Re: SSL_get_verify_result() behavior
I ran the same test with OpenSSL v0.9.8o on linux. As soon as verifyCallback is returned 0, connect() fails with the CERT_UNTRUSTED error from SSL_get_verify_result() as expected. Here's the log: OpenSSL 0.9.8o 01 Jun 2010 compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall built on: Wed Feb 23 00:42:27 UTC 2011 platform: debian-i386 OPENSSLDIR: /usr/lib/ssl TCP connection successful verifyCallback() - in: preverify_ok=0 Verify error: unable to get local issuer certificate(20) - depth=1 - sub =/C=US/O=Google Inc/CN=Google Internet Authority verifyCallback() - out SSL handshake failed: SSL_ERROR_SSLFAIL Does this mean 0.9.8r has a bug??? If so, then it would be a pretty bad one because clients that use the version would connect to untrusted servers... Any thoughts? - Yutaka __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: How to do generate PKCS#7 to embedded system
Hi, First, thanks for your answer. But I using crypt processor to generate key pair (rsa 1024), and the structure of certificate I implement the ASN.1 manually (I don't have memory enough to use openssl lib), because I using MSP430F5438A processor.Probably, I not explain correctly and attached file explain the procedures in my project, and I need follow these steps below:1 - My project generate CSR in PKCS#10 format (Implemented using my crypt processor to generate keys and sign the structure);2 - The CA receive my CSR in PKCS#10 format, generate the Certificate and send me in PKCS#7 format; (This step that I not understand to do);3 - Store the Certificate in Flash memory (Not Implemented yet, but is not difficult) The step 2 I try to use openssl, but I not understand, because there aren't examples how to implement Certificate. Thanks for helpLaerte Junior From: dthomp...@prinpay.com To: openssl-users@openssl.org Subject: RE: How to do generate PKCS#7 to embedded system Date: Mon, 14 Nov 2011 17:36:25 -0500 From: owner-openssl-us...@openssl.org On Behalf Of Laerte Junior Sent: Saturday, 12 November, 2011 14:22 I'm working with embedded system project and I need to receive PKCS7 and store the fields(DN, signature, public key, etc.). Before, I generate a CSR to test (attached file), but now I need to generate PKCS7 to test. How to do it? I need to generate a small PKCS7 as possible. PKCS7 actually is (was designed as) a general format for lots of things, including signed and/or encrypted data. However, it is commonly used 'merely' to transfer one or more certificate(s) and/or one or more CRL(s) -- nominally for use to verify a related signeddata, but actually for any purpose. The fields you name are in a cert; do you want to receive a cert? If so, you must first get a cert, corresponding to your CSR. Is this CSR from the 'embedded' system, or an outside one? If the former, presumably what you want is to give the embedded system a cert for its keypair; what kind of cert? If the latter, why do you need to pre-transfer the cert rather than presenting it when referenced? How it is used for trust decisions will influence exactly which cert(s) (i.e. chain(s)) you need. If you want a selfsigned cert and have or can get its private key, openssl can do that. Of course a selfsigned cert doesn't generally deserve trust so this might not gain you much. If you want a cert issued (signed) under your own CA (key)(s), openssl can do that. If you want a cert issued under a public or other outside CA, you need to interact with that CA. Alternatively, if you just want a selfsigned cert for a private key you have, openssl can do that directly. If this will be a cert for the system's own keypair to be presented to others, storing only fields may be problematic. You will need to reconstruct (at least) exactly the same DER cert-info (aka TBS) as was in the issued or selfsigned cert. If not selfsigned, you may need to have (and present) part of the CA chain, up to (but not necessarily including) the trusted CA root or other (subroot) cert already on (all) the relier(s). If you get the cert from a real CA, it might provide you a 'degenerate' PKCS7 with your cert and any needed chain certs. AFAIK openssl commandline cannot create this; 'pkcs7' *reads* it (but doesn't write), and 'smime' optionally creates a real pkcs7: at minimum this would be a detached signature (which your receiver needn't and shouldn't verify) for data you discard. You could write about a 10-line program using openssl library to create a degenerate PKCS7 for a cert, or chain. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org attachment: Certificate_procedures.jpg
TLS problem with Lotus Domino v8.5.1 - mutual handshake fails
Hi, In our postfix server, we see SSL_accept error from hgrs-mail01.hgrs.tld.dom[161.x.y.z]: 0 Nov 16 08:54:52 ernesto postfix2cc/smtpd[18662]: warning: TLS library problem: 18662:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1053:SSL alert number 0: This error message apparently means that the client aborted the handshake just after receiving the server certificate (see step 14 in the upper half of the wireshark sessions screenshot - a successful handshake example in the lower part - there step 17 is how it would continue) If anybody is interested, I am happy to bilaterally send the .pcap files for the wireshark session and a screenshot of such wireshark sessions. The domino-side log can be found below. One hypothesis is that there is a Lotus Notes Domino bug (LO41163: IMPROPERLY BUILDING CERT CHAIN WHEN FOREIGN HOST PRESENTS JUST LEAF CERT) but the problem continued even when not just the leaf but also the leaf + intermediate or incl. root respectively were sent by the postfix server. So there must also be another problem. Any hints how to do a client certificate authentication TLS-handshake between IBM's v8.51 as the client and openssl on the server side would be highly appreciated. Many thanks in advance Ralf 15.11.2011 14:36:07 [2114:0011-176C] SMTPClient: Connection successful Checking keyfile certificates: 15.11.2011 14:36:07.45 [2114:0011-176C] SSLCheckCertChain Valid certificate chain received 15.11.2011 14:36:07.45 [2114:0011-176C] int_MapSSLError Mapping SSL error 0 to 0 15.11.2011 14:36:07.45 [2114:0011-176C] SSL_Handshake Enter 15.11.2011 14:36:07.45 [2114:0011-176C] SSL_Handshake Current Cipher 0x (Unknown Cipher) 15.11.2011 14:36:07.45 [2114:0011-176C] SSL_Handshake SSL Undetermined attempt 15.11.2011 14:36:07.45 [2114:0011-176C] SSLAdvanceHandshake Enter Processed : 0 State: 4 15.11.2011 14:36:07.45 [2114:0011-176C] SSLAdvanceHandshake Enter Processed : SSL_hello_request 15.11.2011 14:36:07.45 [2114:0011-176C] SSLAdvanceHandshake calling SSLPrepareAndQueueMessage SSLEncodeClientHello 15.11.2011 14:36:07.45 [2114:0011-176C] SSLAdvanceHandshake Exit State : 5 15.11.2011 14:36:07.45 [2114:0011-176C] S_Write Enter len = 102 Xmt buffer: ...001'..' 15.11.2011 14:36:07.45 [2114:0011-176C] S_Write Switching Endpoint to sync 15.11.2011 14:36:07.45 [2114:0011-176C] S_Write Posting a nti_snd for 102 bytes 15.11.2011 14:36:07.45 [2114:0011-176C] SSL_EncryptData SSL not init exit 15.11.2011 14:36:07.45 [2114:0011-176C] S_Write Switching Endpoint to async 15.11.2011 14:36:07.45 [2114:0011-176C] SSL_EncryptDataCleanup SSL not init exit 15.11.2011 14:36:07.45 [2114:0011-176C] S_Write nti_done return 102 bytes rc = 0 15.11.2011 14:36:07.45 [2114:0011-176C] S_Write Exit, wrote 102 bytes 15.11.2011 14:36:07.45 [2114:0011-176C] S_Read Enter len = 5 15.11.2011 14:36:07.45 [2114:0011-176C] S_Read Switching Endpoint to sync 15.11.2011 14:36:07.45 [2114:0011-176C] S_Read Posting a nti_rcv for 5 bytes 15.11.2011 14:36:07.45 [2114:0011-176C] SSL_RcvSetup SSL not init exit 15.11.2011 14:36:07.47 [2114:0011-176C] S_Read Switching Endpoint to async 15.11.2011 14:36:07.47 [2114:0011-176C] S_Read nti_done return 5 bytes rc = 0 Rcv buffer: : 00'.' 15.11.2011 14:36:07.47 [2114:0011-176C] S_Read Exit, read 5 bytes 15.11.2011 14:36:07.47 [2114:0011-176C] S_Read Enter len = 74 15.11.2011 14:36:07.47 [2114:0011-176C] S_Read Switching Endpoint to sync 15.11.2011 14:36:07.47 [2114:0011-176C] S_Read Posting a nti_rcv for 74 bytes 15.11.2011 14:36:07.47 [2114:0011-176C] SSL_RcvSetup SSL not init exit 15.11.2011 14:36:07.47 [2114:0011-176C] S_Read Switching Endpoint to async 15.11.2011 14:36:07.47 [2114:0011-176C] S_Read nti_done return 74 bytes rc = 0 Rcv buffer: -- 64 (0x0040) bytes of 0 -- 15.11.2011 14:36:07.47 [2114:0011-176C] S_Read Exit, read 74 bytes 15.11.2011 14:36:07.47 [2114:0011-176C] SSLProcessProtocolMessage Record Content: 22 15.11.2011 14:36:07.47 [2114:0011-176C] SSLProcessHandshakeMessage Enter Message: 2 State: 5 Key Exchange: 0 Cipher: 0x (Unknown Cipher) 15.11.2011 14:36:07.47 [2114:0011-176C] SSLProcessHandshakeMessage Enter Message: SSL_server_hello 15.11.2011 14:36:07.47 [2114:0011-176C] SSLProcessHandshakeMessage Exit Message: 2 State: 5 Key Exchange: 1 Cipher: 0x0004 (RSA_WITH_RC4_128_MD5) 15.11.2011 14:36:07.47 [2114:0011-176C] SSLAdvanceHandshake Enter Processed : 2 State: 5 15.11.2011 14:36:07.47 [2114:0011-176C] SSLAdvanceHandshake Enter Processed : SSL_server_hello 15.11.2011 14:36:07.47 [2114:0011-176C] SSLAdvanceHandshake Exit State : 8 15.11.2011 14:36:07.47 [2114:0011-176C] SSL_Handshake After handshake state= 8 Status= -5000 15.11.2011 14:36:07.47 [2114:0011-176C] SSL_Handshake Exit Status = -5000 15.11.2011 14:36:07.47 [2114:0011-176C] int_MapSSLError Mapping SSL error -5000 to 4176 15.11.2011 14:36:07.47 [2114:0011-176C] SSL_Handshake Enter 15.11.2011 14:36:07.47
Re: ssl3_get_client_certificate: no certificate returned
Dr. Stephen Henson wrote: On Tue, Nov 15, 2011, Tobias Nissen wrote: Dr. Stephen Henson wrote: On Tue, Nov 15, 2011, Tobias Nissen wrote: I'm indirectly using OpenSSL through Net::SSLeay¹, which I use through AnyEvent::TLS². AnyEvent::TLS provides the means to define a custom verification mechanism by setting verify_cb³. Here's an example (keys included): http://paste.scsys.co.uk/159837 If the custom verification callback decides a peer is bad, it shall return 0 and return 1 otherwise. If 0 is returned, this warning is produced: ssl3_get_client_certificate: no certificate returned [...] The warning isn't printed by OpenSSL it is an error code. So perhaps the wrapper is printing the error? I didn't find it in either of the wrapper modules, but I did in OpenSSL: tobi@hal:~/src/openssl-1.0.0e$ rgrep no certificate returned * doc/ssleay.txt:Error because no certificate returned. ssl/ssl_err.c:{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),no certificate returned}, Yes but that's a textual version of the error. OpenSSL does not print it out: an application call is needed to do that. Ah OK. However, I checked with AnyEvent::TLS and Net::SSLeay, neither of those seems to emit this error message. SSLeay, which is what AnyEvent::TLS uses, imports a lot of OpenSSL macros, but not SSL_R_NO_CERTIFICATE_RETURNED. My guess is, that the error is put there by ssl/s3_srvr.c (line 2990, version 1.0.0e) and printed out by SSLeay. Can you confirm this? If that's the case, I'd like to know, how this warning is produced. AFAICS my custom verification callback breaks the verification chain, because of ssl_verify_cert_chain(s,sk) = 0 I still don't quite understand the meaning of the warning message. Can/ should I just live with it or does it indicate a bug (in either OpenSSL, Net::SSLeay or AnyEvent::TLS)? signature.asc Description: PGP signature
Re: ssl3_get_client_certificate: no certificate returned
Dr. Stephen Henson wrote: On Tue, Nov 15, 2011, Tobias Nissen wrote: Dr. Stephen Henson wrote: On Tue, Nov 15, 2011, Tobias Nissen wrote: I'm indirectly using OpenSSL through Net::SSLeay¹, which I use through AnyEvent::TLS². AnyEvent::TLS provides the means to define a custom verification mechanism by setting verify_cb³. Here's an example (keys included): http://paste.scsys.co.uk/159837 If the custom verification callback decides a peer is bad, it shall return 0 and return 1 otherwise. If 0 is returned, this warning is produced: ssl3_get_client_certificate: no certificate returned [...] The warning isn't printed by OpenSSL it is an error code. So perhaps the wrapper is printing the error? I didn't find it in either of the wrapper modules, but I did in OpenSSL: tobi@hal:~/src/openssl-1.0.0e$ rgrep no certificate returned * doc/ssleay.txt:Error because no certificate returned. ssl/ssl_err.c:{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),no certificate returned}, Yes but that's a textual version of the error. OpenSSL does not print it out: an application call is needed to do that. Ah OK. However, I checked with AnyEvent::TLS and Net::SSLeay, neither of those seems to emit this error message. SSLeay, which is what AnyEvent::TLS uses, imports a lot of OpenSSL macros, but not SSL_R_NO_CERTIFICATE_RETURNED. My guess is, that the error is put there by ssl/s3_srvr.c (line 2990, version 1.0.0e) and printed out by SSLeay. Can you confirm this? If that's the case, I'd like to know, how this warning is produced. AFAICS my custom verification callback breaks the verification chain, because of ssl_verify_cert_chain(s,sk) = 0 I still don't quite understand the meaning of the warning message. Can I just live with it or does it indicate a bug (in either OpenSSL, Net::SSLeay or AnyEvent::TLS)? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
compiling openssl for iphone in fips mode
Hi, I'm trying to compile a fips version of openssl for the iphone. This has been difficult. I have tried so many different things I don't know where to start. Has anyone done this? I setup a built environment where cc, and ar are scripts that call the appropriate compiler with the appropriate flags. I've used the incore script from the openssl site, but had to make modifications. It still doesn't work because DOT_rodata and DOT_rodata_OFF do not get set. If I do manage to get it compiled using ./config fipscanisterbuild no-asm make make install Will this be a fips certified binary for the iPhone? Does anyone know how secure mail managed to do this? http://www.secure-mail.me/ I've managed to get it compiled, but I'm having a hard time calculating the signatures. I suspect my incore script is wrong. Not sure how to compile an Xcode project using fipsLD. FIPS_mode_set always returns 0. Michal Palczewski
Uninitialized variable detected in commit 1.76
Hi, We are using Sentry (a C/C++ static analysis tool) to analyze openssl on a nightly basis. Sentry found that an uninitialiezd variable was recently introduced in the commit 1.76 and 1.57.2.3.2.13. You can see the commit here, http://cvs.openssl.org/filediff?f=openssl/ssl/t1_enc.cv1=1.75v2=1.76 The import lines are, unsigned char *val; - uninitialized variable val ... buff = OPENSSL_malloc(olen); if (buff == NULL) goto err2;- malloc returned NULL ... err2: ... ret: if (buff != NULL) OPENSSL_free(buff); if (val != NULL) OPENSSL_free(val); - uninitialied variable val used ... Since the variable is uninitialized, it could be non NULL, which if passed to OPENSSL_free could potentially cause a crash. A solution to this problem would be to assign val to 0. Thanks, Chris -- Chris Wilson http://vigilantsw.com/ Vigilant Software, LLC __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SSL_get_verify_result() behavior
After some more investigation, the problem seems to happen only with OpenSSL (v0.9.8r) preinstalled with Mac OS X 10.6.8. If the test program is linked against *locally* built 0.9.8r, CERT_UNTRUSTED is correctly reported by SSL_get_verify_result(). Log: OpenSSL 0.9.8r 8 Feb 2011 compiler: cc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fmessage-length=0 -pipe -Wno-trigraphs -fpascal-strings -fasm-blocks -O3 -DOPENSSL_NO_IDEA -DOPENSSL_PIC -DZLIB -mmacosx-version-min=10.6 -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall built on: Wed Nov 16 13:53:59 PST 2011 platform: darwin64-x86_64-cc OPENSSLDIR: /usr/local/ssl TCP connection successful verifyCallback() - in: preverify_ok=0 Verify error: unable to get local issuer certificate(20) - depth=1 - sub =/C=US/O=Google Inc/CN=Google Internet Authority verifyCallback() - out SSL handshake failed: SSL_ERROR_SSLFAIL Looking at the compile options, the only difference is the compiler openssl is built with: Default build: darwin64-x86_64-cc (did not detect CERT_UNTRUSTED) Local build: darwin64-x86_64-llvm (detected CERT_UNTRUSTED correctly) Unfortunately, I cannot build libssl/libcrypto with darwin64-x86_64-llvm and I cannot check if that makes any difference. Does anyone has any thoughts? - Yutaka __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SSL_get_verify_result() behavior
Sorry... there was a typo: Incorrect: Default build: darwin64-x86_64-cc (did not detect CERT_UNTRUSTED) Local build: darwin64-x86_64-llvm (detected CERT_UNTRUSTED correctly) Correct: Default build: darwin64-x86_64-llvm (did not detect CERT_UNTRUSTED)Local build: darwin64-x86_64-cc (detected CERT_UNTRUSTED correctly) Thanks. On Wed, Nov 16, 2011 at 2:53 PM, Yutaka Takeda yt0...@gmail.com wrote: After some more investigation, the problem seems to happen only with OpenSSL (v0.9.8r) preinstalled with Mac OS X 10.6.8. If the test program is linked against *locally* built 0.9.8r, CERT_UNTRUSTED is correctly reported by SSL_get_verify_result(). Log: OpenSSL 0.9.8r 8 Feb 2011 compiler: cc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fmessage-length=0 -pipe -Wno-trigraphs -fpascal-strings -fasm-blocks -O3 -DOPENSSL_NO_IDEA -DOPENSSL_PIC -DZLIB -mmacosx-version-min=10.6 -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall built on: Wed Nov 16 13:53:59 PST 2011 platform: darwin64-x86_64-cc OPENSSLDIR: /usr/local/ssl TCP connection successful verifyCallback() - in: preverify_ok=0 Verify error: unable to get local issuer certificate(20) - depth=1 - sub =/C=US/O=Google Inc/CN=Google Internet Authority verifyCallback() - out SSL handshake failed: SSL_ERROR_SSLFAIL Looking at the compile options, the only difference is the compiler openssl is built with: Default build: darwin64-x86_64-cc (did not detect CERT_UNTRUSTED) Local build: darwin64-x86_64-llvm (detected CERT_UNTRUSTED correctly) Unfortunately, I cannot build libssl/libcrypto with darwin64-x86_64-llvm and I cannot check if that makes any difference. Does anyone has any thoughts? - Yutaka __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org