Re: non-blocking BIO
For SSL_accept, you need to make the underlying socket non-blocking, rather than a non-blocking BIO. You can make a socket non-blocking with the 'fcntl' system call (check the manpages). You may also be interested in the excellent sockets tutorial 'Beej's Guide to Network Programming' located at http://www.ecst.csuchico.edu/~beej/guide/net/html/ Once you have made a socket, and set it non-blocking, create your SSL object as usual and the SSL connection should be then non-blocking. There are some other issues though (particularly when using select), see the following two articles for more info: http://www.linuxjournal.com/article.php?sid=4822 http://www.linuxjournal.com/article.php?sid=5487 Hope that helps, Patrick On Mon, 17 May 2004 8:00 pm, Alexis Lefort wrote: Hi all, My server sometimes block on the call to SSL_accept() because my client crash on SSL_connect. In many man pages it is told that a BIO can be blocking or non-blocking. But how can I create a non-blocking BIO (This would solve my problem I hope). Thanks in advance. Alexis __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- RedHerring: Linux wiki support and tutorials http://covox.sepwich.com/linux CECID: The CEnsorship CIrcumvention Device http://cecid.sf.net __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: non-blocking BIO
Thank you, I missed that! BIOs don't need any special settings to support non blocking I/O: if the underlying transport signals a call should be retried the BIO takes appropriate action. In other words you just have to set the underlying transport (socket normally) to a non blocking mode. Steve. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
VS: smime -encrypt makes segmentation fault
Dr. Stephen Henson [mailto:[EMAIL PROTECTED]: On Mon, May 17, 2004, Anssi Porttikivi wrote: Any ideas, why I get segmentation fault here? ... [EMAIL PROTECTED]:~$ openssl smime -encrypt -in message cacert.pem Segmentation fault Read the archives: this has been mentioned many times recently. I ./config all-right, but trying to make ftp://ftp.openssl.org/snapshot/openssl-SNAP-20040517.tar.gz results in million linking errors. Isn't the snapshot self-sufficient? Does it need some other development packages? Here is the critical place in the make output: . . . make[1]: Entering directory `/home/app/openssl-SNAP-20040517/apps' rm -f openssl shlib_target=; if [ -n ]; then \ shlib_target=linux-shared; \ fi; \ if [ ${shlib_target} = hpux-shared -o ${shlib_target} = darwin-shared ] ; then \ LIBRARIES=../libssl.a ../libcrypto.a ; \ else \ LIBRARIES=-L.. -lssl -L.. -lcrypto ; \ fi; \ make -f ../Makefile.shared \ APPNAME=openssl LDFLAGS=-DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall -DOPENSSL_BN_ASM_PART_WORDS -DSHA1_ASM -DMD5_ASM -DRMD160_ASM \ OBJECTS=openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o \ LIBDEPS= $LIBRARIES -ldl \ LIBRPATH=/usr/local/ssl/lib \ link_app.${shlib_target} make[2]: Entering directory `/home/app/openssl-SNAP-20040517/apps' LDCMD=gcc; \ LDFLAGS=; \ LIBDEPS=-L.. -lssl -L.. -lcrypto -ldl; \ APPNAME=openssl; \ ( set -x; LIBPATH=`for x in $LIBDEPS; do if echo $x | grep '^ *-L' /dev/null 21; then echo $x | sed -e 's/^ *-L//'; fi; done | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH $LDCMD -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall -DOPENSSL_BN_ASM_PART_WORDS -DSHA1_ASM -DMD5_ASM -DRMD160_ASM $LDFLAGS -o $APPNAME openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o $LIBDEPS ) ++ echo -L.. ++ grep '^ *-L' ++ echo -L.. ++ sed -e 's/^ *-L//' ++ echo -lssl ++ grep '^ *-L' ++ echo -L.. ++ grep '^ *-L' ++ echo -L.. ++ sed -e 's/^ *-L//' ++ echo -lcrypto ++ grep '^ *-L' ++ uniq ++ echo -ldl ++ grep '^ *-L' + LIBPATH=.. ++ echo .. ++ sed -e 's/ /:/g' + LIBPATH=.. + LD_LIBRARY_PATH=..: + gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall -DOPENSSL_BN_ASM_PART_WORDS -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -o openssl openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o -L.. -lssl -L.. -lcrypto -ldl openssl.o(.text+0x5b): In function `main': : undefined reference to `CRYPTO_mem_ctrl' openssl.o(.text+0x67): In function `main': : undefined reference to `CRYPTO_set_locking_callback' openssl.o(.text+0x86): In function `main': : undefined reference to `ENGINE_load_builtin_engines' openssl.o(.text+0x113): In function `main': . . . etc... __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Certificate Revocation
That did the trick. Thanks a lot! On Fri, 2004-05-14 at 12:52, Olaf Gellert wrote: Aaron Smith wrote: We have been using OpenSSL to generate certificates for various applications here with a home grown CA (created using openssl ca). We recently started upgrading our servers from Redhat 7.3 to RHEL 3.0. The machine that used to house the CA directories used openssl version 0.9.6b (RedHat RPM) and the new machine uses openssl version 0.9.7b (again, RedHat RPM). I tar'ed up the CA directories from the old machine and plopped them onto the new machine. When I attempted to revoke a certificate (by openssl ca -revoke certfile.pem), I received the following error: ERROR:name does not match certificate DN here Maybe it's something to do with Email-Addresses in the DN? From 0.9.6 to 0.9.7 the entry output of openssl changed from Email to emailAddress so it could be that you have to change this in the index.txt file of OpenSSL. Just a guess... Cheers, Olaf -- - Aaron Smith vox: 269.226.9550 ext.26 Network Directorfax: 269.349.9076 Nexcerpt, Inc. http://www.nexcerpt.com ...Nexcerpt... Extend Your Expertise signature.asc Description: This is a digitally signed message part
Re: VS: smime -encrypt makes segmentation fault
On Mon, May 17, 2004, Anssi Porttikivi wrote: Dr. Stephen Henson [mailto:[EMAIL PROTECTED]: On Mon, May 17, 2004, Anssi Porttikivi wrote: Any ideas, why I get segmentation fault here? ... [EMAIL PROTECTED]:~$ openssl smime -encrypt -in message cacert.pem Segmentation fault Read the archives: this has been mentioned many times recently. I ./config all-right, but trying to make ftp://ftp.openssl.org/snapshot/openssl-SNAP-20040517.tar.gz results in million linking errors. Isn't the snapshot self-sufficient? You should use the *stable* snapshot. That's what will become OpenSSL 0.9.7e. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
reading keys and then crypting with secret key
Hi, I'm trying to crypt with a secret+public key I load from a file. So what I do is: - i read in the binary representation of n and d, I then convert those with BN_bin2bn to pRsakeypair - n and d. - after that, I set the exponent e: BN_zero(pRsakeypair - e) BN_set_word(pRsakeypair - e, 65537) all those functions succeed (I check *ALL* returnvalues). then, I try to encrypt with the secret key: nKeysize is the length of the binary representation of the key in bytes, so for a 4096 bits key this nKeysize is 512 bytes long. now every time I ran this: if (RSA_private_encrypt(nKeysize, in, out, pRsakeypair, RSA_NO_PADDING) == -1) I get the error: error:04066084:rsa routines:RSA_EAY_PRIVATE_ENCRYPT:data too large for modulus how come? Folkert. De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
VS: VS: smime -encrypt makes segmentation fault
Dr. Stephen Henson [mailto:[EMAIL PROTECTED]: I ./config all-right, but trying to make ftp://ftp.openssl.org/snapshot/openssl-SNAP-20040517.tar.gz results in million linking errors. Isn't the snapshot self-sufficient? You should use the *stable* snapshot. That's what will become OpenSSL 0.9.7e. I don't really know what happened, but make completes OK now. I did things like changed to root, installed kernel sources and re-run the openssl config, just to be sure. Still using the version I mentioned above, though. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: reading keys and then crypting with secret key
Forget this message: found it. Forgot that your data should be less in value as the modulo, just as the errormessage says :o) -Oorspronkelijk bericht- Van: Heusden van, FJJ (Folkert) Verzonden: maandag 17 mei 2004 15:06 Aan: '[EMAIL PROTECTED]' Onderwerp: reading keys and then crypting with secret key Hi, I'm trying to crypt with a secret+public key I load from a file. So what I do is: - i read in the binary representation of n and d, I then convert those with BN_bin2bn to pRsakeypair - n and d. - after that, I set the exponent e: BN_zero(pRsakeypair - e) BN_set_word(pRsakeypair - e, 65537) all those functions succeed (I check *ALL* returnvalues). then, I try to encrypt with the secret key: nKeysize is the length of the binary representation of the key in bytes, so for a 4096 bits key this nKeysize is 512 bytes long. now every time I ran this: if (RSA_private_encrypt(nKeysize, in, out, pRsakeypair, RSA_NO_PADDING) == -1) I get the error: error:04066084:rsa routines:RSA_EAY_PRIVATE_ENCRYPT:data too large for modulus how come? Folkert. De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
My day with openssl smime and plan for Web mail
...and everything works now. A good thing is I created my first keypair, certificate, encrypted message and signed message and decrypted and verified them ok. Bad thing is it took all day. With half a dozen different PGP implementations I never spent more than an hour or two to make them do the basic stuff. If this relation holds for all work with S/MIME or PGP (which I guess is so) I can tell you which one will be the future standard. BTW, our project for the day was to script a simplistic Web based mail gateway supporting S/MIME messaging. A user could create a (Linux) account on our test box (probably to be smime.teleware.fi) and generate a keypair and a certificate signed by our Authority. We would feed HTML to Apache with scripts using /bin/mail, openssl smime and Postfix. Does anybody know of any (public) Web mail service for sending and receiving S/MIME? I mean like Hushmail for OpenPGP. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
How to log out from an SSL V3 session?
I already posted this question in [EMAIL PROTECTED] , got no answer so far. What mailing-list is the most suited to deal with SSL issues, mostly apache-ssl points? httpd.apache.org does adress some of the issues, mod_ssl mailing list seems not to be very popular, thought openssl was dealing with only openssl issues, but it seems to be also about mod_ssl... Here is my point : I have an application protected by client certificate authentication. I would like to let the user have a user-friendly way to change his authentication certificate, let's say he chooses to authenticate with certificate A, then a ssl handshake occurs and an ssl V3 session is set up. What if the user change his mind and wants to authenticate with certificate B. The working solution is to make him close all his open browser windows, restart his browser and reconnect to the page, then he will be asked again to present a certificate and will be able to present certificate B. Is there a simpler way for the user to ask him again to authenticate and to let him choose a different certificate? For a login/password type of authentication, you always have the choice to click on a Log out link that kills your session, and give you a chance to authenticate again with a different login/pwd. Can we imagine with client certificate authentication a same kind of way to log out and to authenticate with a different user. On IE, there is a button in Tools / Internet Options / Content, called Clear SSL Cache, that does a similar action than a log out button, I haven't been able to find a similar button on Mozilla-like browsers... Do you know of any button of his kind on Mozilla ? This would enable logging out from a client initiative. From a server perspective : is it possible to send a signal to apache mod_ssl to tell him to close the SSL session, so that the client goes back to an unauthenticated session. If he wants to access a proctected page again, he would have a choice of choosing a different certificate. Thanks for any ideas, cheers. Nicolas. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: How to log out from an SSL V3 session?
Could you be a little bit more precise on how i can do such a trick? Can the client send a signal to the server to make it force a new handshake? Nicolas. Message d'origine De: Baber Amin [mailto:[EMAIL PROTECTED] Date: lun. 17/05/2004 17:01 : Villoutreix, Nicolas; [EMAIL PROTECTED] Cc: Objet: Re: How to log out from an SSL V3 session? You can always force a new handshake, by issuing a Hello request from the server, and clearing the cached session on the server side. Thanks -Baber :) [EMAIL PROTECTED] 5/17/2004 8:36:57 AM I already posted this question in [EMAIL PROTECTED] , got no answer so far. What mailing-list is the most suited to deal with SSL issues, mostly apache-ssl points? httpd.apache.org does adress some of the issues, mod_ssl mailing list seems not to be very popular, thought openssl was dealing with only openssl issues, but it seems to be also about mod_ssl... Here is my point : I have an application protected by client certificate authentication. I would like to let the user have a user-friendly way to change his authentication certificate, let's say he chooses to authenticate with certificate A, then a ssl handshake occurs and an ssl V3 session is set up. What if the user change his mind and wants to authenticate with certificate B. The working solution is to make him close all his open browser windows, restart his browser and reconnect to the page, then he will be asked again to present a certificate and will be able to present certificate B. Is there a simpler way for the user to ask him again to authenticate and to let him choose a different certificate? For a login/password type of authentication, you always have the choice to click on a Log out link that kills your session, and give you a chance to authenticate again with a different login/pwd. Can we imagine with client certificate authentication a same kind of way to log out and to authenticate with a different user. On IE, there is a button in Tools / Internet Options / Content, called Clear SSL Cache, that does a similar action than a log out button, I haven't been able to find a similar button on Mozilla-like browsers... Do you know of any button of his kind on Mozilla ? This would enable logging out from a client initiative. From a server perspective : is it possible to send a signal to apache mod_ssl to tell him to close the SSL session, so that the client goes back to an unauthenticated session. If he wants to access a proctected page again, he would have a choice of choosing a different certificate. Thanks for any ideas, cheers. Nicolas. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: How to log out from an SSL V3 session?
The web does not use continuous connections. Typically for a web app you do a POST request, passing in data items and getting back the next form in the process, but the SSL connection is closed at that point, and another, different, connection is opened the next time you push a button or otherwise interact with the web app. [EMAIL PROTECTED] wrote: I have an application protected by client certificate authentication. I would like to let the user have a user-friendly way to change his authentication certificate, let's say he chooses to authenticate with certificate A, then a ssl handshake occurs and an ssl V3 session is set up. This is where you lose me. I don't think a session is set up here, instead, the window stores whatever parameters are need to reopen a new connection the next time the user interacts with the web app. Are you talking about a Java app that *could* keep a TCP/IP connection open between interactions? Are you talking about something OTHER than the customary and usual HTTP-mediated web app? What if the user change his mind and wants to authenticate with certificate B? The working solution is to make him close all his open browser windows, restart his browser and reconnect to the page, then he will be asked again to present a certificate and will be able to present certificate B. Well, this really has nothing to do with SSL, it's the behavior of the particular web browser you are talking about, that the act of quitting and restarting the browser loses that state information. Is there a simpler way for the user to ask him again to authenticate and to let him choose a different certificate? For a login/password type of authentication, you always have the choice to click on a Log out link that kills your session, and give you a chance to authenticate again with a different login/pwd. Can we imagine with client certificate authentication a same kind of way to log out and to authenticate with a different user. The idea of one-user one-PC was the standard in the early days of programming for microcomputers, so the idea of user is either not there at all or kluged in after the fact. The only systems I know that really have a hard idea of user are Linux and MacOSX. So it's not suprising that the idea of changing users was never implemented. BTW, the implementation on MacOSX 10.3 (Panther) is really neat. I can have multiple persons logged onto my laptop at one time, then switch between them by giving the password each time one wants to switch, so it's like switching the same keyboard and display among multiple running shell processes. Anyway, its really neat when you want to serially share the laptop between a set of users without having to log off and on again. On IE, there is a button in Tools / Internet Options / Content, called Clear SSL Cache, that does a similar action than a log out button, I haven't been able to find a similar button on Mozilla-like browsers... Do you know of any button of this kind on Mozilla ? This would enable logging out from a client initiative. Again, this reinforces the idea that it is the idiosyncratic behaviour of the browser that you are asking about, not anything in either mod_ssl nor the ssl protocol proper. From a server perspective : is it possible to send a signal to apache mod_ssl to tell him to close the SSL session, so that the client goes back to an unauthenticated session. If he wants to access a proctected page again, he would have a choice of choosing a different certificate. Again, the standard model does NOT use a continuously-open TCP/IP connection. You come in, exchange data for a new form, and then the connection is closed. So there's no question of any kind of closing the session. The session is already closed. What you'd be looking for is some means of poisoning the saved data in the browser, so it would be rejected the next time it is used to try to open the connection (and hope that the browser does the sane thing, forgetting its saved information and going back to square one and trying from first principles). Also, it's probably worth saying that the whole idea of Open Source is that you can not only read the source code for Mozilla but even write your own modifications, so you could MAKE a version of Mozilla that does what you believe the right thing to be. Although it's also probably worth saying that you need to learn a bit more about how the web stuff really works under the hood before taking on such a project. I hope this gets the idea across that the reason you're running into such unfriendlyness on the web is that you seem to be laboring under such a large set of misconceptions that nobody seems to know quite where to start in trying to straighten you out? -- Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben __ OpenSSL Project http://www.openssl.org User Support Mailing List
Re: How to log out from an SSL V3 session?
On Mon, May 17, 2004 at 11:23:51AM -0400, Charles B Cranston wrote: The web does not use continuous connections. Typically for a web app you do a POST request, passing in data items and getting back the next form in the process, but the SSL connection is closed at that point, and another, different, connection is opened the next time you push a button or otherwise interact with the web app. Not 100% correct. there is keep-alive too. m. -- martin paljak - konsultant [EMAIL PROTECTED] - email martin.paljak.pri.ee - veeb +372.55.984.685 - telefon __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: My day with openssl smime and plan for Web mail
On Mon, May 17, 2004, Anssi Porttikivi wrote: ...and everything works now. A good thing is I created my first keypair, certificate, encrypted message and signed message and decrypted and verified them ok. Bad thing is it took all day. With half a dozen different PGP implementations I never spent more than an hour or two to make them do the basic stuff. If this relation holds for all work with S/MIME or PGP (which I guess is so) I can tell you which one will be the future standard. Well the 'smime' openssl application isn't really intended to be a full S/MIME email client, rather an illustration of what can be done using the OpenSSL S/MIME APIs and a useful diagnostic tool. As such it's intended for a different target audience. You also just happen to have been unlucky enough to pick the release which had a nasty bug in it's S/MIME code. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
PRNGD 0.9.28 released
Hi! I have just uploaded version 0.9.28 of prngd. It does fix a hang in an endless loop under certain conditions. I have never seen this myself on HP-UX but I have received some reports, more or less all from Solaris 8 users, one of which finally lead to the correct analysis. Problem: after calling waitpid(), errno is evaluated for the case of waidpid()=0 even though errno is not set in this case. If errno had the value EINTR at this point, an endless loop condition arose. It is recommended that users of older versions of prngd upgrade to 0.9.28. Additional changes are related to minor bugfixes (possible core dumps due to NULL pointer access in snprintf()) and platform support. http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: How to log out from an SSL V3 session?
On Mon, May 17, 2004, [EMAIL PROTECTED] wrote: I already posted this question in [EMAIL PROTECTED] , got no answer so far. What mailing-list is the most suited to deal with SSL issues, mostly apache-ssl points? httpd.apache.org does adress some of the issues, mod_ssl mailing list seems not to be very popular, thought openssl was dealing with only openssl issues, but it seems to be also about mod_ssl... Here is my point : I have an application protected by client certificate authentication. I would like to let the user have a user-friendly way to change his authentication certificate, let's say he chooses to authenticate with certificate A, then a ssl handshake occurs and an ssl V3 session is set up. What if the user change his mind and wants to authenticate with certificate B. The working solution is to make him close all his open browser windows, restart his browser and reconnect to the page, then he will be asked again to present a certificate and will be able to present certificate B. Is there a simpler way for the user to ask him again to authenticate and to let him choose a different certificate? For a login/password type of authentication, you always have the choice to click on a Log out link that kills your session, and give you a chance to authenticate again with a different login/pwd. Can we imagine with client certificate authentication a same kind of way to log out and to authenticate with a different user. On IE, there is a button in Tools / Internet Options / Content, called Clear SSL Cache, that does a similar action than a log out button, I haven't been able to find a similar button on Mozilla-like browsers... Do you know of any button of his kind on Mozilla ? This would enable logging out from a client initiative. From a server perspective : is it possible to send a signal to apache mod_ssl to tell him to close the SSL session, so that the client goes back to an unauthenticated session. If he wants to access a proctected page again, he would have a choice of choosing a different certificate. Thanks for any ideas, cheers. The simple answer is no there's no easy way to do what you ask. When a new session is started many browsers cache the old authentication information and automatically perform client authentication with the previous credentials without any user intervention. The idea is that it wont keep annoying the user with certificate requests all the time: but its a problem when you don't want it to do that. The button in IE does various internal things which can't even be replicated using an application. Its possible to clear the SSL state using an API but that button does some other things as well which can't be done. I've heard hints that a future API may support this though. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: How to log out from an SSL V3 session?
Title: Re: How to log out from an SSL V3 session? For some versions of MSIE, I think ClearAuthenticationCache would work. I have not tested this myself but here is a link to article that talks about it: http://msdn.microsoft.com/library/default.asp?url=""> Thanx Himanshu Soni -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dr. Stephen Henson Sent: Monday, May 17, 2004 9:30 AM To: [EMAIL PROTECTED] Subject: [BULK] - Re: How to log out from an SSL V3 session? On Mon, May 17, 2004, [EMAIL PROTECTED] wrote: I already posted this question in [EMAIL PROTECTED] , got no answer so far. What mailing-list is the most suited to deal with SSL issues, mostly apache-ssl points? httpd.apache.org does adress some of the issues, mod_ssl mailing list seems not to be very popular, thought openssl was dealing with only openssl issues, but it seems to be also about mod_ssl... Here is my point : I have an application protected by client certificate authentication. I would like to let the user have a user-friendly way to change his authentication certificate, let's say he chooses to authenticate with certificate A, then a ssl handshake occurs and an ssl V3 session is set up. What if the user change his mind and wants to authenticate with certificate B. The working solution is to make him close all his open browser windows, restart his browser and reconnect to the page, then he will be asked again to present a certificate and will be able to present certificate B. Is there a simpler way for the user to ask him again to authenticate and to let him choose a different certificate? For a login/password type of authentication, you always have the choice to click on a Log out link that kills your session, and give you a chance to authenticate again with a different login/pwd. Can we imagine with client certificate authentication a same kind of way to log out and to authenticate with a different user. On IE, there is a button in Tools / Internet Options / Content, called Clear SSL Cache, that does a similar action than a log out button, I haven't been able to find a similar button on Mozilla-like browsers... Do you know of any button of his kind on Mozilla ? This would enable logging out from a client initiative. From a server perspective : is it possible to send a signal to apache mod_ssl to tell him to close the SSL session, so that the client goes back to an unauthenticated session. If he wants to access a proctected page again, he would have a choice of choosing a different certificate. Thanks for any ideas, cheers. The simple answer is no there's no easy way to do what you ask. When a new session is started many browsers cache the old authentication information and automatically perform client authentication with the previous credentials without any user intervention. The idea is that it wont keep annoying the user with certificate requests all the time: but its a problem when you don't want it to do that. The button in IE does various internal things which can't even be replicated using an application. Its possible to clear the SSL state using an API but that button does some other things as well which can't be done. I've heard hints that a future API may support this though. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: How to log out from an SSL V3 session?
On Mon, May 17, 2004, Himanshu Soni wrote: For some versions of MSIE, I think ClearAuthenticationCache would work. I have not tested this myself but here is a link to article that talks about it: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebteam/h tml/webteam11042002.asp Isn't that just the normal username+password authenticated URLs? Someone did ask about certificate authentication in the CryptoAPI mailing list and the official answer was that there wasn't currently any way to do it but it might be possible in future. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Get other side's public key
On Sun, May 16, 2004, David Schwartz wrote: Is there any SSL function to retrieve the other side's public key? I see SSL_get_peer_certificate, but no way to get the public key. From the certificate call X509_get_pubkey(cert). My thanks to both of you. It occured to me after I sent my question, though, that I probably should have mentioned what I'm trying to do in case there's a better way to get the effect I need. The situation I have is that I have two entities that have a shared secret and each has an end of an SSL connection. I need to verify that the two ends are ends of the *same* SSL connection. (In other words, prove that there is no MITM.) What I was going to do was exchange challenges over the SSL connection, then have each side encrypt the public key they thing the other side is using and the challenge with the shared secret. They then exchange these encrypted blocks. My logic is that a MITM proxying data across two SSL connections would have to replace both 'other side's public keys' with his own public keys. Since he doesn't know the shared secret, he cannot provide the correct encrypted blocks. If he provides the wrong encrypted blocks, the connection will be rejected. If he provides the correct encrypted blocks, then he can't understand or tamper with any of the data he's MITMing (since he doesn't know either side's public key). However, this assumes that each side has a public key that's used to build the session. I presume that's not really true typically. Would it be sufficient to just have the receiver validate the sender's public key using the shared secret? Or would it be better to exchange validation of the shared secret used in the symmetric cipher? I suppose SSL's MITM defense should be adequate for my purposes. This is simply to ensure that the server's public key is correct. I presume getting the certificate on the client end (by client, I mean the side that initiated the connection) and extracting the public key will always work. DS __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Problems encrypting private key
Hi all ! I'mwriting an application that needs write out a RSA private key password based encryption in DER format but I'm getting error from functions used for, follows my code and error codes: ERR_load_crypto_strings ();out = BIO_new(BIO_s_file()); rsa = RSA_generate_key (bits, e_value, i_progreso, NULL ); /*ok */ clave = EV_PKEY_new(); EVP_PKEY_assign_RSA (clave, rsa); /*rsa in EVP_PKEY structure */ res = PEM_write_bio_RSAPrivateKey (out, rsa, EVP_des_cbc(), NULL, 0, NULL, password); /*this works fine */ res = PEM_write_bio_PKCS8PrivateKey(out, clave, EVP_des_cbc(), NULL, 0, NULL, password); /*this breaks with follow error code: error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe algorithmerror:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit errorerror:2306C067:PKCS12 routines:PKCS12_i2d_encrypt:encrypt errorerror:2307D067:PKCS12 routines:PKCS8_encrypt:encrypt error0 */ res = i2d_PKCS8PrivateKey_bio (out, clave, EVP_des_cbc(), NULL, 0, NULL, password); /*this is the function that interest to me but also breaks with follow error code: error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe algorithmerror:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit errorerror:2306C067:PKCS12 routines:PKCS12_i2d_encrypt:encrypt errorerror:2307D067:PKCS12 routines:PKCS8_encrypt:encrypt errorerror:0D074041:asn1 encoding routines:ASN1_i2d_bio:malloc failure0 */ What's the problem with the two last functions ?? Do I making something erroneous?? Thanks in advance for your replies. Zainos Do You Yahoo!? Yahoo! Net: La mejor conexión a internet y 25MB extra a tu correo por $100 al mes.
Re: Get other side's public key
David, How about having each side send something like HMAC[shared_secret](Finished messages)? I used something similar to this with good results in the SRP Telnet specification. An MITM will cause the Finished messages to be different, and since he won't know the shared secret, he can't rewrite the HMAC to match the altered Finished messages. This works with any ciphersuite, including ADH. Just make sure the two sides send slightly different HMACs, e.g. swap the order of client and server Finished messages. Tom David Schwartz wrote: On Sun, May 16, 2004, David Schwartz wrote: Is there any SSL function to retrieve the other side's public key? I see SSL_get_peer_certificate, but no way to get the public key. From the certificate call X509_get_pubkey(cert). My thanks to both of you. It occured to me after I sent my question, though, that I probably should have mentioned what I'm trying to do in case there's a better way to get the effect I need. The situation I have is that I have two entities that have a shared secret and each has an end of an SSL connection. I need to verify that the two ends are ends of the *same* SSL connection. (In other words, prove that there is no MITM.) What I was going to do was exchange challenges over the SSL connection, then have each side encrypt the public key they thing the other side is using and the challenge with the shared secret. They then exchange these encrypted blocks. My logic is that a MITM proxying data across two SSL connections would have to replace both 'other side's public keys' with his own public keys. Since he doesn't know the shared secret, he cannot provide the correct encrypted blocks. If he provides the wrong encrypted blocks, the connection will be rejected. If he provides the correct encrypted blocks, then he can't understand or tamper with any of the data he's MITMing (since he doesn't know either side's public key). However, this assumes that each side has a public key that's used to build the session. I presume that's not really true typically. Would it be sufficient to just have the receiver validate the sender's public key using the shared secret? Or would it be better to exchange validation of the shared secret used in the symmetric cipher? I suppose SSL's MITM defense should be adequate for my purposes. This is simply to ensure that the server's public key is correct. I presume getting the certificate on the client end (by client, I mean the side that initiated the connection) and extracting the public key will always work. DS __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Tom Wu Chief Security Architect Arcot Systems (408) 969-6124 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Key Length
I saw a thread about this before, but I had a follow up question. I'm wanting to use SSL simply to garbage-ify the data between my server application and the client. I'd like to use only 128 bit encryption (CPU limitations). But I cannot generate a certificate with a key this small. Do I need to use something besides RSA then? Or can I somehow specify a public key to go with the private key in the ctx when establishing the server's socket (rather than it coming from the certificate)? I'm not sure I really need a certificate authenticating who the server is. Thanks, Davy p.s. I'm really naive about encryption if you couldn't tell already. Where are some online resources that explain in plain terms what SSL uses (i.e. RSA, DSA, IDEA, RC4,.. ) I ready the informative 2 documents already: http://www.openssl.org/docs/HOWTO/keys.txt and http://www.openssl.org/docs/HOWTO/certificates.txt Very helpful in getting started.. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problems encrypting private key
On Mon, May 17, 2004, Carlos Roberto Zainos H wrote: Hi all ! I'm writing an application that needs write out a RSA private key password based encryption in DER format but I'm getting error from functions used for, follows my code and error codes: ERR_load_crypto_strings (); out = BIO_new(BIO_s_file()); rsa = RSA_generate_key (bits, e_value, i_progreso, NULL ); /*ok */ clave = EV_PKEY_new(); EVP_PKEY_assign_RSA (clave, rsa); /*rsa in EVP_PKEY structure */ res = PEM_write_bio_RSAPrivateKey (out, rsa, EVP_des_cbc(), NULL, 0, NULL, password); /*this works fine */ res = PEM_write_bio_PKCS8PrivateKey(out, clave, EVP_des_cbc(), NULL, 0, NULL, password); /*this breaks with follow error code: error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe algorith merror:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit errorer ror:2306C067:PKCS12 routines:PKCS12_i2d_encrypt:encrypt errorerror:2307D067:PKCS 12 routines:PKCS8_encrypt:encrypt error0 */ res = i2d_PKCS8PrivateKey_bio (out, clave, EVP_des_cbc(), NULL, 0, NULL, password); /*this is the function that interest to me but also breaks with follow error code: error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe algorith merror:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit errorer ror:2306C067:PKCS12 routines:PKCS12_i2d_encrypt:encrypt errorerror:2307D067:PKCS 12 routines:PKCS8_encrypt:encrypt errorerror:0D074041:asn1 encoding routines:ASN 1_i2d_bio:malloc failure0 */ What's the problem with the two last functions ?? Do I making something erroneous?? Thanks in advance for your replies. You need OpenSSL_add_all_algorithm() to add the necessary PBE algorithms to the internal tables. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Get other side's public key
On Mon, May 17, 2004, David Schwartz wrote: The situation I have is that I have two entities that have a shared secret and each has an end of an SSL connection. I need to verify that the two ends are ends of the *same* SSL connection. (In other words, prove that there is no MITM.) What I was going to do was exchange challenges over the SSL connection, then have each side encrypt the public key they thing the other side is using and the challenge with the shared secret. They then exchange these encrypted blocks. My logic is that a MITM proxying data across two SSL connections would have to replace both 'other side's public keys' with his own public keys. Since he doesn't know the shared secret, he cannot provide the correct encrypted blocks. If he provides the wrong encrypted blocks, the connection will be rejected. If he provides the correct encrypted blocks, then he can't understand or tamper with any of the data he's MITMing (since he doesn't know either side's public key). Replacing the other sides public keys is prevented by correctly verifying the certificate chains of each side, so additional MITM proection is normally unnecessary. The exception to this is the few unauthenticated cipher suites such as anonymous DH which don't use certificates but those are disabled by default. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problems encrypting private key
Thanks a lot Dr Henson ! Now all works fine ZainosDo You Yahoo!? Yahoo! Net: La mejor conexión a internet y 25MB extra a tu correo por $100 al mes.
X509_REQ_print_ex()
Where might I find the documentation for X509_REQ_print_ex()? I've searched the man pages, the web site, and the source in ./crypto/asn1/t_req.c is uncommented. I really only need info on the nmflags and cflags parameters -- the others I can figure out. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Install SSL Certificate
Hi, I am having an issue with the SSL Certificates. I am using OPENSSL on Redhat linux 7.3 and Windows xp clients. I installed Apache Webserver with Openssl support. When the client tries to access the link then SSL Certificate pops up ,asking the client to install it. So if I visit this website again, the it is understood to accept the SSL Certificate silently. But it is asking me again and again. Any help on this is greatly appreciated. Thank You. With Regards, Chaitanya
Re: X509_REQ_print_ex()
On Mon, May 17, 2004, Joseph Bruni wrote: Where might I find the documentation for X509_REQ_print_ex()? I've searched the man pages, the web site, and the source in ./crypto/asn1/t_req.c is uncommented. I really only need info on the nmflags and cflags parameters -- the others I can figure out. nmflags relates to how the DN is printed and is documented on the X509_NAME_print_ex() manual page. cflags is a list of details to print, or more specifically what not to print it understands the following flags or'ed together: X509_FLAG_NO_HEADER don't print the header (the bit saying Certificate Request at the top). X509_FLAG_NO_VERSION don't print the request version number. X509_FLAG_NO_SUBJECT don't print the request DN. X509_FLAG_NO_PUBKEY don't print request public key. X509_FLAG_NO_ATTRIBUTES don't print the request attributes (including requested extensions which are included in the attributes). X509_FLAG_NO_SIGDUMP don't include the signature of the request. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Get other side's public key
On Mon, May 17, 2004, David Schwartz wrote: Replacing the other sides public keys is prevented by correctly verifying the certificate chains of each side, so additional MITM proection is normally unnecessary. That doesn't check what I want to check. I specifically need to confirm that the two ends are ends of the same SSL connection. I have a situation where there is no third party that either side trusts. The exception to this is the few unauthenticated cipher suites such as anonymous DH which don't use certificates but those are disabled by default. Others have also suggested an HMAC on the contents, but this won't tell me the link is correct until after I've sent all my data (potentially to a MITM!). Again, here's the situation -- I have two software entities that have a shared secret, they also each have an end of an SSL connection. What I want to determine is whether they are ends of the same SSL connection. So what I need to do is determine some MITM-proof SSL session parameters and confirm them with the shared secret. Or, to put it another way, imagine you and I are on the phone and also have a network connection. This network connection may or may not have a MITM on it. We have OpenSSL and form an SSL connection. Now, can we determine whether or not we have a MITM who could decrypt or tamper with the data? Can I extract the symmetric cipher's secret and use that? Could a MITM choose that secret? (I don't know if the connection initiator or the connection acceptor chooses the secret. Ideally, neither side could completely control it, but I don't know enough about the SSL internals.) DS __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Get other side's public key
How about having each side send something like HMAC[shared_secret](Finished messages)? I used something similar to this with good results in the SRP Telnet specification. An MITM will cause the Finished messages to be different, and since he won't know the shared secret, he can't rewrite the HMAC to match the altered Finished messages. This works with any ciphersuite, including ADH. Just make sure the two sides send slightly different HMACs, e.g. swap the order of client and server Finished messages. Huh? The MITM could just proxy all the data between two distinct SSL connections and he would know all the data that was supposed to be sent securely. Yes, he couldn't tamper with the data, but that's hardly sufficient. DS __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Get other side's public key
David Schwartz wrote: How about having each side send something like HMAC[shared_secret](Finished messages)? I used something similar to this with good results in the SRP Telnet specification. An MITM will cause the Finished messages to be different, and since he won't know the shared secret, he can't rewrite the HMAC to match the altered Finished messages. This works with any ciphersuite, including ADH. Just make sure the two sides send slightly different HMACs, e.g. swap the order of client and server Finished messages. Huh? The MITM could just proxy all the data between two distinct SSL connections and he would know all the data that was supposed to be sent securely. Yes, he couldn't tamper with the data, but that's hardly sufficient. To be specific, I was suggesting something like: 0. Client and server negotiate vanilla SSL handshake sequence, including the Finished messages, but do not send any application data yet. 1. (a) Client sends HMAC[shared_secret](Finished_C || Finished_S). (b) Server verifies this HMAC by obtaining the two Finished messages from its end of the SSL session. 2. (a) Server sends HMAC[shared_secret](Finished_S || Finished_C). (b) Client verifies this HMAC by obtaining the two Finished messages from its end of the SSL session. 3. Application data starts flowing. The Finished messages are cryptographically derived from the premaster secret, and the MITM can't control their contents. If an MITM was proxying between two distinct SSL sessions, the HMAC computed in 1a would not be accepted by the server in 1b, since the Finished_C and Finished_S messages would be different. And without the shared_secret, the MITM can't compute an HMAC value that would pass the server's check in 1b. Think of it as challenge-response, but with the challenge value cryptographically tied to the SSL secret. Tom DS __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Tom Wu Chief Security Architect Arcot Systems (408) 969-6124 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]