tcpdump and SSL
Is anyone aware of a tcpdump extension parser for the SSL protocol? The debugging available in OpenSSL is IMHO not well suited in debugging the handshake and CONNECT transactions. I would be nice to trace this in real-time using tcpdump. Gisle V. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: cvs commit: openssl/crypto/bn bn_exp.c
[EMAIL PROTECTED] wrote: Add support for Compaq Atalla crypto accelerator. Now this is looking rather interesting - but wich of their crypto accelerators is it - there seems to be several at http://www.tandem.com/iBase.asp?PAGE=iAtalla It should be any, but the one I tested on was an AXL-200. Having any kind of hw support is really nice though - so far I've seen several projects that insited on having keys stored in hw. This accelerator doesn't store keys, its a modular exponentiator (well, lots of them, in fact). Looking through the code, it seems to me that adding support for other devices in the same way wouldn't be that hard, or am I missing something? It depends on the device. For example, this particular device happens to have a pretty compatible big number format, which reduced the complexity of the job. Cheers, Ben. -- SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html Y19100 no-prize winner! http://www.ntk.net/index.cgi?back=2000/now0121.txt __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SV: Openssl documentation
"Hellan,Kim KHE" wrote: Officially I don't think so. But check out http://www.columbia.edu/~ariel/ssleay/... which is the most comprehensive documentation I have found so far. Actually, Ulf, Bodo and Steve have been doing great work on docco lately. Check the latest snapshots. Cheers, Ben. -- SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html Y19100 no-prize winner! http://www.ntk.net/index.cgi?back=2000/now0121.txt __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSLeay-0.6.4 is not thread safe?
From: Gleb Esman [EMAIL PROTECTED] gesman Gleb Esman wrote: gesman When i saw so many global variables in use in SSL sources, gesman my hope for real multithreading of SSL is quickly depleting. Having global variables per se is not an indication against MT safety. It's all in the wrist... sorry, in the locking. (mind you, I have not yet looked through the whole source to see if locking is done in all cases where needed, but I was fairly confident it does) Since I'm one of those who build applications with a high number of threads, this problem interests me too. How about we talk about stuff we've found (actually, it'll be more of what you found than what I found at this point :-)), and see what we can do about it? gesman If there is a potential for the good will from the OpenSSL gesman development team, I could probably cut-down my sources to gesman demonstrate a problem. *raises a flag marked "Good Will"* Please do. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-161 43 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSLeay-0.6.4 is not thread safe?
Richard, thanks. I want to play more with locking callbacks and I'll let everyone know how it goes. I hope it will help, if not - I'll try to come up with small demo test code. -- Gleb Esman From: Gleb Esman [EMAIL PROTECTED] gesman Gleb Esman wrote: gesman When i saw so many global variables in use in SSL sources, gesman my hope for real multithreading of SSL is quickly depleting. Having global variables per se is not an indication against MT safety. It's all in the wrist... sorry, in the locking. (mind you, I have not yet looked through the whole source to see if locking is done in all cases where needed, but I was fairly confident it does) Since I'm one of those who build applications with a high number of threads, this problem interests me too. How about we talk about stuff we've found (actually, it'll be more of what you found than what I found at this point :-)), and see what we can do about it? gesman If there is a potential for the good will from the OpenSSL gesman development team, I could probably cut-down my sources to gesman demonstrate a problem. *raises a flag marked "Good Will"* Please do. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-161 43 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
AIX Non-Blocking Socket Error
In ssl_lib.c there is this function: int SSL_get_error(SSL *s,int i) This should be referenced for the following problem description. The following block of server code does not work properly when using non-blocking sockets on AIX 4.3. This block of code works properly on Solaris 2.51, 2.6, HPUX 10.20,11.00, NT 4, etc. if ((err = SSL_accept( (SSL*)ssl )) = 0) { realError = SSL_get_error((SSL*)ssl,err); if (realError == SSL_ERROR_WANT_READ) printf("WANT_READ\n"); if (realError == SSL_ERROR_WANT_WRITE) printf("WANT_WRITE"; } On AIX, "WANT_READ" or "WANT_WRITE" is never printed even though it should be. Inspection of SSL_get_error indicates that SSL_want_read() is returning true. However, BIO_should_read() is always returning 0 (false). This is a serious error. Because of this it is impossible to negotiate successfully with Openssl using non-blocking sockets on AIX. As a hack, the above code is changed to call ssl_want_read() instead of SSL_get_error (and checking the specific error). This seems to work most of the time. However, when a client connection comes in to a server using the above code and prematurely breaks its connection during the initial negotiation, ssl_want_read() will still continue to return true. There appears to be no way to determine that this is an error condition. This makes the hack effectively useless, as it can result in a server that spins. Bruce LeMaster Software Development Engineer Hummingbird Communications, Inc. Raleigh, NC 27603 mailto: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Latest SNAPSHOT, 2 questions
Lutz Jaenicke [EMAIL PROTECTED]: 1. When loading CAfile data, SSL_CTX_load_verify_locations() returns 0, even if certificates are available (and did work with 0.9.4). There are no errors on the error stack to be printed, so I would have to trace through the code to find the reason. As of know, my software will understand the return value 0 as error indicator and will abort; in s_server.c etc, the return value is only used for possible printout of errors and otherwise silently ignored. Where does this return value 0 come from -- i.e., what happens in X509_STORE_load_locations (in crypto/x509/x509_d2.c)? Does X509_load_cert_crl_file (in crypto/x509/by_file.c; this is what X509_LOOKUP_load_file is based on) return 0? __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Latest SNAPSHOT, 2 questions
On Thu, Feb 17, 2000 at 10:17:03PM +0100, Bodo Moeller wrote: Where does this return value 0 come from -- i.e., what happens in X509_STORE_load_locations (in crypto/x509/x509_d2.c)? Does X509_load_cert_crl_file (in crypto/x509/by_file.c; this is what X509_LOOKUP_load_file is based on) return 0? I tracked it down this morning, it is in x509_d2.c. Please check for a mail in openssl-dev named [BUG] Reading CAfile returns wrong result with more than one cert Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Can't have SSL with multiple domain names on a single server...
Hi, It would be really nice to take advantage of Apache's multiple virtual domain capability in conjunction with SSL and have a certificate that didn't cause a 'Certificate Name Check' dialog to pop up on every connection for domains other than the one in the certificate. This doesn't appear to be possible. To be more precise, if a machine has multiple DNS entries and responds at all three of: fred.company.com george.company.com 10.10.0.1 You can put any one of these in the distinguished name field of the certificate and accesses to that domain will not come up with the 'Certificate Name Check' dialog, but accesses to the other two valid addresses will. The problem is that the SSL certificate handshake happens before Apache sees the domain and therefore Apache is out of the picture in terms of responding with one of an array of certificates. Also, you don't seem to be able to bind an array of server names to a single certificate (not that that would be a teriffic solution in any case). Anyone have a solution to this? Think there will be one? If the server name or URL came across from the client at the beginning of the SSL handshake, the server end of SSL could look up a certificate based on the URL being presented and respond with the appropriate server certificate if it has one available. I don't think the server name or URL comes across though. Presumably the fall back is to occupy a bag full of separate IP addresses simultaneously. One per domain name. - Rod __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSLeay-0.6.4 is not thread safe?
Richard Levitte - VMS Whacker wrote: From: Gleb Esman [EMAIL PROTECTED] gesman// Cleanup and exit. gesmanif (pSsl) SSL_shutdown (pSsl); gesman gesmaniRetCode = shutdown (sSocket, SD_BOTH); gesmanclosesocket (sSocket); gesmanif (pSsl) SSL_free (pSsl); THAT sequence gives me the creaps (sp?). You see, the fd's you declared earlier with SSL_set_fd() got "registered" in the SSL structure through a couple of BIOs. SSL_free() will fo a BIO_free_all() on those, and BIO_free_all() will most definitely try to close the socket... that you already closed and shut down and everything. I can understand the need to do a shutdown() and closesocket() yourself, but in that case you have to tell the BIOs that they should not close the fd, like this: BIO_set_close(SSL_get_rbio(pSsl,BIO_NOCLOSE); BIO_set_close(SSL_get_wbio(pSsl,BIO_NOCLOSE); At least, that's what I understand of the whole thing (I've got pretty slim knowlege of the SSL part of OpenSSL, but am learning fast right now...). Yes indeed that is a recipe for disaster. One possible scenario: Most of the time BIO_free() will close the socket and close() will close an invalid fd: that's an error but otherwise harmless. Occasionally BIO_free() will close the socket and another thread will get a look in. Since the fd value is now "available" another thread can get the same value. As a result the second close() will close a perfectly valid fd which belongs to another thread. The result is chaos in the other thread. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto Engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Latest SNAPSHOT, 2 questions
On Wed, 16 Feb 2000, Lutz Jaenicke wrote: 2. As of the latest snapshot, OpenSSL became picky of seeding the PRNG. I have EGD available, as it was recommended for OpenSSH; the sample code for querying it being quite simple. The Linux/Unix port of OpenSSH will be switching over to a Unix port of Schneier and Kelsey's Yarrow PRNG in the not too distant future. It might make a good PRNG for OpenSSL too. b. Can you give recommondations on the number of bytes needed to seed the PRNG? Consider me using EGD STATE_SIZE in crypto/rand/md_rand.c is 1023, so that might be a good choice. -d __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]