CRL Race condition
Hello all,
There has
been a tremendous performance during CRL check between 0.9.7d and
0.9.7e
I measured the time
for checking the crl with 1,00,000 entries using the following
command
time openssl
verify -crl_check -CAfile $ssl_crl_dir/chain
$ssl_dir/bin/${demoCA}/newcerts/$serial
The elapsed time
is
0.9.7d
0m1.14s
0.9.7e
0m0.69s
1. What is the reason
for the improvement in performance
?
2. There has been an
new encoding element added to the X509_crl_info_st structure.
What is it used for
?
3. Are we caching the encoded CRL structure
?
4. Why do we write lockwhile
sorting the crl ?
Thanks,Prakash
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
Re: certificate is invalid or corrupted
On Monday 06 December 2004 17:49, Michael Goettsche wrote: Hi list, I'm having problems with my openssl certificate used with apache2. I've followed the tutorial on apache.org to create a certificate and sign it afterwards. This step-by-step guide can be found here: http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html.en#realcert The first problem occurs when following the next step to sign the certificate( http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#ownca ) Typing ./sign.sh server.csr I get the following output: CA signing: server.csr - server.crt: Using configuration from ca.config Enter PEM pass phrase: Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName :PRINTABLE:'DE' stateOrProvinceName :PRINTABLE:'Germany' localityName :PRINTABLE:'' organizationName :PRINTABLE:'x' commonName:PRINTABLE:'xx' emailAddress :IA5STRING:'x' ERROR:There is already a certificate for /C=DE/ST=Germany/L=/O=/CN=/Email=x The matching entry has the following details Type :Valid Expires on:051129093250Z Serial Number :01 File name :unknown Subject Name :/C=DE/ST=xxx/L=/O=xx/CN=/Email=xxx xx CA verifying: server.crt - CA cert server.crt: unable to load certificate file 9007:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expecting: CERTIFICATE If I use this certificate, it works fine with Konqueror(shown certificate information are fine) and the subversion command line client, but neither Firefox nor Internet Explorer can connect. Firefox says: Could not establish an encrypted connection because certificate is invalid or corrupted. Error Code: -8182 There are no error messags in apache's error.log I already re-created the certificate and signed it, but it didn't help. Any of you guys an idea what could be wrong? Thanks a ton in advance, Michael Anybody? Is this the wrong place to ask? Should I rather ask on apache mailinglist? Or are you missing information? Michael. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: certificate is invalid or corrupted
Michael Goettsche wrote: On Monday 06 December 2004 17:49, Michael Goettsche wrote: Hi list, I'm having problems with my openssl certificate used with apache2. I've followed the tutorial on apache.org to create a certificate and sign it afterwards. This step-by-step guide can be found here: http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html.en#realcert The first problem occurs when following the next step to sign the certificate( http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#ownca ) Typing ./sign.sh server.csr I get the following output: CA signing: server.csr - server.crt: Using configuration from ca.config Enter PEM pass phrase: Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName :PRINTABLE:'DE' stateOrProvinceName :PRINTABLE:'Germany' localityName :PRINTABLE:'' organizationName :PRINTABLE:'x' commonName:PRINTABLE:'xx' emailAddress :IA5STRING:'x' ERROR:There is already a certificate A certificate with same attributes already exist. Did you tried to create another request with different parameters (CN, O...) ? A Certification Authority policy can forbid to validate (sign) 2 certificate wich use same parameters. for /C=DE/ST=Germany/L=/O=/CN=/Email=x The matching entry has the following details Type :Valid Expires on:051129093250Z Serial Number :01 File name :unknown Subject Name :/C=DE/ST=xxx/L=/O=xx/CN=/Email=xxx Next steps cannot be done because the previous failed. xx CA verifying: server.crt - CA cert server.crt: unable to load certificate file 9007:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expecting: CERTIFICATE If I use this certificate, it works fine with Konqueror(shown certificate information are fine) and the subversion command line client, but neither Firefox nor Internet Explorer can connect. Firefox says: Could not establish an encrypted connection because certificate is invalid or corrupted. Error Code: -8182 There are no error messags in apache's error.log I already re-created the certificate and signed it, but it didn't help. Any of you guys an idea what could be wrong? Thanks a ton in advance, Michael Anybody? Is this the wrong place to ask? Should I rather ask on apache mailinglist? Or are you missing information? Michael. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Sorry for my bad english, I hope it will help you, I am a newbi ;-) Frédéric. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: certificate is invalid or corrupted
On Wednesday 08 December 2004 16:56, Frédéric PAILLETTE wrote: CA signing: server.csr - server.crt: Using configuration from ca.config Enter PEM pass phrase: Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName :PRINTABLE:'DE' stateOrProvinceName :PRINTABLE:'Germany' localityName :PRINTABLE:'' organizationName :PRINTABLE:'x' commonName:PRINTABLE:'xx' emailAddress :IA5STRING:'x' ERROR:There is already a certificate A certificate with same attributes already exist. Did you tried to create another request with different parameters (CN, O...) ? A Certification Authority policy can forbid to validate (sign) 2 certificate wich use same parameters. Next steps cannot be done because the previous failed. Sorry for my bad english, I hope it will help you, I am a newbi ;-) Frédéric. Hi Frederic, thanks for your answer. Do you know how to fix this problem in case it's caused by the two certificates-problem? Thanks, Michael __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Quantum Encryption no protection against man in the middle attack?
Quantum Cryptography vs the man-in-the-middle attack The recent availability of commercial products for quantum cryptography has generated much press attention, however, any putative value-add for these products escapes this author. Given the traditional man in the middle attack where Vladimir imposes a pair of transceivers between Alice and Bob: +---+++ ++ +++-+ | Alice ++ XC +--+ Vladimir's +--+ XC ++ Bob | +---+++ | Laptop | +++-+ ++ Quantum cryptography on these links does not seem to provide any additional protection. Under the customary and usual assumptions that Vladimir has access to fully functional transceiver equipment and has full knowledge of all communications protocols in use, it just plain not possible for Alice to know she is talking to Bob (and not Vladimir) or for Bob to know he is talking to Alice. The traditional method of defense against a man in the middle attack is for Alice and Bob to encrypt their communications traffic using a traditional (private key) encryption system such as DES, Blowfish, or AES. However, in this case Alice and Bob must share a secret key, so key transport becomes an issue. A newer method of defense against such an attack is using a PKI (Public Key Infrastructure). Alice and Bob would exchange certificates, and with knowledge of the associated private keys would compute a shared secret which would then be used in a private key encryption. In order to fool Bob, Vladimir would have to either pass on Alice's certificate unchanged, and KNOW Alice's private key, or else substitute a counterfeit certificate generated with a private key known to him. So he would either have to penetrate Alice's security and steal the private key or he would have to fool a Certificate Authority that Bob trusts into issuing Vladimir a certificate under Alice's name. Key transport is not a problem in this scheme because Alice and Bob would generate key pairs, and send their public keys to Certificate Authorities to be signed into certificates, but their private keys would never leave their security perimeters. So, if we need either a shared secret or a Public Key Infrastructure to protect against man in the middle attacks anyway, what is the value add of using quantum encryption on the link? The theory is advanced that quantum encryption would provide some protection against the forthcoming quantum computers, but again, this author is not persuaded. Yes, a quantum computer could be used to attack either scheme described, but then we lose, because it is now possible to conduct a man in the middle attack, even though the links themselves are quantum encrypted. In summary, any putative value-add for the use of quantum encryption completely escapes this author, in either the absence or presence of the availability of quantum computers as attack tools. -- An Internet-connected Windows machine is tantamount to a toddler carrying a baggie of $100 bills down a city street... Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: certificate is invalid or corrupted
Michael Goettsche wrote: On Wednesday 08 December 2004 16:56, Frédéric PAILLETTE wrote: CA signing: server.csr - server.crt: Using configuration from ca.config Enter PEM pass phrase: Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName :PRINTABLE:'DE' stateOrProvinceName :PRINTABLE:'Germany' localityName :PRINTABLE:'' organizationName :PRINTABLE:'x' commonName:PRINTABLE:'xx' emailAddress :IA5STRING:'x' ERROR:There is already a certificate A certificate with same attributes already exist. Did you tried to create another request with different parameters (CN, O...) ? A Certification Authority policy can forbid to validate (sign) 2 certificate wich use same parameters. Next steps cannot be done because the previous failed. Sorry for my bad english, I hope it will help you, I am a newbi ;-) Frédéric. Hi Frederic, thanks for your answer. Do you know how to fix this problem in case it's caused by the two certificates-problem? Thanks, Michael __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] The CA store all signed certificates in a directory and a summary of them in a file. With my OpenSSL version, all signed certificates are stored in CA\new_certs\serial.pem. The file CA\index.txt contains a summary (view the attached file) . Note that there is also 2 files, CA\intex.txt.new and CA\index.txt.old. Remove the the cert and the entry in this this file and I will probably work fine ;-) Good luck R 980705233205Z 951009233205Z 01 certs/0001 /CN=Eric Young E 951009233205Z 02 certs/0002 /CN=Duncan Young R 980705233205Z 95120101Z 03 certs/0003 /CN=Tim Hudson V 980705233205Z 04 certs/0004 /CN=Eric Young4 V 980705233205Z 05 certs/0004 /CN=Eric Young5 V 980705233205Z 06 certs/0004 /CN=Eric Young6 V 980705233205Z 07 certs/0004 /CN=Eric Young7 V 980705233205Z 08 certs/0004 /CN=Eric Young8 V 980705233205Z 09 certs/0004 /CN=Eric Young9 V 980705233205Z 0A certs/0004 /CN=Eric YoungA V 980705233205Z 0B certs/0004 /CN=Eric YoungB V 980705233205Z 0C certs/0004 /CN=Eric YoungC V 980705233205Z 0D certs/0004 /CN=Eric YoungD V 980705233205Z 0E certs/0004 /CN=Eric YoungE V 980705233205Z 0F certs/0004 /CN=Eric YoungF V 980705233205Z 10 certs/0004 /CN=Eric Young10 V 980705233205Z 11 certs/0004 /CN=Eric Young11 V 980705233205Z 12 certs/0004 /CN=Eric Young12 V 980705233205Z 13 certs/0004 /CN=Eric Young13 V 980705233205Z 14 certs/0004 /CN=Eric Young14 V 980705233205Z 15 certs/0004 /CN=Eric Young15 V 980705233205Z 16 certs/0004 /CN=Eric Young16 V 980705233205Z 17 certs/0004 /CN=Eric Young17 V 961206150305Z 010Cunknown /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=MTR/CN=Eric Young/[EMAIL PROTECTED] V 961206153245Z 010Dunknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=Eric Young/[EMAIL PROTECTED] V 970322074816Z 010Eunknown /CN=Eric Young/[EMAIL PROTECTED] V 970322075152Z 010Funknown /CN=Eric Young V 970322075906Z 0110unknown /CN=Eric Youngg V 970324092238Z 0111unknown /C=AU/SP=Queensland/CN=Eric Young V 970324221931Z 0112unknown /CN=Fred V 970324224934Z 0113unknown /C=AU/CN=eay V 971001005237Z 0114unknown /C=AU/SP=QLD/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test V 971001010331Z 0115unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test again - x509v3 V 971001013945Z 0117unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test V 971014225415Z 0118unknown /C=AU/SP=Queensland/CN=test V 971015004448Z 0119unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test2 V 971016035001Z 011Aunknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test64 V 971016080129Z 011Bunknown /C=FR/O=ALCATEL/OU=Alcatel Mobile Phones/CN=bourque/[EMAIL PROTECTED] V 971016224000Z 011Dunknown /L=Bedford/O=Cranfield University/OU=Computer Centre/CN=Peter R
Re: Problems with SSL_read() - SSL_ERROR_SYSCALL / EOF - SOLVED
On 11/22/04 02:20 PM, Louis LeBlanc sat at the `puter and typed:
Hey everyone. Been a long time since I've been able to spend much time
on SSL code, but here I am again.
My app is a client side HTTP/HTTPS application, and the problem that
recently showed up (more likely it was just recently noticed) is a
problem of sorts with SSL_read(). But only with some servers.
Connections to other servers work just fine.
Here's a snippet of the code giving problems:
n = SSL_read(c-data, c-buf+c-bufend, len);
if (n = 0)
{ int sslerr = ERR_get_error();
errcode = SSL_get_error(c-data, n);
if (errno) eptr = strerror(errno);
if (sslerr)
{ (void *)ERR_error_string(sslerr, errbuf); errptr = errbuf; }
switch(errcode)
{
case SSL_ERROR_SYSCALL:
/* Some kind of I/O error; */
if (DebugSSL)
{
if (sslerr) /* SSL IO error? */
{ /* SSL_13013:I:Problem in SSL_read():%s: %s:%d */
if (errptr *errptr)
ERROR(errmsgs[SSL_13013], errptr, __FILE__, __LINE__);
else
ERROR(errmsgs[SSL_13013], SSL_ERROR_SYSCALL ,
__FILE__, __LINE__);
}
else if (eptr *eptr) /* Some system error - check errno */
ERROR(errmsgs[SSL_13013], eptr, __FILE__, __LINE__);
else if (n == 0)
ERROR(errmsgs[SSL_13013], SSL_ERROR_SYSCALL/EOF ,
__FILE__, __LINE__); // XXX
else
ERROR(errmsgs[SSL_13013], SSL_ERROR_SYSCALL/SOCKET ,
__FILE__, __LINE__);
}
sslsock_shutdown(c);
return -1;
break;
. . . // leaving out unrelated error handling
}
}
The error being logged is SSL_ERROR_SYSCALL/EOF - the section marked
with XXX. Far as I can tell, this really shouldn't happen. There
appear to be no problems in the SSL_connect phase. This code snippet is
from the first read after the connection is established - the first
attempt to read the headers.
My first assumption was that I must have mishandled the error condition
somehow. I reread the manpages for SSL_read() and SSL_get_error(), and
unless I'm interpreting these pages incorrectly, I have it right in the
code above.
Also, I should note that regular browsers have no problem conecting to
the server, and my client app has no trouble connecting to other secure
servers. The problem has been occurring with my app linked to OpenSSL
0.9.7a, but is easily reproduced with 0.9.7e.
Here's the server string returned by the origin:
Server: IBM_HTTP_SERVER/1.3.19 Apache/1.3.20 (Unix)
Ok, I finally figured this one out.
It was the cipher list after all.
My initial configuration used the list [EMAIL PROTECTED], which was intended
to maximize the list of ciphers used while giving preference to weaker
ciphers - to minimize overhead. Problem is the server in question was
choking on one of them before it got the one it liked.
When I changed the cipher list to DEFAULT, it worked fine. Of course,
DEFAULT is normally defined as ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH. I
also tried a tweak to this list: ALL:RC4+RSA:+SSLv2:+ADH:@STRENGTH,
which also worked. So I'm speculating that there is some kind of hangup
with the ADH ciphers. I haven't kept up on them in the last several
years, but I seem to remember that they were nontrivial to generate
certs for and use.
So that's it. Configuration error, and nothing wrong with OpenSSL or my
code :)
Thanks Dr. Henson for providing feedback on this issue.
Lou
--
Louis LeBlanc [EMAIL PROTECTED]
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org ԿԬ
Live long and prosper.
-- Spock, Amok Time, stardate 3372.7
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: CRL Race condition
On Wed, Dec 08, 2004, prakash babu wrote:
Hello all,
There has been a tremendous performance during CRL check between
0.9.7d and 0.9.7e
I measured the time for checking the crl with 1,00,000 entries
using the following command
time openssl verify -crl_check -CAfile $ssl_crl_dir/chain
$ssl_dir/bin/${demoCA}/newcerts/$serial
The elapsed time is
0.9.7d 0m1.14s
0.9.7e 0m0.69s
1. What is the reason for the improvement in performance ?
2. There has been an new encoding element added to the
X509_crl_info_st structure. What is it used for ?
3. Are we caching the encoded CRL structure ?
4. Why do we write lock while sorting the crl ?
Well I can answer all your questions at once by describing the change and why
it was necessary.
Before 0.9.7d the OpenSSL CRL handling of revoked entries had been unchanged
since the SSLeay days. Each CRL entry had a field which marked its position
from the original encoding.
Under this scheme searching a CRL would sort it into serial number order to
permit a binary search of its entries.
However verifying a CRL signature would require the restoration of the
original order to produce the correct encoding.
As a result verification followed by searching repeatedly would continuously
reorder the CRL entries.
The initial bug was that the two operations weren't thread safe and two
simultaneous reorderings could cause problems.
There were two possible fixes.
One was to lock the structure while a signature and serial search was under way:
this would retain the original logic but it is inefficient.
The second option, which I implemented, is to cache the original encoding and
use the cached form to verify signatures. This makes signature verification
much quicker since no reordering is necessary.
This still requires lock when the revoked entries are sorted but they will stay
sorted: therefore no reordering is necessary after the first lookup.
There is a minor disadvantage to this method: if you call X509_CRL_print()
before a CRL entry search it will represent the original order whereas calling
it afterwards will print out in serial number order. There are ways to fix
that too but it would require some incompatible changes and will have to be
in 0.9.8.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: Problems with SSL_read() - SSL_ERROR_SYSCALL / EOF - SOLVED
On 12/08/04 11:44 AM, Louis LeBlanc sat at the `puter and typed: SNIP Ok, I finally figured this one out. It was the cipher list after all. My initial configuration used the list [EMAIL PROTECTED], which was intended to maximize the list of ciphers used while giving preference to weaker ciphers - to minimize overhead. Problem is the server in question was choking on one of them before it got the one it liked. When I changed the cipher list to DEFAULT, it worked fine. Of course, DEFAULT is normally defined as ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH. I also tried a tweak to this list: ALL:RC4+RSA:+SSLv2:+ADH:@STRENGTH, which also worked. So I'm speculating that there is some kind of hangup with the ADH ciphers. I haven't kept up on them in the last several years, but I seem to remember that they were nontrivial to generate certs for and use. So that's it. Configuration error, and nothing wrong with OpenSSL or my code :) Thanks Dr. Henson for providing feedback on this issue. Turns out the client was configured even more narrowly than I initially realized. The ciphers being used were EXPORT only. Of course this leaves out the RC4+RSA ciphers altogether. Still leaves the question why OpenSSL couldn't report the fact that no cipher could be agreed upon. Is there any way I can catch that state? Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Extract data from pkcs7 file
Hi guy, I'm new to openssl world and I have a question. I have a file in pkcs7 format (the data is attached with the signature) and I need to extract only the data from this file. I took a look at the manual but using "openssl pkcs7" I can't get what I want :(. Could some one help me? Thank you and sorry for my bad english. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Extract data from pkcs7 file
Luca wrote: Hi guy, I'm new to openssl world and I have a question. I have a file in pkcs7 format (the data is attached with the signature) and I need to extract only the data from this file. I took a look at the manual but using openssl pkcs7 I can't get what I want :(. Could some one help me? try openssl smime ... Thank you and sorry for my bad english. no problem, but please don't send html mails Nils __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Netscape support for S/MIME v3
Hi all, I have a question about Netscape support for S/MIME v3. I know that Netscape 7.x supports S/MIME. Does anyone know what version of S/MIME Netscape 7.x supports? Is it v2 or v3? What about Lotus Release 6? Does it support S/MIME v3? Thanks in advance Aparna Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
