her languages and
compilers, and some members of the GCC team are a bit notorious for their ...
enthusiasm ... in justifying this position.
We have not yet attempted to raise this as a GCC bug, because, well, I've read
those discussions in the GCC forums.
--
Michael Wojcik
hose updates are released, but
that's a less-common vector.
HTTPS compromise is statistically insignificant. In the vast majority of cases,
the dangers with HTTPS are what people use it for -- online shopping at sites
with poor security, for example, or downloading malicious software -- not with
the channel itself.
--
Michael Wojcik
accumulating software of uncertain provenance and
little trustworthiness into enormous systems with unpredictable behavior and
failure modes. I'm not sure OpenSSL versions should be particularly high on
anyone's priority list.
What are you actually trying to accomplish? What's your task? Your threat model?
--
Michael Wojcik
> From: openssl-users On Behalf Of raf via
> openssl-users
> Sent: Friday, 4 November, 2022 18:54
>
> On Wed, Nov 02, 2022 at 06:29:45PM +, Michael Wojcik via openssl-users
> wrote:
>
> >
> > I'm inclined to agree. While there's an argument fo
ironment configures it.
GCC often appears to have adopted "too clever by half" as a design goal.
--
Michael Wojcik
SHUT_RD does not signal the peer, so the peer can still get a RST if
it continues to send. Perhaps I'm missing something, but I don't see what
failure mode is being avoided by using SHUT_RD.
--
Michael Wojcik
ting)
the connection all the time.
> I would guess that many don’t and just don’t see the
> RST thing frequently enough to worry about it. Regardless, the documentation
> is already pretty voluminous, so if this doesn’t bite many folks, then hey.
Yes, but wiki articles are always appreciated.
--
Michael Wojcik
accommodating. There's even an OpenSSL flag to ignore the case where a peer
closes without sending a close-notify, in case you run into one of those and
want to suppress the error.
--
Michael Wojcik
ter to a client-side end
user.
--
Michael Wojcik
dea of SSL was "just be a duplex bytestream service for the
application", i.e. be socket-like; but that abstraction proved to be rather
leaky. Much as sockets themselves are a leaky abstraction once you try to do
anything non-trivial.
--
Michael Wojcik
er of a century ago. OpenSSL 1.x is younger
than C99. It doesn't seem like an unreasonable requirement.
But as Tomas wrote, anyone who thinks it is can submit a pull request.
--
Michael Wojcik
systems this means you should have set the disposition of SIGPIPE to
SIG_IGN to avoid being signaled, but all well-written UNIX programs should do
that anyway. (SIGPIPE, as Dennis Ritchie noted many years ago, was always
intended as a failsafe for poorly-written programs that fail to check for
errors when writing.)
--
Michael Wojcik
ose files and understand the build process. Or find someone
else who's done it for the the platform you're working with, and ask them.
--
Michael Wojcik
ine on Windows. ProcMon, maybe? And it's curious that the OpenSSL error
stack is empty, but without being able to debug you probably couldn't track
that down, short of instrumenting a bunch of the OpenSSL code.
--
Michael Wojcik
> From: David Harris
> Sent: Friday, 21 October, 2022 01:42
>
> On 20 Oct 2022 at 20:04, Michael Wojcik wrote:
>
> > I think more plausible causes of this failure are things like OpenSSL
> > configuration and interference from other software such as an endpoint
> &g
network-stack-level interference, from a firewall or similar mechanism.
Personally, if I ran into this, I'd just build OpenSSL for debug and debug into
it. But I know that's not everyone's cup of tea.
--
Michael Wojcik
L
may not even be a particularly good solution for you. You haven't given us
enough information to go on.
--
Michael Wojcik
+ xargs
+ grep would be the usual choice to find the definition, but as I already noted
that's in WinNT.h. If that's not what you mean, then your question is unclear.
--
Michael Wojcik
l. It's free, and trying it would not take long.
--
Michael Wojcik
h drive letters and backslashes, rather
than (sensible) POSIX-style ones.
--
Michael Wojcik
ous
Windows SDK headers.
--
Michael Wojcik
. You use the
configuration file appropriate for the operation, where an operation is
something like "requesting a CSR for a subordinate CA" or "signing a
certificate for a subordinate CA" or "signing a certificate for a non-CA
entity".
--
Michael Wojcik
n.
(I didn't have the original application to go back to, in my case, and the
person I was working with is in another timezone and had left for the day.)
--
Michael Wojcik
Distinguished Engineer, Application Modernization and Connectivity
> From: openssl-users On Behalf Of Michael
> Ströder via openssl-users
> Sent: Sunday, 18 September, 2022 04:27
>
> On 9/18/22 06:09, Philip Prindeville wrote:
> >> On Sep 15, 2022, at 4:27 PM, Michael Wojcik via openssl-users us...@openssl.org> wrote:
> >&
matter, the extent to which file permissions
constitute evidence of such a violation), much less whether an application
should fail in some manner when it's detected, is certainly debatable.
--
Michael Wojcik
g here, but my initial impression is
that these checks are of little value anyway. Can you explain what problem
you're trying to solve?
--
Michael Wojcik
priate chain based on the cipher-suite list in the
ClientHello. That is, it will use the ECC certificate (probably ECDSA, though
EdDSA is becoming more common) if the client's cipher-suite list indicates it
supports the necessary algorithms.
--
Michael Wojcik
at least, quite possibly since the
68K/FOCUS days) - not just Itanium experience, that is, but some working
knowledge of the as program on that platform. I've battled through a bit of
Itanium assembly now and then myself. So I may be able to find someone who can
figure out where it's gone wrong.
--
Michael Wojcik
t HP clearly didn't get the memo about emitting useful error
messages. It's really not hard to wrap your message output to have a default
string when the catalog lookup fails. Right up there in the list of Why
Software Sucks, to use Platt's phrase.)
--
Michael Wojcik
s not impossible that someone has a
searchable archive of it somewhere. (I also save messages that seem like they
might be particularly useful, but to be honest I rarely refer to my own
collection because a web search generally finds what I need.)
--
Michael Wojcik
> From: Michael Wojcik
> Sent: Friday, 1 April, 2022 15:41
> >
> > View results: https://github.com/openssl/openssl/actions/runs/2073285321
>
> I'll take a look when I get a chance to see if anything jumps out. I
> haven't had to deal with IPv6 raw or UDP programming
jumps out. I haven't
had to deal with IPv6 raw or UDP programming in Windows yet, but I do a fair
bit with Windows networking development in general.
--
Michael Wojcik
> From: Michael Richardson
> Sent: Friday, 1 April, 2022 07:40
>
> Michael Wojcik wrote:
> > Actually, in the context of #if expressions, unrecognized tokens
> expand to 0 anyway:
>
> > After all replacements due to macro expansion and the defined un
> From: Michael Richardson
> Sent: Thursday, 31 March, 2022 14:18
>
> Michael Wojcik wrote:
> > #if defined OPENSSL_SYS_WINDOWS
> > # include
> > #else
> > # include
> > #endif
>
> But, don't all the OPENSSL_* macros e
to me like someone has restricted network sockets in order to avoid
> being used as an attack system.
Yes, the EPERM certainly suggests that.
Are these running on Linux VMs? SELinux or similar in use, perhaps?
--
Michael Wojcik
like this might work:
#if defined OPENSSL_SYS_WINDOWS
# include
#else
# include
#endif
(Note C does not require the argument of the operator "defined" to be
parenthesized. Doing so just adds visual noise. ISO 9899-1999 6.10.1 #1.)
--
Michael Wojcik
s to be done in
a portable way.
3542 is only Informational, but I'd expect most or all platforms with IPv6
support to conform to it.
--
Michael Wojcik
the old root)
and Subject Key Identifier (SKID), which means your client systems can just
update their trust stores with the new certificate and your server certificates
should continue to work (until they expire).
--
Michael Wojcik
the problem is the same information, in
different forms, on multiple pages; that's not ideal for prompt and consistent
updates. But overhauling the website would take yet more resources.)
openssl-users is a better channel if you want rapid notification, and a paid
support contract is better yet.
--
Michael Wojcik
> From: edr
> Sent: Friday, 11 March, 2022 03:59
>
> On 10.03.2022 20:27, Michael Wojcik wrote:
> > Personally, I'd be leery of using openssl ca for anything other than
> dev/test purposes, in which case frequent CRL generation seems unlikely to
> be a requirement. AIUI,
ommands, allows the use of an engine (or
provider in 3.0), which means in many cases it's possible to use an inexpensive
USB-attached HSM (via the pkcs11 engine) rather than having an on-disk key in
the first place. I did this some years ago as an experiment using a NitroKey
and it worked well.
--
Michael Wojcik
ate
later, use the SSL_CTX_something function. If you only need to alter the
properties of an existing SSL object, use the SSL_something function.
This is a fundamental aspect of the OpenSSL API.
--
Michael Wojcik
don't know how you'd fix it.
--
Michael Wojcik
> From: Dr. Matthias St. Pierre
> Sent: Monday, 6 December, 2021 07:53
> To: Michael Wojcik ; openssl-
>
>
> > "Comparable elegant" is underspecified.
>
> (I guess, "Comparably elegant" would have been grammatically more
> correct.)
I just
ain the same results using the
> `openssl s_client`
> tool?
"Comparable elegant" is underspecified.
Perhaps try testssl.sh (https://testssl.sh/)? It has various options for
reducing the number and types of tests it runs. We've used it for profiling
internal TLS-enabled servers.
--
Michael Wojcik
> From: Michael Wojcik
> Sent: Wednesday, 17 November, 2021 14:22
> To: openssl-users@openssl.org
> Subject: RE: “EC PUBLIC KEY”
>
> > From: openssl-users On Behalf Of
> Billy
> > Brumley
> > Sent: Wednesday, 17 November, 2021 12:40
> > To: openssl-use
> From: openssl-users On Behalf Of Billy
> Brumley
> Sent: Wednesday, 17 November, 2021 12:40
> To: openssl-users@openssl.org
> Subject: Re: “EC PUBLIC KEY”
>
> That's an ed25519 key. Not an ECC key. They are different formats, at
> both the OID and asn1 structure levels.
Oh, of course you're
N PUBLIC KEY", but it's an ECC public key in PEM
format.
This version of OpenSSL doesn't recognize "BEGIN EC PUBLIC KEY", but it'd be
trivial to script copying the key to a temporary file and editing the PEM
header and footer.
--
Michael Wojcik
work on that platform, and we don't know what possibilities
you've investigated.
--
Michael Wojcik
400.24: 1506-022 (S) "ldinfo_next" is not a
> member of "struct ld_info".
Try editing the Makefile and adding -D_ALL_SOURCE to see if that fixes the
RTLD_MEMBER error. It might also have an effect on the ldr.h errors. If so, the
Configure entry for aix-cc might need an update.
--
Michael Wojcik
oviding a toolkit for
researchers.
I've never used quictls (as I think QUIC is broadly undesirable for most
applications), but my understanding is that it's a fork of OpenSSL, so it's
probably not any better in that regard.
--
Michael Wojcik
t I was looking for.
--
Michael Wojcik
be picking up 1.1.1l shortly, but I'd like to be able to clarify the
situation for management and customers.
--
Michael Wojcik
IDSes, and so on. These sorts of issues are not
uncommon when there are load balancers, traffic-inspecting firewalls, or the
like interfering with network traffic.
--
Michael Wojcik
n by one
side or the other. That will also eventually lead to timeouts.
--
Michael Wojcik
> From: openssl-users On Behalf Of Jakob
> Bohm via openssl-users
> Sent: Monday, 23 August, 2021 04:40
>
> On 21/08/2021 19:42, Michael Wojcik wrote:
> >> From: rgor...@centerprism.com
> >> Sent: Saturday, 21 August, 2021 11:26
>
> server_certificate.pem -notext -batch -extensions server_ca_extensions
Try it without -batch and with -verbose. And again I'd recommend
-create_serial, unless you have some strange requirement to control serial
numbers. Browsers in particular may be unhappy if your serial numbers don't
conform to the CA/BF Basic Requirements, and it's a pain trying to do that
manually.
--
Michael Wojcik
ce a CSR doesn't contain the private key (the CA should never see
the private key), this is safe to share.
--
Michael Wojcik
ALIVE?
What about SO_KEEPALIVE_VALS? If you're not setting SO_KEEPALIVE_VALS, what are
KeepAliveTime and KeepAliveInterval set to in the Registry? (See the MSDN docs
for SO_KEEPALIVE.)
Has the system administrator analyzed the Windows event logs and the network
statistics? Has anyone looked at network traces when the problem is occurring?
--
Michael Wojcik
rong
Configure target, or that target may assume a different C compiler, or a newer
version of it.
--
Michael Wojcik
. I'm pretty sure we discovered this in our SPARC
product builds.
This, and some other platform issues (there's one with GCC optimization on x86
64-bit, the details of which escape me now), are things I keep hoping to find
time to dig into, but more-pressing work never seems to ease up.
--
Michael Wojcik
> From: openssl-users On Behalf Of Jakob
> Bohm via openssl-users
> Sent: Friday, 18 June, 2021 09:38
>
> On 2021-06-18 16:23, Michael Wojcik wrote:
>
> >> From: openssl-users On Behalf Of Jakob
> >> Bohm via openssl-users
> >> Sent: Friday, 18 June,
o
one pays attention to.)
In practice you can learn enough about it to diagnose most
certificate-validation problems. But it takes time and effort.
--
Michael Wojcik
b servers -- since those programs are
often written to follow the CA/BF rules -- but try to make it clear that the
CA/BF doesn't control PKIX.
--
Michael Wojcik
Just realized I sent this directly to Graham instead of to the list.
-Original Message-
From: Michael Wojcik
Sent: Friday, 28 May, 2021 09:37
To: 'Graham Leggett'
Subject: RE: X509_verify_cert() rejects all trusted certs with "default"
X509_VERIFY_PARAM
> From: openssl-use
hose APIs, these warnings are irrelevant.
--
Michael Wojcik
> From: Blumenthal, Uri - 0553 - MITLL
> Sent: Thursday, 1 April, 2021 10:09
> To: Michael Wojcik ; openssl-users@openssl.org
> Subject: Re: Why does OpenSSL report google's certificate is "self-signed"?
>
> In general - I concur, but there are nuances: sending root
cifies a trust anchor MAY be omitted from the
chain" (4.4.2). So servers are good either way.
--
Michael Wojcik
and signature, if memory serves.)
--
Michael Wojcik
d like
to add it?". Which doesn't seem like a great plan either -- and PKIX says trust
anchors should be added using a trustworthy out-of-band procedure, which this
is not -- but I suppose it's a conceivable use case.
--
Michael Wojcik
ame openssl.org for this state of affairs -- FIPS
validations are expensive and resource-intensive, and few OpenSSL consumers
support the project. Yes, 3.0 has slipped its original schedule by quite a lot,
but better to get it right.)
--
Michael Wojcik
o establish a TLS connection
to the server. Any authentication beyond that is handled by the application
using other means.
So a client certificate can be "wrong" in the basic PKIX sense of "invalid
certificate" or "can't build a path", but beyond that the interpretation is up
to the server-side application.
--
Michael Wojcik
earlier SP800-56A revisions. But I generally don't
work with FIPS mode.
--
Michael Wojcik
gt; Statis vs dynamic builds wouldn't normally be associated with such a
> large difference. If the difference were routinely this large, nobody
> would use dynamic linking.
In this case it's the static-linked version which is slower. But I'd be
surprised if that's actually the cause.
--
Michael Wojcik
ilding no-shared?)
Linking with /MT will affect code size and layout, which could adversely affect
code caching. It's not impossible that would have a factor-of-four penalty on
compute-bound code. I'm reluctant to conclude that's the problem, though,
without more evidence.
Unfortunately tr
to give up and return an error. Maybe one of the libp11
maintainers or someone else using the library will dig into it at some point.
--
Michael Wojcik
, now you have the problem of securing the IPC channel. This is an
architecture I'd be reluctant to endorse, given the complexity and attack
surface.
--
Michael Wojcik
quot;? A Windows exception? UNIX signal? C++ exception?
My initial guess would be that this is a timing issue - maybe the device needs
some time to become available, for example. But that's just a guess. Maybe
someone with more experience with a variety of HSMs and PKCS#11 will weigh in.
--
Michael Wojcik
oblems.
Isn't PKCS#11 grand? If you're bored with all the interoperability problems of
X.509, PKIX, and TLS, we have good news!
--
Michael Wojcik
> From: Jan Just Keijser
> Sent: Thursday, 7 January, 2021 01:23
>
> On 06/01/21 21:57, Michael Wojcik wrote:
> >
> >
> > But you're asking the wrong question. The correct question is: Why are you
> > using an outdated version of OpenSSL?
>
> possi
using an outdated version of OpenSSL?
--
Michael Wojcik
in line will be waiting even longer than usual for a
validation.
--
Michael Wojcik
tions which fail to do even minimal certificate
validation, so you can take comfort in knowing you're better than them, anyway.
--
Michael Wojcik
t; [full]
While checking the signature runs into all the well-documented issues with the
PGP Web of Trust, it's still stronger (in the sense that it prunes more of the
attack tree, under sensible threat models) than just checking the hash. And
once you're set up to do it, it's a simpler operation for future downloads.
--
Michael Wojcik
set the
expected name, and with 1.1.0 and later you need to use SSL_set1_host (or the
1.0.2 method); there's a page on the OpenSSL wiki for this. I don't remember if
this has changed again in 3.0.
--
Michael Wojcik
set the
expected name, and with 1.1.0 and later you need to use SSL_set1_host (or the
1.0.2 method); there's a page on the OpenSSL wiki for this. I don't remember if
this has changed again in 3.0.
--
Michael Wojcik
> From: 定平袁
> Sent: Tuesday, 22 December, 2020 20:08
> To: Michael Wojcik
Please do not send messages regarding OpenSSL to me directly. Send them to the
openss-users list. That is where the discussion belongs.
> > Why are you appending it to the file containing the existing ce
ven us enough information to guess why the new certificate is
failing client verification. You need to get detailed failure information from
the client program, or use a different client that gives you detailed
information,
or use a utility such as "openssl verify" to test the certificate chain locally.
--
Michael Wojcik
had
to get into when I was working with PKCS#11 some years ago.
My advice is to look at existing examples, such as the code Jan pointed you to.
--
Michael Wojcik
ady have for your device.
And all of this changes in 3.0 with the new "provider" architecture, so you'll
get to take another crack at it soon.
--
Michael Wojcik
me
HSMs and other crypto devices have support for exporting private keys, often as
multiple shares, for backup and cloning purposes. Using that to get the private
key for direct use defeats the whole purpose of an HSM, of course, so that
shouldn't be used to bypass the card.)
--
Michael Wojcik
on
for you either.
If it is, cross-signing with a CA under your control and trusting only that CA
is probably the approach I'd go for. That's a legitimate approach under PKIX.
It could even be mostly automated, except the end users would have to install
updated user certificates, which is probably a deal-breaker.
--
Michael Wojcik
l
restrictions (or removing existing ones) on which certificates will be accepted.
--
Michael Wojcik
operability. Again, that's a question for your threat model.
All that said, some people will have different, and quite possibly
better-informed, opinions on this.
--
Michael Wojcik
> From: Kyle Hamilton
> Sent: Tuesday, 17 November, 2020 02:37
> On Fri, Nov 13, 2020 at 11:51 AM Michael Wojcik
> wrote:
> >
> > > From: Brice André
> > > Sent: Friday, 13 November, 2020 09:13
> >
> > > "Does the server parent process cl
es. Again, some OSes let you change these defaults, and some let you change
them on an individual connection.
--
Michael Wojcik
no data
to
receive. The question isn't why SSL_read is blocking; it's why you think the
connection is gone, but the stack thinks otherwise.
> Note that the normal behavior of my application is : client connects, server
> daemon forks a new instance,
Does the server parent process close its copy of the conversation socket?
--
Michael Wojcik
anything else depends
on the existing semantics of removing the brackets. Someone should take a
closer look.
You could open an issue in GitHub and do a pull request for your change, to
make your suggestion official.
--
Michael Wojcik
ires they be present. But I didn't look closely, so I'm
not entirely sure that's the issue.
> IPv6 address without the "[]" bracket.
The square brackets are required by the URL specification. There's no point
testing without them.
--
Michael Wojcik
://www.openssl.org/news/openssl-1.1.1-notes.html) has a link to
changelog.html, and I popped over there to see what minor changes might be in
h. (I haven't downloaded it yet because it's usually someone else on the team
who does that these days.)
--
Michael Wojcik
1 - 100 of 581 matches
Mail list logo
