RE: Extracting Public Key from .CER file
Usually in RSA cryptography, when you append private key to the Manufacturer's certificate becomes public key. Find the attached files for reference Regards Kamal From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ravi Bhatt Sent: Tuesday, February 13, 2007 7:24 AM To: openssl-users@openssl.org Subject: Re: Extracting Public Key from .CER file Hello, I want to use the Open SSL function call to extract the Public Key from the Manufacturers X.509 Certificate, which is in the .CER format. Could someone please advise me? Thanks Regards Need Mail bonding? Go to the Yahoo! Mail QA http://answers.yahoo.com/dir/index;_ylc=X3oDMTFvbGNhMGE3BF9TAzM5NjU0NTE wOARfcwMzOTY1NDUxMDMEc2VjA21haWxfdGFnbGluZQRzbGsDbWFpbF90YWcx?link=asks id=396546091 for great tips from Yahoo! Answers http://answers.yahoo.com/dir/index;_ylc=X3oDMTFvbGNhMGE3BF9TAzM5NjU0NTE wOARfcwMzOTY1NDUxMDMEc2VjA21haWxfdGFnbGluZQRzbGsDbWFpbF90YWcx?link=asks id=396546091 users. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com cacert_smime.pem Description: cacert_smime.pem publickey_smime.pem Description: publickey_smime.pem privkey_smime.pem Description: privkey_smime.pem
Re: Extracting Public Key from .CER file
On Mon, Feb 12, 2007 at 05:53:56PM -0800, Ravi Bhatt wrote: Hello, I want to use the Open SSL function call to extract the Public Key from the Manufacturers X.509 Certificate, which is in the .CER format. Could someone please advise me? fp = fopen(); c = PEM_read_X509(fp, NULL, NULL, NULL); k = X509_get_pubkey(c); Christian __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Sign using RSA-SHA1
Hi List, I need to sign a text using RSA-SHA1. ( http://www.w3.org/2000/09/xmldsig#rsa-sha1 http://www.w3.org/2000/09/xmldsig#rsa-sha1 as per XML-Signature specification http://www.w3.org/TR/xmldsig-core/) I found a set of EVP_ functions to do this. i.e. EVP_SignInit (md_ctx, EVP_sha1()); EVP_SignUpdate (md_ctx, data, strlen(data)); siglen = sizeof(sigbuf); err = EVP_SignFinal (md_ctx, sigbuf, siglen, pkey); In the above I have specified to use SHA-1 as the digest method. But I'm wondering where I have to specify to sign using RSA. Does these functions automatically decide the algorithm (e.g. DSA-SHA1, RSA-SHA1) by inspecting the EVP_PKEY* ? Please advice. Thanks, Kaushalye __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: My ssl client connects without the knowledge of root CA certificate
Hello, Could someone help me understand what is happening here? ~ Urjit - Original Message - From: Urjit Gokhale [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, January 18, 2007 9:13 PM Subject: Re: My ssl client connects without the knowledge of root CA certificate No. The function call sequence in the client goes like: SSL_load_error_strings() SSL_library_init() SSL_CTX_new() SSL_new() SSL_set_cipher_list() SSL_set_fd() SSL_connect() and then the client continues with SSL_read() and SSL_write(). I still wonder how my client manages to do a successful SSL_connect! Anyway, thanks for the reply, ~ Urjit - Original Message - From: Alexis Lefort [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, January 18, 2007 2:43 PM Subject: Re: My ssl client connects without the knowledge of root CA certificate Hi, Do you use: SSL_CTX_set_verify (sslctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback); If not it is probably the solution ;) Alexis Urjit Gokhale a écrit : Hi, I have a sample SSLized client server program. I am not using SSL_CTX_load_verify_locations() in the client and still my client is able to connect to the server. I wonder how this could be possible. How would the client be able to authenticate the server certificate without the knowledge of the root CA certificate that signed the server certificate. The server certificate, as far as I know, is not self signed. (server certificate file is attached). Could someone explain to how my client connects to the server without the knowledge of the root CA? Could someone list down the necessary and sufficient conditions, for a certificate to be considered as self-signed? Thank you, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. -- Alexis Lefort Ingenieur departement etudes Tel: +33 (0)2 37 62 88 88 Fax: +33 (0)2 37 62 88 01 CXR - Rue de l'Ornette - 28410 ABONDANT [EMAIL PROTECTED] http://cxr.anderson-jacobson.com/ Ce message et toutes les pièces jointes sont confidentiels et établis a l'intention exclusive de ses destinataires. Toute modification, édition, utilisation ou diffusion non autorisée est interdite. Tout message électronique est susceptible d'altération. CXR Anderson Jacobson décline toute responsabilité au titre de ce message s'il a été altéré, déformé, falsifié, édité ou diffusé sans autorisation. This message and any attachments are confidential and intended solely for the addressees. Any unauthorised alteration, printing, use or dissemination is prohibited. E-mails are susceptible to alteration. CXR Anderson Jacobson shall not be liable for the message if altered, changed, falsified, printed or disseminated without authorisation. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: My ssl client connects without the knowledge of root CA certificate
Urjit Gokhale schrieb: Hello, Could someone help me understand what is happening here? It's important to realize that the client decides wether to accept a server's certificate or not! If you want OpenSSL to do the standard client's job (that is, check if the server has a certificate, the certificate is correct and signed by a CA defined in a CAFile or CA directory) you have to tell the library to do so using SSL_CTX_set_verify with the flags SSL_VERIFY_PEER and SSL_VERIFY_FAIL_IF_NO_PEER_CERT, like Alexis wrote below, as well as by defining the list of acceptable CAs by calling SSL_CTX_load_verify_locations. Otherwise your client will accept every certificate. Or even a connection without certificate. See http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html and http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html for some more info. Hope it helps. Ted ;) ~ Urjit - Original Message - From: Urjit Gokhale [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, January 18, 2007 9:13 PM Subject: Re: My ssl client connects without the knowledge of root CA certificate No. The function call sequence in the client goes like: SSL_load_error_strings() SSL_library_init() SSL_CTX_new() SSL_new() SSL_set_cipher_list() SSL_set_fd() SSL_connect() and then the client continues with SSL_read() and SSL_write(). I still wonder how my client manages to do a successful SSL_connect! Anyway, thanks for the reply, ~ Urjit - Original Message - From: Alexis Lefort [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, January 18, 2007 2:43 PM Subject: Re: My ssl client connects without the knowledge of root CA certificate Hi, Do you use: SSL_CTX_set_verify (sslctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback); If not it is probably the solution ;) Alexis Urjit Gokhale a écrit : Hi, I have a sample SSLized client server program. I am not using SSL_CTX_load_verify_locations() in the client and still my client is able to connect to the server. I wonder how this could be possible. How would the client be able to authenticate the server certificate without the knowledge of the root CA certificate that signed the server certificate. The server certificate, as far as I know, is not self signed. (server certificate file is attached). Could someone explain to how my client connects to the server without the knowledge of the root CA? Could someone list down the necessary and sufficient conditions, for a certificate to be considered as self-signed? Thank you, ~ Urjit mails. -- Alexis Lefort -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 smime.p7s Description: S/MIME Cryptographic Signature
Re: My ssl client connects without the knowledge of root CA certificate
Hello, Could someone help me understand what is happening here? ~ Urjit - Original Message - From: Urjit Gokhale [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, January 18, 2007 9:13 PM Subject: Re: My ssl client connects without the knowledge of root CA certificate No. The function call sequence in the client goes like: SSL_load_error_strings() SSL_library_init() SSL_CTX_new() SSL_new() SSL_set_cipher_list() SSL_set_fd() SSL_connect() and then the client continues with SSL_read() and SSL_write(). I still wonder how my client manages to do a successful SSL_connect! Anyway, thanks for the reply, This may depend on negotiated cipher (anonymous for example). But if (for example) you use RSA then certificate sent from server to client (for encryption of pre_master_secret) is not verified by default. It is just used. (Server proves having right private key by proper decryption of pre_master_key). Do you use: SSL_CTX_set_verify (sslctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback); If not it is probably the solution ;) Alexis For client SSL_CTX_set_verify (sslctx, SSL_VERIFY_PEER, NULL) should be enough. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: My ssl client connects without the knowledge of root CAcertificate
Hello Marek, Bernhard, Thank you for your help. I will try SS_CTX_set_verify(). Thank you once again. ~ Urjit - Original Message - From: Marek Marcola [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Tuesday, February 13, 2007 4:36 PM Subject: Re: My ssl client connects without the knowledge of root CAcertificate Hello, Could someone help me understand what is happening here? ~ Urjit - Original Message - From: Urjit Gokhale [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, January 18, 2007 9:13 PM Subject: Re: My ssl client connects without the knowledge of root CA certificate No. The function call sequence in the client goes like: SSL_load_error_strings() SSL_library_init() SSL_CTX_new() SSL_new() SSL_set_cipher_list() SSL_set_fd() SSL_connect() and then the client continues with SSL_read() and SSL_write(). I still wonder how my client manages to do a successful SSL_connect! Anyway, thanks for the reply, This may depend on negotiated cipher (anonymous for example). But if (for example) you use RSA then certificate sent from server to client (for encryption of pre_master_secret) is not verified by default. It is just used. (Server proves having right private key by proper decryption of pre_master_key). Do you use: SSL_CTX_set_verify (sslctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback); If not it is probably the solution ;) Alexis For client SSL_CTX_set_verify (sslctx, SSL_VERIFY_PEER, NULL) should be enough. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
SSL Scaling Question
Hi. I'm new to this forum and was wondering if I could get some assistance. I have an SSL Acceleration device that is comparable of supporting 50,000 concurrent connections. I would like to put this in my lab here at work and test the upper limit of this device. I'm concerned about the backend web server needed for this test effort. I'm trying to find out what the appropriate number of backend servers needed to test the upper limit of the SSL device. If I understand correctly each backend server is going to have an upper limit of 65535 TCP ports that can be opened (as the Source IP will most likely always be the SSL device). On the surface it looks like the backend server should be enough to handle the upper limit of the SSL device. However, that assumes that every connection is successful and the backend server has enough other resources to handle the load. Does anybody have any practical experience with this? And any recommendations on the number of backend servers at a specific load? Thanks in advance Eric Johnson Nortel Networks SQA Engineer [EMAIL PROTECTED]
Re: SSL Scaling Question
Eric Johnson wrote: Hi. I'm new to this forum and was wondering if I could get some assistance. I have an SSL Acceleration device that is comparable of supporting 50,000 concurrent connections. I would like to put this in my lab here at work and test the upper limit of this device. I'm concerned about the backend web server needed for this test effort. I'm trying to find out what the appropriate number of backend servers needed to test the upper limit of the SSL device. If I understand correctly each backend server is going to have an upper limit of 65535 TCP ports that can be opened (as the Source IP will most likely always be the SSL device). On the surface it looks like the backend server should be enough to handle the upper limit of the SSL device. However, that assumes that every connection is successful and the backend server has enough other resources to handle the load. Does anybody have any practical experience with this? And any recommendations on the number of backend servers at a specific load? Thanks in advance An SSL session is presumably mapped to a TCP connection. A TCP connection is named by the four-tuple of local and remote IP, and local and remote port number. Ignoring holes in the address space, that means there can be 2^32 * 2^32 * 2^16 * 2^16 TCP connections in any one Internet universe. If you have a well known port number used on a server, all the clients connect to that port number. Each of the connections will have the server IP and server port number as part of its name, but the names will be unique because they will also have the client IP and client port number. Multiple connections from one client IP will have different client port numbers, so there will still be unique names. So in theory, a backend server can have _very_ many more than 65535 connections. However, you are correct in that to a well-known port and a single server IP, from a single client IP, there can be no more than 65535 connections at any one time. I suspect that if the SSL device is regenerating TCP connections, _it_ becomes the client, and so it is _its_ limitation on port numbers and its single IP address which comes into play. As for how many servers, that is one of those it depends things - how busy are each of the connections through the SSL device etc etc. If all you are doing is establish the connection, exchange a request and response and then close, that will look to the back-end server or servers rather like the old SPECweb96 benchmark. If connections are persistent and include some dynamic content, it will look to the back-end server rather like the SPECweb99 benchmark. If there is no dymanic content, but connections are persistent it will look different from the two - but a give result would be higher than the corresponding SPECweb96 or SPECweb99 score. If you want to be certain you are measuring the SSL device then you want as many back-end servers as you can muster. Perhaps as many as you have front-end clients driving the load. rick jones There is a crufty old SSLperf benchmark that took the average request/response size from SPECweb9[69] and the SPECweb96 behaviour of connect request response close but did it with SSL using IIRC RSA mumble. It leveraged the curl utility and should still be archived on ftp://ftp.cup.hp.com/dist/networking/benchmarks somewhere . __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: SSL Scaling Question
If all you are going to do to test the accelerator/server combination is fetch some static content, then your job is fairly easy: Load-test the server using HTTP connections fetching the static content, until you either reach a server bottleneck (CPU/Memory/IO) or achieve your max number of connections. Increase the number of servers (with the appropriate load balancer) as needed until you can support the required number of connections. Then insert your SSL hardware, and generate the load using HTTPS. You should observe an increase in transaction times since the load generators have to do the crypto processing in software. In fact, you may end up needing more generators to compensate for that additional workload. That's a pretty simplified approach, but should serve to get you started. It's been my experience that in real-world usage, the limits encountered at first are more related to the web server and any application server/middleware, primarily in the ability to handle lots of simultaneous sessions and maintain persistence data for all of them. The crypto processing on the accelerators is rarely a performance issue unless you are talking about very static HTML content. Best wishes from another Nortel employee, Timothy M. Metzinger, CISSP, PMP Northop Grumman Information Technologies/Nortel Government Solutions Department of the Treasury Office of the Chief Information Officer HR Connect Program Office 202-622-0579(voice) HR Connect: Connecting people, performance, and technology -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Johnson Sent: Tuesday, February 13, 2007 11:59 AM To: openssl-users@openssl.org Subject: SSL Scaling Question Hi. I'm new to this forum and was wondering if I could get some assistance. I have an SSL Acceleration device that is comparable of supporting 50,000 concurrent connections. I would like to put this in my lab here at work and test the upper limit of this device. I'm concerned about the backend web server needed for this test effort. I'm trying to find out what the appropriate number of backend servers needed to test the upper limit of the SSL device. If I understand correctly each backend server is going to have an upper limit of 65535 TCP ports that can be opened (as the Source IP will most likely always be the SSL device). On the surface it looks like the backend server should be enough to handle the upper limit of the SSL device. However, that assumes that every connection is successful and the backend server has enough other resources to handle the load. Does anybody have any practical experience with this? And any recommendations on the number of backend servers at a specific load? Thanks in advance Eric Johnson Nortel Networks SQA Engineer [EMAIL PROTECTED]
Re: Sign using RSA-SHA1
Kaushalye Kapuruge wrote: Hi List, I need to sign a text using RSA-SHA1. ( http://www.w3.org/2000/09/xmldsig#rsa-sha1 http://www.w3.org/2000/09/xmldsig#rsa-sha1 as per XML-Signature specification http://www.w3.org/TR/xmldsig-core/) I found a set of EVP_ functions to do this. i.e. EVP_SignInit (md_ctx, EVP_sha1()); EVP_SignUpdate (md_ctx, data, strlen(data)); siglen = sizeof(sigbuf); err = EVP_SignFinal (md_ctx, sigbuf, siglen, pkey); In the above I have specified to use SHA-1 as the digest method. But I'm wondering where I have to specify to sign using RSA. Does these functions automatically decide the algorithm (e.g. DSA-SHA1, RSA-SHA1) by inspecting the EVP_PKEY* ? Please advice. if you use the cvs head (alias 0.9.9-dev) you can use EVP_sha*() together with a RSA, DSA or a EC key to create a RSA etc. signature. In OpenSSL = 0.9.8 you need to use EVP_dss1() or EVP_sha1() for RSA (the EVP_digest name() functions always assume a RSA key). Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: BIO_read(), SSL_read(), return values
you might want to take a look at the functions SSL_pending - (tells you there is data to read on the SSL socket before trying to read ) BIO_pending Perry Milan Křápek wrote: Hi, I have a question. I have multithread system, with non blocking I/O and perhaps 100 connections to servers. I have a special thread, that waits on select(). When it returns me, that I have some data for reading, I start the reading for every connection. When the select throws me timeout, I start the readig too, because it´s possible that some data came, while I was doing previous reading. I have two types of connection. One TCP, where I use for reading the BIO_read function and one TLS where I use the SSL_read function. Now I have this problem. When I try to read data from some connection, it is posible, that there is not any data. I have read, that when there is not any data, the BIO_read function throws me 0 or -1, but these return values can mean error too. How can I recognize, that this means, that I read only 0b of data? And I have the similar problem with SSL_read. I use SSL_get_error function to determine, what hapen in reading, but I havent find what error code it returns me, when I read no data? Will it be SSL_ERROR_NONE or SSL_ERROR_ZERO_RETURN? I apologize for my English. Thanks for answer. Milan Křápek __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Questions about Certificate Verification
I'm somewhat new to OpenSSL (and SSL in general) and I'm attempting to use it to encrypt an existing socket communication system in an application we use. After a morning of experimenting, I've successfully written a small experimental Server Client app that simply sends a Hello World across an SSL-encrypted connection. What took me so long was to get Mandatory Cerificate Verification working (I'm currently using self-signed certificates). But one thing I don't understand is why both the RSA Private Key Certificate must exist on both ends of the connection. I'm used to using RSA DSA keypairs in SSH, and had assumed something similar would work here. I *thought* that the Private Key would exist on the Server, while the Certificate would exist on the client, and the password would be entered on the client. As it stands now, however, it seems I have to have the Key, Certificate, and Password on Both Ends. Is this right? -- Randall Hand Visualization Scientist ERDC MSRC-ITL
Re: Questions about Certificate Verification
Hello, But one thing I don't understand is why both the RSA Private Key Certificate must exist on both ends of the connection. I'm used to using RSA DSA keypairs in SSH, and had assumed something similar would work here. I *thought* that the Private Key would exist on the Server, while the Certificate would exist on the client, and the password would be entered on the client. As it stands now, however, it seems I have to have the Key, Certificate, and Password on Both Ends. Is this right? Server RSA key and certificate is used to exchange pre_shared_secret between client and server (client encrypts generated pre_master_secret with server certificate and sends this to server, server decrypts this with its private key). Next pre_master_secret is used to generate master_secret, key_material, passwords ... Client RSA key and certificate is only used to authenticate client by server. You may configure server to not authenticate client and then client RSA key/certificate is not required. In ssh you may choose to use RSA authentication too and then you need to generate key pair (private and public) on client (ssh-keygen) and transfer public key to server to proper location (user authorized_keys file). Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
OpenSSL newbie
Hi I'm about to develop a server application which should be able to handle ALOT of connections, say 20k-30k Any suggestions as to how I should tackle this problem? I am really new with OpenSSL and haven't really grasped it all yet. I've been searching the net for a couple of days now just to find some threading-examples concerning OpenSSL, or the usage of select(); I was thinking along the lines of spawning up a couple of threads and have a maximum number of Connections per-thread using select to indicate when a packet has come into the system. What do you guys think of that? would that be possible with OpenSSL? Also I have a problem finding information on how to perform a non-blocking connect-negotiation. I'm not sure how the SSL_connect() function is supposed to work, I guess the only way to go about this is using non-blocking sockets as the SSL_connect() seems to indirectly return WANTS_READ or WANTS_WRITE thus letting me out to the main select again (correct?) but then comes to the concern of non-blocking sockets, I've heard they're really stressfull for the system, is that true , and if so, what would be a sane approach to this problem? Thanks in advance /Tommy Wallberg __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Questions about Certificate Verification
WEll, I understand the SSH way as I use it regularly, but I'm having a hard time finding documentation and examples on the SSL way to do this. Do you have any code examples, or know where I might find some? I managed to figure out how to do DH matching, which gives me encryption but no authentication. I also managed to figure out full certificate work with RSA, but (as I said) it seemed to require the Key, CErtificate, Password on both ends. On 2/13/07, Marek Marcola [EMAIL PROTECTED] wrote: Hello, But one thing I don't understand is why both the RSA Private Key Certificate must exist on both ends of the connection. I'm used to using RSA DSA keypairs in SSH, and had assumed something similar would work here. I *thought* that the Private Key would exist on the Server, while the Certificate would exist on the client, and the password would be entered on the client. As it stands now, however, it seems I have to have the Key, Certificate, and Password on Both Ends. Is this right? Server RSA key and certificate is used to exchange pre_shared_secret between client and server (client encrypts generated pre_master_secret with server certificate and sends this to server, server decrypts this with its private key). Next pre_master_secret is used to generate master_secret, key_material, passwords ... Client RSA key and certificate is only used to authenticate client by server. You may configure server to not authenticate client and then client RSA key/certificate is not required. In ssh you may choose to use RSA authentication too and then you need to generate key pair (private and public) on client (ssh-keygen) and transfer public key to server to proper location (user authorized_keys file). Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Randall Hand Visualization Scientist ERDC MSRC-ITL
RE: OpenSSL newbie
I'm about to develop a server application which should be able to handle ALOT of connections, say 20k-30k Any suggestions as to how I should tackle this problem? It takes a lot of experience to develop a system that can handle more than 10,000 simultaneous connections. I don't think it's realistic to expect that you'll be able to just dive into it. I am really new with OpenSSL and haven't really grasped it all yet. I've been searching the net for a couple of days now just to find some threading-examples concerning OpenSSL, or the usage of select(); I was thinking along the lines of spawning up a couple of threads and have a maximum number of Connections per-thread using select to indicate when a packet has come into the system. What do you guys think of that? would that be possible with OpenSSL? That's a reasonable approach and will probably scale to 20,000 connections. However, 'select' is one of the worst ways to handle such a large number of connections. For example, consider a thread handling connections 18,000 through 18,200. Every time you call 'select', the kernel will have to scan through 18,000 zero bits to find the first set bit. That just doesn't seem particularly efficient. Also I have a problem finding information on how to perform a non-blocking connect-negotiation. I'm not sure how the SSL_connect() function is supposed to work, You make the socket non-blocking and call SSL_connect. If it can't complete the negotiation now because it needs to read some data, it will tell you, and you can call SSL_connect again later (possibly when you have reason to believe data is ready to be read). I guess the only way to go about this is using non-blocking sockets as the SSL_connect() seems to indirectly return WANTS_READ or WANTS_WRITE thus letting me out to the main select again (correct?) What operating system are we talking about? but then comes to the concern of non-blocking sockets, I've heard they're really stressfull for the system, is that true , and if so, what would be a sane approach to this problem? I would strongly urge you to totally ignore X is bad type comments. This one is especially meaningless because it's not even clear what X is. (On what operating system? Using any I/O model?) No, non-blocking sockets are generally more scalable than blocking sockets. (With 20,000 connections, are you supposed to have 20,000 threads blocked in 'read'? And then if you receive 50 packets are you supposed to switch threads 50 times?) DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL newbie
I'm about to develop a server application which should be able to handle ALOT of connections, say 20k-30k Any suggestions as to how I should tackle this problem? It takes a lot of experience to develop a system that can handle more than 10,000 simultaneous connections. I don't think it's realistic to expect that you'll be able to just dive into it. I'm quite aware that that high goal is quite hard to reach, but still it's my goal. Aim for the star and you'll reach the top of trees. That's a reasonable approach and will probably scale to 20,000 connections. However, 'select' is one of the worst ways to handle such a large number of connections. For example, consider a thread handling connections 18,000 through 18,200. Every time you call 'select', the kernel will have to scan through 18,000 zero bits to find the first set bit. That just doesn't seem particularly efficient. Yeah, I have been reading up a lot on select and poll, etc. It seems epoll is the way to go. When you say it will probably scale to 20,000 connections , do you mean because of the cpu required to process SSL or just more generally talking about select etc ? Also I have a problem finding information on how to perform a non-blocking connect-negotiation. I'm not sure how the SSL_connect() function is supposed to work, You make the socket non-blocking and call SSL_connect. If it can't complete the negotiation now because it needs to read some data, it will tell you, and you can call SSL_connect again later (possibly when you have reason to believe data is ready to be read). I guess the only way to go about this is using non-blocking sockets as the SSL_connect() seems to indirectly return WANTS_READ or WANTS_WRITE thus letting me out to the main select again (correct?) What operating system are we talking about? I'm on linux. I would strongly urge you to totally ignore X is bad type comments. This one is especially meaningless because it's not even clear what X is. (On what operating system? Using any I/O model?) No, non-blocking sockets are generally more scalable than blocking sockets. (With 20,000 connections, are you supposed to have 20,000 threads blocked in 'read'? And then if you receive 50 packets are you supposed to switch threads 50 times?) Note taken. When I said non-blocking I was referring to setting the O_NONBLOCK flag on the socket. I was not considering giving up the idea on select. All the traffic I recieve fits into one tcp-packet, would you know if that would imply that when a packet gets into the network stack and finally ends up readable on my filedes, would the entire packet payload be immediately available on read , or is it possible that I might only get a piece of the buffer? (is that process packet-readable atomic ?) Thanks for your help/reply/information it was appreciated /Tommy Wallberg __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Reusing a certificate store
Hi, The existing SSL_CTX implementation associates a new certificate store with each SSL_CTX. However, assuming the certificate store is static, i.e. after reading the certificates (for example from a PEM file) it doesn't change, there is at least conceptually a room for sharing it among multiple SSL_CTX. My question is whether it makes sense doing so, or are there some hidden pitfalls along the way? My application uses libcurl+openssl (7.16.0) for HTTP and HTTPS communication. The libcurl implementation uses multiple SSL_CTX objects, each with its own certificate store which are always loaded from the same PEM file. In my case this PEM file is of medium size (100 certificates, 700 KB) so the loading process is not negligible. If indeed one can share the certificate stores, I will change the curl implementation to support this. Cheers, Shmul
RSA encryption and decryption performance difference between pkcs11 engine and default engine on windows and solaris
Hi, I use openssl RSA encrypt and decrypt both on windows 2003 and solaris (amd64 and sparc T2000). I wrote some performance test code like gettimeofday(tpsbegin, NULL); for (i = 0; i 100; i++) { r = RSA_public_encrypt(245, plain_data, enc_data, key, RSA_PKCS1_PADDING); if (r = 0) { err = ERR_peek_last_error(); printf(encrypt error %s\n, ERR_reason_error_string(err)); break; } r = RSA_private_decrypt(r, enc_data, dec_data, key, RSA_PKCS1_PADDING); if (r = 0) { err = ERR_peek_last_error(); printf(decrypt error %s\n, ERR_reason_error_string(err)); break; } } gettimeofday(tpsend, NULL); interval = (tpsend.tv_sec - tpsbegin.tv_sec) * 100; interval += tpsend.tv_usec; interval -= tpsbegin.tv_usec; interval = interval / 1000; printf(RSA enc and dec %d times %d\n, i, interval); At first, I ran the code on windows, 100 times RSA encryption and decryption wasted 1500ms, then I ran the code on Solaris (sparc t2000), it wast 8000ms. I googled that why Solaris RSA enc and dec is so slow and found that the pkcs11 engine should be use to improve Solaris RSA performance. I did use the pkcs11 engine e = ENGINE_by_id(pkcs11); if (e != NULL) { if (ENGINE_init(e) == 0) { printf(engine init failed\n); } if (ENGINE_set_default_RSA(e) == 0)//, ENGINE_METHOD_ALL) == 0) { printf(set engine failed\n); } ENGINE_finish(e); ENGINE_free(e); } else { printf(finding engine failed\n); } Solaris (sparc t2000) 100 times RSA encryption and decryption wasted only 600ms, I also test the code on Solaris (amd64 3800+ dual core), 100 times RSA encryption and decryption wasted about 700ms, the pkcs11 engine extremely improve the RSA performance. And now, I have 2 questions, First 1, Whether the pkcs11 engine affect the encryption result? I mean ff I encrypt the plain data by pkcs11 engine, can I decrypt them normally without pkcs11 engine? Sencond 1, pkcs11 engine is amazing on Solaris, I want to know how can I imporove windows (I did not found pkcs11 engine on windows) RSA dec and enc performance to pkcs11 level? Thank you for your help.
Re: Questions about Certificate Verification
Randall Hand schrieb: WEll, I understand the SSH way as I use it regularly, but I'm having a hard time finding documentation and examples on the SSL way to do this. Do you have any code examples, or know where I might find some? I managed to figure out how to do DH matching, which gives me encryption but no authentication. I also managed to figure out full certificate work with RSA, but (as I said) it seemed to require the Key, CErtificate, Password on both ends. Some sample code: http://www.opensslbook.com/code.html The book is also nice reading... You should not need keys or Password on the client side (if you don't want to do client authentication). Also you should not need the server's certificate in advance (it is sent to the client during SSL handshake), just the certificate of it's CA. OK, in case of self signed certificates that's the same... ;) I guess you are setting up client and server symmetrically (a peer-to-peer setup), so both sides want to authenticate and therefore need keys and password. In the most common SSL applications (like HTTPS) usually only the server authenticates and the client remains anonymous. Some code snippets of your SSL related code might help to evaluate if I am guessing correct... Hope it helps, Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 smime.p7s Description: S/MIME Cryptographic Signature