Mutual Authentication using Multiple CA's in Apache (mod_ssl) does not work
Bonjour All Users, My setup has a ROOT CA and 3 level of Sub CA's. I have generated apache web server and client certificates from every the ROOT and Sub CA's. I have configured my APACHE web server for client certificate (mutual) authentication. I have generated the apache web server certificate and client certificates from the ROOT CA with proper extensions. In case of Root CA, it works well. Mutual authentication works fine. In case of Sub CA, the apache web server certifictae and client certificates are generated by SubCA with the same extensions/profile as in case of ROOT CA. But when i try to authenticate users from Sub CA's then following error occurs unhandled critical extension. SSLCACertificateFile contains the concatenated certifcates of all the CA's( issuing CA certtificate is at top and Root ca certificate is at bottom of this file) Here is my vhost file NameVirtualHost *:80 NameVirtualHost *:443 VirtualHost *:80 DocumentRoot /srv/www/htdocs/ ServerName XX RewriteEngine On RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R] /VirtualHost VirtualHost *:443 DocumentRoot /srv/www/htdocs/ ServerName X SSLEngine on SSLCipherSuite HIGH SSLProtocol all -SSLv2 SSLCertificateFile /etc/apache2/certificates/cert.pem SSLCertificateKeyFile /etc/apache2/certificates/key.pem SSLCACertificateFile /etc/apache2/certificates/chain.pem #SSLCertificateChainFile /etc/apache2/certificates/chain.pem //chain.pem contains all the upper level certificates concanetated such that (1st certificate is of issuing CA , going downward towards the root CA... // i have also tried with the SSLCertificateChainFile directive but the error is same ... Directory /srv/www/htdocs/ SSLVerifyClient require SSLRequireSSL SSLRequire %{SSL_CLIENT_S_DN_CN} eq SSLVerifyDepth 3 SSLOptions +StdEnvVars +ExportCertData /Directory /VirtualHost I am using OpenSSL version 0.9.8h release 28 May 2008 and Apache version 2.2.10-2.5 Kindly guide me in this aspect. Waiting for your kind Reply Best Regards Scott Thomas
Re: [error] Certificate Verification: Error (34): unhandled critical extension
Bonjour All Users, My setup has a ROOT CA and 3 level of Sub CA's. I have generated apache web server and client certificates from every the ROOT and Sub CA's. I have configured my APACHE web server for client certificate (mutual) authentication. I have generated the apache web server certificate and client certificates from the ROOT CA with proper extensions. In case of Root CA, it works well. Mutual authentication works fine. In case of Sub CA, the apache web server certifictae and client certificates are generated by SubCA with the same extensions/profile as in case of ROOT CA. But when i try to authenticate users from Sub CA's then following error occurs unhandled critical extension. SSLCACertificateFile contains the concatenated certifcates of all the CA's( issuing CA certtificate is at top and Root ca certificate is at bottom of this file) Here is my vhost file NameVirtualHost *:80 NameVirtualHost *:443 VirtualHost *:80 DocumentRoot /srv/www/htdocs/ ServerName XX RewriteEngine On RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R] /VirtualHost VirtualHost *:443 DocumentRoot /srv/www/htdocs/ ServerName X SSLEngine on SSLCipherSuite HIGH SSLProtocol all -SSLv2 SSLCertificateFile /etc/apache2/certificates/cert.pem SSLCertificateKeyFile /etc/apache2/certificates/key.pem SSLCACertificateFile /etc/apache2/certificates/chain.pem #SSLCertificateChainFile /etc/apache2/certificates/chain.pem //chain.pem contains all the upper level certificates concanetated such that (1st certificate is of issuing CA , going downward towards the root CA... // i have also tried with the SSLCertificateChainFile directive but the error is same ... Directory /srv/www/htdocs/ SSLVerifyClient require SSLRequireSSL SSLRequire %{SSL_CLIENT_S_DN_CN} eq SSLVerifyDepth 3 SSLOptions +StdEnvVars +ExportCertData /Directory /VirtualHost I am using OpenSSL version 0.9.8h release 28 May 2008 and Apache version 2.2.10-2.5 that come by default with OpenSUSE 11.1 distribution... This issue has already been reported in May 2006, Kindly guide me in this aspect. Waiting for your kind Reply Best Regards Scott Thomas Diarmuid Curtin-- Diarmuid Curtin wrote : Hi, I am running the following test: openssl 0.9.8b Mod_SSL 2.0.58 I am using mod_ssl for client authentication, however, when the client presents the certificate, the following error appears [error] Certificate Verification: Error (34): unhandled critical extension in Apache log, and the SSL handshake fails. When I use openssl -verify on the certificate, it seems happy. Is there a way I can ask mod_ssl or openssl to ignore critical extensions? I am aware that this is not good practice, however, I need to demo this setup and there does not seem to be any other way forward. i.e. is there a flag in openssl that can turn this checking off temporarily how can I do this? Diarmuid -- This message was sent on behalf of scott_thomas...@yahoo.com at openSubscriber.com http://www.opensubscriber.com/message/openssl-users@openssl.org/4108750.html __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: self-signed SSL certificates and trusted root certificate
-Original Message- From: Eisenacher, Patrick Hi Jeff, -Original Message- From: Jeffrey Walton Hi Vieri, How does one issue a cert for multiple CN? Suppose I have just one HTTP server but it can be accessed via multiple FQDN... I suppose I need to use subjectAltName? Subject alternative name is one possibility. If you need a cert for several hosts/hostnames belonging to the same domain, a wildcard CN comes to mind as well, eg. *.domain.com. Wild carding usually makes the security folks cringe. A bad guy can stand up a malicious server, and the server appears legit to the outside world due to the wild card. can you please elaborate on where you see a security drawback in the attack scenario you mentioned when using wildcard certs over non-wildcard certs? Anybody else? Jeff's been MIA since a week and I still can't see why anybody would cringe... Patrick Eisenacher __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
openssl command to add extension
Hi, What is the command to create a certificate signing request with x509 extensions, say a OCSP responder. Thanks, Arun
Question about RSA Key
Hi, I'm not familiar yet in the OpenSSL library.. I used the RSA .net Crypto, generated a private public key using .net platform. And now I want to use the OpenSSl RSA algorithm using the same keys How can I create RSA Key from keys that generated by RSA .Net Crypto ??? Best Regards Rabia This mail was sent via Mail-SeCure System. This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Mutual Authentication using Multiple CA's in Apache (mod_ssl) does not work
On Mon, Jun 07, 2010, Scott Thomas wrote: Bonjour All Users, My setup has a ROOT CA and 3 level of Sub CA's. I have generated apache web server and client certificates from every the ROOT and Sub CA's. I have configured my APACHE web server for client certificate (mutual) authentication. I have generated the apache web server certificate and client certificates from the ROOT CA with proper extensions. In case of Root CA, it works well. Mutual authentication works fine. In case of Sub CA, the apache web server certifictae and client certificates are generated by SubCA with the same extensions/profile as in case of ROOT CA. But when i try to authenticate users from Sub CA's then following error occurs unhandled critical extension. SSLCACertificateFile contains the concatenated certifcates of all the CA's( issuing CA certtificate is at top and Root ca certificate is at bottom of this file) Well the message is clear enough. A certificate in the chain includes a critical extension that OpenSSL does not handle. Without seeing the extensions in each certificate it isn't clear which one is causing the problem. Try this command: openssl verify -CAfile root.pem -untrusted subcas.pem client.pem Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: NameConstraints are not being applied (or I don't know how to enforce them?)
On Thu, 2010-06-03 at 21:35 -0400, Victor Duchovni wrote: The problem is that only the application knows which names are those of the peer it tried to reach. True, but the app could easily provide that information to a library function. If you look at the 250 lines of code I referenced, almost none of that is actually app-specific. My code could be abstracted to take the app-specific information as arguments without too much pain. -- dwmw2 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: NameConstraints are not being applied (or I don't know how to enforce them?)
On Mon, Jun 07, 2010 at 03:03:28PM +0100, David Woodhouse wrote: On Thu, 2010-06-03 at 21:35 -0400, Victor Duchovni wrote: The problem is that only the application knows which names are those of the peer it tried to reach. True, but the app could easily provide that information to a library function. Not quite that simple, as in the case of Postfix, for example, the application supports a list of acceptable names, some of which can be sub-domain wild-cards. An API to iterate over the subjectAltName DNS names (validated to not contain embedded NULs, ...) if present or else the CN (normalized to UTF-8 and validated to no contain embedded NULs, ...) would be of general use. If you look at the 250 lines of code I referenced, almost none of that is actually app-specific. My code could be abstracted to take the app-specific information as arguments without too much pain. Different apps have somewhat different name matching policies, but I would agree that *robust* name *extraction*, should and could be easier. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Creating a x509 request with Whirlpool
Hello, I was experimenting OpenSSL 1.0.0 and I needed to create a request that must be signed with Whirlpool hash algorithm. However, when I used the command: openssl req -whirlpool -newkey rsa:1024 -keyout key.pem -out req.pem It didn't work. The error message was: 3078702728:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:125: 3078702728:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP lib:a_sign.c:279: I wish to know if the fact that whirlpool can't work for x509 requests is a decision of openssl developers or there is another reason. Perhaps I am not using it correctly. PS: I am trying to hack openssl source code to find where I could include changes that would allow to use whirlpool. Do you have any hint? Thanks! -- Davi Tozoni Engenharia KRYPTUS Engenharia Criptográfica (19) 88140530 www.kryptus.com
Re: Creating a x509 request with Whirlpool
On Mon, Jun 07, 2010, Davi Tozoni wrote: Hello, I was experimenting OpenSSL 1.0.0 and I needed to create a request that must be signed with Whirlpool hash algorithm. However, when I used the command: openssl req -whirlpool -newkey rsa:1024 -keyout key.pem -out req.pem It didn't work. The error message was: 3078702728:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:125: 3078702728:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP lib:a_sign.c:279: I wish to know if the fact that whirlpool can't work for x509 requests is a decision of openssl developers or there is another reason. Perhaps I am not using it correctly. PS: I am trying to hack openssl source code to find where I could include changes that would allow to use whirlpool. Do you have any hint? In order to use a digest for signature purposes it has to have an appropriate object identifier (OID) defined. For example sha1WithRSAEncryption for SHA1 and RSA. You can't just make one up it has to be standardised, there is no OID in OpenSSL corresponding to whirlpool with RSA and you get that error as a result. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
supp data extensions
Hello, Does anyone know if there is any support in OpenSSL for the transmission of supplemental data during the SSL handshake? (for example, to implement a new mechanism of authentication) Thank you, A.D.
additively computing SHA hash
Hello folks, I have a service to which people can send data. My service then stores the data and returns the SHA checksum for the data back to the client. I also store the checksum I computed and the offset at which it was computed as part of the metadata. I want to allow clients to send append requests to this data at a later time. When they send the append request, I want to be able to use the checksum that I had already calculated as the starting point and then use that to generate the new checksum for the appended object. I know about the init, update and final functions. But I dont see a way to pass in the checksum value of the original object when computing the checksum of the new appended object. Can someone tell me how I can achive the above? Thanks, Jason
Re: additively computing SHA hash
On Mon, Jun 07, 2010, Jason Fister wrote: Hello folks, I have a service to which people can send data. My service then stores the data and returns the SHA checksum for the data back to the client. I also store the checksum I computed and the offset at which it was computed as part of the metadata. I want to allow clients to send append requests to this data at a later time. When they send the append request, I want to be able to use the checksum that I had already calculated as the starting point and then use that to generate the new checksum for the appended object. I know about the init, update and final functions. But I dont see a way to pass in the checksum value of the original object when computing the checksum of the new appended object. Can someone tell me how I can achive the above? You mean you want to do: SHA1(A) and later do: SHA1(A || B) without including A again? The hash itself does not contain enough information to continue in that fashion. You'd need to store the actual hash context. There isn't a standard OpenSSL function to this you'd need to delve into the internals a little and copy the flat context somewhere and later restore. So you'd do something like... init update(A) save_context hash_A = final init restore_context update(B) hash_AB=final Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: additively computing SHA hash
On Mon, Jun 07, 2010 at 04:07:06PM -0400, Jason Fister wrote: Hello folks, I have a service to which people can send data. My service then stores the data and returns the SHA checksum for the data back to the client. I also store the checksum I computed and the offset at which it was computed as part of the metadata. I want to allow clients to send append requests to this data at a later time. When they send the append request, I want to be able to use the checksum that I had already calculated as the starting point and then use that to generate the new checksum for the appended object. It is not computationally feasible to compute the checksum of a longer message from the checksum of a short message. I know about the init, update and final functions. But I dont see a way to pass in the checksum value of the original object when computing the checksum of the new appended object. You need to serialize, save and restore the intermediate state of the digest before you call final if you need to be able to append more data without re-computing the entire checksum. OpenSSL does not provide a serialization interface for MD_CTX objects. Perhaps you're better off with a simpler library that does not support engines, and other features that make serialization difficult. The source code EVP_MD_CTX_copy_ex() can, with some effort, be adapted to save/restore non-engine OpenSSL digest contexts. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Extracting certificate start and end dates
Hi All, I am trying to crack open a certificate and print out the start and expire dates to a debug log message. I found these two nifty functions X509_get_notBefore() and X509_get_notAfter() which return a pointer to a ASN1_TIME struct. I'm not sure where to go from here. I would like to be able to convert the ASN1_TIME to a time_t struct or something. Would one of you experts please advise the best approach? Thanks, Dallas __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: self-signed SSL certificates and trusted root certificate
Hi Patrick, can you please elaborate on where you see a security drawback in the attack scenario you mentioned when using wildcard certs over non-wildcard certs? Principle of leat privilege dictates that only a single server (or possibly related servers) be authenticated. However, a wild card will match all hosts(some hand waiving here) - even if the host was put in place by a bad guy. I'm aware of a couple of tools that will flag it. Exchange's Security Analyzer is one of them. A related attack from Black Hat: http://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf. If you're wondering why VeriSign, Comodo, and gang sell them, that's easy - money. Jeff On Mon, Jun 7, 2010 at 5:37 AM, Eisenacher, Patrick patrick.eisenac...@bdr.de wrote: -Original Message- From: Eisenacher, Patrick Hi Jeff, -Original Message- From: Jeffrey Walton Hi Vieri, How does one issue a cert for multiple CN? Suppose I have just one HTTP server but it can be accessed via multiple FQDN... I suppose I need to use subjectAltName? Subject alternative name is one possibility. If you need a cert for several hosts/hostnames belonging to the same domain, a wildcard CN comes to mind as well, eg. *.domain.com. Wild carding usually makes the security folks cringe. A bad guy can stand up a malicious server, and the server appears legit to the outside world due to the wild card. can you please elaborate on where you see a security drawback in the attack scenario you mentioned when using wildcard certs over non-wildcard certs? Anybody else? Jeff's been MIA since a week and I still can't see why anybody would cringe... Patrick Eisenacher __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org