Can I disable Nagle algorithm using OpenSSL? My application always send
entire buffers to openssl, so I think disable Nagle
but I'm wondering if openssl need coalescing data when sending
SSL payloads.
Nagle only kicks in when you have an outstanding unacknowledged packet
smaller than
a. Does this msg_callback get executed after peek? or after read?
if former,
I could
simply discard the buffer as peek does not dequeue the pkt, so the kernel
can read
it again. If its a read, then I need to pass on that buffer to
the kernel
module
which does the actual decryption.
David Schwartz wrote:
A patch to use 'poll' instead of 'select' where it's
available would be a
very good idea. Using 'select' to check readiness of a single descriptor
that you just opened is about the worst-case scenario for
'select' (because
it has to scan through all the unset
OK I implemented the sample source code as provided and it works fine.
Thanks a million! I guess I must use this hack. So be it.
Thanks again for all you're help I learned a lot.
I hope the OpenSSL maintainers heard this cry (even if it is a small
cry) and will at some point decide to use a
Hello,
And, I'd like to point out one more time, we know of cases
where a blocking
read after a select will block. For example, if someone
interposes OpenSSL
between select/read/write and the OS. Someone *can* do this and
people *do*
do this.
I'd like to point out one more
, at least the intention was there to provide this
guarantee on
Windows.
---
I call again for David to prove an existing implementation of
poll/select which does not confirm to the above guarantees. David is
claiming that:
That is not how you code to standards. You don't give a fig what
If we are talking about standards, maybe you should read new releases
of documents which you are citing as an authority. From 1997 to 2004
many things changed:
http://www.opengroup.org/onlinepubs/009695399/functions/select.html
Nothing that bears on this issue.
For short:
A
On Thu, 22 Jun 2006, David Schwartz wrote:
Bingo! And work may or may not translate into application data.
I thought that a recv on a blocking socket returns immediately after it
was able to do some work, no matter whether it resulted in receiving any
actual data (e.g. socket closed
No, not they mean, you have no authority to tell what they mean.
You have only authority to tell what is your interpretation
of this text.
Only authors may tell what they mean (are you one of them ?)
What? I presented an argument to show that they must mean this. You
snipped
it.
Same thing, no guarantee about what an actual future operation will
do. By
would not block, they mean a hypothetical operation taking place at
the
time the indication is given to you.
No. That's stupid. It's useless.
Not at all. It's the same as every other status
(combined responses)
No, of course no. In this context we are talking of kernel/system
implementation of select()/read() and you mix this with SSL.
Because it demonstrates precisely the problem. The 'select' function
has no
way to know what type of read function will follow, and
(combined responses)
What is true for two stacked layers, maybe false for one.
(and the other way round).
No standard guarantees that you are only dealing with one layer. In
fact,
in the Windows world, multiple layers (hidden from the programmer) are
common thanks to LSPs. (And yes, a
My program is being told by the operating system I can write(), the
operating system socket send buffers are empty, but OpenSSL is returning
WANT_READ to SSL_write(), so I need to stop calling SSL_write() and wait
for data to arrive. This means temporally ignoring the operating
systems
Yes, what I meant by My application's main task in the moment is
sending bulk data, a lot of data (enough to cause flow control
bottleneck). meant exactly what you are asking. A previous SSL_write()
returns WANT_WRITE, which I presume is because the OpenSSL BIO_s_socket
did a write() which
Nothing, but how do I know when I can start my SSL_write() again,
because the WANT_READ condition that is stopping SSL_write() from taking
any more data has cleared ?
I recommend a very conservative approach. Any time you make any forward
progress or might have made any forward
David you are bringing completely unrelated issues into the situation.
No, you are failing to understand my argument.
David Schwartz wrote:
...SNIP...
One other point, I didn't mention threads to argue that if
another thread
steals your data, the operation will clearly block
David Schwartz wrote:
No. That you cannot think of a way does not mean that no way exists.
WTF ! Is dark the absence of light, or is light the absence of dark ?
Please prove your way exists, there are enough poll/select
implementations available to inspect. Your words have
David,
Please post a link to a manpage or other documentation that
justifies your
description of select.
I posted a link to the SuSv2 description of 'select'. There is no
guarantee
there that a future operation will not block.
http://www.opengroup.org/onlinepubs/007908799/xsh
The same problem occurs with one thread. Consider the
following code,
assume blocking sockets:
1) do some stuff
2) do a huge write, don't check for short writes since our socket is
blocking
That code is broken. Fix it. You must _always_ check for short
writes. Not
doing so is
My first reaction was that this is a bug in the library, but I
didn't feel
very strong about it and would have accepted that this is just a bug in
s_client. I like your argument about the library not having the right to
make 2 blocking calls unless retry is set and now I'm back to thinking
If anyone thinks that 'select' or 'poll' guarantees that a
future operation
will not block, even if it's a single operation, that's just
plain not true.
The only way you can guarantee that even one operation will not
block is if
you set the socket non-blocking.
Really.
I
Linux:
Three independent sets of descriptors are watched. Those listed in
readfds will be watched to see if characters become available for read-
ing (more precisely, to see if a read will not block - in particular, a
file descriptor is also ready on end-of-file)
You'll
You are now introducing some weirdness into our little blocking world.
Threads and other scary stuff. Yes, if a gremlin reads the data from the
buffer between calls to select() and read(), the read() call
might block.
But if we assume that there is only one process with single thread using
One more point, and then I'll try to shut up. ;)
You could argue that we could just fix this and deprecate fake
non-blocking I/O for future major versions. The argument would be that this
won't break any application that's not broken already and might fix existing
applications.
that to you, perhaps by returning a WANT_READ if it needs
to read data before it can send some. However, it is perfectly legal for it
to try the operation before it concludes that it cannot do it. That can
block if the socket is blocking.
The socket on the server is blocking (don't tell David
You're missingthe -CAfile option in s_client."M. Fioretti" [EMAIL PROTECTED] wrote: On Wed, Jun 14, 2006 12:11:55 PM +0200, io ([EMAIL PROTECTED])wrote: Hello, I am configuring a remote x86 Centos 4.3 box (running in UML) as personal web and email server. Openssl version is openssl-0.9.7a-43.8.
There are a huge number of corner cases I did not address,
and it was not
my intent to be a 100% complete discussion of the use of SSL_read.
We are talking of one and specified (renegotiation) case.
Nevertheless, I stand by my analysis of his problem.
OK :-)
He called
Properly-written applications don't make blocking socket
operations when
they don't want to block.
Properly-written application have right to use consistent way to
use blocking
socket - they want to block only on user data - they are not interested
what is going on in SSL layer and
When you use blocking socket now, you must react on SSL_ERROR_WANT*
any many more - if not - you are doing mistake.
If that's true, that's a defect in the implementation. People who use
blocking sockets should get blocking behavior.
Good written application must react on this errors
In what way this break already used applications ???
In what way this break anything ???
[snip]
block. Fortunately for the original poster, he was able to detect this
problem and can now easily fix it by using non-blocking sockets. (And
with luck he won't make this same mistake
I always call SSL_pending() before going into select(), as far as I
understand that should be sufficient. Anyways, the server is
not hanging
in select(), it is definitely inside SSL_read().
Is your socket non-blocking?
No, socket is blocking. When I run s_client in
Well, we are talking about s_client here... part of openssl executable.
select() is used with the blocking sockets to make sure that, well, they
don't block.
It doesn't work that way. The only way to ensure that socket operations
don't block is to set the sockets non-blocking.
If
I'd agree with you if it was not working consistently.
It's a race condition.
But in most cases
blocking SSL_read returns helpful WANT_READ. My understanding is that
WANT_READ return from SSL_read is especially for avoiding the
deadlock I'm
running into.
You would be
The discussion below wherein the term you're screwed is used
seems to indicate that there is a deadlock situation, which isn't
the case. There may or may not be performance issues associated
with the scenario/use-case, but there's no deadlock.
R
There is a deadlock. You are blocked
Did you look at my logs with s_client? I'm starting to suspect that the
correct way to put it is: there is *spposed* to be no deadlock,
but there
is a bug in SSL_read that can make you screwed.
The bug is not in SSL_read. The bug is in the decision to call SSL_read.
There
It is very simple - if SSL_read() has to do other work than reading
application data records (encrypted user data) like renegotiation
it should return WANT_READ.
An SSL_read on a blocking socket should block until data can be read,
just
as a regular 'read' on a TCP connection does.
Hello,
If you call SSL_read, an application-level read function,
with a blocking
socket, you are asking it to block until it can read
application-level data.
Here is information from www.openssl.org:
-- If the underlying BIO is blocking, SSL_read() will only return, once
-- the
Thank you very much!-DavidVictor Duchovni [EMAIL PROTECTED] wrote: On Fri, Jun 09, 2006 at 12:25:52AM +0200, Goetz Babin-Ebell wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david kine schrieb: Hello David, One more question: how do I, using the CA.pl script, generate a certificate
I always call SSL_pending() before going into select(), as far as I
understand that should be sufficient. Anyways, the server is not hanging
in select(), it is definitely inside SSL_read().
Is your socket non-blocking?
DS
I was able to convert the key as you instructed, and I overwrote the
old RSA private key from my server.pem file with the new PKCS8 one. I
am now a getting a different error message. From these new messages,
I'm guessing OpenSSL is expecting a file in PKCS12 format, but that my
file does not
: how do I retrieve the subjectAltName extension of type dNSName?Thanks,-David __Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Dr. Henson--
Adding in a call to OpenSSL_add_all_algorithms() fixed the error.
Thanks for the assistance.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
there is an openssl.cnf file setting for this purpose? I notice the line "#subjectAltName=email:copy" in the system's openssl.cnf file.Thanks,-DavidVictor Duchovni [EMAIL PROTECTED] wrote: On Thu, Jun 08, 2006 at 11:40:04AM -0700, david kine wrote: My code to retrieve the common name from t
Hello all,
I've been tasked to internally investigate a system that utilizes
STunnel and OpenSSL to create a secure wrapper for a propietary
protocol. Additionally, this solution must eventually be FIPS 140-2
compliant.
So, using instructions outlined in the OpenSSL FIPS Security Policy
and on
cate.I will load certificate A into s_client with the "-CAfile" option. So, s_server must somehow transmit certificate A to the client. Thanks,-David __Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
It seems that the Extension 'Name Constraints' marked as
critical is causing the issue.
Is it possible to tell apache to ignore certain extensions?
This possibility had not occured to me I had assumed
modifying openssl would be the only option.
Ignoring name constraints would be
But i still have memory leaks after large amount of
connections(simulated by
my own crazy test program which connects to the server recursively with
different
messages)
How did you establish that the memory was leaked?
DS
After accepting many incoming SSL connections hence many threads creation
and deletion
the memory usage of the program will increase up to a higher percentage
after some time.
That doesn't mean that the memory is leaked.
Before i applied those cleanup functions,mem usage will pile
I noticed the custom server application I have to
connect to tends to change connection port after a
first handshake has been performed.
What does that mean?
I disagree with the server application administrator
which states this is a normal behaviour due to SSL
regonation.
As
I have a peculiar problem. When my SSL client (in blocking mode)
makes a connection with NonSSL server , the client hangs . I need
the client to terminate the connection with the server if the server
is not ssl enabled one. I tried a lot of options but all failed .
Please give any solutions
When using nonblocking BIO, can SSL_write(ssl, ...) be called right
after a SSL_read(ssl, ...) returned SSL_ERROR_WANT_READ/WRITE? Or vice
versa, please?
Of course. You can attempt to send or receive any time you want to.
DS
In fact I'm using a custom BIO to interface between OpenSSL and some
custom buffer structures. If I hadn't misread the protocol, for
application data, SSL_write() should be able to proceed even when a
SSL_read() returned WANT_READ. But what about rehandshake? If the
SSL_read() returned
You can, for example, test this with command:
while true; do echo R; done | openssl s_client -connect ssl_host:443
Maybe there should be added something like renegotiation_rate ?
Real-world servers already do this. It's kind of redundant for OpenSSL
to
do this as well because
Real-world servers already do this. It's kind of redundant
for OpenSSL to
do this as well because almost all applications also support non-SSL
connections. A renegotiation callback might not be a bad idea though, so
that applications can better track the load clients are placing.
i dont use s_client(1). i wrote my own server, but if i send to
this server
QUIT then the server exit by themself.
I'm not sure how we can find a problem in code that you wrote yourself
and
don't tell us very much about. How exactly are you sending QUIT to the
server?
DS
openssl smime -encrypt -des3 -sign -nodetach -signer filename.pem
filename.crt infile outfile
Where filename.pem is the pem file of the signer (containing both
private and public key) and filename.crt is the public key of the
recipient.
I am trying to verify the signature with:
openssl
Hello,
My commercial company needs to secure its databases and file
transmissions.
We need to reassure the client that our site and his datas are secured on
our application. Therefore, we need to make sure he knows the security
standard we are using. We would like to use OpenSSL but we
Hi all,
How to extract the public key from the certificate?
1) Read in the certificate.
2) Extract the public key.
I have a question on the function: PEM_read_RSA_PUBKEY and
PEM_read_bio_RSA_PUBKEY.
The argument to these function is FILE *fp and BIO *bp respectively.
We are splitting the SSL connection over our network and thus break
this thing. :(
thanks and regards
-Krishna
Split SSL is not SSL. SSL makes numerous things visible to the two
endpoints and they are supposed to match. By splitting the SSL connection,
you make these things not
The only reason to preserve the old private key is
if there is something out there signed with it and
if this is the root CA and its public cert has expired
you really shouldn't allow anything out there to remain
valid anyway. By issuing a new cert with the old key you
are actually allowing old
Hi, all. I'm hoping somebody can clarify the confusion for me.
Do certs need to be guarded or not?
Almost never.
Because what happens if
you're doing client-side
authentication and a server asks you for your cert, caches it and
that server is later
compromised?
I wrote an application (C++) using openssl. On my test environment it
works fine, but when i try to run it on my server I get this message:
OpenSSL_Uplink (0050A010,07): no OpenSSL_Applink.
I thought it could be something related to installation of openssl,
but I have the same version on
That single project may itself link to many other
projects. That single
project could be the Linux kernel itself.
So a single Linux system that is connected to the Internet which can
link to every host on the Internet, can change the software licensing
on every computer in the world that
Do you have any evidence whatsoever to support the claim
that the FSF can
issue a variance for software whose copyright has not been
assigned to it?
The original copyright holder gave the FSF this right when they used
the GPL on their code, because the GPL isn't simply a statement of
I still find this argument incomprehensible. Are you
suggesting that the
sole purpose the FreeBSD people develop software is to create this
wonderful, powerful FreeBSD project? And that anything that doesn't
benefit the project with the name FreeBSD somehow doesn't matter?
It would have
Hello folks,
I'm trying to use openssl (OpenSSL 0.9.7i 14 Oct 2005) on Mac OS X to
encrypt a stream of data using RC4.
It seems that the RC4 algorithm used in openssl is incompatible with
some other implementations I found, for instance this PHP
implementation:
All the GPL requires is that binary distributions of a GPL'd software
must include the source, or include a written offer to make the source
available for a nominal copying charge; it also requires that the
license be included so that the person licensing the program knows
that they have
For 30 some-odd years nobody had a problem with the BSD's advert
clause in using it's software. Then the GPL came along and insisted
on FreeBSD changing the license so they could use it - and the
quid-pro-quo
was the reason FreeBSD was to do this was that it would get so many
benefits
in
However, when I try to use openssl to decrypt using the corresponding
RSA-public key, I get:
A private key is needed for this operation
That is how RSA encryption works:
1) There is a public key that you can distribute.
2) There is a private key from which the
This was the same argument used by the Linux people to get the University
of California, Berkeley to revoke it's advert clause
However, once that happened the GPL people simply grabbed what bits they
wanted and ran off. Berkeley software hasn't seen any additional
attention or
benefit
Take for example the ActionTec DSL modem, this is sold by ActionTec and
runs embedded Linux. It is the standard modem Qwest sends out for DSL
there
are probably 100,000 or more of these in service in the Western United
States.
Yet you cannot obtain the modified GNU code from the ActionTec
Tyler MacDonald wrote:
And it's not always even that simple: for example, the freeradius
project's postgresql plugin links against the postgresql client library
(naturally). Postgresql may or may not link against OpenSSL. If it does,
then the freeradius-postgresql plugin is breaking
Thanks Marek,
Find out the problem
It turns out that the server is using
org.bouncycastle.jce.provider.BouncyCastleProvider instead of Sun's
provider. And it is broken for CipherSuite
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Thank agao for the help.
David
-Original Message-
From: [EMAIL
Actually I am using Client Authentication to identify and login to a
website. But now I want to add the possibility to encrypt files
with another
users' public key.
The reason to encrypt a file with a users' public key would be so that
only
that user could decrypt it. If that's
Thanks Merek,
I will try your suggestion.
BTW, Is DHE-RSA-AES256-SHA part of TLS cipher suite, I thought TLS
cipher always named TLS_something. Why this is named different?
Thanks
David
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
; Unknown value
0x39" cipher need special setup on either side?
Two SSL dump
attached( success run JSSE to JSSE, failed one with openssl to
JSSE).
thanks
David
TCP: 204.254.5.62(37261) - edsdmzsp.synoran.dmz(8093) Seq 524551083.(0) SYN
TCP: edsdmzsp.synoran.dmz(8093) - 204.254.5.62(37261) Se
I guess the real problem is that the PKIX idiots decided to use
bitstrings instead of octetstrings for signatures, unique identifiers,
etc.! I cannot find any valid reason why they would do this. If it
would up to me, I would replaced all bitstrings containing unnamed
bits with
I'm sure everyone is real busy like me, but if some one could explain
this error im getting, and suggest how I could trouble shoot it more
I would be great full!
Dr. Henson, have you a few minutes to spare a lost admin?
David Gianndrea
Senior Network Engineer
Comsquared Systems, Inc.
Email
Thank!
but how can I use EVP_get_cipherbyname(const char *name);?
ciphers[0].cipher = EVP_get_cipherbyname(BLABLABLABLA);
perror(EVP_get_cipherbyname());
./evp
EVP_get_cipherbyname(): Success
And always: success :-) but doesn't work.
Why are you calling 'perror'?
I
/iub1cPK1wjooiXdGWMXWkeGy+17+
AwdKAVfd3Qvv8ImTJ4cMABX7vyNeJ8VLsHm57QMcEr3S4Y9JQWyUNYegkRRgWC+x
ssygrAM85d7igbma9YljGHBj8qlk0X8WLUdow4oVBisS9xmwtzQx6qTDtvnMb/jz
QPlMIH7gT3LrG7BfPAP9v10sxvepwWWlrguSbRiUOlZZznaXPtmGuJ1o/BwDGq0=
-END CERTIFICATE-
--
David Gianndrea
Senior Network Engineer
Comsquared Systems
hi all,
now i'm able to get the certificate timing info. by using the call
X509_get_notAfter() and X509
_get_notBefore()but they are returning the values in integer type( in
my case, both return 13 and 13)
so anybody can help me out to get the timing info. in proper date format.
...except that it's not.
A later certificate (w/ different public key) with the same CN can
issue revocations against an earlier certificate with the same CN, per
X.509. That's part of the problem with the entire X.509 model in the
first place.
Is this so without the newer
So if what you are saying is true then i could call
myself the same name as a trusted CA authority when
making my root CA and the browser will think i am a
trusted CA. Is that correct?. It seems too simple to be true.
No. CAs are not identified by name but by key. That's the
Its not the server cert you need in the trusted certs store - it's the CA
root cert.
And you'll need any intermediate CA certs in the regular CA store
D.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stuart Halliday
Ok, so I put into the Trusted
This may seem a stupid question, but why do you want or need to do this?
You can generate an SS cert with a validity of (say 1 year) and just use it
without needing to generate a new one every time the system starts up. Is
there something special about the environment that I'm not aware of?
D.
I just wanted to verify that, as of OpenSSL 0.9.8a, any OpenSSL data
facility that utilizes STACK_OF as a container for different types
of objects, the routines that reference these stacks do not support
multiple threads accessing the same stack. Is this the case? I
didn't see any
List,
Has anyone used OpenSSL to create EFS certificates? Any
recommendations on using OpenSSL to create EFS certificates will be greatly
appreciated.
Regards,
David
away.
Read more about it at http://www.apsis.ch/pound
HTH,
David.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List
I'm looking to generate a short digital signature, perhaps 192
bits or so, using an asymmetrical algorithm. DSA seems to
have 320 bit signatures regardless of the key size used. Is
this really the case, or am I missing something? Ignoring for
the moment the wisdom of using signatures this
Why would you want the private key to leave the token in clear anyway?
If you need to performs RSA private keyops, then ask the device to
sign/decrypt for you.
The CA3 FWIW will not even let you wrap a private key off under another key
as this HSM is intended for use as a CA's HSM.
If you need
Hi,
my book tells me to call
RAND_load_file(/dev/random, 1024)
this appears to take much too long. is there anything wrong? how many
bytes do i need?
It depends upon how secure you need to be and your threat model. Likely,
128 bytes is more than enough. If security is not
thing that I can think of that may be mucking up the works is that
this is a self signed cert.
Clues?
--
David Gianndrea
Senior Network Engineer
Comsquared Systems, Inc.
Email: [EMAIL PROTECTED]
Web: www.comsquared.com
My belief is that the presentation should be as an octet string, as
opposed to a string representation of an integer.
Why?
Furthermore, serial
numbers are unsigned, not signed, and generally increment.
Serial numbers *must* be positive. This one is negative. Therefore, it's
You don't want to specify the CA's private key as the argument for -CAfile,
you need to specify the CA certificate for that.
Also an indication of the errors you get would help ...
D.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Samy Thiyagarajan
This is a naive question and excuse my ignorance if it has been asked
before:
It's actually a pretty good question.
Assuming I have a client and server communication with SSL and only
server certificate verification is used: How exactly the root certificat
gets installed onto
On 12/30/05, David Schwartz [EMAIL PROTECTED] wrote:
Actually, he did answer my question precisely.
I asked if there was a way to create an ephemerally (i.e.,
unauthenticated) encrypted session, after which I could exchange
certificates.
Correct. But how would
On 12/31/05, David Schwartz [EMAIL PROTECTED] wrote:
Then I'll just reiterate to anyone reading this that
the advice you are
getting is specific to some special circumstance that we cannot even
evaluate. We only have your word that it even applies to your
situation, and
it certainly
How can I make the new node (A) send an encrypted request to the
already existing node (B) while node A does not have any public
key/certificate information about the already existing node (B), and
still make sure that I am actually talking to B, and not some
Man-In-The-Middle ?
Thanks a
On Fri, Dec 30, 2005, Kyle Hamilton wrote:
Yes, you start with an unauthenticated ciphersuite (for example
anon-DH) and
then renegotiate the session. The initial handshake is sent in
the clear, the
second one would use the existing ciphersuite.
That wont thwart a man in the middle attack
Is there a way to do an ephemeral (i.e., unauthenticated) encryption
channel before transmitting whatever certificates are to be used for
authentication? I tend to look at certificate disclosure as an
information leakage issue, that gives Eve more information than she
really has any
1101 - 1200 of 1731 matches
Mail list logo
