Re: Session not re-used when exported then re-imported.

2003-12-18 Thread Philip L Smith 
Hi Lutz

Have run with ssldump, there doesn't seem to be any session_id being 
sent from the client.

I presume it would show up something like session_id[32]=... under the 
C>S  Handshake section.

What else might I be doing wrong, or have not set ?

In overview this is what I do:

--- startup code ---
{
   // create an SSL structure
   if (!m_sslInitCalled)
   {
   SSL_load_error_strings();
   SSL_library_init();
   m_sslInitCalled = true;
   }
   m_pSslV23Method = SSLv23_client_method();
   m_pSslV23Ctx = SSL_CTX_new(m_pSslV23Method);
   // switch on bug workarounds
   SSL_CTX_set_options(m_pSslV23Ctx,SSL_OP_ALL);
   m_pSslMethod = m_pSslV23Method;
   m_pSslCtx = m_pSslV23Ctx;
   // only do the cleint cert setup if one is there
   if (!m_sslCertFile.empty())
   {
   // register the callback for the password
   SSL_CTX_set_default_passwd_cb(m_pSslCtx, SSLPassphraseCallback);
   // set userdata as password to use
   SSL_CTX_set_default_passwd_cb_userdata(m_pSslCtx, const_cast 
(m_sslPassword.c_str()));

   if (SSL_CTX_use_certificate_file(m_pSslCtx, 
m_sslCertFile.c_str(), SSL_FILETYPE_PEM) <= 0)
   {
   LogError("SSL certificate file NOT loaded", "", 0);
   //return -1;
   }

   if (SSL_CTX_use_PrivateKey_file(m_pSslCtx, 
m_sslCertFile.c_str(), SSL_FILETYPE_PEM) <= 0)
   {
   LogError("SSL key NOT loaded", "", 0);
   //return -1;
   }
   Trace ("SSL Key loaded","",0);

   if (!SSL_CTX_check_private_key(m_pSslCtx))
   {
   LogError("SSL Private key does not match the certificate 
public key", "", 0);
   //return -1;
   }

   Trace("SSL Client Cert Key checked OK", "", 0);
   }
   m_pSslV23Connection = SSL_new(m_pSslV23Ctx);

   m_pSslConnection = m_pSslV23Connection;

   Trace("CTcp::CTcp()","globalSessionID", CTcp::globalSessionId);
   // only do the following if the overall sessionid was set
   if (CTcp::globalSessionId != 0)
   {
   // load the session from disk
   FILE * filePtr;
   char fileString[128];
   sprintf(fileString, "/tmp/session_id.%d", CTcp::globalSessionId);
   Trace("Loading SSL Session",fileString,0);
   if ((filePtr = fopen(fileString,  "r")) != NULL)
   {
   Trace("Loading SSL Session from file",fileString,0);
   SSL_SESSION s;
   SSL_SESSION * ps;
   ps = &s;
   ps = PEM_read_SSL_SESSION(filePtr, &ps, NULL, NULL);
   ps = &s;
   ssl_session_print (ps);
   // force it to be used ?
   int added = 0;
   ps = &s;
   added = SSL_set_session(m_pSslV23Connection, ps);
   Trace("Setting SSL Session","SSL_set_session() 
m_pSslV23Connection",added);

   // close the file
   fclose(filePtr);
   }
   else
   {
   Trace("Loading SSL Session", "No session file present",0);
   }
   }
}
--- ~ startup code ---

The actual connection is fairly standard creating a socket connection then

int ret = SSL_set_fd(m_pSslConnection, sockfd);
ret = SSL_connect(m_pSslConnection);
Phil

Output from ssldump:

New TCP connection #23: 192.168.0.15(45440) <-> 62.232.26.100(443)
23 1  0.0114 (0.0114)  C>S  Handshake
 ClientHello
   Version 3.1
   cipher suites
   Unknown value 0x39
   Unknown value 0x38
   Unknown value 0x35
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
   TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
   TLS_RSA_WITH_3DES_EDE_CBC_SHA
   Unknown value 0x33
   Unknown value 0x32
   Unknown value 0x2f
   TLS_RSA_WITH_IDEA_CBC_SHA
   TLS_DHE_DSS_WITH_RC4_128_SHA
   TLS_RSA_WITH_RC4_128_SHA
   TLS_RSA_WITH_RC4_128_MD5
   TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
   TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
   TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5
   TLS_DHE_RSA_WITH_DES_CBC_SHA
   TLS_DHE_DSS_WITH_DES_CBC_SHA
   TLS_RSA_WITH_DES_CBC_SHA
   TLS_DHE_DSS_WITH_RC2_56_CBC_SHA
   TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
   TLS_RSA_EXPORT1024_WITH_RC4_56_MD5
   TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
   TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
   TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
   TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
   TLS_RSA_EXPORT_WITH_RC4_40_MD5
   compression methods
 NULL
23 2  0.0327 (0.0212)  S>C  Handshake
 ServerHello
   Version 3.1
   session_id[32]=
 59 1e 00 00 98 3b a5 c1 56 23 1a 2f f1 a9 a1 43
 01 a5 13 b1 f4 d2 fb 65 3b ac 44 1c f4 95 6a ad
   cipherSuite TLS_RSA_WITH_RC4_128_MD5
   compressionMethod   NULL
 Certificate
 ServerHelloDone
23 3  0.1246 (0.0919)  C>S  Handshake
 ClientKeyExchange
23 4  0.1246 (0.)  C>S  ChangeCipherSpec
23 5  0.1246 (0.)  C>S  Handshake
23 6  0.1544 (0.0298)  S>C  ChangeCipherSpec
23 7  0.1544 (0.)  S>C  Handshake
23 8  0.2347 (0.0802)  C>S  application_data
23 9  0.2927 (0.0579)  S>C  ap

Re: Session not re-used when exported then re-imported.

2003-12-18 Thread Dr. Stephen Henson 
On Thu, Dec 18, 2003, Philip L Smith wrote:

> Hi Lutz
> 
> Have run with ssldump, there doesn't seem to be any session_id being 
> sent from the client.
> 
> I presume it would show up something like session_id[32]=... under the 
> C>S  Handshake section.
> 
> What else might I be doing wrong, or have not set ?
> 
> In overview this is what I do:
> 
> 
>Trace("CTcp::CTcp()","globalSessionID", CTcp::globalSessionId);
>// only do the following if the overall sessionid was set
>if (CTcp::globalSessionId != 0)
>{
>// load the session from disk
>FILE * filePtr;
> 
>char fileString[128];
>sprintf(fileString, "/tmp/session_id.%d", CTcp::globalSessionId);
>Trace("Loading SSL Session",fileString,0);
> 
>if ((filePtr = fopen(fileString,  "r")) != NULL)
>{
>Trace("Loading SSL Session from file",fileString,0);
>SSL_SESSION s;
>SSL_SESSION * ps;
>ps = &s;
>ps = PEM_read_SSL_SESSION(filePtr, &ps, NULL, NULL);
>ps = &s;
>ssl_session_print (ps);
> 
>// force it to be used ?
>int added = 0;
>ps = &s;
>added = SSL_set_session(m_pSslV23Connection, ps);
>Trace("Setting SSL Session","SSL_set_session() 
> m_pSslV23Connection",added);
> 
>// close the file
>fclose(filePtr);
>}
>else
>{
>Trace("Loading SSL Session", "No session file present",0);
>}
>}
> }
> 
> --- ~ startup code ---
> 

This may not be the problem but that PEM stuff looks decidedly dodgy. Just do:

s = PEM_read_SSL_SESSION(filePtr, NULL, NULL, NULL);

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

SSL_R_DIGEST_CHECK_FAILED

2003-12-18 Thread Ken Snider 
We have a 0.9.6-based client talking to a 0.9.7a-based mod_ssl server.

The error the client is receiving is a handshake error 40 (0x28). The error
description generated in the Apache error log is:
Library Error: 336117909 error:1408C095:lib(20):func(140):reason(149)
lib 20: SSL Library
func 140: EC_F_EC_GROUP_GET_FINISHED
reason 149: SSL_R_DIGEST_CHECK_FAILED
..and is generated after the server receives the client response to the
ServerHello with certificate. The client response consists of a:
- ClientKeyExchange
- ChangeCipherSpec
- EncryptedHandshake
For this packet in question.

This does *not* happen against a 0.9.6-based mod_ssl of the same version of 
Apache.

Now, my questions.

1 - Has anyone seen this specific error before in an implementation? 
(SSL_R_DIGEST_CHECK_FAILED)?
2 - Is there a way to narrow down whether this error
is caused by the ClientKeyExchange or the EncryptedHandshake?

Any information would be appreciated. We're frankly scratching our heads as to 
where this problem is coming from.

--
Ken Snider
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Session not re-used when exported then re-imported.

2003-12-18 Thread Philip L Smith 


This may not be the problem but that PEM stuff looks decidedly dodgy. Just do:

s = PEM_read_SSL_SESSION(filePtr, NULL, NULL, NULL);
 

Hi Steve

This was it ! Not sure where I got it from anyway.

All is now running fine with the client sending the session_id in the 
resume string.

--

32 1  0.0113 (0.0113)  C>S  Handshake
 ClientHello
   Version 3.1
   resume [32]=
 17 08 00 00 ec 2e 7d 29 4f d6 1b d7 02 9d d0 31
 57 26 e3 48 81 82 f7 07 15 6a 31 c5 a0 39 e4 ea
   cipher suites
   Unknown value 0x39
   Unknown value 0x38
   Unknown value 0x35
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
   TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
   TLS_RSA_WITH_3DES_EDE_CBC_SHA
   Unknown value 0x33
   Unknown value 0x32
   Unknown value 0x2f
   TLS_RSA_WITH_IDEA_CBC_SHA
   TLS_DHE_DSS_WITH_RC4_128_SHA
   TLS_RSA_WITH_RC4_128_SHA
   TLS_RSA_WITH_RC4_128_MD5
   TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
   TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
   TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5
   TLS_DHE_RSA_WITH_DES_CBC_SHA
   TLS_DHE_DSS_WITH_DES_CBC_SHA
   TLS_RSA_WITH_DES_CBC_SHA
   TLS_DHE_DSS_WITH_RC2_56_CBC_SHA
   TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
   TLS_RSA_EXPORT1024_WITH_RC4_56_MD5
   TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
   TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
   TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
   TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
   TLS_RSA_EXPORT_WITH_RC4_40_MD5
   compression methods
 NULL
32 2  0.0274 (0.0161)  S>C  Handshake
 ServerHello
   Version 3.1
   session_id[32]=
 17 08 00 00 ec 2e 7d 29 4f d6 1b d7 02 9d d0 31
 57 26 e3 48 81 82 f7 07 15 6a 31 c5 a0 39 e4 ea
   cipherSuite TLS_RSA_WITH_RC4_128_MD5
   compressionMethod   NULL
32 3  0.0274 (0.)  S>C  ChangeCipherSpec
32 4  0.0274 (0.)  S>C  Handshake
32 5  0.1192 (0.0917)  C>S  ChangeCipherSpec
32 6  0.1192 (0.)  C>S  Handshake
32 7  0.2743 (0.1550)  C>S  application_data
32 8  0.2942 (0.0199)  S>C  application_data
320.5158 (0.2215)  C>S  TCP FIN
320.5312 (0.0153)  S>C  TCP FIN
--
Thanks for all your expert help.

Regards

Phil Smith

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

valgrind reports failures on examples

2003-12-18 Thread Scott Lamb 
I was getting a _lot_ of valgrind failures on my code using OpenSSL. I 
tried to simplify things by just running the examples included in the 
distribution. valgrind is still reporting a lot of bugs on all the 
examples. (428489 errors from 1928 contexts on ssl_test.)

Most of the errors seem to be in one of these classes:
- Conditional jump or move depends on uninitialised value(s)
- Use of uninitialized value
When I run it in my own code (which seems correct to me), I see this also:
- Syscall param write(buf) contains uninitialised or unaddressable byte(s)
which is pretty disturbing to me, since that means it's actually sending 
uninitialized memory.

Here's a shell session to show how I'm running valgrind:

[EMAIL PROTECTED] test]$ pwd
/tmp/openssl-0.9.7c/test
[EMAIL PROTECTED] test]$ valgrind --error-limit=no ./ssltest 2> sslerrors
TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 512 bit RSA
[EMAIL PROTECTED] test]$ head sslerrors
==5930== Memcheck, a.k.a. Valgrind, a memory error detector for x86-linux.
==5930== Copyright (C) 2002-2003, and GNU GPL'd, by Julian Seward.
==5930== Using valgrind-2.0.0, a program supervision framework for 
x86-linux.
==5930== Copyright (C) 2000-2003, and GNU GPL'd, by Julian Seward.
==5930== Estimated CPU clock rate is 1006 MHz
==5930== For more details, rerun with: -v
==5930==
==5930== Conditional jump or move depends on uninitialised value(s)
==5930==at 0x8065EA5: BN_bin2bn (in /tmp/openssl-0.9.7c/test/ssltest)
==5930==by 0x808DFBB: bnrand (in /tmp/openssl-0.9.7c/test/ssltest)
[EMAIL PROTECTED] test]$ tail sslerrors
==5930==at 0x806D3C4: lh_delete (in /tmp/openssl-0.9.7c/test/ssltest)
==5930==by 0x805EF5F: timeout (in /tmp/openssl-0.9.7c/test/ssltest)
==5930==by 0x805EFAE: timeout_LHASH_DOALL_ARG (in 
/tmp/openssl-0.9.7c/test/ssltest)
==5930==by 0x806D477: doall_util_fn (in 
/tmp/openssl-0.9.7c/test/ssltest)
==5930==
==5930== ERROR SUMMARY: 428489 errors from 1928 contexts (suppressed: 0 
from 0)
==5930== malloc/free: in use at exit: 644 bytes in 20 blocks.
==5930== malloc/free: 8639 allocs, 8619 frees, 407057 bytes allocated.
==5930== For a detailed leak analysis,  rerun with: --leak-check=yes
==5930== For counts of detected errors, rerun with: -v

Has anyone run these examples through valgrind before? Have you found 
similar problems?

Thanks,
Scott Lamb
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: valgrind reports failures on examples

2003-12-18 Thread Michal Dobaczewski 
Scott Lamb wrote:

Has anyone run these examples through valgrind before? Have you found 
similar problems?
Yes, I've had similar problems with openSSL 0.9.6. I was getting this 
kind of error messages when runing both my appllication and openssl 
s_client under valgrind.

So far I was unable to find any solution and unable to find any real 
problem with the application, besides those reports.

So I can't help you, but it seems it's not just you seeing this. I 
posted a question regarding this on this list on 2003-10-22 and included 
my Valgrind dumps there.

Regards,

Michal Dobaczewski.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: valgrind reports failures on examples

2003-12-18 Thread Scott Lamb 
Michal Dobaczewski wrote:
Scott Lamb wrote:

Has anyone run these examples through valgrind before? Have you found 
similar problems?


Yes, I've had similar problems with openSSL 0.9.6. I was getting this 
kind of error messages when runing both my appllication and openssl 
s_client under valgrind.

So far I was unable to find any solution and unable to find any real 
problem with the application, besides those reports.

So I can't help you, but it seems it's not just you seeing this. I 
posted a question regarding this on this list on 2003-10-22 and included 
my Valgrind dumps there.
Thanks for the reply.

There is a real problem, at least in the OpenSSL section of my own code. 
The unit tests sometimes crash. They give a report that malloc has gone 
re-entrant, which probably would happen whenever the heap gets corrupted 
enough that malloc crashes a first time. (I use the boost unit test 
suite, which plays some games with signals; it tries to recover from 
normally-fatal errors enough to give some additional diagnostics.)

I've looked over my own code, and I don't see anything wrong with it. 
That doesn't mean it's flawless, but these valgrind errors make me 
suspect OpenSSL.

Maybe I should also mention that my library and unit tests are 
multi-threaded. (I have defined the appropriate locking callbacks.) I 
could easily see how that'd aggravate any problems.

Regards,

Michal Dobaczewski.
Thanks,
Scott Lamb
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

NEWBIE: The man pages in a PDF file

2003-12-18 Thread mclellan, dave 
Title: NEWBIE: The man pages in a PDF file





Sorry, this is a really naïve question.  I'm really getting a lot out of the man pages once I figured out how to dig through it.  But it's time-consuming to pick and choose the sections to print.  

Does anyone know whether there a PDF version of the man pages somewhere in the world?  Individual sections?  


Dave McLellan --Consulting Software Engineer - SPEA Engineering
EMC Corporation
228 South St. Mail Stop: 228 LL/AA-24
Hopkinton, MA 01748  USA
+1-508-249-1257 F: +1-508-497-8030  [EMAIL PROTECTED]

Re: valgrind reports failures on examples

2003-12-18 Thread Scott Lamb 
Scott Lamb wrote:
Maybe I should also mention that my library and unit tests are 
multi-threaded. (I have defined the appropriate locking callbacks.) I 
could easily see how that'd aggravate any problems.
I forgot to mention: I'm also using a debug malloc library 
(). So when there are problems, it screams and 
dies instead of trying to move on.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: valgrind reports failures on examples

2003-12-18 Thread Lee Dilkie 
> Most of the errors seem to be in one of these classes:
> - Conditional jump or move depends on uninitialised value(s)
> - Use of uninitialized value
>
> When I run it in my own code (which seems correct to me), I
> see this also:
> - Syscall param write(buf) contains uninitialised or
> unaddressable byte(s)
>
> which is pretty disturbing to me, since that means it's
> actually sending
> uninitialized memory.
>

Can't speak for all the errors you are seeing but these "uninitialised"
memory errors are generally the result of OpenSSL's random number
generation. Random bytes generally get xor'ed into uninitialised (freshly
malloc-ed) memory and valgrind keeps track of that fact (xor-ing a known
value with an uninitialised value results in an uninitialised value as far
as valgrind is concerned). When it's time to use that memory (as when you
call a system function), an error is reported.

As I said, can't speak for your setup, but that's what I found when I
tracked down similar issues on my setup.

-lee

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: valgrind reports failures on examples

2003-12-18 Thread Andrew Mann 
	Syscall write(buf) contains uninitialized or unaddressable bytes 
doesn't mean that it's sending uninitialized memory.  I've run across 
this one a number of times when dealing with socket code.  If you 
allocate say a 64k buffer (~ max datagram size) and then call send() 
with a length of 100 bytes which are all initialized, you get this 
error.  Valgrind doesn't appear to have knowledge of what system calls 
do, so it doesn't know that there is a length parameter passed.  It does 
know that you passed a pointer to a buffer, how much space was allocated 
for that buffer (64k) and how much of it was initialized (100 bytes). 
If all of it wasn't initialized it will give this warning.
	I think it will even give this warning if you pass an uninitialized 
buffer to read() recv() or a similar call - which is normal use.  As 
with all automatic checking software, the warnings are things that might 
be an error, but aren't necessarily.  Use the locations provided in the 
output to go back and look at the code and see if it's really doing 
anything bad.

Andrew

Lee Dilkie wrote:
Most of the errors seem to be in one of these classes:
- Conditional jump or move depends on uninitialised value(s)
- Use of uninitialized value
When I run it in my own code (which seems correct to me), I
see this also:
- Syscall param write(buf) contains uninitialised or
unaddressable byte(s)
which is pretty disturbing to me, since that means it's
actually sending
uninitialized memory.


Can't speak for all the errors you are seeing but these "uninitialised"
memory errors are generally the result of OpenSSL's random number
generation. Random bytes generally get xor'ed into uninitialised (freshly
malloc-ed) memory and valgrind keeps track of that fact (xor-ing a known
value with an uninitialised value results in an uninitialised value as far
as valgrind is concerned). When it's time to use that memory (as when you
call a system function), an error is reported.
As I said, can't speak for your setup, but that's what I found when I
tracked down similar issues on my setup.
-lee

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: NEWBIE: The man pages in a PDF file

2003-12-18 Thread Ng Pheng Siong 
On Thu, Dec 18, 2003 at 01:03:55PM -0500, mclellan, dave wrote:
> Does anyone know whether there a PDF version of the man pages somewhere in
> the world?  Individual sections?  

pod2pdf may help: 

http://search.cpan.org/~ajfry/Pod-Pdf-1.2/scripts/pod2pdf

I'm sure POD indexers exist, so with some programming you can mix and match
and shake and stir to taste.

Cheers.

-- 
Ng Pheng Siong <[EMAIL PROTECTED]> 

http://firewall.rulemaker.net -+- All Your Rulebase Are Belong To You[tm]
http://sandbox.rulemaker.net/ngps -+- Open Source Python Crypto & SSL
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Windows version?

2003-12-18 Thread Christian Malone 
I'm sure this has to be a common question.
Where can I find a Windows command line version of OpenSSL?
(Or, how do you make one?)

Thanks.

Christian Malone

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Windows version?

2003-12-18 Thread Thomas J. Hruska 
At 06:44 PM 12/18/2003 -0800, Christian Malone writeth:
>I'm sure this has to be a common question.
>Where can I find a Windows command line version of OpenSSL?
>(Or, how do you make one?)

http://www.shininglightpro.com/search.php?searchname=Win32+OpenSSL

Hope this helps!


  Thomas J. Hruska -- [EMAIL PROTECTED]
Shining Light Productions -- "Meeting the needs of fellow programmers"
  http://www.shininglightpro.com/

`'*-~.,_,.~-*'`'*-~.,_,.~-*'`'*-~.,_,.~-*'`'*-~.,_,.~-*'`'*-~.,_,.~-*'`'*-~
  Tired of expensive $5,000+ web application servers like ColdFusion?
  Try Nuclear Vision today!

  http://internal.shininglightpro.com/search.nvm?searchname=Nuclear+Vision

  Announcing Nuclear Vision v1.1, a superior scripting language with
powerful features in a HTML-like syntax.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Libssl chooses wrong cipher suite during TLS authentication

2003-12-18 Thread Obermeier Markus ICM MP PD TS 
On Wed, Dec 17, 2003, Dr. Stephen Henson wrote:

> IIRC the client hello reports the supported ciphersuites in order of preference and 
> the OpenSSL server code will
> normally use the first one from that list that it supports. The actual ciphersuites 
> supported by the server may be
> less than those OpenSSL supports because some require DH parameters and others a DSA 
> certificate.

> It is possible to override the clients preference though and use a server preferred 
> ciphersuite.

> You could try disabling some ciphersuites with the server cipher string to see if 
> others will work.

Steve,

thanks for your explanation. I am very familiar with the protocol itself and 
understand your proposal, but I am a newbie to the openssl/libssl area.

Please can you give me some hint where I can change the parameters you were talking 
about since I have no idea.

Regards,
Markus


-Original Message-
From: Dr. Stephen Henson [mailto:[EMAIL PROTECTED] 
Sent: Mittwoch, 17. Dezember 2003 23:54
To: [EMAIL PROTECTED]
Subject: Re: Libssl chooses wrong cipher suite during TLS authentication


On Wed, Dec 17, 2003, Obermeier Markus ICM MP PD TS wrote:

> Dear all,
> 
> I am working on a EAP/TLS authentication with Freeradius and the 
> Odessey client. After a client hello message with a bunch of cipher 
> suites, the odyssey client receives a server hello message with one 
> cipher suites. It responds with a TLS Alert message that tells the 
> server the cipher suite selection has been fatal!
> 
> At the end I attached the complete protocol as well for further 
> studies.
> 
> How does Libssl choose the cipher suite?
> 

IIRC the client hello reports the supported ciphersuites in order of preference and 
the OpenSSL server code will normally use the first one from that list that it 
supports. The actual ciphersuites supported by the server may be less than those 
OpenSSL supports because some require DH parameters and others a DSA certificate.

It is possible to override the clients preference though and use a server preferred 
ciphersuite.

You could try disabling some ciphersuites with the server cipher string to see if 
others will work.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core 
developer and freelance consultant. Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Libssl chooses wrong cipher suite during TLS authentication

2003-12-18 Thread Lutz Jaenicke 
On Thu, Dec 18, 2003 at 08:02:46AM +0100, Obermeier Markus ICM MP PD TS wrote:
> On Wed, Dec 17, 2003, Dr. Stephen Henson wrote:
> 
> > IIRC the client hello reports the supported ciphersuites in order of preference 
> > and the OpenSSL server code will
> > normally use the first one from that list that it supports. The actual 
> > ciphersuites supported by the server may be
> > less than those OpenSSL supports because some require DH parameters and others a 
> > DSA certificate.
> 
> > It is possible to override the clients preference though and use a server 
> > preferred ciphersuite.
> 
> > You could try disabling some ciphersuites with the server cipher string to see if 
> > others will work.
> 
> Steve,
> 
> thanks for your explanation. I am very familiar with the protocol itself and 
> understand your proposal, but I am a newbie to the openssl/libssl area.
> 
> Please can you give me some hint where I can change the parameters you were talking 
> about since I have no idea.

man SSL_CTX_set_cipher_list
man SSL_CTX_set_options (see SSL_OP_CIPHER_SERVER_PREFERENCE)

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: unresolved symbol error on HP

2003-12-18 Thread Richard Levitte - VMS Whacker 
In message <[EMAIL PROTECTED]> on Wed, 17 Dec 2003 17:14:46 -0700, [EMAIL PROTECTED] 
said:

abalan> I used a preexisting build of openssl 0.9.7b, which was built on HP-UX
abalan> 11.00.
abalan> 
abalan> the command  I used to link the program together is;
abalan> 
abalan> ld -a default -b -o libtest.sl test.o -z +b : -L/usr/local/lib -lmqm -lc
abalan> -lCsup -lpthread -lisamstub -ldld -lnsl -lssl -lcrypto -lxnet

I'd suggest that you place '-lssl -lcrypto' much earlier, and that you
place '-lc' last.  ld is normally a one-pass linker, which means that
it resolves symbols using libraries from left to right.  This means
that if there are any unresolved symbols in libcrypto or ilbssl, it
will try to resolve them with the next -l arguments.  I doubt very
much that libxnet would contain the symbol __udivdi3...

-
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
You don't have to be rich, a $10 donation is appreciated!

-- 
Richard Levitte   \ Tunnlandsvägen 3  \ [EMAIL PROTECTED]
[EMAIL PROTECTED]  \ S-168 36  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Session not re-used when exported then re-imported.

2003-12-18 Thread Lutz Jaenicke 
On Wed, Dec 17, 2003 at 03:37:19PM +, Philip L Smith wrote:
> I connect fine from one process, display it's details using a version of 
> SSL_SESSION_print(out,x)
> (taken from sess_id.c), then save the session in use to a file
... 
> This is the output from the session that works
> 
> Protocol  : TLSv1
> Cipher: RC4-MD5
> Session-ID: 570C4ADA4D6E3CABB0A26535A1636E8E26A6939C2E97F13EB31DF1777376
> Session-ID-ctx:
> Master-Key: 
> 5B5A672CDB645FB6A1E79B53FF23F1447AC2CFE225DB28B7CE7BC14F1D8D3CBDDD10E9FCDC40A1F0DA5E9518D562A56D
> Key-Arg   :
> Start Time: 1071659840
> Timeout   : 300 (sec)
> Verify return code: 20 (unable to get local issuer certificate)
> 
> In the next process, I then re-load the session from disk and set it to 
> be the one to use
> (along with some other stuff put in to try and make it work).
...
>   // add to all contexts - 1 means not added as already in the cache
>   int added = 0;
>   added = SSL_CTX_set_session_cache_mode(m_pSslV23Ctx, 
> SSL_SESS_CACHE_CLIENT);
>   added = SSL_CTX_add_session(m_pSslV23Ctx, &s);
...

It should not be necessary to add the session to the CTX.

>   // force it to be used ?
>   added = SSL_set_session(m_pSslV23Connection, ps);
...

> ===
> 
> This is what is then displayed.
> 
> Protocol  : TLSv1
> Cipher: 0004
> Session-ID: 570C4ADA4D6E3CABB0A26535A1636E8E26A6939C2E97F13EB31DF1777376
> Session-ID-ctx:
> Master-Key: 
> 5B5A672CDB645FB6A1E79B53FF23F1447AC2CFE225DB28B7CE7BC14F1D8D3CBDDD10E9FCDC40A1F0DA5E9518D562A56D
> Key-Arg   :
> Start Time: 1071659840
> Timeout   : 300 (sec)
> Verify return code: 20 (unable to get local issuer certificate)
> 
> ===
> The Cipher is displayed as the cipher_id, as the cipher is NULL.

Yes. This is no problem in itself, as the cipher is a pointer to an
internal structure and thus cannot be saved, but the cipher id is
a re-usable value. The pointer will however automatically be
regenerated, but this will only happen during the actual negotiation.
So you cannot see it before starting the handshake.

...
 Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
...
  *) Bugfix: client side session caching did not work with external caching,
 because the session->cipher setting was not restored when reloading
 from the external cache. This problem was masked, when
 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
 (Found by Steve Haslam <[EMAIL PROTECTED]>.)
 [Lutz Jaenicke]

What version of OpenSSL are you using?

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Session not re-used when exported then re-imported.

2003-12-18 Thread Philip L Smith 


Lutz Jaenicke wrote:

On Wed, Dec 17, 2003 at 03:37:19PM +, Philip L Smith wrote:
 

I connect fine from one process, display it's details using a version of 
SSL_SESSION_print(out,x)
(taken from sess_id.c), then save the session in use to a file
   

... 
 

This is the output from the session that works

Protocol  : TLSv1
Cipher: RC4-MD5
Session-ID: 570C4ADA4D6E3CABB0A26535A1636E8E26A6939C2E97F13EB31DF1777376
Session-ID-ctx:
Master-Key: 
5B5A672CDB645FB6A1E79B53FF23F1447AC2CFE225DB28B7CE7BC14F1D8D3CBDDD10E9FCDC40A1F0DA5E9518D562A56D
Key-Arg   :
Start Time: 1071659840
Timeout   : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)

In the next process, I then re-load the session from disk and set it to 
be the one to use
(along with some other stuff put in to try and make it work).
   

...
 

	// add to all contexts - 1 means not added as already in the cache
	int added = 0;
	added = SSL_CTX_set_session_cache_mode(m_pSslV23Ctx, 
SSL_SESS_CACHE_CLIENT);
	added = SSL_CTX_add_session(m_pSslV23Ctx, &s);
   

...

It should not be necessary to add the session to the CTX.
 

I thought probably not, but was just trying other things...

 

	// force it to be used ?
	added = SSL_set_session(m_pSslV23Connection, ps);
   

...

 

===

This is what is then displayed.

Protocol  : TLSv1
Cipher: 0004
Session-ID: 570C4ADA4D6E3CABB0A26535A1636E8E26A6939C2E97F13EB31DF1777376
Session-ID-ctx:
Master-Key: 
5B5A672CDB645FB6A1E79B53FF23F1447AC2CFE225DB28B7CE7BC14F1D8D3CBDDD10E9FCDC40A1F0DA5E9518D562A56D
Key-Arg   :
Start Time: 1071659840
Timeout   : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)

===
The Cipher is displayed as the cipher_id, as the cipher is NULL.
   

Yes. This is no problem in itself, as the cipher is a pointer to an
internal structure and thus cannot be saved, but the cipher id is
a re-usable value. The pointer will however automatically be
regenerated, but this will only happen during the actual negotiation.
So you cannot see it before starting the handshake.
...
Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
...
 *) Bugfix: client side session caching did not work with external caching,
because the session->cipher setting was not restored when reloading
from the external cache. This problem was masked, when
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
(Found by Steve Haslam <[EMAIL PROTECTED]>.)
[Lutz Jaenicke]
What version of OpenSSL are you using?

Best regards,
	Lutz
 

I'm using OpenSSL 0.9.7b 10 Apr 2003, and also have the bug workarounds on

   // switch on bug workarounds
   SSL_CTX_set_options(m_pSslV23Ctx,SSL_OP_ALL);
Does this branch have the fixes in too ?

Anything else I need to check ?

Thanks for the help

Phil
--
Philip L Smith
Managing Director, Marketgrid Ltd
E: [EMAIL PROTECTED] 
W: http://www.marketgrid.com/
T: +44 (0)1725 513521
M: +44 (0)7905 955321
Authorised MySQL Support and Consulting Partner 

(http://www.mysql.com/portal/partners/item-100.html)

Please Note:
This text is confidential. If you are not the named addressee, it could 
be unlawful
for you to read, copy, distribute, disclose or use the information 
contained herewith.
If you are not the intended recipient please telephone +44 (0)1725 513521.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Session not re-used when exported then re-imported.

2003-12-18 Thread Lutz Jaenicke 
On Thu, Dec 18, 2003 at 10:13:27AM +, Philip L Smith wrote:
> >Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
> >...
> > *) Bugfix: client side session caching did not work with external caching,
> >because the session->cipher setting was not restored when reloading
> >from the external cache. This problem was masked, when
> >SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
> >(Found by Steve Haslam <[EMAIL PROTECTED]>.)
> >[Lutz Jaenicke]
> >
> >What version of OpenSSL are you using?
> >
> >Best regards,
> > Lutz
> > 
> >
> I'm using OpenSSL 0.9.7b 10 Apr 2003, and also have the bug workarounds on
> 
>// switch on bug workarounds
>SSL_CTX_set_options(m_pSslV23Ctx,SSL_OP_ALL);
> 
> Does this branch have the fixes in too ?

Yes. Actually, I do use client side session caching with an external
storage myself in Postfix/TLS, so I _should_ have noted problems.

> Anything else I need to check ?

Can you analyze the session with ssldump? It should show whether
the client application does actually offer reuse of the session with
its session-ID.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]