Re: Client certificate chains
On 22/03/2011 09:24, Crypto Sal wrote: Me thinks they don't understand Client Authentication/Digital Certificates. The server doesn't typically need to verify up to the root, they provide a list of acceptable client CA names during the handshake. I'm using a CAfile that has all of the certificates in - as far as I am aware that makes openssl trust these certificates. Do you have them in reverse hierarchy when using '-CAfile' ?(Intermediate(s) to Root) I have seem some systems/programs flip out because certificates were out of order. Yes, they are in the usual order, with root as the final cert. My thoughts... When you connect using 's_client' do you use something similar to the following? `openssl s_client -connect FQDN:PORT -cert CERT_FILE -key KEY_FILE -CAfile yourCAfile` Have you tried just to connect to the site without the '-cert', '-key' and/or '-CAfile' and see if any useful information is presented by the server or does the connection fail outright? Without the -CAfile then the connection to the server fails at the server certificate stage (self-signed cert). With the CAfile but without cert/key then the connection fails at the same point as if the cert/key had been provided. Based on the error of 'SSL alert number 80', that you have provided previously, I suspect the problem is with your certificate's (client cert) issuing CA being unknown to the server (one that it doesn't directly trust and you need an appropriate hierarchy) Those running the server are the ones that signed the client certificate and provided the CA and Root certificates that are in use. == Info: SSLv3, TLS handshake, Server finished (14): = Recv SSL data, 4 bytes (0x4) : 0e 00 00 00 == Info: SSLv3, TLS handshake, Client key exchange (16): = Send SSL data, 102 bytes (0x66) : 10 00 00 62 00 60 45 1d e4 bd 03 4e bb 10 f1 04 ...b.`EN 0010: 72 4f 1f 2d 0e ea 7d d4 37 ee 4b a0 3f 27 33 26 rO.-..}.7.K.?'3 0020: 33 10 06 82 4b 66 c0 ca aa 14 68 6a f8 00 0d 89 3...Kfhj 0030: 17 92 4e ed 84 eb 82 52 e8 59 39 fe 81 4b 7c 10 ..NR.Y9..K|. 0040: e7 db 6e 54 2c 4e de 34 ff 8f 11 8e 5d 3e 5d e3 ..nT,N.4]]. 0050: 41 09 b4 06 36 78 cd 4b 33 c2 ce e4 06 a4 19 97 A...6x.K3... 0060: 5d bf 88 69 02 c8 ]..i.. == Info: SSLv3, TLS change cipher, Client hello (1): = Send SSL data, 1 bytes (0x1) : 01 . == Info: SSLv3, TLS handshake, Finished (20): = Send SSL data, 16 bytes (0x10) : 14 00 00 0c 94 4e 6d 82 d8 f2 8b a0 0f 30 61 b3 .Nm..0a. == Info: SSLv3, TLS alert, Server hello (2): = Recv SSL data, 2 bytes (0x2) : 02 50 .P == Info: error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal error == Info: Closing connection #0 I don't think they list any specific ca as part of the client cert requests, I think they rely on the client providing a full certificate chain and they then validate that using some other method. It seems that for some reason openssl is not sending any certificate to them. This seems to be something specific to TLS1.1 - see: http://lists.foaf-project.org/pipermail/foaf-protocols/2009-February/000264.html Is this behaviour that is not supported by openssl, or am I going down the wrong track (again...) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: data size issue with SSL_read( ) / SSL_write
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ikuzar Sent: Friday, March 18, 2011 5:41 AM To: openssl-users@openssl.org Subject: Re: data size issue with SSL_read( ) / SSL_write Ryan, what is the suitable cipher suite that works fine ( strengh, rapidity - efficiency ) in VoIP ? I would not have a clue. We don't deal with SSL in VoIP yet. Ryan Pfeifle Sr. Programmer Voice Print International, Inc. Immediate Results. Unmatched Value. Tel: 1.805.389.5200 x5297 Fax: N/A Email: r...@vpi-corp.com Web: www.VPI-corp.com Experience the VPI Value Advantage at http://www.VPI-corp.com/Value The information transmitted in this message is intended only for the addressee and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete this material from any computer.
error in config file
Hi all
I am working on implementing hierarchical pki in java. For that i am using
openssl for certificate purpose.All work fine for me but i am struck at one
point.
*
1. openssl ca -config abhi1\rootca1\rootca1.conf -batch -notext -out
abhi1\i2\ca.crt -in abhi1\i2\ca.csr
ExitValue: 1*
Using configuration from abhi1\rootca1\rootca1.conf
error loading the config file 'abhi1\rootca1\rootca1.conf'
416:error:02001003:system library:fopen:No such
process:.\crypto\bio\bss_file.c:
126:fopen('abhi1\rootca1\rootca1.conf','rb')
416:error:2006D080:BIO routines:BIO_new_file:no such
file:.\crypto\bio\bss_file.
c:129:
416:error:0E078072:configuration file routines:DEF_LOAD:no such
file:.\crypto\conf\conf_def.c:197:
error in ca
When i ececute this command for first time i don't get any error as conf
file is creeated but from next time onward it gives me the above error.
Also
*2.openssl x509 -noout -in abhi1\rootcn\ca.crt -issuer*
Error opening Certificate abhi1\rootcn\ca.crt
5460:error:02001003:system library:fopen:No such
process:./crypto/bio/bss_file.c
:356:fopen('abhi1\rootcn\ca.crt','rb')
5460:error:20074002:BIO routines:FILE_CTRL:system
lib:./crypto/bio/bss_file.c:35
8:
unable to load certificate
error in x509
This is one of the command that fails.
Any help on above will be very useful.
Thanking you in Advance
Thanks and Regards
Abhijit S Patil.
encode/decode: internal C struct - pem
Hello, 1) I do not know when must I use pem or der format when I deal with data encoding. For example, now, I have to read DHparam file. I created it with command line. I chose DHparam.pem because PEM is commonly used... 2) So, I am looking for PEM encode/decode functions which help me to perform this scheme : a) read DHparam.pem - store it in C structure DH* dh; - PEM_encode(dh, char* data) - send_data_to_peer(sock, *data) b) recv_data_from_peer(sock, *data) - PEM_decode(dh, char* data) But PEM encode/decode functions are not documented . I found : DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u); I 'm wondering why it returns DH* ...? I guess it put result in DH** I do not know how to use this function. 3) I found DER encode/decode function in the doc : DH * d2i_DHparams(DH **a, unsigned char **pp, long length); inti2d_DHparams(const DH *a, unsigned char **pp); For the moment, despite the fact that I intend to use PEM encode/decode function, I am going to use DER one's. to summarize: -- is PEM format adequate to send data to peer ? so how to use these PEM functions : http://www.openssl.org/docs/crypto/pem.html -- Any way, for the moment I am going to use DER encode/decode functions. So I have to convert DHparam.pem into DHparam.der so that I can read it with DER function. ( does d2i_ read PEM format ..? ) Thanks for your help.
d2i_DHparams signature
Hello, I 'd like to know what is the real signature of d2i_DHhparams. When I run my appli, I have got this error : error: cannot convert ‘unsigned char (*)[256]’ to ‘const unsigned char**’ for argument ‘2’ to ‘DH* d2i_DHparams(DH**, const unsigned char**, long int)’ In openssl doc, we have : DH * d2i_DHparams(DH **a, unsigned char **pp, long length); and when I put a const unsigned char** in arg 2, it works ... was there any change in the signature and so, openssl doc is not updated ? Thanks.
How to handle Expired or not yet valid X.509 certificates - or simply is the system date wrong?
Hi, I though this was already discussed, but I cannot find pointers. When some entity verifies a certificate, finds a valid signature etc but the current date is not between Valid From to Valid To, meaning the certificate seems not yet valid or expired, what is recommended to do? I think, essentially, this should be application specific, but are there guide lines or common sense? In practice there could be issues with wrong sytem date / system clocks / time stamps, which could lead to bad situations, especially when users are not allowed to change the system date (for security reasons) and then failing to remotely administrate (because the peer rejects the actually valid certificate as expired or not yet valid). It cannot be assumed all entities are connected to the internet or any other external trusted time (except maybe an SSL protected one). Are there standards, recommendatations or any writings discussing such topics, in particular system date related topics? oki, Steffen About Ingenico: Ingenico is a leading provider of payment, transaction and business solutions, with over 15 million terminals deployed in more than 125 countries. Over 3,000 employees worldwide support merchants, banks and service providers to optimize and secure their electronic payments solutions, develop their offer of services and increase their point of sales revenue. http://www.ingenico.com/. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. P Please consider the environment before printing this e-mail __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
verifying a cross-certified chain
I have a signed personal certificate and a list of CAs that chain together. Towards the top of the chain, I run into problems because the CAs are cross-signed. The Issuer: field for CA1 is CA2, and the Issuer: field for CA2 is CA1. When I run openssl verify kdreyer.pem, OpenSSL is able to follow the sub-CAs up to the first of these cross-signed CAs, but it fails with error 2 at 100 depth lookup:unable to get issuer certificate. I want it to go back down the chain to see the cross-signing. I have all of the hashes configured properly, but this cross-signing seems tricky. Eg. $ openssl x509 -noout -issuer_hash -in fc403046.0 b8db54bd $ openssl x509 -noout -issuer_hash -in b8db54bd.0 fc403046 openssl verify errors on b8db54bd.0 . For background, I'm trying to use the Federal Bridge Certificate Authorities, which are cross-signed in a sort of configuration that I'm unfamiliar with. http://www.idmanagement.gov/fpkima/content/PCA_DNs.cfm Can someone please help me understand how to successfully verify my personal certificate in this situation? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DIRECTORYSTRING and substitute in v1.0.0d
On Thu, Mar 10, 2011, Christian Weber wrote:
Hi there,
in the past we have implemented some templates for x509v3
extensions for certificates due to being able to handle
some attributes defined in common-pki 2.0.
One of the more structured attributes is admission:
id-isismtt-at-admission OBJECT IDENTIFIER ::= {id-isismtt-at 3}
id-isismtt-at-namingAuthorities OBJECT IDENTIFIER ::= {id-isismtt-at 11}
AdmissionSyntax ::= SEQUENCE {
admissionAuthority GeneralName OPTIONAL,
contentsOfAdmissions SEQUENCE OF Admissions }
Admissions ::= SEQUENCE {
admissionAuthority [0] EXPLICIT GeneralName OPTIONAL,
namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL,
professionInfos SEQUENCE OF ProfessionInfo }
NamingAuthority ::= SEQUENCE {
namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
namingAuthorityUrl IA5String OPTIONAL,
namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
}
ProfessionInfo ::= SEQUENCE {
namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
professionItems SEQUENCE OF DirectoryString(SIZE(1..128)),
professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
addProfessionInfo OCTET STRING OPTIONAL
)
So we defined (representig the ProfessionInfo part of the structure):
typedef STACK_OF(DIRECTORYSTRING) DIRECTORYSTRINGS;
DECLARE_ASN1_FUNCTIONS(DIRECTORYSTRINGS)
DECLARE_ASN1_ITEM(DIRECTORYSTRINGS)
typedef struct X509_ADMISSION_PROF_INFO_st {
X509_ADMISSION_NAM_AUTH *namingAuthority; // optional
DIRECTORYSTRINGS *professionItems;
ASN1_OBJECTS *professionOIDs; // optional
ASN1_PRINTABLESTRING *registrationNumber; // optional
ASN1_OCTET_STRING *addProfessionInfo; // optional
} X509_ADMISSION_PROF_INFO;
and (nearly) all went ok. For parsing the template we had to patch
a patch tasn_dec.c not to complain about errors to optional template
elements.
With version 1.0.0 DIRECTORYSTRING support seems to have gone or otherwise
substituted.
We were using the structures with (code snippet)
ASN1_SEQUENCE(X509_ADMISSION_PROF_INFO) = {
ASN1_EXP_OPT(X509_ADMISSION_PROF_INFO, namingAuthority,
X509_ADMISSION_NAM_AUTH, 0),
ASN1_SEQUENCE_OF(X509_ADMISSION_PROF_INFO, professionItems,
DIRECTORYSTRING),
ASN1_OPT(X509_ADMISSION_PROF_INFO, professionOIDs, ASN1_OBJECTS),
ASN1_OPT(X509_ADMISSION_PROF_INFO, registrationNumber,
ASN1_PRINTABLESTRING),
ASN1_OPT(X509_ADMISSION_PROF_INFO, addProfessionInfo, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(X509_ADMISSION_PROF_INFO)
IMPLEMENT_ASN1_FUNCTIONS(X509_ADMISSION_PROF_INFO)
...
X509_ADMISSION_PROF_INFO_SK *sk_apis = i2_admissions-professionInfos;
for (int i3 = 0; i3 sk_X509_ADMISSION_PROF_INFO_num(sk_apis); i3++)
{
X509_ADMISSION_PROF_INFO *api =
sk_X509_ADMISSION_PROF_INFO_value(sk_apis, i3);
if (api)
{
X509_ADMISSION_NAM_AUTH *namingAuthority2 =
api-namingAuthority;
// namingAuthority2 (s.o. -- namingAuthority)
if (namingAuthority2)
{
avnode *att_na =
Attribute_namingAuthority(namingAuthority2);
if (att_na)
prof-adoptname(namingAuthority, att_na);
else
prof-addname(namingAuthority).addvalue([PARSING FAILURE]);
}
... now look at the professionItems ...
for (int i4 = 0; i4 sk_num(api-professionItems); i4++)
{
ASN1_STRING *as = sk_value(api-professionItems, i4);
prof-addname(professionItem)
.addvalue(Certificate::ASN1_STRING_UTF8String(as));
}
Curenntly the compiler dislikes sk_num as well as sk_DIRECTORYSTRING_num.
So we had to fall back to the general ASN1_STRING type and do the checking
by hand within the code.
It would be nice to have some type that implicitly does the typechecking on
the ASN1
objects. So how to define some MB_STRING that makes the lib do the checks?
We've already noticed some MB_STRING (or so) with a Mask, but don't know how
to use it.
At last the patch to tasn_dec.c .
--- C:/wrk/openssl-1.0.0d/crypto/asn1/tasn_dec.c Tue Jun 15 18:25:06 2010
+++ S:/Build/SAK-2.1/openssl-1.0.0d/crypto/asn1/tasn_dec.c Thu Mar 10
01:26:40 2011
@@ -188,6 +188,8 @@
*/
if ((tag != -1) || opt)
{
+/* If OPTIONAL, assume this is OK Patch
5.2.2010 ChWe */
+if (opt) return -1;
ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
goto err;
We wonder if this critical in any aspect? With the patch the lib still seems
to work for
Re: How to handle Expired or not yet valid X.509 certificates - or simply is the system date wrong?
On 3/22/2011 9:07 AM, Steffen DETTMER wrote: When some entity verifies a certificate, finds a valid signature etc but the current date is not between Valid From to Valid To, meaning the certificate seems not yet valid or expired, what is recommended to do? It depends what you're doing. I think, essentially, this should be application specific, but are there guide lines or common sense? The basic idea is this: If the thing you're checking is from a past date, you can verify that date, and the certificate was valid on that date, then continue. If the operation is based on the current date, reject. In practice there could be issues with wrong sytem date / system clocks / time stamps, which could lead to bad situations, especially when users are not allowed to change the system date (for security reasons) and then failing to remotely administrate (because the peer rejects the actually valid certificate as expired or not yet valid). It cannot be assumed all entities are connected to the internet or any other external trusted time (except maybe an SSL protected one). If a system does not have a reliable source of time, then it cannot reliably perform security operations other than verifying timestamped signatures. That should have been addressed when the system was designed. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
BIO_f_buffer read behavior
I have pushed a BIO_f_buffer onto my BIO stack to get output buffering, This works fine. However, when I read from the BIO_f_buffer, it only returns when the buffer I give it is full. This is unlike the normal behavor of the below it in the stack, and different from a direct read. Is this the expected behavior of the BIO_f_buffer on a read? If so, is the only alternative to track a read and a write bio? I assume that I can read from the bio under the BIO_f_buffer without causing problems, is that correct. -- Chris Bare ch...@bareflix.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
must 'x' in g^x be a prime number
Hello, I 'd like to know : 1) if exponent x in g^x must be a great prime number. In some docs I saw, it is said that x must b a GREAT number but no information about primality .. 2) May generation of 'x' run for hours like related here : http://www.openssl.org/docs/crypto/DH_generate_parameters.html ( in NOTES) Thanks for your help.
Re: must 'x' in g^x be a prime number
Although the generator g can be any number, it is typically 2 or 5. In fact, this is all that OpenSSL supports (values 2 or 5 for g). The typical situation is this: (1) Alice and Bob generate random secret values a and b. If a or b happen to be prime, that is fine - but they need not be. (2) Alice sends Bob A=g^a(mod p) and Bob sends Alice B=g^b(mod p). (3) Alice calculates S=B^a(mod p) and Bob calculates S=A^b(mod p) and they are both left with the secret S. The key thing to notice is that the DH parameters are *public*. That means that the modulus and generator can be known by anyone without compromising the integrity of the DH transaction. I've generated a few 8192-bit moduli using openssl, and those jobs tend to take about 3 days to complete on a 2.4GHz core. If you need a large modulus, say 4096 bits or higher, you're best off generating it once on a fast machine and embedding it in your application as a byte array. On Tue, Mar 22, 2011 at 5:12 PM, ikuzar razuk...@gmail.com wrote: Hello, I 'd like to know : 1) if exponent x in g^x must be a great prime number. In some docs I saw, it is said that x must b a GREAT number but no information about primality .. 2) May generation of 'x' run for hours like related here : http://www.openssl.org/docs/crypto/DH_generate_parameters.html ( in NOTES) Thanks for your help. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: must 'x' in g^x be a prime number
4 numbers to make signs curvilinear. make a 1 in the ratings this made orthogonal form which brings up four primitive imagination. This is the next civilization Le mercredi 23 mars 2011 à 01:12 +0100, ikuzar a écrit : Hello, I 'd like to know : 1) if exponent x in g^x must be a great prime number. In some docs I saw, it is said that x must b a GREAT number but no information about primality .. 2) May generation of 'x' run for hours like related here : http://www.openssl.org/docs/crypto/DH_generate_parameters.html ( in NOTES) Thanks for your help. -- gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x092164A7 signature.asc Description: Ceci est une partie de message numériquement signée
Re:must 'x' in g^x be a prime number
1)The exponent x in DH can be any number.It should be big enough to
bear attack.The source in DH told us what exponent x can be.
ref:dh_key.c
if (generate_new_key)
{
l = dh-length ? dh-length : BN_num_bits(dh-p)-1; /* secret exponent
length */
if (!BN_rand(priv_key, l, 0, 0)) goto err;
}
2)The time of generation depends the length of your DH parameters.The longger
parameters you created, the more time you need to compute the value.
ref:
int DH_generate_parameters_ex(DH *dh,int prime_len,int generator, BN_GENCB *cb);
At 2011-03-23 08:12:37,ikuzar razuk...@gmail.com wrote:
Hello,
I 'd like to know :
1) if exponent x in g^x must be a great prime number. In some docs I saw, it is
said that x must b a GREAT number but no information about primality ..
2) May generation of 'x' run for hours like related here
:http://www.openssl.org/docs/crypto/DH_generate_parameters.html ( in NOTES)
Thanks for your help.
Re: callbacks: application context
On Tue, Mar 22, 2011, Victor Duchovni wrote: client() has some code like this: SSL_CTX_set_ex_data(a_ctx-a_ssl_ctx, myidx, a_ctx-cb_arg); No, don't do that, the SSL_CTX application context object is global. I was demonstrating that the callback API has some problems. If the common(?) way of taking a user supplied argument would be used then things would be simpler for application programmers, as can be seen by SSL_CTX_set_cert_verify_callback(3). Anyway, thanks for pointing out that these things can be done differently; now I'll have to figure out whether my current TLS client session caching prototype that I just wrote to work without callbacks is incorrect. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
