Re: Trusting a server certificate
Wouldn't it be sufficient use SSL_CTX_set_verify_locations to point to the server's certificate itself ? I thought the verification process would accept the certificate as long as one of the certificates in the chain is trusted, even if it is the last one. Or first, depending on how you see it. Marek Marcola wrote: Hello, Can anyone please help me on the below question? Thanks, Ravi. On 8/3/06, ravi shankar [EMAIL PROTECTED] wrote: Hi, I am new to openssl. How do we tell the SSL client to trust the server certificate in advance using openssl APIs. For example, when we have the trusted root from the webserver, we can use SSL_CTX_set_verify_locations function to tell the client to trust the server certificate if it matches the trusted root. But when we have only the server certificate(before making the connection itself) instead of the trusted root, which function can be used to tell the ssl client to trust the server certificate? Can any one explain me? I'm not sure if there is such API in OpenSSL, but ... if you already have server certificate and you want trust only this server, you may connect to this server (SSL_connect()) without peer authentication, after successful SSL connection, at your application layer you may get server certificate using SSL_get_peer_certificate(), calculate, for example, message digest of this certificate and compare with message digest of certificate that you already have, if comparing will be successful you proceed, if not - simply shutdown SSL connection. Best regards, -- Alain Damiral, I hope this message makes me look like a very intelligent person __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: On select and blocking
Hello everybody ! David Schwartz wrote: Since 'select' does not guarantee that a subsequent read operation won't block (since it can't even know what operation that's going to be), the subsequent read operation (which was 'SSL_read') blocked. That's because SSL_read blocks for *application* *data* while 'select' checks for *any* *data*. Can I play ? :) I'm wondering if it would not be highly appropriate to have an 'SSL_select' call defined by OpenSSL to have all operations on sockets fully encapsulated and allow to reach the desired behaviour without short-circuiting the layer approach... (it would provide similar behaviour as classical select on plain sockets with regard to application data). Now I apologize if this thought is trivially appropriate or trivially inappropriate - I missed the beginning of this thread to be honest. Goodbye everybody ! -- Alain Damiral, I hope this message makes me look like a very intelligent person Université Catholique de Louvain - student __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Learning the basics.
Registers the CA as a trusted authority (how?) Yes, that is the entry point into the trust model. A client can only trust you as much as he trusts the way he got the certificate of the CA that certified you. So private meetings and USB sticks are usually a decent way to go I believe. This indeed means that if you downloaded your web browser from a dodgy source (and the Internet is dodgy) in theory you can't really trust the CA certificates that were delivered with it :) Dave Pawson wrote: I'm trying to get my head round a basic setup. I want to use ssl between a java client and IIS server, I'm happy with a self certification system, i.e. not using Thawte etc. since it is currently only a two terminal setup. From what I've read to date, openssl seems to fit the bill. I hope so. Please correct me if I'm wrong. 1. 'me' as CA Generate a key pair and 'self sign' it. 2. Endpoint A (client) Generate a certificate request send it to CA CA signs it and returns a certificate. 3. Endpoint B (server/recipient of REST service) Registers the CA as a trusted authority (how?) 'Has access' to the private key of the CA (the server and CA are in reality one and the same organisation) 4. The client encrypts using the public key returned by the CA 5. The server decrypts using the private key. 1. Is this logic OK. 2., I've used the ca.pl scripts so far which seem to handle most of what I'm after. I'm basing it on http://www.mobilefish.com/developer/openssl/openssl_quickguide_create_ca.html How easy is it to translate this into what I want please? 3. Is openssl the right tool for this scenario? regards -- Alain Damiral, I hope this message makes me look like a very intelligent person Université Catholique de Louvain - student __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Testing private key - public key consistency
Verify normally verifies a certificate chain, I think this isn't quite what the original poster is trying to achieve. I think he is interested in what the SSL_CTX_check_private_key function can achieve. However I don't know if there is an OpenSSL utility that can do this. Maybe verify can indeed but after reading the documentation I can't see how. Gayathri Sundar wrote: Probably you can try the openssl verify command? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Julien ALLANOS Sent: Monday, February 06, 2006 6:38 PM To: openssl-users@openssl.org Subject: Testing private key - public key consistency Hello, is there a quick way/function to verify that a private (EVP_PKEY) key matches a X509 certificate's public key? thanks, -- Alain Damiral, I hope this message makes me look like a very intelligent person Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Installing a certificate chain
Hi, This question might be slightly silly and out of place but this conversation brought it up to me. I don't remember seeing the answer... Is it possible to send several chains, each rooted by a different CA ? And then let the client determine if he trusts one of those CAs. Cheers, - Alain Kyle Hamilton wrote: The only certificates that must be sent are the server identification and the certs up to (but not including) the trust anchor. (Since the client already has the trust anchor, it will verify against its local copy of the root CA, not the copy of the root CA that came from the connection.) Sending the extra certificate doesn't hurt, though. -Kyle H On 2/27/06, Brian Candler [EMAIL PROTECTED] wrote: On Mon, Feb 27, 2006 at 07:36:16PM +, Brian Candler wrote: Ah. I had just used -cert ../server.example.com-cert.pem (where this file contains all the certificates). So now I've added -CAfile as well, pointing to the same file: #!/bin/sh cd content openssl s_server -cert ../server.example.com-cert.pem \ -CAfile ../server.example.com-cert.pem \ -key ../server.example.com-key.pem \ -WWW And it works. I've removed the sub-CA certificate and its symlink from /etc/ssl/certs, but the client can still verify the chain: As a follow-up for the benefit of the list archive: to get this to work in Apache+mod_ssl I just had to uncomment SSLCertificateChainFile /usr/local/etc/apache/ssl.crt/ca.crt from httpd.conf, and point it at a file containing the sub-CA's certificate (signed by the root CA) and the root CA's own self-signed certificate. Regards, Brian. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: multi-thread support
Check this link: http://www.openssl.org/docs/crypto/threads.html Thread support is there, but is platform dependent. There is a file called th-lock.c under crypto/threads that contains some definitions for thread support on a few platforms. I haven't tested this but it compiles so it must work :) Randy Turner wrote: Hi All, I just wanted to verify that, as of OpenSSL 0.9.8a, any OpenSSL data facility that utilizes STACK_OF as a container for different types of objects, the routines that reference these stacks do not support multiple threads accessing the same stack. Is this the case? I didn't see any mutex/user callback support in stack.c. Thanks! Randy __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Alain Damiral, I hope this message makes me look like a very intelligent person Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: RE; 192-bit signatures
Out of pure curiosity - I have recently been told that all existing/used protocols had been designed without taking into account the eventual need to adapt to new hash lengths. How true is that ? It seems to be a topic of concern for some people since all commonly used hashes have been broken last year. I'm wondering if TLS really falls into that category of all existing/used protocols... Jason Resch wrote: A new standard is currently under development (Do a search on: FIPS 186-3) which specifies the use of longer length hashes, including SHA-224, SHA-256, SHA-384, and SHA-512 as a hash function, therefore q would be of size 224, 256, 384, and 512 bits respectively. The signature sizes would be double the size of q for each case. To have a signature length of 192 bits would require q be 192/2 or 96 bits long. This is considerably smaller than the length of even MD5 hashes, and therefore would not provide a great deal of security. Jason __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Alain Damiral, I hope this message makes me look like a very intelligent person Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: self signed cert - error : unknown CA
For which reasons do you want to accept self signed certificates ?... I do not understand why deactivating client authentication as Konark suggested wouldn't be good enough. Samy Thiyagarajan wrote: Thanks konark. When I initialize my ctx i call the following functions.. # SSL_CTX_set_verify() with option SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT # SSL_CTX-set_client_CA_list( ctx, cafile) things are fine when the client request for a connection with a certificate signed by one of the listed CAs (in the cafile) For some reasons I also wish to accept self signed certs( user needs to decide to accept or not ). So when a client comes up with a self signed cert , the server reports ' unknown ca ' error. I understand that this is b'coz it is not signed by trusted CA. All i want to know is what needs to be done on server side to accept the self signed. I really appreciate ay kind of assistance. Thanks Samy -- Alain Damiral __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Can I have SSL for peer authentication only? (and not for data encryption)
1) Is it possible to use SSL only for the sake of peer authentication + validation and transfer un-encrypted data over this channel ? How about; you open the sockets using your socket level interface. Then you attach SSL constructs to both ends, but with the don't close this option. They connect, authenticate each other. You can then use the connection objects to get the peer certificates (you need to do this because the connection will succeed if the client doesn't offer a certificate, whereas you're after BOTH parties being authenticated). If both ends get a validated certificate presented, the connection is authenticated. Close the SSL layer, which will leave you with two natice connected sockets to talk over. But with no cryptographic digest you have no guarantee that the data you receive provides from the person who showed his certificate. I think it would be vulnerable to a man in the middle type of attack. I suppose a digest is still included when using the null cipher with OpenSSL... ? -- Alain Damiral __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Can I have SSL for peer authentication only? (and not for data encryption)
Katie Lucas wrote: On Thu, Feb 02, 2006 at 05:09:42PM +0100, Alain Damiral wrote: But with no cryptographic digest you have no guarantee that the data you receive provides from the person who showed his certificate. I think it would be vulnerable to a man in the middle type of attack. Only if they can spoof the IP streams... Why would anyone assume that they can't ? An attacker might even have other means of messing around with IP adresses that would allow him to achieve man in the middle without spoofing. -- Alain Damiral __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: self signed cert - error : unknown CA
Kyle Hamilton wrote: Self-signed certificates are good for one thing, at least: They ensure that subsequent transactions are with the same entity (the same keypair is used), even if no other piece of data in the certificate is trustworthy. Doesn't Diffie-Hellman key exchange ensure that this is true even with no certificate authentication at all ? (Maybe not with a null cipher ?) -- Alain Damiral __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: self signed cert - error : unknown CA
OK I understand. By subsequent transactions I originally thought you meant during the same session. I apologize for diverting from the problem of the original poster. Maybe I can redeem myself by pointing to the example callback function: http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html and suggest trying to use http://www.openssl.org/docs/ssl/SSL_get_verify_result.html then test for return value 18 = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT to deal with self signed certificates. Hope this is useful :) Kyle Hamilton wrote: Diffie-Hellman key exchange is a means of creating a session key in a manner that's not easily reversible by an eavesdropper, not a means of authentication. The public/private keypair is the only means of authenticating an anonymous third party as being that specific anonymous third party, and not some interloper. (See the Freenet project for an example of this.) You could, theoretically, use it as a means of authentication IF and ONLY IF the public key stayed the same. Generally, though, it's a random large number. (This is why DH requires a certificate, where EDH doesn't -- EDH is random, where DH uses a public key that requires [in the context of SSL] an X.509 certification.) On 2/2/06, Alain Damiral [EMAIL PROTECTED] wrote: Doesn't Diffie-Hellman key exchange ensure that this is true even with no certificate authentication at all ? (Maybe not with a null cipher ?) -- Alain Damiral -- Alain Damiral __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Evp_Encrypt_Init Segfault
Have you tried with the EVP_EncryptInit_ex() family of functions ? I'm not sure it would help much but it could be worth a try Felix Dorner wrote: Girish Venkatachalam wrote: Try calling EVP_CIPHER_CTX_cleanup(ctx) at the end... I have tried this, does not change the situation. gdb output is 200 EVP_EncryptInit(ctx, EVP_bf_ecb(), NULL, NULL); (gdb) step Program received signal SIGSEGV, Segmentation fault. 0xb7df82fb in mallopt () from /lib/libc.so.6 I really dont know whats wrong here, Felix __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Alain Damiral __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: RSA_size() fails in window
Hi, From http://www.openssl.org/docs/crypto/RSA_size.html: rsa-n must not be NULL. In your code, it probably is. RSA_new initializes the structure but doesn't generate a key. Try calling RSA_generate_key() before RSA_size(): http://www.openssl.org/docs/crypto/RSA_generate_key.html Hope it helps ! ** [EMAIL PROTECTED] wrote: Hi everybody, I use openssl-0.9.7i to write a small program on winxp, VC6.0 --- #include stdio.h #include openssl/rsa.h int main( int argc, char* argv[] ) { RSA *rsa_obj ; int size ; CRYPTO_malloc_init() ; rsa_obj = RSA_new(); size = RSA_size( rsa_obj ) ; RSA_free(rsa_obj) ; return 0 ; } --- I have change library option as MD, but error occurs when calling RSA_size(), execution error is Unhandled exception in main.exe(LIBEAY32.DLL):0xC005:Access Violation What this message means ? Thnaks Lung Sheng Chien Tsing Hua university, R.O.C __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Alain Damiral, I hope this message makes me look like a very intelligent person Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Can I have SSL for peer authentication only? (and not for data encryption)
Kyle Hamilton wrote: In France (unless the laws have changed) it's illegal to use cryptography to encrypt data payload, but not illegal to use cryptography as a means of identification. This is, if I understand Netscape's and the IETF's motives correctly, the only reason why the NULL cipher suites exist in the SSL/TLS specifications. @openssl.org It's hard to find intelligible up to date information on that matter but things have changed since june 2004 (Loi n°2004-575). It seems that as long as the provider of encryption is known you're pretty much free to do whatever you want. But you get punished harder if you're using encryption for naughty criminal stuff. I found nothing about limits on key sizes. -- Alain Damiral, I hope this message makes me look like a very intelligent person Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Can I have SSL for peer authentication only? (and not for data encryption)
Hi and welcome, I haven't thought hardly about what you're trying to do but my first intuition tells me that encryption also has some part to play in authentication that you're missing. My knowledge of SSL is limited but I think it is safe to say that private/public key (assymetric) encryption is used to guarantee certificate authenticity, and to agree on the secret (symetric) key that will be used for the actual communication. If you use no secret key, you have no guarantee that the guy you're talking with really is the same guy that you did your handshake with (who showed you his certificate and knows the shared secret). So even if you don't want your data encrypted, there must be some signature for each message sent to guarantee authenticity, based on that shared secret. So if what I said is correct, even if you don't use encryption you will still need a signature of each message - probably in the form of a cryptographic hash based on the shared secret. I'm really not sure that such an operation is significantly cheaper than symmetric encryption. Urjit Gokhale wrote: Hi all, I am planning to use SSL for the communication between my client and server. The idea is to use SSL *mainly* for peer authentication and validation (Both server and client authentication by means of certificates). Regarding the data encryption, I would like to have it as an optional feature. The motivation behind this desirable feature is that in a particular environment, I am not really worried about the data, but the client talking to my server. I would like to give up on encryption in favor of performance. So the questions are: 1) Is it possible to use SSL only for the sake of peer authentication + validation and transfer un-encrypted data over this channel ? 2) Would sacrificing on encryption *really* improve the performance ? Thanks, ~ Urjit PS: This is my first mail to this list. So, in case, you think that my questions are out of the scope of this group, or you know of some other group which can yield me better answers, could you please point me to such groups ? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Running ssltest -server_auth
Hello wonderful people. I'm trying to use the ssltest program to get some typical server authentication (against a self signed certificate) to work. Whatever I try I just can't seem to get it right, could someone please indicate which steps should be followed to achieve this ? It feels like it should be quite a simple operation. This is what I tried: openssl genrsa -out ~/privkey.pem 2048 openssl req -new -x509 -key ~/privkey.pem -out ~/mycert.pem -days 1095 -config openssl.cnf openssl.cnf is the standard config file in the apps directory, containing the lines: dir= ./demoCA# Where everything is kept certificate= $dir/cacert.pem # The CA certificate ssltest -server_auth -cert ~/mycert.pem -CAfile ../apps/demoCA/cacert.pem Ending up with this output: Available compression methods: NONE 2988:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: ANY PRIVATE KEY 2988:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669: I'm probably missing something obvious, but my brain is currently weak so I'd like to temporarily borrow one of yours on this matter. Thank you for your time, -- Alain Damiral, I hope this message makes me look like a very intelligent person Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Running ssltest -server_auth
Clever ! Not me, you... It did the trick. The private key was so blatantly missing that I feel deeply ashamed. Thank you very much. What now happens is this: Available compression methods: NONE server authentication depth=0 error=18 /C=BE/O=home/CN=alain Error string: self signed certificate ... ignored. depth=0 /C=BE/O=home/CN=alain TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Which is absolutely fine. Samy Thiyagarajan wrote: hi.. U need to add ur key file in ur options.. try to include -key ~/privkey.pem lets see what happens then... - samy *Alain Damiral [EMAIL PROTECTED]* Sent by: [EMAIL PROTECTED] 13.01.2006 12:34 Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject Running ssltest -server_auth Classification Hello wonderful people. I'm trying to use the ssltest program to get some typical server authentication (against a self signed certificate) to work. Whatever I try I just can't seem to get it right, could someone please indicate which steps should be followed to achieve this ? It feels like it should be quite a simple operation. This is what I tried: openssl genrsa -out ~/privkey.pem 2048 openssl req -new -x509 -key ~/privkey.pem -out ~/mycert.pem -days 1095 -config openssl.cnf openssl.cnf is the standard config file in the apps directory, containing the lines: dir= ./demoCA# Where everything is kept certificate= $dir/cacert.pem # The CA certificate ssltest -server_auth -cert ~/mycert.pem -CAfile ../apps/demoCA/cacert.pem Ending up with this output: Available compression methods: NONE 2988:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: ANY PRIVATE KEY 2988:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669: I'm probably missing something obvious, but my brain is currently weak so I'd like to temporarily borrow one of yours on this matter. Thank you for your time, -- Alain Damiral, I hope this message makes me look like a very intelligent person Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Thread safety
Hello again and thank you for your replies Mark wrote: I would recommend you always watch the warnings. Some C compilers downgrade fairly major problems to Warnings. I'd recommend the same thing to myself actually. These warnings are generated by the code in th-lock.c (compiling under Win32), which as I understand it contains code defining the callbacks required for (a few platform specific) threads support: ../th-lock.h: In function `CRYPTO_thread_setup': ../th-lock.h:122: warning: passing arg 1 of `CRYPTO_set_locking_callback' from incompatible pointer type ../th-lock.h:124: warning: `return' with a value, in function returning void ../th-lock.h: At top level: ../th-lock.h:128: warning: static declaration of 'CRYPTO_thread_cleanup' follows non-static declaration ../th-lock.h:89: warning: previous declaration of 'CRYPTO_thread_cleanup' was here I'm not really familiar with handling void* pointers so I'm not sure how alarming these should be. Usman Riaz wrote: As to your second question, I am doing the IO on BIO atomically, dont know if its really required, :), But since my server's performance is quite resonable with it, so it's OK with me. Regards, Usman. I'll probably do it that way too. My threads are defined in another language and I'm pretty sure there is no way for my C module to be aware of which user thread it is currently running in... so I have nothing relevant to call CRYPTO_set_id_callback with. So this really isn't much of a problem for me, but I'm still curious about the macros: OPENSSL_THREAD_DEFINES THREADS OPENSSL_THREADS Is the note in http://www.openssl.org/docs/crypto/threads.html still valid in 0.9.8a ? Thanks again for your answers, -- Alain Damiral, Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Thread safety
Hello, I'm trying to write an interface to OpenSSL using BIO pairs. For testing purposes, I'm doing communication locally in two seperate threads (one accessing a server context, the other a client context) so I figured I should worry about thread safety. I read in the OpenSSL documentation that one could find out if thread support was enabled using this: #define OPENSSL_THREAD_DEFINES #include openssl/opensslconf.h #if defined(THREADS) // thread support enabled #else // no thread support #endif If I stick to this it appears that I have no thread support here on my system (Win32), but I see no mention of that OPENSSL_THREAD_DEFINES macro in opensslconf.h, or anywhere else. Also, I see that OPENSSL_THREADS is defined in opensslconf.h so I'm basically wondering if this part of the documentation is out of date and if this OPENSSL_THREADS means that thread support is enabled. If so, are the callbacks defined in th-lock.c still valid ? I get a few warnings when I compile those with my project, but C is like alcohol and cigarettes - you never watch the warnings. Next question: I'll probably do all the locking manually since the threads themselves aren't defined at the C code level for my app (I'm not sure if thread support will work transparently with OpenSSL for user level threads). So I'm wondering if just locking all access to the C module in which OpenSSL routines are called should be sufficient or are there particular sequences of calls that should be made atomically (that OpenSSL thread support would usually deal with) ? Thanks for reading and eventually for answering. -- Alain Damiral, Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: A bio pairs question...
Hi there, You might have missed one thing in ssltest.c... there is a first call to BIO_read on the server side before any data is available. Before that call, the read request on server_io is actaully 0. After the call to BIO_read, then some data is requested. So if you're using read request, the trick would be to first attempt a read before any data is available. You can also try using write_guarantee. This basically would allow more data than requested to be available on the network BIO. In either case, be careful not to drop data that you have received from the network but that couldn't be fed into the network BIO right away. Since SSL uses a reliable transport layer, the other end can rightfully assume that this data has been received and it has no obligation to resend it. In your code it seems that this would be what is contained at the end in pData, beyond offset nRet - I think you should buffer this for future use... I hope this makes sense and helps :) Usman Riaz wrote: Hi*! I am implementing IOCP server (for Windows OS) supporting SSL. For SSL part i am trying to use OpenSSL's bio pairs. I have looked at the example in ssltest.c. As i understand (please correct me if i am wrong) of the three bios (s_ssl_bio, server, server_io) that get created in doit_biopair function, the server_io bio is used to read/write Encrypted data the s_ssl_bio is used to read/write UNEncrypted data. I have setup my code according to this principle. Now when the client connects, it sends some ssl-handshake (Encrypted) data I have to write it server_io. Here is how my function looks for writing to server_io BIO. bool CSSLSession::OnRecv(const std::string RecvData) { bool bRet = false; char *pData = NULL; int nRet = -1; int nLen = -1; nLen = BIO_ctrl_get_read_request(m_SessionInfo.ioBio); if( !nLen ) { bRet = true; return bRet; } nRet = BIO_nwrite0(m_SessionInfo.ioBio, pData); if( 0 = nRet || nLen nRet || !pData ) { return bRet; } nRet = nLen; #pragma warning (disable : 4018) if( nRet RecvData.size() ) { nRet = RecvData.size(); } #pragma warning (default: 4018) memcpy(pData, RecvData.data(), nRet); nRet = BIO_nwrite(m_SessionInfo.ioBio, pData, nRet); BIO_flush(m_SessionInfo.ioBio); bRet = true; return bRet; } I am for the time being not handling the retry options (will implement later). Now the problem is this call nLen = BIO_ctrl_get_read_request(m_SessionInfo.ioBio); always return 0 the function returns after that. Shouldn't the SSL engine be wating for some data on start of server side session?? since its the client who always sends the handshake data first. Can anyone help me solve this problem??? I check the return values while setting up ssl context and SSL objects and they all are retuning success. Thanks in Advance, Regards, Usman. -- Alain Damiral, Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Usage of BIO pairs
Hello again list, I have already posted about the project I am working on, which in a general way is to provide an application with OpenSSL functionality while keeping control over the network access. I have made some good progress in this work using BIO pairs, as I had been advised. However I now have an occasional crash that I can't easily debug (mainly because the application itself is written in a slightly exotic language - the trace I get is truncated far before the actual problem). The only example of BIO pair usage I have come accross so far is the test in ssltest.c. I would appreciate if someone could point me to another example of BIO pair usage in which the client and server are under different threads of control. I thank you all for your time, -- Alain Damiral, Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: a couple of newbie questions regarding ssl lib
Hi there, Your second question happens to concern what I'm working on right now. Sometimes rather than developping an application on top (think layer architecture) of OpenSSL, you might want to give your application control over the network access but still use OpenSSL as a security module that doesn't encapsulate communication. A generic illustration of this kind of scenario is given in the documentation for BIO pairs. In my case, I have an API to build applications over a structured peer-to-peer network. I want to use OpenSSL for security but I want to use this structured network instead of TCP as SSL/TLS's transport layer. Then BIOs and BIO pairs are the way to go. (ssltest.c is the place to dive into if you ever want to figure out how to use these). Another elegant way of doing this is to write a custom BIO... I hope this helps ! Regards, Chong Peng wrote: dear all: i am new to the open ssl library, after a couple of days source code reading, my understanding is that one can either use bio (come with the open ssl lib) or standard socket interface to connect ssl protocol to the underlying tcp protocol, if i would like to use standard socket to do that, the basic flow is as follows: as tcp client: socket --- connect (blocked!) --- SSL_new --- SSL_write SSL_set_fd SSL_read (blocked!) SSL_connect (blocked!) as tcp server: socket --- accept (blocked!) --- SSL_new--- SSL_write bind SSL_set_fd SSL_read (blocked!) listen SSL_accept (blocked!) the SSL_connect/SSL_accept implement a (pretty complicate) state machine that is used to do the ssl handshaking, for that purpose, these two functions are blocked multiple times on the underlying socket id. after SSL_connect/SSL_accept returns, the corresponding ssl link is established and ready for io. in the io phase, SSL_read will again be blocked on the undelying socket id until data for that link is available. the questions i have are: 1. do i understand right? 2. if my understanding is correct, standard socket works pretty well in this picture. why we still need bio? what are things that the bio can do and the standard socket can not? 3. anybody know if there is any doc available about the state machines implemented in SSL_connect/SSL_accept? thanks a lot. chong peng __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Alain Damiral, Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
SSL_library_init and wsock32
Hello again list, I'm just starting to use Open SSL under Windows and I am curious as to why I have to add -lwsock32 to the linker if SSL_library_init is called... Is there really anything required in the wsock32 library to execute SSL_library_init ? I don't intend on using sockets (at the level of the SSL library) at all for my project so I'm trying to keep my view on what's going on as clear as possible - whatever that means when working with Windows. I thank you for helping me out in this very specific stage of my perpetual quest of happiness and procreation, -- Alain Damiral, Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Using OpenSSL over a high level peer-to-peer middleware
Greetings to everyone, This is my first mail to this list so first of all I hope to avoid making too much of a fool of myself. I am a student in computer science and I have been charged with the task of implementing a secure communication mechanism for a high level peer-to-peer middleware designed for use in the Oz language (www.mosart-oz.org). This peer-to-peer network is a structured network in which there should not necessarily be a direct TCP connexion between two communicating peers. So far it seems like a fine idea to use SSL over this network rather than directly over TCP as is usually done. Before damaging my health too much on this work I'd appreciate some advice from fine people such as many of you certainly are about the following questions: How feasible is it to use OpenSSL's SSL library to generate the raw data that is to be sent through the transport layer independent of the latter's implementation ? And read this data on the other end... Would it be a better idea to use OpenSSL's crypto library to handle cryptographic operations and certificates and reimplement the rest of SSL's behaviour according to it's specification ? (At least to the extent required for my piece of work) Is there any known similar project, in which OpenSSL has been used to implement SSL over non-TCP connexions ? Well that's it for now and I thank you all for your time, Alain Damiral, Université Catholique de Louvain - student, alain.damiral'at'student.uclouvian.be __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Using OpenSSL over a high level peer-to-peer middleware
Rich Salz wrote: openSSL 0.9.8 comes with support for DTLS, which is TLS over UDP. Another point for the original poster to keep in mind is that SSL/TLS can require multiple read/writes for a single application-level packet exchange. This isn't always obvious to folks starting out. I think the DTLS spec discusses some of the implications. You might also want to look at the security in SNMPv3. /r$ Thank you for all the replies. I'll grab the opportunity here to point out that I am aware of SSL requiring more message exchanges than should be perceived at the application level. Allow me to try to be more accurate about what I'm looking for. What I would like to do is to use OpenSSL's normal functionality, but without encapsulation of the actual operation of sending messages. Instead I would like all messages forged by OpenSSL - including handshake messages - to be sent back up to my module (which would be implemented in the Oz language I mentionned in my original post). Then the data would be sent accross the high level structured peer-to-peer network in a reliable way, and the reverse operation run on the other end. If I understand what Ning Ke suggests, OpenSSL uses a BIO output to send all those messages regardless of what that BIO is actually encapsulating ? (That would normally be the TCP connexion) If it is so, I believe I have the answer to my questions. Thanks again to all those whose time I have stolen -- Alain Damiral, Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]