We just read the > >Public Key from the CSR and we seem to copy some fields from the CA key > >( in the code pkey) to pktmp key which is the key we read from the CSR. > > pktmp is a copy of the requester's publickey from the CSR, yes. > > The parameters for DSA are the group-defining prime p, subgroup order q, > and subgroup generator g, and optionally some additional values that can > be used to prove the parameters were generated "randomly" (i.e. not > manipulated to force user keys into an possibly more breakable sub/group). > As indicated, 3279/3280/5280 allow these to be omitted from PublicKeyInfo > in child cert if they are the same as parent cert/key; this was apparently > intended for cases like people in a business all using the same parameters > for their keys and a corporate CA for their certs. AFAICS openssl won't > *generate* a CSR like this, because its private keys are always complete, > but some other software might. As no one seems to be using DSA certs > on the public internet, there's no handy data to check this. > > The parameters for EC including ECDSA are in principle a prime integer > for a GF(p) underlying field or a binary "basis" polynomial and its length > for a GF(2^n) aka "binary" one, coefficients a and b of the curve equation, > a base or generating point represented by two or sometimes one elements > of the underlying field, the order of the result group and its "cofactor". > In practice people don't generate their own EC parameters (which is hard) > but instead use one of a few dozen standardized sets, which can be and > usually are encoded in the cert as one OID, so there's no practical benefit > to using inheritance and I doubt anyone does. > > There are no parameters for RSA; each key(pair) stands alone. > > But it doesn't look like this piece of code accomplishes anything. > It would make some sense to inherit the parameters (if necessary) > then check this key is consistent with the parameters (to the extent > possible for a publickey), but it doesn't actually do that. Maybe > it did in a past version but got neutered by some change -- and > not noticed because in practice people rarely create or accept > deliberately defective keys and CSRs. Even when a malefactor wants > a fraudulent cert, it's a fraudulent binding to a valid key. > > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org >
RE: A question on EVP_PKEY_copy_parameters
>From: owner-openssl-us...@openssl.org On Behalf Of anu.engineer >Sent: Wednesday, 12 June, 2013 15:03 > I am reading thru the ca.c in the apps directory to understand how >to issue a certificate using OpenSSL and I came across this fragment >of code which I am struggling to understand. >Just before signing the certificate the code executes this fragment [indentation partially restored] >pktmp=X509_get_pubkey(ret); >if (EVP_PKEY_missing_parameters(pktmp) && > !EVP_PKEY_missing_parameters(pkey)) > EVP_PKEY_copy_parameters(pktmp,pkey); >EVP_PKEY_free(pktmp); >I looked up the man pages and the notes section talk about >The main purpose of the functions EVP_PKEY_missing_parameters() >and EVP_PKEY_copy_parameters() is to handle public keys in certificates >where the parameters are sometimes omitted from a public key >if they are inherited from the CA that signed it. >1) What parameters are we talking about here ? We just read the >Public Key from the CSR and we seem to copy some fields from the CA key >( in the code pkey) to pktmp key which is the key we read from the CSR. pktmp is a copy of the requester's publickey from the CSR, yes. The parameters for DSA are the group-defining prime p, subgroup order q, and subgroup generator g, and optionally some additional values that can be used to prove the parameters were generated "randomly" (i.e. not manipulated to force user keys into an possibly more breakable sub/group). As indicated, 3279/3280/5280 allow these to be omitted from PublicKeyInfo in child cert if they are the same as parent cert/key; this was apparently intended for cases like people in a business all using the same parameters for their keys and a corporate CA for their certs. AFAICS openssl won't *generate* a CSR like this, because its private keys are always complete, but some other software might. As no one seems to be using DSA certs on the public internet, there's no handy data to check this. The parameters for EC including ECDSA are in principle a prime integer for a GF(p) underlying field or a binary "basis" polynomial and its length for a GF(2^n) aka "binary" one, coefficients a and b of the curve equation, a base or generating point represented by two or sometimes one elements of the underlying field, the order of the result group and its "cofactor". In practice people don't generate their own EC parameters (which is hard) but instead use one of a few dozen standardized sets, which can be and usually are encoded in the cert as one OID, so there's no practical benefit to using inheritance and I doubt anyone does. There are no parameters for RSA; each key(pair) stands alone. But it doesn't look like this piece of code accomplishes anything. It would make some sense to inherit the parameters (if necessary) then check this key is consistent with the parameters (to the extent possible for a publickey), but it doesn't actually do that. Maybe it did in a past version but got neutered by some change -- and not noticed because in practice people rarely create or accept deliberately defective keys and CSRs. Even when a malefactor wants a fraudulent cert, it's a fraudulent binding to a valid key. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
A question on EVP_PKEY_copy_parameters
Hi All, I am reading thru the ca.c in the apps directory to understand how to issue a certificate using OpenSSL and I came across this fragment of code which I am struggling to understand. Just before signing the certificate the code executes this fragment pktmp=X509_get_pubkey(ret); if (EVP_PKEY_missing_parameters(pktmp) && !EVP_PKEY_missing_parameters(pkey)) EVP_PKEY_copy_parameters(pktmp,pkey); EVP_PKEY_free(pktmp); I looked up the man pages and the notes section talk about The main purpose of the functions EVP_PKEY_missing_parameters() and EVP_PKEY_copy_parameters() is to handle public keys in certificates where the parameters are sometimes omitted from a public key if they are inherited from the CA that signed it. My Question : 1) What parameters are we talking about here ? We just read the Public Key from the CSR and we seem to copy some fields from the CA key ( in the code pkey) to pktmp key which is the key we read from the CSR. I tried looking up the sources, but they are pointers to functions in ASN1 code base, hence this question here before putting a debugger to the sources. This is just for my understanding of what is happening here. Thanks Anu
Re: connection encrypted (a question)
On May 12, 2013, at 6:38 PM, Salz, Rich wrote: > Many people find the four-letter word at the start of your domain name > offensive. > > I'm assuming you know English well enough to know that, and chose it > deliberately. > > That's reading beyond the cover. It broadcasts a general lack of respect for those from whom you are asking to take time out of their schedules to answer what are really very basic questions. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: connection encrypted (a question)
Many people find the four-letter word at the start of your domain name offensive. I'm assuming you know English well enough to know that, and chose it deliberately. That's reading beyond the cover. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: connection encrypted (a question)
Hello sir, You may not know this, but the name you chose for your domain literally means making babies with lots of random people, violating the trust of both your wife/husband, other peoples wives and husbands and one of the 10 commandments, while simultaneously risking the spread of related diseases and the creation of fatherless children. It is a phrase most often used in anger as an accusation, and Ican understand why some USAmerican people were shocked to see the name in print, even thoughI am not as offended as many other people, because I have seen and heard much worse. I have omitted the word from the text of this e-mail to not offend too many people. On 12-05-2013 19:12, Pol Hallen wrote: I would not answer someone's email from "org" and I find it utterly inconsiderate and tasteless to send an email with that return address in the first place. org is my domain to test my server. It's a name like another. What's the problem? Do you evalute a book from its cover? Or try to (almost) read preface? Don't you judge without know. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: connection encrypted (a question)
> I would not answer someone's email from "fuckaround.org" and I find it > utterly inconsiderate and tasteless > to send an email with that return address in the first place. fuckaround.org is my domain to test my server. It's a name like another. What's the problem? Do you evalute a book from its cover? Or try to (almost) read preface? Don't you judge without know. Pol __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: connection encrypted (a question)
To all: I would not answer someone's email from "fuckaround.org" and I find it utterly inconsiderate and tasteless to send an email with that return address in the first place. And don't tell me that person is not entitled to do so - of course, he or she is. But so am I to not respond to such email (in terms of the technical question asked). StvB > > From: "openss...@fuckaround.org" >To: openssl-users@openssl.org >Sent: Sunday, May 12, 2013 2:59 AM >Subject: connection encrypted (a question) > > >Hi folks! I'm a newbie and I'd like understand know a thing: > >I create a certificate and put it to my apache web server > >openssl req -x509 -days 365 -newkey rsa:4096 -keyout apache.key -out >apache.crt > >everything works perfectly. > >The question: using firefox I see: > >Techinical Details >Connection encrypted: high-grade encryption (aes-256, 256 bit keys) > >Why aes256, 256 bit keys if my certificate is rsa:4096? > >thanks! > >__ >OpenSSL Project http://www.openssl.org >User Support Mailing List openssl-users@openssl.org >Automated List Manager majord...@openssl.org > > >
Re: connection encrypted (a question)
On 12-05-2013 09:59, openss...@expletitive-deleted.org wrote: Hi folks! I'm a newbie and I'd like understand know a thing: I create a certificate and put it to my apache web server openssl req -x509 -days 365 -newkey rsa:4096 -keyout apache.key -out apache.crt everything works perfectly. The question: using firefox I see: Techinical Details Connection encrypted: high-grade encryption (aes-256, 256 bit keys) Why aes256, 256 bit keys if my certificate is rsa:4096? Since shortly after the invention of public key cryptography in the late 1970s,the preferred way to use it is to use public key algorithms (such as RSA) to negotiate some random symmetric key cryptography keys which the public key cryptography ensures will only be known by those with the private keys matching the public keys used. Then the actual transmission is secured with those keys. So in your example, the 4096 bit RSA key in apache.key was used to negotiate (for each new connection from Firefox) a set of two 256 bit AES keys (one for send, one for receive) and a similar set of two HMAC anti-tampering keys. Those 4 keys were then used to secure the transmission, using complex security engineering designs to ensure that (as far as we know) only someone with access to either the apache.key that matches the public key in apache.crt OR with access to the innards of your running Firefox process will be able to see and/or change the transmission. The security questions about adding exceptions are about making sure the copy of apache.crt received by Firefox is the real one, and not one someone else made up and installed on a wiretapping/virus infecting/ credit card stealing/otherwise evil machine. Because all the crypto in the world will not help you if the key belongs to the wrong person. Because it is inhumanly difficult for everyone to keep track of and personally double check the public keys of every secure website they will ever visit, we pay specialist companies called CAs to do this for us, and then we only need to keep track of the public keys of the CAs. But because there are now so many CAs around (most of them only checking public keys from just one country, where they work with government records), we pay the web browser manufacturers (Mozilla, Google, Apple, Opera and Microsoft plus a few others) to keep track of the CAs public keys and include those in the signed browser downloads. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
connection encrypted (a question)
Hi folks! I'm a newbie and I'd like understand know a thing: I create a certificate and put it to my apache web server openssl req -x509 -days 365 -newkey rsa:4096 -keyout apache.key -out apache.crt everything works perfectly. The question: using firefox I see: Techinical Details Connection encrypted: high-grade encryption (aes-256, 256 bit keys) Why aes256, 256 bit keys if my certificate is rsa:4096? thanks! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: A Question on Cipher Format.
I'm not sure that answers the question as to significance as opposed to defining the acronyms. TLS_DHE_RSA_WITH_AES_128_CBC_SHA is a cipher suite defined for use with TLS that uses 128-bit AES in CBC mode for the data encryption and SHA-1 for message authentication. The encryption keys are generated using Ephemeral Diffie-Hellman, signed using RSA (since DH is subject to MitM attacks). Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Matt Caswell (fr...@baggins.org) Sent: Friday, May 11, 2012 5:01 AM To: openssl-users@openssl.org Subject: Re: A Question on Cipher Format. TLS = Transport Layer Security DHE = Diffie Hellman Ephemeral RSA = Public Key Cryptography algorithm named after inventors, Rivest, Shamir & Adleman AES_128 = Advanced Encryption Standard using 128bit key CBC = Cipher Block Chaining (a block cipher mode of operation) SHA = Secure Hash Algorithm Matt On 11 May 2012 09:51, Mr.Rout wrote: > > Dear All, > > What is the significance of each phrase in the below cipher suite ? > > Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA > > > May be this is a dump question. But i am interested to know each phrase. > > Best Regards, > Siba Shankar Rout > -- > View this message in context: > http://old.nabble.com/A-Question-on-Cipher-Format.-tp33772869p33772869 > .html Sent from the OpenSSL - User mailing list archive at Nabble.com. > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: A Question on Cipher Format.
TLS = Transport Layer Security DHE = Diffie Hellman Ephemeral RSA = Public Key Cryptography algorithm named after inventors, Rivest, Shamir & Adleman AES_128 = Advanced Encryption Standard using 128bit key CBC = Cipher Block Chaining (a block cipher mode of operation) SHA = Secure Hash Algorithm Matt On 11 May 2012 09:51, Mr.Rout wrote: > > Dear All, > > What is the significance of each phrase in the below cipher suite ? > > Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA > > > May be this is a dump question. But i am interested to know each phrase. > > Best Regards, > Siba Shankar Rout > -- > View this message in context: > http://old.nabble.com/A-Question-on-Cipher-Format.-tp33772869p33772869.html > Sent from the OpenSSL - User mailing list archive at Nabble.com. > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
A Question on Cipher Format.
Dear All, What is the significance of each phrase in the below cipher suite ? Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA May be this is a dump question. But i am interested to know each phrase. Best Regards, Siba Shankar Rout -- View this message in context: http://old.nabble.com/A-Question-on-Cipher-Format.-tp33772869p33772869.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: a question about openssl sessions
(kept HTML because otherwise too much status lost, but my Outlook tends to screw up formatting when editting HTML; sorry for any glitches) _ From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Stéphane Charette Sent: Saturday, 21 April, 2012 04:14 To: openssl-users@openssl.org Subject: Re: a question about openssl sessions On Thu, Apr 19, 2012 at 19:45, Dave Thompson wrote: > From: owner-openssl-us...@openssl.org On Behalf Of Stéphane Charette > Sent: Sunday, 15 April, 2012 20:31 > I'm using Openssl to talk to a server that expects to re-use ssl > sessions when a client needs to open many SSL connections. I have > the same code working on Linux and Windows. Using classic resumption (sessionid) or RFC4507 ticket? Thanks for the reply, Dave. I believe this is using the classic resumption (sessionid). I did write up some sample code to demonstrate the problem. And using some Mac/iPhone/iPad app to establish SSL connections to FileZilla, this has been confirmed on many devices, so I'm almost certain it isn't just my code. Unless I happen to have made the exact same mistake in the sample code as the application has done. This isn't clear. Do you mean other FTP client apps work while yours doesn't? Or do you mean other apps also fail? Also hang, or any different kind of failure? Here is the sample application that works on Linux/Windows, but which hangs when the SSL connection is first established on the Mac: http://charette.no-ip.com:81/asio-openssl/ This code establishes the first SSL connection, then attempts to reuse the session ID to open up a 2nd connection. On a Mac, iPhone, and iPad, it hangs when the 2nd connection is established. This appears to involve a whole layer of boost stuff I know nothing about, so I comment only on the OpenSSL part. If that layer is doing something to your socket(s), especially if it's OS-dependent (which system-library type stuff sometimes is) that could be part of your problem. Your posted code below doesn't check for error from SSL_connect; if you do check what do you see? Note that my code does check for errors. In the e-mail and in the sample code, I did trim a lot of lines to try and make a more concise posting. Good. In general when posting code if you want to suppress irrelevant sections it's a good idea to leave a comment. But where your question actually involves handling an error, it's better to leave *that* part in. Specifically here: The name SSL_get_error may be misleading; its return isn't always an 'error', just a condition to which your code may need to respond differently. The man page calls it result code. When you get any return other than success from SSL_connect SSL_read etc. you should call SSL_get_error and if that returns SSL_ERROR_SSL you should look at the error-queue, simplest with ERR_print_errors[_fp] if you have a suitable FILE*, typically stdout or stderr, or a suitable BIO; or custom logic with ERR_get_error ERR_error_string et al. Note ERR_get_error != SSL_get_error. For SSL_ERROR_SYSCALL you should usually try both the error-queue and the OS-level socket error, which in Unix (including AFAIK MacOSX) is errno. The SSL_WANT_* returns should occur only(?) if you use nonblocking sockets (and boost::asio sounds to me like something that might use nonblocking) or certain unusual callbacks (not evident here), and your code needs to re-try the SSL_connect etc call at a suitable later time, which probably depends on how you manage your threads, which you say nothing about. You might be better off doing a single-thread program first before trying multithreading. Your comments say you got SSL_connect() != 1 but not what you got from SSL_get_error, and whether it's the same on different OSes, much less the error-queue and/or errno. And for non-protocol SSL* calls like _set_session _load_verify_locations _use_PrivateKey that have a 'failure' return (usually 0 or NULL), and (most?) libcrypto calls like EVP* BIO* RSA* etc. that do so, again you should also at the error-queue (skipping SSL_get_error). Can you recreate the problem with commandline s_client with -sess_out on the first connection and -sess_in on the second, with or without -no_ticket? If so, -debug and -state will probably be helpful. Can I re-create the problem with the command-line ssl tool since it requires copying and re-using a ssl sessionid while the first control ssl socket is still active and in use? Is this what you're saying with -sess_out and -sess_in, that I can export the ssl session and re-import it even though it is a different context in a different application? More exactly, it requires copying and reusing the whole 'session' which includes session-id, negotiated ciphersuite etc., mostly-exchanged master secret, and so
Re: a question about openssl sessions
On Thu, Apr 19, 2012 at 19:45, Dave Thompson wrote: > > From: owner-openssl-us...@openssl.org On Behalf Of Stéphane > Charette > > Sent: Sunday, 15 April, 2012 20:31 > > > I'm using Openssl to talk to a server that expects to re-use ssl > > sessions when a client needs to open many SSL connections. I have > > the same code working on Linux and Windows. > > Using classic resumption (sessionid) or RFC4507 ticket? > Thanks for the reply, Dave. I believe this is using the classic resumption (sessionid). I did write up some sample code to demonstrate the problem. And using some Mac/iPhone/iPad app to establish SSL connections to FileZilla, this has been confirmed on many devices, so I'm almost certain it isn't just my code. Unless I happen to have made the exact same mistake in the sample code as the application has done. Here is the sample application that works on Linux/Windows, but which hangs when the SSL connection is first established on the Mac: http://charette.no-ip.com:81/asio-openssl/ This code establishes the first SSL connection, then attempts to reuse the session ID to open up a 2nd connection. On a Mac, iPhone, and iPad, it hangs when the 2nd connection is established. Your posted code below doesn't check for error from SSL_connect; > if you do check what do you see? > Note that my code does check for errors. In the e-mail and in the sample code, I did trim a lot of lines to try and make a more concise posting. Can you recreate the problem with commandline s_client with -sess_out > on the first connection and -sess_in on the second, with or without > -no_ticket? If so, -debug and -state will probably be helpful. > Can I re-create the problem with the command-line ssl tool since it requires copying and re-using a ssl sessionid while the first control ssl socket is still active and in use? Is this what you're saying with -sess_out and -sess_in, that I can export the ssl session and re-import it even though it is a different context in a different application? Specifically, prior to doing (any/all) SSL_new(ctx) I assume. > And I assume you aren't changing settings like cipherlist and > compression between connections. Sharing the session *should* > override these, but maybe something might slip through a crack. > Even if so, I don't see any reason it would differ on Mac. > No, I'm not changing any of these. Please see the sample code I link to above. Both get1_session and set_session increment the refcount, so > I believe your session object(s?) will not get cleaned up even > if all connections using them go away and the cache times-out. > But in the usage you describe this is probably just a quite > small memory leak and doesn't matter. > Ooh, thanks for pointing that out. I'll confirm with valgrind, should be obvious if I'm leaking as the application has the potential to create a lot of these secondary ssl connections. Thanks for the help. Stéphane Charette
RE: a question about openssl sessions
> From: owner-openssl-us...@openssl.org On Behalf Of Stéphane Charette > Sent: Sunday, 15 April, 2012 20:31 > I'm using Openssl to talk to a server that expects to re-use ssl > sessions when a client needs to open many SSL connections. I have > the same code working on Linux and Windows. Using classic resumption (sessionid) or RFC4507 ticket? > But when I try to run on the Mac, the new SSL connection that > attempts to reuse the SSL session just sits there and hangs. After > several minutes the server times out the connection, thinking no > requests are being made, and then the client unblocks once the tcp > connection is closed. Looking at packet traces and trying to inspect > the SSL object in a debugger, I would guess the client is waiting for > the server to do the full SSL handshake, even though I'm trying to > reuse an existing session. I don't see how. Mostly if the client requests resumption the ServerHello distinguishes whether the server agrees (and an abbreviated handshake is used) or not (full handshake is used). Even for ticket without sessionid, the server must send something which the client should recognize and would give an error if not. Your posted code below doesn't check for error from SSL_connect; if you do check what do you see? What does the packet trace show? Does ClientHello contain a valid sessionid, or none, or a valid ticket? Does ServerHello contain the same sessionid, or different, or none? If using TLS are there any other extensions, and what? (I don't recall others that should interfere with resumption, but I might have missed.) What if any message(s) occur next? Can you recreate the problem with commandline s_client with -sess_out on the first connection and -sess_in on the second, with or without -no_ticket? If so, -debug and -state will probably be helpful. > I desperately need to know: am I doing it wrong? Or is there a > serious problem on the Mac that prevents SSL sessions from being re-used? I don't use Mac myself, but I don't recall hearing such a problem. > Here are the relevant openssl calls I'm making: > 1) In the single context I'm using, I am making this call prior to > establishing any SSL connections: > SSL_CTX_set_session_cache_mode( ctx, SSL_SESS_CACHE_BOTH ); Specifically, prior to doing (any/all) SSL_new(ctx) I assume. And I assume you aren't changing settings like cipherlist and compression between connections. Sharing the session *should* override these, but maybe something might slip through a crack. Even if so, I don't see any reason it would differ on Mac. > 2) When it is time to start the 2nd SSL session, here is how > I get the session from the initial working connection: (Nit: second connection using same session. Often people don't distinguish these carefully, and usually it doesn't matter, but here it's exactly the area of your apparent problem.) > SSL_SESSION *savedSession = SSL_get1_session( ctrlSSL ); > SSL_set_session( dataSSL, savedSession ); > SSL_connect( dataSSL ); As general practice you should probably check the return value from SSL_set_session for 0, although I doubt it happens. You definitely should check SSL_connect for <=0; even though one connection has succeeded and not (visibly) failed, that doesn't always guarantee another connection will succeed. Both get1_session and set_session increment the refcount, so I believe your session object(s?) will not get cleaned up even if all connections using them go away and the cache times-out. But in the usage you describe this is probably just a quite small memory leak and doesn't matter. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
a question about openssl sessions
I've sent 3 e-mails to the list over the past 10 days, but not a single reply. I'm a bit worried, as I don't know how else to get help on OpenSSL. I'm using Openssl to talk to a server that expects to re-use ssl sessions when a client needs to open many SSL connections. I have the same code working on Linux and Windows. But when I try to run on the Mac, the new SSL connection that attempts to reuse the SSL session just sits there and hangs. After several minutes the server times out the connection, thinking no requests are being made, and then the client unblocks once the tcp connection is closed. Looking at packet traces and trying to inspect the SSL object in a debugger, I would guess the client is waiting for the server to do the full SSL handshake, even though I'm trying to reuse an existing session. I desperately need to know: am I doing it wrong? Or is there a serious problem on the Mac that prevents SSL sessions from being re-used? Here are the relevant openssl calls I'm making: 1) In the single context I'm using, I am making this call prior to establishing any SSL connections: SSL_CTX_set_session_cache_mode( ctx, SSL_SESS_CACHE_BOTH ); 2) When it is time to start the 2nd SSL session, here is how I get the session from the initial working connection: SSL_SESSION *savedSession = SSL_get1_session( ctrlSSL ); SSL_set_session( dataSSL, savedSession ); SSL_connect( dataSSL ); Please...any help would be greatly appreciated. Stéphane Charette
Re: a question about Diffie-Hellman key exchange mode
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Got it. Thanks for answering such a naive question to a newbie. :-) Really appreciate your help. PMHager wrote: > William, > > have a look at MODP (Modular Exponential DH Groups) referenced in RFC5246: > > RFC2409 defines primes for 768 and 1024 bit, and > RFC3526 defines primes for 1536, 2048, and 3072 bit. > (The generator is always 2.) > > Peter-Michael > > > *From:* owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] *On Behalf Of *William Cai > *Sent:* Monday, July 06, 2009 3:25 AM > *To:* openssl-users@openssl.org > *Subject:* Re: a question about Diffie-Hellman key exchange mode > > Thanks Michael! Could you please share me some information about > when/how to agree upon p & g? > > Thanks, > William > > > *From:* Michael Sierchio > *To:* openssl-users@openssl.org > *Sent:* Sunday, July 5, 2009 11:58:42 PM > *Subject:* Re: a question about Diffie-Hellman key exchange mode > > William Cai wrote: > >> According to my understanding, Diffie-Hellman algorithm is based on >> something like this, >> 1. public prime number, p >> 2. public base, g >> 3. Side A's private key, a >> 4. Side A's public key, A = g ^ a mod p >> 5. Side B's private key, b >> 6. Side B's public key, B = g ^ b mod p >> >> The question is that which items above the Diffie-Hellman public >> parameters consist of? If they are 1, 2 and 4, then we need at least an >> additional step pass the public prime number and public base to the >> other side, otherwise, the other side cannot calculate its public key. >> right? But I don't see such description in the paper. Are public prime >> number and public base presetted? > > Yes, the p and g are well known and agreed upon in advance. > > > __ > OpenSSL Projecthttp://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > <mailto:openssl-users@openssl.org> > Automated List Manager majord...@openssl.org > <mailto:majord...@openssl.org> - -- PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x76E957AF -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpR7x8ACgkQEUefXnbpV6+GkQCeIuvxc4szW8RJibjzfvDrJidX jTkAnRog/nbobBLNwq4jcdRgcM14OJEA =Q7EI -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: a question about Diffie-Hellman key exchange mode
William, have a look at MODP (Modular Exponential DH Groups) referenced in RFC5246: RFC2409 defines primes for 768 and 1024 bit, and RFC3526 defines primes for 1536, 2048, and 3072 bit. (The generator is always 2.) Peter-Michael _ From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of William Cai Sent: Monday, July 06, 2009 3:25 AM To: openssl-users@openssl.org Subject: Re: a question about Diffie-Hellman key exchange mode Thanks Michael! Could you please share me some information about when/how to agree upon p & g? Thanks, William _ From: Michael Sierchio To: openssl-users@openssl.org Sent: Sunday, July 5, 2009 11:58:42 PM Subject: Re: a question about Diffie-Hellman key exchange mode William Cai wrote: > According to my understanding, Diffie-Hellman algorithm is based on > something like this, > 1. public prime number, p > 2. public base, g > 3. Side A's private key, a > 4. Side A's public key, A = g ^ a mod p > 5. Side B's private key, b > 6. Side B's public key, B = g ^ b mod p > > The question is that which items above the Diffie-Hellman public > parameters consist of? If they are 1, 2 and 4, then we need at least an > additional step pass the public prime number and public base to the > other side, otherwise, the other side cannot calculate its public key. > right? But I don't see such description in the paper. Are public prime > number and public base presetted? Yes, the p and g are well known and agreed upon in advance. __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: a question about Diffie-Hellman key exchange mode
Thanks Michael! Could you please share me some information about when/how to agree upon p & g? Thanks, William From: Michael Sierchio To: openssl-users@openssl.org Sent: Sunday, July 5, 2009 11:58:42 PM Subject: Re: a question about Diffie-Hellman key exchange mode William Cai wrote: > According to my understanding, Diffie-Hellman algorithm is based on > something like this, > 1. public prime number, p > 2. public base, g > 3. Side A's private key, a > 4. Side A's public key, A = g ^ a mod p > 5. Side B's private key, b > 6. Side B's public key, B = g ^ b mod p > > The question is that which items above the Diffie-Hellman public > parameters consist of? If they are 1, 2 and 4, then we need at least an > additional step pass the public prime number and public base to the > other side, otherwise, the other side cannot calculate its public key. > right? But I don't see such description in the paper. Are public prime > number and public base presetted? Yes, the p and g are well known and agreed upon in advance. __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: a question about Diffie-Hellman key exchange mode
William Cai wrote: > According to my understanding, Diffie-Hellman algorithm is based on > something like this, > 1. public prime number, p > 2. public base, g > 3. Side A's private key, a > 4. Side A's public key, A = g ^ a mod p > 5. Side B's private key, b > 6. Side B's public key, B = g ^ b mod p > > The question is that which items above the Diffie-Hellman public > parameters consist of? If they are 1, 2 and 4, then we need at least an > additional step pass the public prime number and public base to the > other side, otherwise, the other side cannot calculate its public key. > right? But I don't see such description in the paper. Are public prime > number and public base presetted? Yes, the p and g are well known and agreed upon in advance. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
a question about Diffie-Hellman key exchange mode
Hi list, I get a question regarding Diffie-Hellman key exchange of SSL. Not sure if this is the right place for such question. But this could be an easy one for those who are familiar with SSL protocol. :-) Below is cited from William Stallings' paper. - cited from Internet --- Fixed Diffie-Hellman: This a Diffie-Hellman key exchange in which the server's certificate contains the Diffie-Hellman public parameters signed by the certificate authority (CA). That is, the public-key certificate contains the Diffie-Hellman public-key parameters. The client provides its Diffie-Hellman public key parameters either in a certificate, if client authentication is required, or in a key exchange message. This method results in a fixed secret key between two peers, based on the Diffie-Hellman calculation using the fixed public keys. --- end of the citation - According to my understanding, Diffie-Hellman algorithm is based on something like this, 1. public prime number, p 2. public base, g 3. Side A's private key, a 4. Side A's public key, A = g ^ a mod p 5. Side B's private key, b 6. Side B's public key, B = g ^ b mod p The question is that which items above the Diffie-Hellman public parameters consist of? If they are 1, 2 and 4, then we need at least an additional step pass the public prime number and public base to the other side, otherwise, the other side cannot calculate its public key. right? But I don't see such description in the paper. Are public prime number and public base presetted? Any response is appreciated! Thanks, William __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: A question about X509 certificates
> From: owner-openssl-us...@openssl.org On Behalf Of Satish Chandra Kilaru > Sent: Wednesday, 17 June, 2009 13:50 > In the following sample certificate, there is a tun of > information before --BEGIN CERTIFICATE--. > Who is this for? Is it for a human reader to make sense of > who/what this certificate is certifying? Yes. Who, by whom, when, for what usage, etc. It's optional. Some openssl operations do write it, some don't. Other programs may not (the ones I know of don't). It can always be re-generated from the actual cert by x509 -text . > If it is for a s/w > program that uses certificates, how is this information > supposed to be used? > Programs generally should use the actual cert. Though if the files consistently contain (are caused to contain) this optional additional information, I can think of a few operations that might be programmed, or (more likely?) scripted in awk or perl or similar, that could make use of it, like: - is a particular extension present? - when is the validity end aka expiration? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: A question about X509 certificates
It's probably because 'openssl req -x509' was used to create it, without using the -set-serial option. -Kyle H On Wed, Jun 17, 2009 at 12:00 PM, Satish Chandra Kilaru wrote: > Hi Kyle > > Thank you. This was generated using openssl command. Could illegal > serial number be because of a wrong entry in conf file? > > --Satish > > On Wed, Jun 17, 2009 at 2:34 PM, Kyle Hamilton wrote: >> It is basically a human-readable expression of the data that's in the >> certificate. Theoretically, the certificate could be regenerated from >> the data in this expression, but I've never seen an implementation >> that makes it possible. >> >> This certificate is in violation of PKIX because its serial number is >> not a positive integer, by the way. >> >> -Kyle H >> >> On Wed, Jun 17, 2009 at 10:50 AM, Satish Chandra >> Kilaru wrote: >>> Hi >>> >>> In the following sample certificate, there is a tun of information >>> before --BEGIN CERTIFICATE--. >>> Who is this for? Is it for a human reader to make sense of who/what >>> this certificate is certifying? If it is for a s/w program that uses >>> certificates, how is this information supposed to be used? >>> >>> Thanks in advance. >>> >>> --Satish >>> >>> Certificate: >>> Data: >>> Version: 3 (0x2) >>> Serial Number: 0 (0x0) >>> Signature Algorithm: sha1WithRSAEncryption >>> Issuer: C=US, ST=NJ, O=CVLT, OU=dev, >>> CN=/emailaddress=*...@.com >>> Validity >>> Not Before: May 1 01:07:24 2009 GMT >>> Not After : Apr 30 01:07:24 2012 GMT >>> Subject: C=US, ST=NJ, O=CVLT, OU=dev, >>> CN=/emailaddress=*...@.com >>> Subject Public Key Info: >>> Public Key Algorithm: rsaEncryption >>> RSA Public Key: (1024 bit) >>> Modulus (1024 bit): >>> 00:a6:d9:82:67:67:8c:70:c7:4b:5f:d0:e3:24:2d: >>> ee:b3:79:ad:85:73:03:64:f2:64:fc:e6:a4:fd:b8: >>> 43:23:b2:a4:15:31:d5:ed:01:0d:c7:14:8b:a7:c2: >>> e6:b5:3a:8a:df:99:de:b9:ac:d9:6f:c6:6d:91:bd: >>> 43:d5:11:a5:bb:e4:9d:ae:99:a6:53:1f:44:9d:0d: >>> 8e:4d:46:32:9e:0b:a8:ce:37:54:7f:ae:cc:35:3d: >>> b7:6e:64:54:25:9c:63:8c:b2:d8:3a:92:ce:b4:57: >>> ca:08:cb:ef:ca:2c:20:59:79:a7:35:1c:85:ba:32: >>> b3:9f:38:72:37:76:34:e0:05 >>> Exponent: 65537 (0x10001) >>> X509v3 extensions: >>> X509v3 Basic Constraints: >>> CA:FALSE >>> Netscape Comment: >>> OpenSSL Generated Certificate >>> X509v3 Subject Key Identifier: >>> 09:89:A7:7B:66:C3:58:4D:4C:C5:80:C0:42:91:04:D2:67:04:C8:A1 >>> X509v3 Authority Key Identifier: >>> >>> keyid:09:89:A7:7B:66:C3:58:4D:4C:C5:80:C0:42:91:04:D2:67:04:C8:A1 >>> >>> Signature Algorithm: sha1WithRSAEncryption >>> 0f:76:38:a8:d3:e6:a4:59:3f:ad:bd:60:69:c2:20:88:f0:20: >>> 74:ca:55:ae:d3:f0:f7:e9:a6:68:16:7e:b2:b4:e0:c5:45:5b: >>> b4:94:60:a6:83:20:95:4c:72:04:80:93:4a:6b:64:20:ad:74: >>> c4:1d:da:31:fd:37:92:d4:d8:46:a1:95:fc:4c:fc:85:6d:4f: >>> 56:18:0a:46:04:b5:98:5a:e0:64:4c:90:48:ff:9e:c0:92:0e: >>> 0c:c4:ba:85:c9:56:d7:4e:a5:9f:16:e2:76:4c:24:b6:c6:b6: >>> 2c:ef:63:f3:50:3f:90:12:57:8a:af:2f:21:93:e4:c8:aa:e7: >>> ef:a9 >>> -BEGIN CERTIFICATE- >>> MIICzTCCAjagAwIBAgIBADANBgkqhkiG9w0BAQUFADBuMQswCQYDVQQGEwJVUzEL >>> MAkGA1UECBMCTkoxDTALBgNVBAoTBENWTFQxDDAKBgNVBAsTA2RldjEPMA0GA1UE >>> AxMGc2F0aXNoMSQwIgYJKoZIhvcNAQkBFhVza2lsYXJ1QGNvbW12YXVsdC5jb20w >>> HhcNMDkwNTAxMDEwNzI0WhcNMTIwNDMwMDEwNzI0WjBuMQswCQYDVQQGEwJVUzEL >>> MAkGA1UECBMCTkoxDTALBgNVBAoTBENWTFQxDDAKBgNVBAsTA2RldjEPMA0GA1UE >>> AxMGc2F0aXNoMSQwIgYJKoZIhvcNAQkBFhVza2lsYXJ1QGNvbW12YXVsdC5jb20w >>> gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKbZgmdnjHDHS1/Q4yQt7rN5rYVz >>> plMfRJ0Njk1GMp4LqM43VH+uzDU9t25kVCWcY4yy2DqSzrRXygjL78osIFl5pzUc >>> hboys584cjd2NOAFAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8W >>> HU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQJiad7ZsNY >>> TUzFgMBCkQTSZwTIoTAfBgNVHSMEGDAWgBQJiad7ZsNYTUzFgMBCkQTSZwTIoTAN >>> BgkqhkiG9w0BAQUFAAOBgQAPdjio0+akWT+tvWBpwiCI8CB0ylWu0/D36aZoFn6y >>> tODFRVu0lGCmgyCVTHIEgJNKa2QgrXTEHdox/TeS1NhGoZX8TPyFbU9WGApGBLWY >>> WuBkTJBI/57Akg4MxLqFyVbXTqWfFuJ2TCS2xrYs72PzUD+QEleKry8hk+TIqufv >>> qQ== >>> -END CERTIFICATE- >>> __ >>> OpenSSL Project http://www.openssl.org >>> User Support Mailing List openssl-us...@openssl.org >>> Automated List Manager majord...@openssl.org >>> >> __ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-us...@openssl.org >> Automat
Re: A question about X509 certificates
Hi Kyle Thank you. This was generated using openssl command. Could illegal serial number be because of a wrong entry in conf file? --Satish On Wed, Jun 17, 2009 at 2:34 PM, Kyle Hamilton wrote: > It is basically a human-readable expression of the data that's in the > certificate. Theoretically, the certificate could be regenerated from > the data in this expression, but I've never seen an implementation > that makes it possible. > > This certificate is in violation of PKIX because its serial number is > not a positive integer, by the way. > > -Kyle H > > On Wed, Jun 17, 2009 at 10:50 AM, Satish Chandra > Kilaru wrote: >> Hi >> >> In the following sample certificate, there is a tun of information >> before --BEGIN CERTIFICATE--. >> Who is this for? Is it for a human reader to make sense of who/what >> this certificate is certifying? If it is for a s/w program that uses >> certificates, how is this information supposed to be used? >> >> Thanks in advance. >> >> --Satish >> >> Certificate: >> Data: >> Version: 3 (0x2) >> Serial Number: 0 (0x0) >> Signature Algorithm: sha1WithRSAEncryption >> Issuer: C=US, ST=NJ, O=CVLT, OU=dev, >> CN=/emailaddress=*...@.com >> Validity >> Not Before: May 1 01:07:24 2009 GMT >> Not After : Apr 30 01:07:24 2012 GMT >> Subject: C=US, ST=NJ, O=CVLT, OU=dev, >> CN=/emailaddress=*...@.com >> Subject Public Key Info: >> Public Key Algorithm: rsaEncryption >> RSA Public Key: (1024 bit) >> Modulus (1024 bit): >> 00:a6:d9:82:67:67:8c:70:c7:4b:5f:d0:e3:24:2d: >> ee:b3:79:ad:85:73:03:64:f2:64:fc:e6:a4:fd:b8: >> 43:23:b2:a4:15:31:d5:ed:01:0d:c7:14:8b:a7:c2: >> e6:b5:3a:8a:df:99:de:b9:ac:d9:6f:c6:6d:91:bd: >> 43:d5:11:a5:bb:e4:9d:ae:99:a6:53:1f:44:9d:0d: >> 8e:4d:46:32:9e:0b:a8:ce:37:54:7f:ae:cc:35:3d: >> b7:6e:64:54:25:9c:63:8c:b2:d8:3a:92:ce:b4:57: >> ca:08:cb:ef:ca:2c:20:59:79:a7:35:1c:85:ba:32: >> b3:9f:38:72:37:76:34:e0:05 >> Exponent: 65537 (0x10001) >> X509v3 extensions: >> X509v3 Basic Constraints: >> CA:FALSE >> Netscape Comment: >> OpenSSL Generated Certificate >> X509v3 Subject Key Identifier: >> 09:89:A7:7B:66:C3:58:4D:4C:C5:80:C0:42:91:04:D2:67:04:C8:A1 >> X509v3 Authority Key Identifier: >> >> keyid:09:89:A7:7B:66:C3:58:4D:4C:C5:80:C0:42:91:04:D2:67:04:C8:A1 >> >> Signature Algorithm: sha1WithRSAEncryption >> 0f:76:38:a8:d3:e6:a4:59:3f:ad:bd:60:69:c2:20:88:f0:20: >> 74:ca:55:ae:d3:f0:f7:e9:a6:68:16:7e:b2:b4:e0:c5:45:5b: >> b4:94:60:a6:83:20:95:4c:72:04:80:93:4a:6b:64:20:ad:74: >> c4:1d:da:31:fd:37:92:d4:d8:46:a1:95:fc:4c:fc:85:6d:4f: >> 56:18:0a:46:04:b5:98:5a:e0:64:4c:90:48:ff:9e:c0:92:0e: >> 0c:c4:ba:85:c9:56:d7:4e:a5:9f:16:e2:76:4c:24:b6:c6:b6: >> 2c:ef:63:f3:50:3f:90:12:57:8a:af:2f:21:93:e4:c8:aa:e7: >> ef:a9 >> -BEGIN CERTIFICATE- >> MIICzTCCAjagAwIBAgIBADANBgkqhkiG9w0BAQUFADBuMQswCQYDVQQGEwJVUzEL >> MAkGA1UECBMCTkoxDTALBgNVBAoTBENWTFQxDDAKBgNVBAsTA2RldjEPMA0GA1UE >> AxMGc2F0aXNoMSQwIgYJKoZIhvcNAQkBFhVza2lsYXJ1QGNvbW12YXVsdC5jb20w >> HhcNMDkwNTAxMDEwNzI0WhcNMTIwNDMwMDEwNzI0WjBuMQswCQYDVQQGEwJVUzEL >> MAkGA1UECBMCTkoxDTALBgNVBAoTBENWTFQxDDAKBgNVBAsTA2RldjEPMA0GA1UE >> AxMGc2F0aXNoMSQwIgYJKoZIhvcNAQkBFhVza2lsYXJ1QGNvbW12YXVsdC5jb20w >> gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKbZgmdnjHDHS1/Q4yQt7rN5rYVz >> plMfRJ0Njk1GMp4LqM43VH+uzDU9t25kVCWcY4yy2DqSzrRXygjL78osIFl5pzUc >> hboys584cjd2NOAFAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8W >> HU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQJiad7ZsNY >> TUzFgMBCkQTSZwTIoTAfBgNVHSMEGDAWgBQJiad7ZsNYTUzFgMBCkQTSZwTIoTAN >> BgkqhkiG9w0BAQUFAAOBgQAPdjio0+akWT+tvWBpwiCI8CB0ylWu0/D36aZoFn6y >> tODFRVu0lGCmgyCVTHIEgJNKa2QgrXTEHdox/TeS1NhGoZX8TPyFbU9WGApGBLWY >> WuBkTJBI/57Akg4MxLqFyVbXTqWfFuJ2TCS2xrYs72PzUD+QEleKry8hk+TIqufv >> qQ== >> -END CERTIFICATE- >> __ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-us...@openssl.org >> Automated List Manager majord...@openssl.org >> > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automa
Re: A question about X509 certificates
It is basically a human-readable expression of the data that's in the certificate. Theoretically, the certificate could be regenerated from the data in this expression, but I've never seen an implementation that makes it possible. This certificate is in violation of PKIX because its serial number is not a positive integer, by the way. -Kyle H On Wed, Jun 17, 2009 at 10:50 AM, Satish Chandra Kilaru wrote: > Hi > > In the following sample certificate, there is a tun of information > before --BEGIN CERTIFICATE--. > Who is this for? Is it for a human reader to make sense of who/what > this certificate is certifying? If it is for a s/w program that uses > certificates, how is this information supposed to be used? > > Thanks in advance. > > --Satish > > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 0 (0x0) > Signature Algorithm: sha1WithRSAEncryption > Issuer: C=US, ST=NJ, O=CVLT, OU=dev, CN=/emailaddress=*...@.com > Validity > Not Before: May 1 01:07:24 2009 GMT > Not After : Apr 30 01:07:24 2012 GMT > Subject: C=US, ST=NJ, O=CVLT, OU=dev, > CN=/emailaddress=*...@.com > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > RSA Public Key: (1024 bit) > Modulus (1024 bit): > 00:a6:d9:82:67:67:8c:70:c7:4b:5f:d0:e3:24:2d: > ee:b3:79:ad:85:73:03:64:f2:64:fc:e6:a4:fd:b8: > 43:23:b2:a4:15:31:d5:ed:01:0d:c7:14:8b:a7:c2: > e6:b5:3a:8a:df:99:de:b9:ac:d9:6f:c6:6d:91:bd: > 43:d5:11:a5:bb:e4:9d:ae:99:a6:53:1f:44:9d:0d: > 8e:4d:46:32:9e:0b:a8:ce:37:54:7f:ae:cc:35:3d: > b7:6e:64:54:25:9c:63:8c:b2:d8:3a:92:ce:b4:57: > ca:08:cb:ef:ca:2c:20:59:79:a7:35:1c:85:ba:32: > b3:9f:38:72:37:76:34:e0:05 > Exponent: 65537 (0x10001) > X509v3 extensions: > X509v3 Basic Constraints: > CA:FALSE > Netscape Comment: > OpenSSL Generated Certificate > X509v3 Subject Key Identifier: > 09:89:A7:7B:66:C3:58:4D:4C:C5:80:C0:42:91:04:D2:67:04:C8:A1 > X509v3 Authority Key Identifier: > > keyid:09:89:A7:7B:66:C3:58:4D:4C:C5:80:C0:42:91:04:D2:67:04:C8:A1 > > Signature Algorithm: sha1WithRSAEncryption > 0f:76:38:a8:d3:e6:a4:59:3f:ad:bd:60:69:c2:20:88:f0:20: > 74:ca:55:ae:d3:f0:f7:e9:a6:68:16:7e:b2:b4:e0:c5:45:5b: > b4:94:60:a6:83:20:95:4c:72:04:80:93:4a:6b:64:20:ad:74: > c4:1d:da:31:fd:37:92:d4:d8:46:a1:95:fc:4c:fc:85:6d:4f: > 56:18:0a:46:04:b5:98:5a:e0:64:4c:90:48:ff:9e:c0:92:0e: > 0c:c4:ba:85:c9:56:d7:4e:a5:9f:16:e2:76:4c:24:b6:c6:b6: > 2c:ef:63:f3:50:3f:90:12:57:8a:af:2f:21:93:e4:c8:aa:e7: > ef:a9 > -BEGIN CERTIFICATE- > MIICzTCCAjagAwIBAgIBADANBgkqhkiG9w0BAQUFADBuMQswCQYDVQQGEwJVUzEL > MAkGA1UECBMCTkoxDTALBgNVBAoTBENWTFQxDDAKBgNVBAsTA2RldjEPMA0GA1UE > AxMGc2F0aXNoMSQwIgYJKoZIhvcNAQkBFhVza2lsYXJ1QGNvbW12YXVsdC5jb20w > HhcNMDkwNTAxMDEwNzI0WhcNMTIwNDMwMDEwNzI0WjBuMQswCQYDVQQGEwJVUzEL > MAkGA1UECBMCTkoxDTALBgNVBAoTBENWTFQxDDAKBgNVBAsTA2RldjEPMA0GA1UE > AxMGc2F0aXNoMSQwIgYJKoZIhvcNAQkBFhVza2lsYXJ1QGNvbW12YXVsdC5jb20w > gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKbZgmdnjHDHS1/Q4yQt7rN5rYVz > plMfRJ0Njk1GMp4LqM43VH+uzDU9t25kVCWcY4yy2DqSzrRXygjL78osIFl5pzUc > hboys584cjd2NOAFAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8W > HU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQJiad7ZsNY > TUzFgMBCkQTSZwTIoTAfBgNVHSMEGDAWgBQJiad7ZsNYTUzFgMBCkQTSZwTIoTAN > BgkqhkiG9w0BAQUFAAOBgQAPdjio0+akWT+tvWBpwiCI8CB0ylWu0/D36aZoFn6y > tODFRVu0lGCmgyCVTHIEgJNKa2QgrXTEHdox/TeS1NhGoZX8TPyFbU9WGApGBLWY > WuBkTJBI/57Akg4MxLqFyVbXTqWfFuJ2TCS2xrYs72PzUD+QEleKry8hk+TIqufv > qQ== > -END CERTIFICATE- > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
A question about X509 certificates
Hi In the following sample certificate, there is a tun of information before --BEGIN CERTIFICATE--. Who is this for? Is it for a human reader to make sense of who/what this certificate is certifying? If it is for a s/w program that uses certificates, how is this information supposed to be used? Thanks in advance. --Satish Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=NJ, O=CVLT, OU=dev, CN=/emailaddress=*...@.com Validity Not Before: May 1 01:07:24 2009 GMT Not After : Apr 30 01:07:24 2012 GMT Subject: C=US, ST=NJ, O=CVLT, OU=dev, CN=/emailaddress=*...@.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:a6:d9:82:67:67:8c:70:c7:4b:5f:d0:e3:24:2d: ee:b3:79:ad:85:73:03:64:f2:64:fc:e6:a4:fd:b8: 43:23:b2:a4:15:31:d5:ed:01:0d:c7:14:8b:a7:c2: e6:b5:3a:8a:df:99:de:b9:ac:d9:6f:c6:6d:91:bd: 43:d5:11:a5:bb:e4:9d:ae:99:a6:53:1f:44:9d:0d: 8e:4d:46:32:9e:0b:a8:ce:37:54:7f:ae:cc:35:3d: b7:6e:64:54:25:9c:63:8c:b2:d8:3a:92:ce:b4:57: ca:08:cb:ef:ca:2c:20:59:79:a7:35:1c:85:ba:32: b3:9f:38:72:37:76:34:e0:05 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 09:89:A7:7B:66:C3:58:4D:4C:C5:80:C0:42:91:04:D2:67:04:C8:A1 X509v3 Authority Key Identifier: keyid:09:89:A7:7B:66:C3:58:4D:4C:C5:80:C0:42:91:04:D2:67:04:C8:A1 Signature Algorithm: sha1WithRSAEncryption 0f:76:38:a8:d3:e6:a4:59:3f:ad:bd:60:69:c2:20:88:f0:20: 74:ca:55:ae:d3:f0:f7:e9:a6:68:16:7e:b2:b4:e0:c5:45:5b: b4:94:60:a6:83:20:95:4c:72:04:80:93:4a:6b:64:20:ad:74: c4:1d:da:31:fd:37:92:d4:d8:46:a1:95:fc:4c:fc:85:6d:4f: 56:18:0a:46:04:b5:98:5a:e0:64:4c:90:48:ff:9e:c0:92:0e: 0c:c4:ba:85:c9:56:d7:4e:a5:9f:16:e2:76:4c:24:b6:c6:b6: 2c:ef:63:f3:50:3f:90:12:57:8a:af:2f:21:93:e4:c8:aa:e7: ef:a9 -BEGIN CERTIFICATE- MIICzTCCAjagAwIBAgIBADANBgkqhkiG9w0BAQUFADBuMQswCQYDVQQGEwJVUzEL MAkGA1UECBMCTkoxDTALBgNVBAoTBENWTFQxDDAKBgNVBAsTA2RldjEPMA0GA1UE AxMGc2F0aXNoMSQwIgYJKoZIhvcNAQkBFhVza2lsYXJ1QGNvbW12YXVsdC5jb20w HhcNMDkwNTAxMDEwNzI0WhcNMTIwNDMwMDEwNzI0WjBuMQswCQYDVQQGEwJVUzEL MAkGA1UECBMCTkoxDTALBgNVBAoTBENWTFQxDDAKBgNVBAsTA2RldjEPMA0GA1UE AxMGc2F0aXNoMSQwIgYJKoZIhvcNAQkBFhVza2lsYXJ1QGNvbW12YXVsdC5jb20w gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKbZgmdnjHDHS1/Q4yQt7rN5rYVz plMfRJ0Njk1GMp4LqM43VH+uzDU9t25kVCWcY4yy2DqSzrRXygjL78osIFl5pzUc hboys584cjd2NOAFAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8W HU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQJiad7ZsNY TUzFgMBCkQTSZwTIoTAfBgNVHSMEGDAWgBQJiad7ZsNYTUzFgMBCkQTSZwTIoTAN BgkqhkiG9w0BAQUFAAOBgQAPdjio0+akWT+tvWBpwiCI8CB0ylWu0/D36aZoFn6y tODFRVu0lGCmgyCVTHIEgJNKa2QgrXTEHdox/TeS1NhGoZX8TPyFbU9WGApGBLWY WuBkTJBI/57Akg4MxLqFyVbXTqWfFuJ2TCS2xrYs72PzUD+QEleKry8hk+TIqufv qQ== -END CERTIFICATE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: A question regarding Maximum Fragment Length
> ok. That sounds good. But, what I'm seeing is that the SSL client > hangs when the message size is more than 16KB. What do you mean by "the message size"? SSL doesn't have messages that are visible outside of the SSL implementation itself. > Do I need to break this large message up in smaller chunks or > can I use SSL_write to send the whole message in one shot? Call SSL_write as many times as you need to and send whatever you want. SSL doesn't care whether you think of it as a single 32,000 byte "message" or 32,000 1-byte "messages". That's not OpenSSL's issue. It just provides a stream of bytes. > Thanks. > Animesh DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: A question regarding Maximum Fragment Length
On Fri, May 15, 2009 at 05:22:16PM -0400, Animesh Chowdhury wrote: > ok. That sounds good. But, what I'm seeing is that the SSL client hangs when > the message size is more than 16KB. > Do I need to break this large message up in smaller chunks or can I use > SSL_write to send the whole message in one shot? You need to find source code for a working SSL client and server, and adapt it to your needs without breaking it. You can start with the source code for s_client and s_server in the OpenSSL source distribution, or look at various other open source SSL clients to learn how they use SSL. Don't copy the code into your own project unless you understand and are willing to accept the license... SSL clients and/or servers: - s_client, s_server - curl, wget, ... other command-line HTTPS clients - stunnel and any other TLS proxies - Postfix, Sendmail, ... other TLS enabled MTAs - ... Eric Rescorla's book may also be a good starting point. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: A question regarding Maximum Fragment Length
ok. That sounds good. But, what I'm seeing is that the SSL client hangs when the message size is more than 16KB. Do I need to break this large message up in smaller chunks or can I use SSL_write to send the whole message in one shot? Thanks. Animesh On Fri, May 15, 2009 at 3:50 PM, Kyle Hamilton wrote: > No matter what you do, the "maximum fragment length" -- the MTU -- is > going to break all of your communications down into smaller packets. > > TLS, in its basic form, is designed to be as close as possible to a > replacement for read() and write() -- you read from the connection, > you write to the connection. It doesn't matter if there are multiple > 'TLS records' in between -- that's all handled by the protocol, and > each record adds a relatively miniscule overhead to the stream. > > Due to how the protocol works (please see RFC 4346 for TLS 1.1 and RFC > 2426 for TLS 1.0), the specification says 2^14 is the maximum size of > a fragment, which is 16KB. (Note that this 16KB must also include the > HMAC.) It can be reduced by the extension introduced in RFC 3546 > (maximum fragment length notification), but it can never be raised. > The application writes data to the TLS layer, the TLS layer encodes it > in a standard way such that the other end can decode it, and the other > end presents the data to its application layer without regard for how > the TLS protocol broke it out. > > Basically: Build your application without regard for the size of the > data you need to send. The TLS layer's contract is that it will, in > the ideal case of no active attack, get the data you send to the > remote side in a way that the remote side can handle. > > (If you were contracting UPS to deliver a package, you wouldn't tell > them how to do their job... why are you trying to tell TLS, which is > what you're contracting with, how to do its job?) > > -Kyle H > > On Thu, May 14, 2009 at 2:52 PM, Animesh Chowdhury > wrote: > > Hi, > > I've run into an problem where the data that I need to send to the client > is > > more than 16KB. How do I set up the session so that I can do the maximum > > fragment length negotiation ? > > Any example code related to this will be extremely helpful. > > I'm using openssl0.9.8j . > > Also if someone can tell me since which release openssl supports this TLS > > extension that'll be great. > > Much appreciated. > > Thanks. > > Animesh > > > > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- "We stand by your parents" - Visit www.nriparentalcare.com for more details. For your international travel needs visit www.gangestravels.com
Re: A question regarding Maximum Fragment Length
No matter what you do, the "maximum fragment length" -- the MTU -- is going to break all of your communications down into smaller packets. TLS, in its basic form, is designed to be as close as possible to a replacement for read() and write() -- you read from the connection, you write to the connection. It doesn't matter if there are multiple 'TLS records' in between -- that's all handled by the protocol, and each record adds a relatively miniscule overhead to the stream. Due to how the protocol works (please see RFC 4346 for TLS 1.1 and RFC 2426 for TLS 1.0), the specification says 2^14 is the maximum size of a fragment, which is 16KB. (Note that this 16KB must also include the HMAC.) It can be reduced by the extension introduced in RFC 3546 (maximum fragment length notification), but it can never be raised. The application writes data to the TLS layer, the TLS layer encodes it in a standard way such that the other end can decode it, and the other end presents the data to its application layer without regard for how the TLS protocol broke it out. Basically: Build your application without regard for the size of the data you need to send. The TLS layer's contract is that it will, in the ideal case of no active attack, get the data you send to the remote side in a way that the remote side can handle. (If you were contracting UPS to deliver a package, you wouldn't tell them how to do their job... why are you trying to tell TLS, which is what you're contracting with, how to do its job?) -Kyle H On Thu, May 14, 2009 at 2:52 PM, Animesh Chowdhury wrote: > Hi, > I've run into an problem where the data that I need to send to the client is > more than 16KB. How do I set up the session so that I can do the maximum > fragment length negotiation ? > Any example code related to this will be extremely helpful. > I'm using openssl0.9.8j . > Also if someone can tell me since which release openssl supports this TLS > extension that'll be great. > Much appreciated. > Thanks. > Animesh > > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: A question regarding Maximum Fragment Length
On Thu May 14 2009, Animesh Chowdhury wrote: > Hi, > I've run into an problem where the data that I need to send to the client is > more than 16KB. How do I set up the session so that I can do the maximum > fragment length negotiation ? > Any example code related to this will be extremely helpful. > I'm using openssl0.9.8j . > Also if someone can tell me since which release openssl supports this TLS > extension that'll be great. > Much appreciated. > Thanks. > Animesh > Q: Why? This is a stream protocol - dump your data in at this end, it shows up at the other. Who cares what happens to it in-between? Even if you could reliably discover the maximum mtu along the path (at the moment) to the destination - that might well change before (or during) the data transmission outside of your control. That is just the way TCP/IP works - which is what is transporting your session and data. Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
A question regarding Maximum Fragment Length
Hi, I've run into an problem where the data that I need to send to the client is more than 16KB. How do I set up the session so that I can do the maximum fragment length negotiation ? Any example code related to this will be extremely helpful. I'm using openssl0.9.8j . Also if someone can tell me since which release openssl supports this TLS extension that'll be great. Much appreciated. Thanks. Animesh
RE: A question about mal-formed private keys
Steve, Just so I'm clear, what I hear you saying is that when I re-encrypt the RSA private key with the new password, that the error is not propagated to the new private key file and that corresponds to what I see when I subsequently decrypt the new encrypted private key because I no longer get the "No Octet..." warning message. That leaves me with the question of why IBM's DCM would fail when importing the output of the pkcs12 export. According to IBM's documentation, DCM requires validly formatted PKCS12 V2 files. The OpenSSL documentation doesn't mention V2, but does cite PFX, which I thought was generally considered to be V1, so the question arises are the PKCS#12 produced by OpenSSL V2? Bob -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Wednesday, April 22, 2009 12:42 PM To: openssl-users@openssl.org Subject: Re: A question about mal-formed private keys On Wed, Apr 22, 2009, Bob Barnes wrote: > I've been working with OpenSSL to try and convert an existing > private key generated by an old SSL software package and during the > process of using > PKCS8 to decrypt from the "Encrypted Private Key" to the "RSA Private > Key" I get an error "No Octet String in PrivateKey". My understanding > is that this is due to some improper encoding, which OpenSSL is able > to work around. I'm able to successfully re-encrypt the resulting > private key with a new password and to combine that private key with > the certificate chain using > PKCS12 into what appears to be a valid PKCS12 file, however, the > resulting file is not importable into IBM's DCM due to an "ASN1 > encoding error". I suspect that this may be due to the original > encoding problem, although I'm not certain. Assuming that's the case, > can someone give me an explanation of the "No Octet..." error and is > OpenSSL capable of correcting the original encoding problem either > during the original decryption or at some other point in the process or is that simply not possible. > The encoding error is just something OpenSSL tolerates in the key format. It is not propagated to other formats which use the right form. I'd suggest messing round with some of the options such as -nomaciter and alternative certificate and key encryption algorithms. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: A question about mal-formed private keys
On Wed, Apr 22, 2009, Bob Barnes wrote: > Steve, > > Just so I'm clear, what I hear you saying is that when I re-encrypt the > RSA private key with the new password, that the error is not propagated to > the new private key file and that corresponds to what I see when I > subsequently decrypt the new encrypted private key because I no longer get > the "No Octet..." warning message. That leaves me with the question of why > IBM's DCM would fail when importing the output of the pkcs12 export. > According to IBM's documentation, DCM requires validly formatted PKCS12 V2 > files. The OpenSSL documentation doesn't mention V2, but does cite PFX, > which I thought was generally considered to be V1, so the question arises > are the PKCS#12 produced by OpenSSL V2? > I'm not sure what they mean by "V2" there isn't a PKCS#12 V2 AFAIK. There were various revisions of the standard and OpenSSL should be compatible with them all. The latest version on RSA's site is listed as "Version 1.0". The MAC iteration count was added quite late on in the original spec which is what I suggested trying -nomaciter. If you can get DCM to produce a sample PKCS#12 file see if OpenSSL can parse it. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: A question about mal-formed private keys
On Wed, Apr 22, 2009, Bob Barnes wrote: > I've been working with OpenSSL to try and convert an existing private key > generated by an old SSL software package and during the process of using > PKCS8 to decrypt from the "Encrypted Private Key" to the "RSA Private Key" I > get an error "No Octet String in PrivateKey". My understanding is that this > is due to some improper encoding, which OpenSSL is able to work around. I'm > able to successfully re-encrypt the resulting private key with a new > password and to combine that private key with the certificate chain using > PKCS12 into what appears to be a valid PKCS12 file, however, the resulting > file is not importable into IBM's DCM due to an "ASN1 encoding error". I > suspect that this may be due to the original encoding problem, although I'm > not certain. Assuming that's the case, can someone give me an explanation of > the "No Octet..." error and is OpenSSL capable of correcting the original > encoding problem either during the original decryption or at some other > point in the process or is that simply not possible. > The encoding error is just something OpenSSL tolerates in the key format. It is not propagated to other formats which use the right form. I'd suggest messing round with some of the options such as -nomaciter and alternative certificate and key encryption algorithms. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
A question about mal-formed private keys
I've been working with OpenSSL to try and convert an existing private key generated by an old SSL software package and during the process of using PKCS8 to decrypt from the "Encrypted Private Key" to the "RSA Private Key" I get an error "No Octet String in PrivateKey". My understanding is that this is due to some improper encoding, which OpenSSL is able to work around. I'm able to successfully re-encrypt the resulting private key with a new password and to combine that private key with the certificate chain using PKCS12 into what appears to be a valid PKCS12 file, however, the resulting file is not importable into IBM's DCM due to an "ASN1 encoding error". I suspect that this may be due to the original encoding problem, although I'm not certain. Assuming that's the case, can someone give me an explanation of the "No Octet..." error and is OpenSSL capable of correcting the original encoding problem either during the original decryption or at some other point in the process or is that simply not possible. thanks, Bob
RE: a question about "SSL_CTX_free"
> Guys:
> I have a listening socket, waiting for connections from clients. When a
> client connects to my server, I put SSL on socket and spin up a thread
> to handle it. One client is one thread. All of these connections are
> shared by same SSL_CTX ctx. This is the way I handle at the end of this
> connection:
>
> 1. If (SSL_shutdown(ssl))
> 2. {
> 3. SSL_free(ssl);
> 4. SSL_free_ctx();
> 5 close(socket);
> 6. }
> 7. Else
> 8. {
> 9. Throw exception(...);
> 10. }
>
> Is the right way to do??? Do I need both lines 3 and 4? Please help.
There is no way to tell from just the snippet you posted. That piece of code
might have a reference to the context or it might not. If it does, then
freeing the context is correct if and only if the code will no longer use
the context. If it does not, then it's an error.
For example, if the code is:
1) Acquire a reference to the context.
2) Do some stuff
3) That snippet
4) Do some more stuff with the context.
Then you should not free the context, because you are still using it. If the
code is:
1) Acquire a reference to a context (say, by creating it).
2) Create an SSL session using that context.
3) Release the context because we don't use it anymore (though the session
does)
4) That snippet
5) Do nothing else with the context
Then it's still wrong, because that snippet has no reference to the context.
However, if it's:
1) Grab the SSL session, but don't do anything with its context
2) That snippet
3) Do nothing further with the context
Then it's an error to release the context, because you never had a reference
to it.
If it's:
1) Create the context.
2) Create an SSL session using that context. (Now, both this code and that
session have a reference.)
3) That snippet.
4) Nothing else with the context.
Then it's correct, because the session releases its own reference, but the
code has to release its reference.
DS
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
RE: a question about "SSL_CTX_free"
> > or i should close all ssl connections based on a ctx before i > call SSL_CTX_free? > Yes, you should. Huh? Why? What would be the point of having a reference count if you had to get rid of all other references before you could release your own? A chunk of code should call SSL_CTX_free as soon as it is done with that context. It doesn't have to worry about what other code might be using that same context because that code has its own reference. SSL_CTX_free is like saying "I am done with this context, and if nobody else is using it, it can be deleted". DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: a question about "SSL_CTX_free"
Guys:
I have a listening socket, waiting for connections from clients. When a
client connects to my server, I put SSL on socket and spin up a thread
to handle it. One client is one thread. All of these connections are
shared by same SSL_CTX ctx. This is the way I handle at the end of this
connection:
1. If (SSL_shutdown(ssl))
2. {
3. SSL_free(ssl);
4. SSL_free_ctx();
5 close(socket);
6. }
7. Else
8. {
9. Throw exception(...);
10. }
Is the right way to do??? Do I need both lines 3 and 4? Please help.
Thank You
TD
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Schwartz
Sent: Monday, January 08, 2007 21:38
To: openssl-users@openssl.org
Subject: RE: a question about "SSL_CTX_free"
> guys:
>
> the man page for "SSL_CTX_free" says:
> SSL_CTX_free() decrements the reference count of ctx, and removes the
> SSL_CTX object pointed to by ctx and frees up the allocated memory if
> the the reference count has reached 0.
> i have a couple of questions regarding this:
>
> 1. what make the reference count of ctx increase/decrease?
Any time another object is created that references it.
> 2. if i call SSL_CTX_free, does that mean all ssl connections based on
> this ctx will be closed automatically? or i should close all ssl
> connections based on a ctx before i call SSL_CTX_free?
Calling SSL_CTX_free is perfectly safe if you have a reference to the
context and do not plan to use it further. Existing connections will not
be harmed because they have their own references to the context, and the
context will not be freed until its reference count reaches zero.
DS
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: a question about "SSL_CTX_free"
Hello, > 1. what make the reference count of ctx increase/decrease? SSL_new()/SSL_free() for example. > 2. if i call SSL_CTX_free, does that mean all ssl connections based on this > ctx will be closed automatically? No. > or i should close all ssl connections based on a ctx before i call > SSL_CTX_free? Yes, you should. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: a question about "SSL_CTX_free"
> guys: > > the man page for "SSL_CTX_free" says: > SSL_CTX_free() decrements the reference count of ctx, and removes > the SSL_CTX object pointed to by ctx and frees up the allocated > memory if the the reference count has reached 0. > i have a couple of questions regarding this: > > 1. what make the reference count of ctx increase/decrease? Any time another object is created that references it. > 2. if i call SSL_CTX_free, does that mean all ssl connections > based on this ctx will be closed automatically? or i should close > all ssl connections based on a ctx before i call SSL_CTX_free? Calling SSL_CTX_free is perfectly safe if you have a reference to the context and do not plan to use it further. Existing connections will not be harmed because they have their own references to the context, and the context will not be freed until its reference count reaches zero. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
a question about "SSL_CTX_free"
guys: the man page for "SSL_CTX_free" says: SSL_CTX_free() decrements the reference count of ctx, and removes the SSL_CTX object pointed to by ctx and frees up the allocated memory if the the reference count has reached 0. i have a couple of questions regarding this: 1. what make the reference count of ctx increase/decrease? 2. if i call SSL_CTX_free, does that mean all ssl connections based on this ctx will be closed automatically? or i should close all ssl connections based on a ctx before i call SSL_CTX_free? tia. chong peng __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: i have a question ragarding self-signed certificate
Recall that even the 'ca' certificate is ultimately self-signed. So your question is really about why some self-signed certificates are more trusted than others. In some fashion you could ask this question about any typical 'brand name' store. Why is Store-X trusted more than Store-Y? Simply because more people (or at least the person in question) has more experience with Store-X. Similarly for any particular self-signed CA cert, although we replace experience here with 'it is already in my certificate store', it is more trusted if the client knows about it already. Now what if Store-Y isn't a chain store. Instead it is a little local boutique? Perhaps there isn't a need/expectation that a brand name and national marketing campaign is required; but they'd still like people to recognize their letterhead. So a logo and a local 'brand' is all that is required. Similarly if all I want is for people to recognize my self-signed certificate I don't really need a CA, a pki hierarchy and all that. One self signed certificate should be enough... If I've made things confusing with my metaphor you could also just think about the model for ssh... it is often valuable just to be able to know you're communicating with the same person you communicated with last time. - max On Oct 13, 2006, at 5:02 PM, Chong Peng wrote: guys: we all know that a ca-signed certificate can provide authentication because the ca is trustable, by using ca-signed certificate, one is saying "i am somebady because the ca says so". but it seems that a self-signed certificate _cannot_ provide any authentication at all, because by using self-signed certificate, one is saying "i am somebody because i say so". if my understanding is correct, then why self-signed certificate is still used? thanks. chong peng __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
i have a question ragarding self-signed certificate
guys: we all know that a ca-signed certificate can provide authentication because the ca is trustable, by using ca-signed certificate, one is saying "i am somebady because the ca says so". but it seems that a self-signed certificate _cannot_ provide any authentication at all, because by using self-signed certificate, one is saying "i am somebody because i say so". if my understanding is correct, then why self-signed certificate is still used? thanks. chong peng __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: A question about SSL connection reopen
Zhang, Long (Roger) wrote:
> I have created a TLS connection with SSL_connect(ssl) successfully.
...SNIP..
Ah you're asking on the correct list now, you might get a useful answer.
I think you may need to call SSL_clear() after SSL_shutdown() and before
SSL_connect().
But if you are re-using the same channel of communication I would advise
you handle SSL_shutdown() correctly and keep calling it until you get
back the exact return value of 1. Check the man page for the exact details.
After getting back the return value 1, you can be sure that all data
that needs to be transmitted to the remote has been flush and all the
remotes data coming back other other way has been flushed and halted.
Then you can call SSL_clear() to reset to state and start again.
The purist sequence would look something like this:
while(1) {
int ret = SSL_shutdown(ssl);
if(ret == 1)
break;
if(ret < 0)
check_for_fatal_errors_and_take_action(ssl);
/* sink the inbound data */
ret = SSL_read(ssl, somebuf, somebuflen);
if(ret < 0)
check_for_fatal_errors_and_take_action(ssl);
/* expect SSL_ERROR_ZERO_RETURN thats valid non-fatal error */
}
At least thats the way I understand it to work.
Darryl
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
A question about SSL connection reopen
Hi, I have created a TLS connection with SSL_connect(ssl) successfully. Then I call SSL_shutdown(ssl) to close the TLS connectio sussessfully. Thenn I want to do the reopen with SSL_connect(ssl) . But I found it failed. The return value from ::SSL_get_error (ssl, status) is SSL_ERROR_SYSCALL, and status is 0. From page http://www.openssl.org/docs/ssl/SSL_get_error.html The error means "Some I/O error occurred". and status is 0 means "an EOF was observed that violates the protocol". The problem is not seen when the peer and my party running on the same system. It is seen the peer is other system running SSL application. I want to know if the already close ssl could not be used for SSL_connect() again. Anyone can help? Thanks, Roger __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
A question about SSL connection reopen
Hi, I have created a TLS connection with SSL_connect(ssl) successfully. Then I call SSL_shutdown(ssl) to close the TLS connectio sussessfully. Thenn I want to do the reopen with SSL_connect(ssl) . But I found it failed. The return value from ::SSL_get_error (ssl, status) is SSL_ERROR_SYSCALL, and status is 0. From page http://www.openssl.org/docs/ssl/SSL_get_error.html The error means "Some I/O error occurred". and status is 0 means "an EOF was observed that violates the protocol". The problem is not seen when the peer and my party running on the same system. It is seen the peer is other system running SSL application. I want to know if the already close ssl could not be used for SSL_connect() again. Anyone can help? Thanks, Roger __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: a question about loading private key and certificate to the ssl ctx
is this supposed to be an answer? View this message in context: Re: a question about loading private key and certificate to the ssl ctx Sent from the OpenSSL - User forum at Nabble.com.
a question about loading private key and certificate to the ssl ctx
guys: usually, we use the following two apis to load key/certificate: int SSL_CTX _use_certificate_file(SSL_CTX *ctx, const char *file, int type);int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); this, if i understand right, requires a private key and certificate to be generate off line and saved in a disk file. if i have an embedded system that canot read from a disk or any other media, how can i input the key/certificate to the ssl context? i noticed that there are other apis defined to input key/certificate to the ssl context, such as: int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); does this mean that i can generate a certificate of type X509 and a private key of type EVP_PKEY in my code and then load them to the ssl context? if it is, how can i do that? what i am thinking is that each time when my embedded system bootup, i will generate a key/certificate (self signed) and load them to my ssl context. is this doable? thanks in advance. chong peng
RE: a question about building openssl
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of George R Goffe > Sent: 30 December 2005 22:09 > To: openssl-users@openssl.org > Subject: a question about building openssl > > Howdy, > > I have looked a little on the web sites for the answer to this > question but don't see one redily available. I am building openssl > on a redhat 9 system. My question is, "why is /usr/local/bin > hardcoded througout the distribution?" RedHat installs perl it in > /usr/bin and I have to fool around to get the build to work. > Why not create a symlink from /usr/local/bin/perl to /usr/bin/perl instead? You can install openssl in /usr/bin, however that would break several other programs in Red Hat 9, for example the openssh package so this isn't advisable. This is detailed in the FAQ at http://www.openssl.org/support/faq.html#BUILD8/. I really should update this section so that it never goes out of date! To the best of my knowledge the openssl that comes with Red Hat 9 is complete apart from not having new features and not using the patented MDC-2, IDEA and and RC5 algorithms. -- John Airey, BSc (Jt Hons), CNE, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] On April 24th 2006 I'll be running in the London Marathon. Then on July 10th 2006 I'll be riding in the Etape du Tour from Gap to Alpe D'Huez, a distance of 188km. Finally on October 1st 2006 I'll be running in the Great North Run. I hope to raise £2000 for RNIB through all these events. You can sponsor me online at http://justgiving.com/rnibetape. -- DISCLAIMER: NOTICE: The information contained in this email and any attachments is confidential and may be privileged. If you are not the intended recipient you should not use, disclose, distribute or copy any of the content of it or of any attachment; you are requested to notify the sender immediately of your receipt of the email and then to delete it and any attachments from your system. RNIB endeavours to ensure that emails and any attachments generated by its staff are free from viruses or other contaminants. However, it cannot accept any responsibility for any such which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
a question about building openssl
Howdy, I have looked a little on the web sites for the answer to this question but don't see one redily available. I am building openssl on a redhat 9 system. My question is, "why is /usr/local/bin hardcoded througout the distribution?" RedHat installs perl it in /usr/bin and I have to fool around to get the build to work. Regards and thanks for your time, George... = _/_/_/_/ _/_/_/_/ _/_/_/_/ _/_/_/ _/_/_/_/ _/_/_/_/ - _/ _/ _/_/ _/_/ _/ _/ _/ _/_/ _/_/_/_/ _/_/ _/_/_/ _/ _/_/ _/_/_/_/ - _/_/ _/ _/_/ _/ _/ _/_/ _/ _/_/_/_/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/_/_/_/ - "It's not what you know that hurts you, It's what you know that ain't so." Will Rogers __ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
i have a question
hello I read this email http://www.mail-archive.com/openssl-users@openssl.org/msg10920.html I have the same question, but i don't understand its answers please reply me if you know it now. very very thank you Yahoo! for Good Click here to donate to the Hurricane Katrina relief effort.
RE: A question about openssl used library
> Dear all: > I have a question about used libraries by openssl toolkits. > OpenSSL toolkits includes three modules: libssl.a ,libcrypto.a > ,and openssl. > Can I only use the command line tool "openssl" > independently without use any library like "libcrypto.so.0.9.8" ?? It all depends upon how the command line tool was built. On some platforms, the command 'ldd openssl' will tell you if it requires any libraries. DS __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
A question about openssl used library
Dear all: I have a question about used libraries by openssl toolkits. OpenSSL toolkits includes three modules: libssl.a ,libcrypto.a ,and openssl. Can I only use the command line tool "openssl" independently without use any library like "libcrypto.so.0.9.8" ?? regards. Eric. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: A question about ENGINE
On Wed, Jul 23, 2003, Michiels Olivier wrote: > Hi, > I've developped my own ENGINE with OpenSSL. I use that ENGINE to use the > private keys of my root certificates. Those certificates are used to > sign X509 certificates, CRLs and OCSP responses. > On the other part, one of my component that use the ENGINE must open a > ssl connection, the private key and the certificate are not used by the > ENGINE. > My question is, how can I setup a ssl connection without having the > ENGINE used by the SSL connection ? > If the SSL private keys aren't ENGINE specific then the SSL connection will use the default implementation of the relevant algorithms. If the code that loads your ENGINE replaces the default implementation then it will be used for SSL. You can however make private keys ENGINE specific so the relevant routines call the ENGINEs own private key code and don't use the default implementation. This is handled when the keys are initialized. If they call RSA_new() which ends up calling RSA_new_method(NULL) then they will use the default implementation. If instead they are initialized with RSA_new_method(engine) then they will always use 'engine'. So the solution to your case would be to not replace the default ENGINE implementation and to initialize the keys you want to use the ENGINE appropriately. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
A question about ENGINE
Hi, I've developped my own ENGINE with OpenSSL. I use that ENGINE to use the private keys of my root certificates. Those certificates are used to sign X509 certificates, CRLs and OCSP responses. On the other part, one of my component that use the ENGINE must open a ssl connection, the private key and the certificate are not used by the ENGINE. My question is, how can I setup a ssl connection without having the ENGINE used by the SSL connection ? Thanks, Michiels Olivier
Re: A question!
On 02-03-26 14:29:47 CET, chenhaiyong wrote: > Dear webmaster: who? > When I use the openssl command: > > openssl req -config filename -new -x509 -days > 365 -key ca.key -out ca.crt > > to create a self signed certificate(ca.key is the > file where the CA's private key is put),what puzzles > me so much is that where is the CA's public key?I > can't find any information about it. it's inside the ca.key file. if you look at e.g. a RSA private key file, you see the modulus, the public exponent, the private exponent, prime1, prime2, exponent1, exponent2 and coefficient. the public key you can see in the certificate is the first of those two parts. > 汽车 -- 永不厌倦的话题 this is interesting. in my xterm i see half of those characters. is there any difference you can think of why 汽 永不 倦的 get displayed properly and 车 厌 话题 are only hollow boxes? rj __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: I've a question about OCSP
Francesco Dal Bello wrote: > > Hi. > > I have to build an OCSP client. I've download "openssl-0.9.6c.tar.gz", but I don't >find right headers referring to this argument. > Where do I find those headers? How is OpenSSL implementing this protocol? > OCSP support was added in 0.9.7, it isn't in any earlier versions. 0.9.7 hasn't been released yet and no firm date has been set though we're "moving towards" 0.9.7 release... Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
I've a question about OCSP
Hi. I have to build an OCSP client. I've download "openssl-0.9.6c.tar.gz", but I don't find right headers referring to this argument. Where do I find those headers? How is OpenSSL implementing this protocol? Thanks Francesco Dal Bello __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
I've a question about OCSP
Hi. I would build a client OCSP requestor. I've download "openssl-0.9.6c.tar.gz", but I don't find right headers referred to this argument. How do I find those headers? How is OpenSSL implementing this protocol? Best regards FDB __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: a question about encrypt and decrypt using EVP interface
> memcpy(iv, "12345678", 8); > EVP_BytesToKey(EVP_idea_cbc(), EVP_md5(), "salt", pw, > strlen(pw), 1, key, > iv); The salt value should be at least 8 bytes long - you're getting 3 random bytes here. You don't need to specify an iv value as this function creates it. - Dale. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
a question about encrypt and decrypt using EVP interface
hi,
I used EVP interface to encrypt and decrypt,but after I encrypted ,I
couldn't decrypt it . Why?
Any help is appreciated!
void do_cipher(char *pw, int operation,char * InBuf,int InLen,char *
OutBuf,int *OutBuflen)
{
//operation:0:DECRYPT
// 1:ENCRYPT
unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH];
/* unsigned int ekeylen, net_ekeylen; */
EVP_CIPHER_CTX ectx;
memcpy(iv, "12345678", 8);
EVP_BytesToKey(EVP_idea_cbc(), EVP_md5(), "salt", pw, strlen(pw), 1, key,
iv);
EVP_CipherInit(&ectx, EVP_idea_cbc(), key, iv, operation);
EVP_CipherUpdate(&ectx, OutBuf, OutBuflen, InBuf, InLen);
EVP_CipherFinal(&ectx, OutBuf, OutBuflen);
}
void main(void)
{
char InBuf[512],OutBuf[512+8],OutBuf2[512+8];
int i,OutLen;
for(i=0;i<8;i++) InBuf[i]=30+i;
do_cipher("test",1,InBuf,8,OutBuf,&OutLen); //OutLen=8
do_cipher("test",0,OutBuf,8,OutBuf2,&OutLen); //but now OutLen=0
}
_
Äú¿ÉÒÔÔÚ MSN Hotmail Õ¾µã http://www.hotmail.com/cn Ãâ·ÑÊÕ·¢µç×ÓÓʼþ
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
RE: a question about install
You can also use the DOS "SHELL" command to increase environment space. Details can be gathered from a DOS 6.0-6.22 machine. Windoze doesn't have any information on it, AFAIK. - John Airey Internet Systems Support Officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] > -Original Message- > From: Jonas Jakobsson [mailto:[EMAIL PROTECTED]] > Sent: 06 April 2001 01:03 > To: [EMAIL PROTECTED] > Subject: Re: a question about install > > > > > before i comple the openssl,i use the vcvars32.bat in the directory > D:\Program Files\Microsoft Visual Studio\VC98\Bin > > but it tell me that out of the environment space,what shoud i do ! > > > I had the same problem. > The soultion was in my case was to cut down the size of my > path variable in > config.sys, restart > and run the vcvars.bat in the dos box. > Or, you could modify the shortcut to the dos-box to use your > own modified > config.sys. > > just my 2 cents > /Jonas Jakobsson > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: a question about install
> before i comple the openssl,i use the vcvars32.bat in the directory D:\Program Files\Microsoft Visual Studio\VC98\Bin > but it tell me that out of the environment space,what shoud i do ! I had the same problem. The soultion was in my case was to cut down the size of my path variable in config.sys, restart and run the vcvars.bat in the dos box. Or, you could modify the shortcut to the dos-box to use your own modified config.sys. just my 2 cents /Jonas Jakobsson __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
a question about install
Hi,all before i comple the openssl,i use the vcvars32.bat in the directory D:\Program Files\Microsoft Visual Studio\VC98\Bin but it tell me that out of the environment space,what shoud i do !And another question ,i want to know how I.E support ssl.Do i need make any changes about I.E? thank you __ === ÐÂÀËÃâ·Ñµç×ÓÓÊÏä (http://mail.sina.com.cn) ÍøÀïÑ°Ëýǧ°Ù¶È!ûÓÐ"ÁÄÓÑËÙÅä",ÔõÄÜ"³ÉË«³É¶Ô"? (http://newchat.sina.com.cn) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: A Question
A QuestionPlease check out (http://www.openssl.org/docs/ssl/SSL_get_error.html#) and collect all possible error information before posting, including the underlying socket error code if applicable. Thank, _ Greg Stark Ethentica, Inc. [EMAIL PROTECTED] _ - Original Message - From: NG, Wei Yang To: '[EMAIL PROTECTED]' Cc: CHOONG, Woon Leng [Cheryn] Sent: Monday, April 02, 2001 3:09 AM Subject: A Question Hi, Hope that someone can help on this. I have modified a sample SSL server code obtained from OpenSSL to implement a simple SSL server. Previously the server was working fine until recently, the problem happens at SSL_accept. The SSL_accept return -1 value and when I use SSL_get_error to check on the error, I get SSL_ERROR_SYSCALL. I don't know how to proceed in pinalize the exact cause of this problem, pls help, thanks a lot. I attach here a sample of the SSL server source code for yr reference. <> Regards, Wayne __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
A Question
Title: A Question Hi, Hope that someone can help on this. I have modified a sample SSL server code obtained from OpenSSL to implement a simple SSL server. Previously the server was working fine until recently, the problem happens at SSL_accept. The SSL_accept return -1 value and when I use SSL_get_error to check on the error, I get SSL_ERROR_SYSCALL. I don't know how to proceed in pinalize the exact cause of this problem, pls help, thanks a lot. I attach here a sample of the SSL server source code for yr reference. <> Regards, Wayne opensslsrv.cpp
RE: A question about threads
> I'm still fighting against casual fall-downs with my server and OpenSSL. I > found an interesting point from OpenSSL man pages that mentioned two > important call back functions that have to be set. "locking_funktion" and > "id_function". If I understood correctly the id one is not > needed with NT or Linux... how about with Aix or Solaris? Is the > "locking_funktion" ment to offer OpenSSL some kind of locking service? F.ex. with > mutexes? If so might there be an example somewhere? I don't quite understand what kind the > function should be... Read the threads manual page http://www.openssl.org/docs/crypto/threads.html. Implementations of the functions for lots of o/s are in crypto/threads/th-lock.c - Dale. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: A question about threads
"Wirta, Ville" wrote:
>
> Hi all!
>
> I'm still fighting against casual fall-downs with my server and OpenSSL. I
> found an interesting point from OpenSSL man pages that mentioned two
> important call back functions that have to be set. "locking_funktion" and
> "id_function". If I understood correctly the id one is not needed with NT or
> Linux... how about with Aix or Solaris? Is the "locking_funktion" ment to
If on aix/solaris, the getpid() function does not return the thread id
for
your thread, then you need to provide id_function which would provide
the
thread id.
> offer OpenSSL some kind of locking service? F.ex. with mutexes? If so might
> there be an example somewhere? I don't quite understand what kind the
> function should be...
>
> Thanks for any help!
>
> Yours VW
Here is what somebody provided last time this question
was raised. It works for pthreads on RHLinux 6.1
void MultiThreadSetup(void)
{
for(int i=0; i < CRYPTO_NUM_LOCKS; i++)
{
pthread_mutex_init(&cryptoLocks[i], NULL);
}
CRYPTO_set_locking_callback((void(*)(int, int, const char*, int))
LockingCallback);
}
void MultiThreadCleanup(void)
{
CRYPTO_set_locking_callback(NULL);
}
static void LockingCallback(int mode, int type, char *file, int line)
{
if(mode & CRYPTO_LOCK)
{
pthread_mutex_lock(&cryptoLocks[type]);
}
else
{
pthread_mutex_unlock(&cryptoLocks[type]);
}
}
and include following in your .h
static void LockingCallback(int mode, int type,
char *file, int line);
static pthread_mutex_t cryptoLocks[CRYPTO_NUM_LOCKS];
void MultiThreadSetup(void);
void MultiThreadCleanup(void);
Bye
Shridhar.
Shridhar Bhat. [EMAIL PROTECTED]
PSPL,"Panini", 2A Senapati Bapat Rd.,Pune -16 Tel: 5676700 #ext 561
Quote for the day:
Don't ask the barber whether you need a haircut or a salesman if
his is a good price
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
A question about threads
Hi all! I'm still fighting against casual fall-downs with my server and OpenSSL. I found an interesting point from OpenSSL man pages that mentioned two important call back functions that have to be set. "locking_funktion" and "id_function". If I understood correctly the id one is not needed with NT or Linux... how about with Aix or Solaris? Is the "locking_funktion" ment to offer OpenSSL some kind of locking service? F.ex. with mutexes? If so might there be an example somewhere? I don't quite understand what kind the function should be... Thanks for any help! Yours VW __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: A question about distribute storage keys
Well I'm not Richard - but he is a really nice guy and I'm a nice guy too and have done some work on this before so I'll help you out. What you are speaking of is commonly known as a "secret sharing scheme". Most people start with shamir's secret sharing scheme. check out wei dai's crypt++ for an implementation. You should understand that secret sharing is as much in the theoretical realm as it is in the practical. It is nowhere near as straight forward as the traditional key management mechanisms (and even those are still being defined.) With secret sharing mechanisms - there are questions such as: - is the key generated centrally - i.e. with a dealer who can see all the portions before they are distributed - or is it it done in a distribute fashion - and conversely is the key combined centrally for signature verification allowing an unknown passive onlooker to pick out the relevent bits (no pun intended) Do a search on threshold cryptography. Get and read the final chapters of Doug Stinson's book Cryptography Theory and Practice Goto: http://cacr.math.uwaterloo.ca/~dstinson/ssbib.html for an up todate bibliography on secret sharing. Ultimately you'll be looking for the subject of "Threshold RSA" Regards, Andrew Gray __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
A question about distribute storage keys
Hi Mr Richard, For some reason, I was about to programme for a "distributed storage" for a private key. But I have no idea about how can do this. This is my problem: There are 6 people can hold the private key. When four of them meet together, they can restore the private key. But if less than 4, private key are still unable to restore, and the difficulty to get the key is almost the same to nobody involve. ( The private key is the RSA key.) Can you help me or give me some idea? Thank you. Regards, Congling
A question
Dear Sir/Madam: I am using openssl to build a CA. When I use "ca -revoke" to revoke a cert, it changes my index.txt, but did not enter it to the crl_revoke list of the crl.pem. What can I do with this problem? Qin,Xiangping Tsinghua, China __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
A question on crls
I have created a crl using the openssl command: ca -gencrl -config somepath/mypolicy.cnf -out anotherpath/mycrl.crl I have also tried to convert mycrl.crl to some other formats (DER, TXT); Whatever the format I use, Netscape Communicator refuses to load the crl and says: "The certificate revocation list you are trying to load has an invalid format" On the other hand when I issue the proper command to view the crl contents, I get a reasonable result: cmd: crl -in /home/ca/demoCA/crl/crl.crl -text answer: --- issuer= /C=IT/ST=Aurora/L=Shan Grilla/O=The Space Worlds/CN=Space Worlds CA lastUpdate=Mar 27 15:51:51 1999 GMT nextUpdate=Apr 26 15:51:51 1999 GMT revoked: serialNumber=05 revocationDate=Mar 27 13:05:54 1999 GMT revoked: serialNumber=04 revocationDate=Mar 27 10:37:11 1999 GMT Can someone help me and explain what is wrong, please? Thank you in advance for your help. -- Mario __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
