Question on ECC (openssl vs wcurve)
Hi All, Have a basic ECC question, I have a predefined scalar K, and I used the x9.62 256 prime curve. Invoking the scalar multiplication method EC_POINT_mul with the generator of that curve, I get a different output, when compared with wcurve of python. The curve is fixed, K is fixed but the generator multiply to get the public key is different. Any clues would be helpful. Thanks --Gayathri
Re: openssl on a home LAN
Charles, I think he wanted to use SSL for data transfer between 2 computers. What you have used is the PKI infrastructure. Infact even for SSL there are sample client and server codes in the examples folder, but that does not hook into your application. Thanks --Gayathri On Wed, Sep 12, 2012 at 1:29 PM, Steven Madwin smad...@adobe.com wrote: Hi John, ** ** As an aside to what Gayathri said, I’m not a developer, but I have used OpenSSL to create a complete PKI universe for testing. Using the pre-compiled, downloadable installer I’ve been able to create Root certificates, Intermediate CA certificates, and end-entity certificates of all shapes and sizes (e.g. DSA, RSA, EC with varying key sizes). I’ve also used it to manage revocation checking by creating CRLs and running it as an (admittedly, a very light weight) OCSP server. I even used it once to create an SSL certificate for an internal server :) ** ** My point is, although the primary use seems to be incorporating the OpenSSL libraries into your compiled code so you can take advantage of its cryptographic capabilities, even someone who is not a computer scientist can use OpenSSL from the command line to do a lot of work. What it really boils down to is what is it that you are looking to do? ** ** Steve ** ** *From:* owner-openssl-us...@openssl.org [mailto: owner-openssl-us...@openssl.org] *On Behalf Of *John A. Wallace *Sent:* Wednesday, September 12, 2012 9:58 AM *To:* openssl-users@openssl.org *Subject:* RE: openssl on a home LAN ** ** Hi, Gayathri, ** ** I appreciate the clarification. It was helpful, yes. I think my confusion stemmed from the fact that in the past while installing one or another program, I found it to say that “OpenSSL must be installed on your system for this program to work properly.” Okay, I think I got it now, the light has made it into my obstinate, thick skull. Clarity is a beautiful thing, thank you. ** ** John ** ** ** ** *From:* owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Gayathri Sundar *Sent:* Wednesday, September 12, 2012 10:07 AM *To:* openssl-users@openssl.org *Subject:* Re: openssl on a home LAN ** ** Hi John, ** ** I definitely do not agree with charles's email, but what I think he meant is, you need to write programs to use OpenSSL. Its an installable library, which you need to invoke from your application using its exposed APIs and recompile your code, link OpenSSL library and execute for it to work. Its not a SSL solution if that is what your looking for. ** ** Just installing OpenSSL is not going to give u SSL. ** ** Thanks --Gayathri On Tue, Sep 11, 2012 at 8:36 PM, John A. Wallace jw72...@verizon.net wrote: Charlie, Frankly, you condescending manner is starting to annoy me, considerably. Furthermore, your name is not on this page as one of the moderators of this group: http://www.openssl.org/about/. Moreover, I don’t believe I need your permission to “hang out here”. You need to read the link I provided you all the way to the end, it says that this group is for 1. Developers 2. OpenSSL usage 3. Installation problems Now inasmuch as my question pertained to “OpenSSL Usage”, i.e., number 2 above, well I think that makes my asking it a legitimate question for this group. If you don’t like it, you can just learn to use your reading program and ignore me. Thank you very much. J John *From:* owner-openssl-us...@openssl.org [mailto: owner-openssl-us...@openssl.org] *On Behalf Of *Charles Mills *Sent:* Tuesday, September 11, 2012 3:22 PM *To:* openssl-users@openssl.org *Subject:* RE: openssl on a home LAN Right. Are you an application developer? In other words, do you write computer programs? Does the following mean anything to you? int main(int argc, char *argv[]) { printf(“hello world\n”); return 0; } Or alternatively, are you a Web site operator? Do you host a Web site that others access? If the answer to both of these questions is No, then you are welcome to hang out here but the answer to your original question, “whether there is any point in using openssl” is No. *Charles* *From:* owner-openssl-us...@openssl.org [ mailto:owner-openssl-us...@openssl.org owner-openssl-us...@openssl.org] *On Behalf Of *John A. Wallace *Sent:* Tuesday, September 11, 2012 12:07 PM *To:* openssl-users@openssl.org *Subject:* RE: openssl on a home LAN Hi. I am not trying to be mean or something, but you may want to take a look at this page: http://www.openssl.org/support/community.html Focusing on the part that describes this list, one can read
Re: openssl on a home LAN
Hi John, I definitely do not agree with charles's email, but what I think he meant is, you need to write programs to use OpenSSL. Its an installable library, which you need to invoke from your application using its exposed APIs and recompile your code, link OpenSSL library and execute for it to work. Its not a SSL solution if that is what your looking for. Just installing OpenSSL is not going to give u SSL. Thanks --Gayathri On Tue, Sep 11, 2012 at 8:36 PM, John A. Wallace jw72...@verizon.netwrote: Charlie, ** ** Frankly, you condescending manner is starting to annoy me, considerably. Furthermore, your name is not on this page as one of the moderators of this group: http://www.openssl.org/about/. ** ** Moreover, I don’t believe I need your permission to “hang out here”. You need to read the link I provided you all the way to the end, it says that this group is for ** ** **1. **Developers **2. **OpenSSL usage **3. **Installation problems ** ** Now inasmuch as my question pertained to “OpenSSL Usage”, i.e., number 2 above, well I think that makes my asking it a legitimate question for this group. If you don’t like it, you can just learn to use your reading program and ignore me. Thank you very much. J ** ** John ** ** ** ** *From:* owner-openssl-us...@openssl.org [mailto: owner-openssl-us...@openssl.org] *On Behalf Of *Charles Mills *Sent:* Tuesday, September 11, 2012 3:22 PM *To:* openssl-users@openssl.org *Subject:* RE: openssl on a home LAN ** ** Right. Are you an application developer? In other words, do you write computer programs? Does the following mean anything to you? ** ** int main(int argc, char *argv[]) { printf(“hello world\n”); return 0; } ** ** Or alternatively, are you a Web site operator? Do you host a Web site that others access? ** ** If the answer to both of these questions is No, then you are welcome to hang out here but the answer to your original question, “whether there is any point in using openssl” is No. ** ** *Charles* *From:* owner-openssl-us...@openssl.org [ mailto:owner-openssl-us...@openssl.org owner-openssl-us...@openssl.org] *On Behalf Of *John A. Wallace *Sent:* Tuesday, September 11, 2012 12:07 PM *To:* openssl-users@openssl.org *Subject:* RE: openssl on a home LAN ** ** Hi. I am not trying to be mean or something, but you may want to take a look at this page: ** ** http://www.openssl.org/support/community.html ** ** Focusing on the part that describes this list, one can read this about its purpose: ** ** Application Development, OpenSSL Usage, Installation Problems, etc. ** ** That looks clear to me in that this list would provide support for the type of question I just asked, or did I misunderstand you? J ** ** Thanks. ** ** ** ** *From:* owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Charles Mills *Sent:* Tuesday, September 11, 2012 12:52 PM *To:* openssl-users@openssl.org *Subject:* RE: openssl on a home LAN ** ** Do you write computer programs, or are you a home user of personal computers? ** ** If you don’t write computer programs, then using OpenSSL at the level addressed by this mailing list is not what you are looking for. ** ** Some of the products you might buy might use OpenSSL “under the covers,” but you would get support generally directly from the companies that produce those products, not this mailing list. ** ** Not trying to be mean or off-putting. If I have missed the mark please let me know. ** ** *Charles* *From:* owner-openssl-us...@openssl.org [ mailto:owner-openssl-us...@openssl.org owner-openssl-us...@openssl.org] *On Behalf Of *John A. Wallace *Sent:* Tuesday, September 11, 2012 9:36 AM *To:* openssl-users@openssl.org *Subject:* openssl on a home LAN ** ** I am trying to figure out whether there is any point in using openssl on a home LAN between two computers. Would that improve on security in any way? Would I be limited in the types of OS connections? I mean, could I connect Windows with Linux? Also, if I want to make such a connection between two OS running in virtual machines, could that be done too? Thanks.
Re: openssl on a home LAN
unless somebody is gonna tap your LAN connection, I don't see a point in using SSL. Generally its useful only when you want to send secure application data over the internet. Intranets are safe esp ur 2 home computers :). thanks --Gayathri On Tue, Sep 11, 2012 at 11:36 AM, John A. Wallace jw72...@verizon.netwrote: ** I am trying to figure out whether there is any point in using openssl on a home LAN between two computers. Would that improve on security in any way? Would I be limited in the types of OS connections? I mean, could Iconnect Windows with Linux? Also, if I want to make such a connection between two OS running in virtual machines, could that be done too? Thanks.
Re: Deadlock - SSL_Connect()
did you try making use of non blocking fd? it cannot deadlock in if you use that. Thanks --Gayathri On Mon, Jan 16, 2012 at 10:17 AM, Nathan Smyth naf...@ymail.com wrote: Just seeking advice/things to consider for deadlock (or 'wait') on a SSL_Connect(). Unfortunately it stalls here, so there's no return code. The project establishes a number of SSL conns between various application instances. It's in C++, where standard socket libs are used to establish the connection, SSL added via SSL_Set_Fd and then SSL_connect()/accept(). Normal sockets (i.e. without SSL) are used for local inter-proc comms - maybe this is relevant? I've been stuck for a while - and advice as to common areas/mistakes/considerations are most appreciated. Thanks! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Deadlock - SSL_Connect()
you should be setting the non blocking thing before the ssl connect is called, which is part of the SSL handshake. SSL_connect will internally do socket read/write, so if its blocking then it will not come out until the underlying operation is completed. setting it after the SSL connect is done, will help only on application data read/write. Thanks --Gayathri On Mon, Jan 16, 2012 at 10:47 AM, Nathan Smyth naf...@ymail.com wrote: Yes, strangely this doesn't help. Actually, what I do is set the socket to non-blocking AFTER the SSL handshake, which I thought should work... Could there be some issue with numerous SSL connections between the same parties? Or maybe it's some threading issue - perhaps SSL has some special considerations? -- *From:* Gayathri Sundar suraj...@gmail.com *To:* openssl-users@openssl.org *Sent:* Monday, 16 January 2012, 16:21 *Subject:* Re: Deadlock - SSL_Connect() did you try making use of non blocking fd? it cannot deadlock in if you use that. Thanks --Gayathri On Mon, Jan 16, 2012 at 10:17 AM, Nathan Smyth naf...@ymail.com wrote: Just seeking advice/things to consider for deadlock (or 'wait') on a SSL_Connect(). Unfortunately it stalls here, so there's no return code. The project establishes a number of SSL conns between various application instances. It's in C++, where standard socket libs are used to establish the connection, SSL added via SSL_Set_Fd and then SSL_connect()/accept(). Normal sockets (i.e. without SSL) are used for local inter-proc comms - maybe this is relevant? I've been stuck for a while - and advice as to common areas/mistakes/considerations are most appreciated. Thanks! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: hi
My windows knowlegde is at zero. sorry cant help there .. On Wed, Aug 24, 2011 at 2:35 AM, Shashidhar RP shashidhar...@hcl.comwrote: hi Gayatri, Can you please tell me where can i find the ssl.conf file for windows. will it be the same ssl.conf file or a different .conf file.? for my linux client i found in /etc/httpd/conf.d I have searched over the net i couldnt find this. For windows will it be openssl.conf or some thing else? Please give the appropriate configuration file and the location it will/might be. -shashidhar -- *From:* owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Gayathri Sundar [suraj...@gmail.com] *Sent:* Thursday, August 18, 2011 8:14 PM *To:* openssl-users@openssl.org *Subject:* Re: hi Hi, First of all your question is really strange. Please check your client and server settings as to which highest ssl version is enabled. Generally SSLv2 should be disabled and never negotiated. The code your referring to is a piece of code that would be called when sslv3 is negotiated during the handshake. Disable sslv2 on ur client, enable tls on both sides, and you will see that the highest common version is selected automatically by the server. Check your client hello message on the wire and see what versions are actually sent out. Thanks --Gayathri On Thu, Aug 18, 2011 at 5:46 AM, Shashidhar RP shashidhar...@hcl.comwrote: forgot to mention that /* s-version = SSL3_VERSION */ the above line is commented in the code of ssl3_connect (); is there any issue with this as the client version is updating and ssl version not updating ?? -- *From:* owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Shashidhar RP [shashidhar...@hcl.com] *Sent:* Thursday, August 18, 2011 3:24 PM *To:* openssl-users@openssl.org *Subject:* hi Hi , I have a problem while establishing a session using ssl.. I have a client and when the session is establised i found that the client version is V3 but the ssl version is v2, due to which i am facing other problem. I saw the ssl code - s3_cln.c is which i saw a part of this code /* s-version = SSL3_VERSION */ This is there in ssl3_connect code. Is there any chance of a V2 client becoming V3 and while connect its version is not updated? And where does this version wil be set? and when it can change? Plz give some I/p on this so that ican move further. Regards shashidhar -- ::DISCLAIMER:: --- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any mail and attachments please check them for viruses and defect. --- __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: creating Master-Key for encryption/decryption
I think the problem this person seem to have is not finding a way to extract the master secret on the client side, which is why I suggested he can send it as a payload from the server as part of the app data, since its the exactly the same. Also, krishna, pls understand that the master secret is not used for eny/dec, its used to derive the actualy auth and enc keys using specific methods as mentioned in the RFC. These keys are unique per connection basis, mixed by some randoms. The master secret is unique for a session. A session can contain many connections each represented by a SSL OBJ, and the enc/dec keys are different for every connection, which can be obtained from the SSL OBJ. Please understand TLS as such from the RFC. Thanks --Gayathri On Wed, Aug 24, 2011 at 9:43 AM, Erik Tkal et...@juniper.net wrote: I’m not sure you are understanding this. Both sides derive the same master key, so there is no need to send it. After the handshake the SSL code will use that key to generate specific encryption keys and perform encryption of further traffic through the tunnel. If you are only using the handshake to generate the master key to be used elsewhere (e.g. for proprietary encryption), then you can get it from the SSL_SESSION object (not sure if there’s a get method). *Erik Tkal** *Juniper OAC/UAC/Pulse Development ** ** *From:* owner-openssl-us...@openssl.org [mailto: owner-openssl-us...@openssl.org] *On Behalf Of *krishnamurthy santhanam *Sent:* Wednesday, August 24, 2011 12:51 AM *To:* openssl-users@openssl.org *Subject:* Re: creating Master-Key for encryption/decryption ** ** Thanks. As per my understanding,Before sending master key to client , server has to maintain the master key. How i can get this in server side? is there any code sample or snippet to get this key? Krishna On Tue, Aug 23, 2011 at 11:54 PM, Gayathri Sundar suraj...@gmail.com wrote: Master key is unique per session, and its same for both client and server, thats the concept behind the SSL handshake. The RFC would state the information accurately. Perhaps you can send the master secret as part of ur application data, to the client, which can decrypt and use. Thanks --Gayathri On Tue, Aug 23, 2011 at 12:41 PM, krishnamurthy santhanam krishnamurth...@gmail.com wrote: Thanks. I gone through the RFC 2246 and understood the Master key generation part. The Master key is generated and able to print the client side(test C program) using ssl strucure. ** ** printf(session A\n); SSL_SESSION *session = SSL_get_session(ssl); SSL_SESSION_print(out, session); for (i=0; i(unsigned int)session-master_key_length; i++) { BIO_printf(bp,%02X,session-master_key[i]) ); } How i can get the same Master key in server side? in my scenario, server side program is running in C. JDBC clients will establish the connection to the server. will the same Mester key generated in the cross platforms(JDBC client side)? Any help will be great. Thanks for your time, Krishnamurthy ** ** On Mon, Aug 22, 2011 at 9:03 PM, Gayathri Sundar suraj...@gmail.com wrote: Please read the RFC, it would clearly explain how the master secret is dervied, and from that how the read and write keys are derived. With that you can get to know how to extract the read n write keys. Meanwhile the read and wirte keys are available as part of the ssl object. Check that structure out. Thanks --Gayathri On Mon, Aug 22, 2011 at 10:24 AM, krishnamurthy santhanam krishnamurth...@gmail.com wrote: I have more than 100 clients that will connect to my server and communicate the data. I am implementing SSL on server side to authenticate the client certificate(X.509) and also client will authenticate the servers certificate. Once the mutual authentication has completed I have to generate master key for encryption and decryption. I am going to use AES for encryption and decryption. I had generated the client and server certificates using the bellow commands and signed by the root, 1. CLIENT CERTIFICATE: openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out clientreq.pem openssl x509 -req -in clientreq.pem -sha1 -extfile openssl.cnf -extensions usr_cert -CA rootcert.pem -CAkey rootkey.pem -CAcreateserial -out clientcert.pem cat clientkey.pem clientcert.pem rootcert.pem client.pem openssl x509 -subject -issuer -noout -in client.pem 2. SERVER CERTIFICATE: openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out serverreq.pem openssl x509 -req -in serverreq.pem -sha1 -extfile openssl.cnf -extensions usr_ cert -CA rootcert.pem -CAkey rootkey.pem -CAcreateserial -out servercert.pem cat serverkey.pem servercert.pem
Re: creating Master-Key for encryption/decryption
Master key is unique per session, and its same for both client and server, thats the concept behind the SSL handshake. The RFC would state the information accurately. Perhaps you can send the master secret as part of ur application data, to the client, which can decrypt and use. Thanks --Gayathri On Tue, Aug 23, 2011 at 12:41 PM, krishnamurthy santhanam krishnamurth...@gmail.com wrote: Thanks. I gone through the RFC 2246 and understood the Master key generation part. The Master key is generated and able to print the client side(test C program) using ssl strucure. printf(session A\n); SSL_SESSION *session = SSL_get_session(ssl); SSL_SESSION_print(out, session); for (i=0; i(unsigned int)session-master_key_length; i++) { BIO_printf(bp,%02X,session-master_key[i]) ); } How i can get the same Master key in server side? in my scenario, server side program is running in C. JDBC clients will establish the connection to the server. will the same Mester key generated in the cross platforms(JDBC client side)? Any help will be great. Thanks for your time, Krishnamurthy On Mon, Aug 22, 2011 at 9:03 PM, Gayathri Sundar suraj...@gmail.comwrote: Please read the RFC, it would clearly explain how the master secret is dervied, and from that how the read and write keys are derived. With that you can get to know how to extract the read n write keys. Meanwhile the read and wirte keys are available as part of the ssl object. Check that structure out. Thanks --Gayathri On Mon, Aug 22, 2011 at 10:24 AM, krishnamurthy santhanam krishnamurth...@gmail.com wrote: I have more than 100 clients that will connect to my server and communicate the data. I am implementing SSL on server side to authenticate the client certificate(X.509) and also client will authenticate the servers certificate. Once the mutual authentication has completed I have to generate master key for encryption and decryption. I am going to use AES for encryption and decryption. I had generated the client and server certificates using the bellow commands and signed by the root, 1. CLIENT CERTIFICATE: openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out clientreq.pem openssl x509 -req -in clientreq.pem -sha1 -extfile openssl.cnf -extensions usr_cert -CA rootcert.pem -CAkey rootkey.pem -CAcreateserial -out clientcert.pem cat clientkey.pem clientcert.pem rootcert.pem client.pem openssl x509 -subject -issuer -noout -in client.pem 2. SERVER CERTIFICATE: openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out serverreq.pem openssl x509 -req -in serverreq.pem -sha1 -extfile openssl.cnf -extensions usr_ cert -CA rootcert.pem -CAkey rootkey.pem -CAcreateserial -out servercert.pem cat serverkey.pem servercert.pem rootcert.pem server.pem openssl x509 -subject -issuer -noout -in server.pem 3. ROOT CERTIFICATE: openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem openssl x509 -req -in rootreq.pem -sha1 -extfile root.cnf -extensions v3_ca -sig nkey rootkey.pem -out rootcert.pem cat rootcert.pem rootkey.pem root.pem openssl x509 -subject -issuer -noout -in root.pem Initially I am writing ssl/tls programming for server and client. In this I am able to communicate the data between client and server. I was struck on master key generation, I have added the below LOC to programs to get MASTER KEY, printf(session A\n); SSL_SESSION *session = SSL_get_session(ssl); SSL_SESSION_print(out, session); It is printing like this , session A SSL-Session: Protocol : TLSv1 Cipher: AES256-SHA Session-ID: 9FCE46513DD74882D3FF0E0E84CC4A6BE12192B65C426E0B27D0FA15F81D7D5E Session-ID-ctx: Master-Key: 56F90B0D90DEB3430207A74793C9B6565744E06ECA191D9DFA04C29B1EE2B782 6B602878597465F739AD69091DDF6499 Key-Arg : None Krb5 Principal: None Compression: 1 (zlib compression) Start Time: 1314015355 Timeout : 7200 (sec) Is this the Master key for both the server and client? Is this the key that should be used for the encryption in client side and decryption in server side? If this is the Master key how can I extract the key? Please guide me if I understood anything wrong.
Re: hi
Ethereal, pls listen on port 443 and check out the handshake messages. Btw the initial client hello (for the very 1st time) would be sent in sslv3 (assuming u have disabled v2, am not sure why ur bothered abt that version, pls disable on ur client and server). Once the initial client hello is sent, the highest supported protocol version would be selected automatically by the server, choosing of a lower version is not allowed. Thanks --Gayathri On Mon, Aug 22, 2011 at 5:58 AM, Shashidhar RP shashidhar...@hcl.comwrote: Hi, Thanks for your quich response. One more question. 1) Can you please tell us is there any want to check wat version client and server is using? 2) If the client rollback happens the client can rollback form version 3 to version 2 rt? In this case will it send V2 hello handshake or V3 hello handshake.? 3) Is there a possiblility that the client version is V3 but it can send V2 hello msg to the server? If yes then will the server treat it as V2 client and server will rollback to V2? 4) At any point of time to check the server and client version wat is the command? 5)and to check weather the client/server has rollbacked to different verion is there any way to figure out?? 6)Is there any chance of server getting rollback from V3 to V2? If yes plz tell us in which cases? Plz help with the answers for the above questions. Regards Shashidhar -- *From:* owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Gayathri Sundar [suraj...@gmail.com] *Sent:* Thursday, August 18, 2011 8:14 PM *To:* openssl-users@openssl.org *Subject:* Re: hi Hi, First of all your question is really strange. Please check your client and server settings as to which highest ssl version is enabled. Generally SSLv2 should be disabled and never negotiated. The code your referring to is a piece of code that would be called when sslv3 is negotiated during the handshake. Disable sslv2 on ur client, enable tls on both sides, and you will see that the highest common version is selected automatically by the server. Check your client hello message on the wire and see what versions are actually sent out. Thanks --Gayathri On Thu, Aug 18, 2011 at 5:46 AM, Shashidhar RP shashidhar...@hcl.comwrote: forgot to mention that /* s-version = SSL3_VERSION */ the above line is commented in the code of ssl3_connect (); is there any issue with this as the client version is updating and ssl version not updating ?? -- *From:* owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Shashidhar RP [shashidhar...@hcl.com] *Sent:* Thursday, August 18, 2011 3:24 PM *To:* openssl-users@openssl.org *Subject:* hi Hi , I have a problem while establishing a session using ssl.. I have a client and when the session is establised i found that the client version is V3 but the ssl version is v2, due to which i am facing other problem. I saw the ssl code - s3_cln.c is which i saw a part of this code /* s-version = SSL3_VERSION */ This is there in ssl3_connect code. Is there any chance of a V2 client becoming V3 and while connect its version is not updated? And where does this version wil be set? and when it can change? Plz give some I/p on this so that ican move further. Regards shashidhar -- ::DISCLAIMER:: --- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any mail and attachments please check them for viruses and defect. --- __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org
Re: creating Master-Key for encryption/decryption
Please read the RFC, it would clearly explain how the master secret is dervied, and from that how the read and write keys are derived. With that you can get to know how to extract the read n write keys. Meanwhile the read and wirte keys are available as part of the ssl object. Check that structure out. Thanks --Gayathri On Mon, Aug 22, 2011 at 10:24 AM, krishnamurthy santhanam krishnamurth...@gmail.com wrote: I have more than 100 clients that will connect to my server and communicate the data. I am implementing SSL on server side to authenticate the client certificate(X.509) and also client will authenticate the servers certificate. Once the mutual authentication has completed I have to generate master key for encryption and decryption. I am going to use AES for encryption and decryption. I had generated the client and server certificates using the bellow commands and signed by the root, 1. CLIENT CERTIFICATE: openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out clientreq.pem openssl x509 -req -in clientreq.pem -sha1 -extfile openssl.cnf -extensions usr_cert -CA rootcert.pem -CAkey rootkey.pem -CAcreateserial -out clientcert.pem cat clientkey.pem clientcert.pem rootcert.pem client.pem openssl x509 -subject -issuer -noout -in client.pem 2. SERVER CERTIFICATE: openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out serverreq.pem openssl x509 -req -in serverreq.pem -sha1 -extfile openssl.cnf -extensions usr_ cert -CA rootcert.pem -CAkey rootkey.pem -CAcreateserial -out servercert.pem cat serverkey.pem servercert.pem rootcert.pem server.pem openssl x509 -subject -issuer -noout -in server.pem 3. ROOT CERTIFICATE: openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem openssl x509 -req -in rootreq.pem -sha1 -extfile root.cnf -extensions v3_ca -sig nkey rootkey.pem -out rootcert.pem cat rootcert.pem rootkey.pem root.pem openssl x509 -subject -issuer -noout -in root.pem Initially I am writing ssl/tls programming for server and client. In this I am able to communicate the data between client and server. I was struck on master key generation, I have added the below LOC to programs to get MASTER KEY, printf(session A\n); SSL_SESSION *session = SSL_get_session(ssl); SSL_SESSION_print(out, session); It is printing like this , session A SSL-Session: Protocol : TLSv1 Cipher: AES256-SHA Session-ID: 9FCE46513DD74882D3FF0E0E84CC4A6BE12192B65C426E0B27D0FA15F81D7D5E Session-ID-ctx: Master-Key: 56F90B0D90DEB3430207A74793C9B6565744E06ECA191D9DFA04C29B1EE2B782 6B602878597465F739AD69091DDF6499 Key-Arg : None Krb5 Principal: None Compression: 1 (zlib compression) Start Time: 1314015355 Timeout : 7200 (sec) Is this the Master key for both the server and client? Is this the key that should be used for the encryption in client side and decryption in server side? If this is the Master key how can I extract the key? Please guide me if I understood anything wrong.
Re: hi
Hi, First of all your question is really strange. Please check your client and server settings as to which highest ssl version is enabled. Generally SSLv2 should be disabled and never negotiated. The code your referring to is a piece of code that would be called when sslv3 is negotiated during the handshake. Disable sslv2 on ur client, enable tls on both sides, and you will see that the highest common version is selected automatically by the server. Check your client hello message on the wire and see what versions are actually sent out. Thanks --Gayathri On Thu, Aug 18, 2011 at 5:46 AM, Shashidhar RP shashidhar...@hcl.comwrote: forgot to mention that /* s-version = SSL3_VERSION */ the above line is commented in the code of ssl3_connect (); is there any issue with this as the client version is updating and ssl version not updating ?? -- *From:* owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Shashidhar RP [shashidhar...@hcl.com] *Sent:* Thursday, August 18, 2011 3:24 PM *To:* openssl-users@openssl.org *Subject:* hi Hi , I have a problem while establishing a session using ssl.. I have a client and when the session is establised i found that the client version is V3 but the ssl version is v2, due to which i am facing other problem. I saw the ssl code - s3_cln.c is which i saw a part of this code /* s-version = SSL3_VERSION */ This is there in ssl3_connect code. Is there any chance of a V2 client becoming V3 and while connect its version is not updated? And where does this version wil be set? and when it can change? Plz give some I/p on this so that ican move further. Regards shashidhar -- ::DISCLAIMER:: --- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any mail and attachments please check them for viruses and defect. --- __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Which openssl.cnf?
strace is a unix command wherein u need to attach the process which is linking with ur openssl library. It would tell the path from which all the libraries are loaded (for that process) along with a ton of other info. You would need to search the output of strace manually to figure out ur library path. On Fri, Aug 12, 2011 at 1:46 PM, Eric Raunig erau...@gmail.com wrote: I don't know this syntax ie: # openssl strace openssl:Error: 'strace' is an invalid command. Standard commands asn1parse caciphers cms crl crl2pkcs7 dgst dh dhparam dsa dsaparam ec ecparam enc engineerrstr gendh gendsagenpkey genrsa nseq ocsp passwdpkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl prime rand req rsa rsautls_client s_server s_timesess_id smime speed spkac tsverifyversion x509 Message Digest commands (see the `dgst' command for more details) md4 md5 mdc2 rmd160 sha sha1 Cipher commands (see the `enc' command for more details) aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb base64bf bf-cbcbf-cfbbf-ecbbf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb camellia-256-cbc camellia-256-ecb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx idea idea-cbc idea-cfb idea-ecb idea-ofb rc2 rc2-40-cbcrc2-64-cbcrc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40seed seed-cbc seed-cfb seed-ecb seed-ofb On Fri, Aug 12, 2011 at 12:25 PM, Coda Highland chighl...@gmail.comwrote: strace will show all of the syscalls executed by the application, including opening files. /s/ Adam On Fri, Aug 12, 2011 at 10:46 AM, Eric Raunig erau...@gmail.com wrote: Background: I have the problem in which there are multiple versions of openssl.cnf on my Linux (Ubuntu 11.04) installation. I had some problems with the default openssl-0.9.8. So I installed OpenSSL (1.0.0d 8 Feb 2011). I also have Zend Server CE (+zend framework +mysql etc) installed which is intended for the local intranet. The problem is that when attempting to load a secure page: there is no handshake (Firefox: ssl_error_rx_record_too_long) With regards to openssl: Is there a command that will show which openssl.cnf that it is reading from? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Query Regarding usage of SSL_Connect()
Please dont expect much response to this question. Going thro the man pages of openssl will have all the necessary answers you are expecting. Do you homework before coding. Thanks --Gayathri On Thu, Jul 14, 2011 at 8:17 AM, Amit Kumar amit.kumar...@gmail.com wrote: Hi team, I am using SSL_Connect() in one of my projects and this SSL_connect is returning a value of -1. With SSL_get_error() i can see it is *SSL_ERROR_WANT_READ ?* * * * Now i am not understanding why this can come and if this is there then should i call SSL_Connect again. * I am really new to OpenSSL API's and learning it. Please consider me as a beginner while replying. Any help will be greatly appreciated. -- Amit Kumar Engineer
Re: State Machine with Managed C++
Did you implement fd timeouts and appropriate cleanups after some expiration? It's impossible for non blocking sockets to hang..so I am assuming ur having a lot of unused fds on ur poll table. On Friday, July 1, 2011, Harshvir Sidhu hvssi...@gmail.com wrote: Hi, I have implemented the state machine in my managed C++ application. Everything works fine for sometime, but after a while Asynchronous socket call beginreceive hangs, it never come out of that. I do not see any relation to this with SSL but this happens only when i am calling SSL routines in between. When i disable SSL function calls, then this issue dont happen. Have anyone else seen this issue? If Yes, Any suggestions on how to get past this issue? Thanks. // Harshvir __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SSL Communication using BIO
So finally u have agreed to my initial suggestion of state machines :) The basic steps in terms of am algorithm are as follows A. Create the ssl ctx and ssl. Obj B. Create a pair of memory bios and attach them to the ssl obj, one is for read and the other is for write. C. Create the tcp fds and complete the tcp handshake D. Once tcp connect is done, u have an fd on which u receive and send data E. Initialize ur state machine for ssl connect pending F. Take the buffer to be sent, copy it to the memory write bio, encrypt it using ssl connect, then do a tcp send G. While still connect pending, do tcp read, copy to read bio, call ssl connect to decrypt. Thanks --Gayathri On Wednesday, May 25, 2011, Harshvir Sidhu hvssi...@gmail.com wrote: Hi, I am trying to implement State Machine based on the demo application, that is a server code. Like i am writting the client side. So when i try to do handshake, by calling SSL_connect, which i have used memory bios, after that i check for data available, and then i read data and send to server, on server side i am getting error. 180:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:.\ssl\s23_srvr.c:584: shutting down SSL My question is which is a good place to do handshake in case we use state machine, i am doing just after initializing ctx and ssl, and then i send data 1 time and in performing rest of operations in my receive callback, but s_server give me error on first packet only. Thanks. // Harshvir 2011/5/25 Michael Ströder mich...@stroeder.com Eric S. Eberhard wrote: or ... keep it simple and at least consider using stunnel. I use stunnel myself in some situations. It's a great tool. But bear in mind that the application then has no access to authentication information of the SSL layer. Ciao, Michael. __ OpenSSL Project http://www.openssl.org http://www.openssl.org/ User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SSL Communication using BIO
Okay, u r writing the client, so you need to do connect, now ssl_connect is going to do the complete SSL handshake, which involves multiple read and writes, now since you are using memory bios, ssl connect is going to read from the r_membio and write into the w_membio. The data has to go out the tcp fd you have created and connected with the server. So its ur duty to take data out the w_membio and do a tcp_send(). That is what I meant by saying write. Application data transfer may be initiated by your server once the ssl connect is thro. There are apis which tell if ssl connect is completed and ssl connect itself will return ssl_success, until then u will be getting the want_read and want_write error codes, so your state machine would be in the connect pending state until ssl connect returns success. Please understand that SSL_Connect itself will be called multiple times in the asyn architecture. BTW if the protocol nego has failed, perhaps you need to see what the server supports, maybe it understands only tls and not sslv3 etc. thanks --Gayathri On Wed, May 25, 2011 at 10:12 AM, Harshvir Sidhu hvssi...@gmail.com wrote: Thanks Gayatri. This is what i am doing, but i dont have any buffer to send initially, my data transfer start from server side. What i was doing is, calling SSL_connect after initialization and then in the socket read and write code, i was doing encrypt and decrypt accordingly, but the very first moment i send data to s_server, it gives error, unknown protocol Thanks. // Harshvir On Wed, May 25, 2011 at 10:02 AM, Gayathri Sundar suraj...@gmail.comwrote: So finally u have agreed to my initial suggestion of state machines :) The basic steps in terms of am algorithm are as follows A. Create the ssl ctx and ssl. Obj B. Create a pair of memory bios and attach them to the ssl obj, one is for read and the other is for write. C. Create the tcp fds and complete the tcp handshake D. Once tcp connect is done, u have an fd on which u receive and send data E. Initialize ur state machine for ssl connect pending F. Take the buffer to be sent, copy it to the memory write bio, encrypt it using ssl connect, then do a tcp send G. While still connect pending, do tcp read, copy to read bio, call ssl connect to decrypt. Thanks --Gayathri On Wednesday, May 25, 2011, Harshvir Sidhu hvssi...@gmail.com wrote: Hi, I am trying to implement State Machine based on the demo application, that is a server code. Like i am writting the client side. So when i try to do handshake, by calling SSL_connect, which i have used memory bios, after that i check for data available, and then i read data and send to server, on server side i am getting error. 180:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:.\ssl\s23_srvr.c:584: shutting down SSL My question is which is a good place to do handshake in case we use state machine, i am doing just after initializing ctx and ssl, and then i send data 1 time and in performing rest of operations in my receive callback, but s_server give me error on first packet only. Thanks. // Harshvir 2011/5/25 Michael Ströder mich...@stroeder.com Eric S. Eberhard wrote: or ... keep it simple and at least consider using stunnel. I use stunnel myself in some situations. It's a great tool. But bear in mind that the application then has no access to authentication information of the SSL layer. Ciao, Michael. __ OpenSSL Project http://www.openssl.org http://www.openssl.org/ User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SSL Communication using BIO
actually I would seriously recommend you read the OpenSSL book written by Eric Rescorla, it discusses all the use cases of openssl, BIO, async/sync usages..so that you get an idea of how OpenSSL itself works. On Mon, May 23, 2011 at 6:02 PM, Neo Liu diablo...@gmail.com wrote: I think you can read this article and it will be help. http://www.lenholgate.com/blog/2002/11/using-openssl-with-asynchronous-sockets.html On Mon, May 23, 2011 at 4:59 PM, Harshvir Sidhu hvssi...@gmail.comwrote: David, So are you suggesting that i change the approach in my Code. My application is for Windows and in Managed C++. In that i am using Callback function for receive, when the callback function is called, and when i call SSL_read in that, it hangs at recv call in the OpenSSL code, my assumption is that data was already read from socket, when callback was called. Another thing i would like to mention is I am using Sockets Managed Class, not the native sockets.
Re: SSL Communication using BIO
as Neo Liu has pointed out, if you try to use memory bio pair for communcation, then its ur responsibility to read and write every byte out the fd using tcp_send and recv() calls, as openssl would only read and write into the bio. This approach is very very tedious and not sure if thats the only way to solve ur problem. thanks --Gayathri On Sun, May 22, 2011 at 9:01 PM, Neo Liu diablo...@gmail.com wrote: BIO pair is non-blocking BIO, so you need to call SSL_accept() or SSL_do_handshake() for server times. The example code looks like follows: BIO_write(ebio, ...) SSL_accept(ssl) BIO_read(ebio, ...) you can use BIO_pending() and BIO_wpending() to watch the buffer status of the BIO pairs. On Mon, May 23, 2011 at 9:18 AM, G S stokest...@gmail.com wrote: Ah, yes, I realized later that there wasn't any communication info in there. I only use it for encryption. Good luck!
Re: Application is failing with cipher or hash unavailable
You could hack ur client and server to use cipher null and see the alert in clear..most,y should be digest failure. On Monday, May 16, 2011, pradeepreddy pradeepreddy@gmail.com wrote: Hi, After lot of struggles, finally get rid of this error, but I cant tell the reason, how was it rectified. We installed our libs on a new machine. Now a different error is seen. After client and server conection is established, TLSv1 Encrypted Alert+21 is sent by the client. Google search did not help. All I could find out was, error alert is encrypted. Did not understand what condition was seen by client's openssl to throw this error and how to know the condition? Any inputs on this. Dave Thompson-5 wrote: From: owner-openssl-us...@openssl.org On Behalf Of pradeepreddy Sent: Thursday, 12 May, 2011 18:37 I have tried with all the ciphers. This same application works well on windows. I run my application again with s_server, but hit with the same error: SSL_ERROR_SSL error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable And on s_server [with -msg -debug], folwing messages are : client hello server hello SSL_accept:SSLv3 write certificate A TLS 1.0 Handshake [length 0004], ServerHelloDone 0e 00 00 00 SSL_accept:SSLv3 write server done A SSL_accept:SSLv3 flush data SSL_accept:failed in SSLv3 read client certificate A ERROR shutting down SSL CONNECTION CLOSED SSL_accept:failed in SSLv3 read client certificate A Both -msg and -debug should have given you (redundant) hex dumps of all messages; did you delete them? But only -state, which you didn't say you used, should give lines like 'SSL_accept:SSLv3 write server done A' . If there is no ServerKeyExchange (you didn't just delete it) then the selected suite probably uses RSA key agreement. But that doesn't help much; there are kRSA suites with all or nearly all data-ciphers and several hashes. You can decode the dump of client-hello to determine what list of suites (and compressions) the client is offering, and of server-hello to determine what the server selected. If you can install wireshark from www.wireshark.org on a personal Windows machine that sees the same network link, that can do the decode for you automatically. There may be equivalent tools for Unix, but I don't know. This mean, client and server are agreed on cipher. In what cases client verifies the TLS1_SETUP_KEY_BLOCK? which drove client to throw this error? It's not a matter of verifying. The client is trying to *do* setup for the selected suite, and also compression, and failing. Key setup is a slightly misleading name; it's actually setting several internal pointers as well as the actual keys, and this first step -- determining pointers effectively to code for the selected cipher, hash, and compression -- is what is failing. Most likely the client has offered a suite or compression it doesn't actually support, which it shouldn't, or some of OpenSSL's memory has been clobbered by a bug in your client. Look at the selected suite in server-hello, and compare to the build options for the build(s) you are using. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org -- View this message in context: http://old.nabble.com/Application-is-failing-with-cipher-or-hash-unavailable-tp31597508p31628139.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Application is failing with cipher or hash unavailable
Alert 21 seems to be decryption failure. Sent from my iPad On May 16, 2011, at 6:12 AM, pradeepreddy pradeepreddy@gmail.com wrote: Hi, After lot of struggles, finally get rid of this error, but I cant tell the reason, how was it rectified. We installed our libs on a new machine. Now a different error is seen. After client and server conection is established, TLSv1 Encrypted Alert+21 is sent by the client. Google search did not help. All I could find out was, error alert is encrypted. Did not understand what condition was seen by client's openssl to throw this error and how to know the condition? Any inputs on this. Dave Thompson-5 wrote: From: owner-openssl-us...@openssl.org On Behalf Of pradeepreddy Sent: Thursday, 12 May, 2011 18:37 I have tried with all the ciphers. This same application works well on windows. I run my application again with s_server, but hit with the same error: SSL_ERROR_SSL error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable And on s_server [with -msg -debug], folwing messages are : client hello server hello SSL_accept:SSLv3 write certificate A TLS 1.0 Handshake [length 0004], ServerHelloDone 0e 00 00 00 SSL_accept:SSLv3 write server done A SSL_accept:SSLv3 flush data SSL_accept:failed in SSLv3 read client certificate A ERROR shutting down SSL CONNECTION CLOSED SSL_accept:failed in SSLv3 read client certificate A Both -msg and -debug should have given you (redundant) hex dumps of all messages; did you delete them? But only -state, which you didn't say you used, should give lines like 'SSL_accept:SSLv3 write server done A' . If there is no ServerKeyExchange (you didn't just delete it) then the selected suite probably uses RSA key agreement. But that doesn't help much; there are kRSA suites with all or nearly all data-ciphers and several hashes. You can decode the dump of client-hello to determine what list of suites (and compressions) the client is offering, and of server-hello to determine what the server selected. If you can install wireshark from www.wireshark.org on a personal Windows machine that sees the same network link, that can do the decode for you automatically. There may be equivalent tools for Unix, but I don't know. This mean, client and server are agreed on cipher. In what cases client verifies the TLS1_SETUP_KEY_BLOCK? which drove client to throw this error? It's not a matter of verifying. The client is trying to *do* setup for the selected suite, and also compression, and failing. Key setup is a slightly misleading name; it's actually setting several internal pointers as well as the actual keys, and this first step -- determining pointers effectively to code for the selected cipher, hash, and compression -- is what is failing. Most likely the client has offered a suite or compression it doesn't actually support, which it shouldn't, or some of OpenSSL's memory has been clobbered by a bug in your client. Look at the selected suite in server-hello, and compare to the build options for the build(s) you are using. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- View this message in context: http://old.nabble.com/Application-is-failing-with-cipher-or-hash-unavailable-tp31597508p31628139.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Application is failing with cipher or hash unavailable
Am not sure what the poster of this msg is actually doing, but I faced a similar problem when I was trying to achieve SSL from kernel, I had to work on sk_buff chains and fragmented SSL Records, and during my development, I got a lot of error alerts of 21 as some boundary conditions were not met. I am sure here they are trying to process SSL from kernel and not using openssl from userland..there is no other reason as to why this alert has to come. thanks --Gayathri On Mon, May 16, 2011 at 8:12 PM, Dave Thompson dthomp...@prinpay.comwrote: From: owner-openssl-us...@openssl.org On Behalf Of Gayathri Sundar Sent: Monday, 16 May, 2011 10:18 You could hack ur client and server to use cipher null and see the alert in clear..most,y should be digest failure. If you mean MAC failure (actually MAC-or-decryption-failure, since they were combined to avoid possibly helping an attacker), that should *never* happen unless there is a bug at either peer or actual tampering in the communication channel. It could also be close-notify. That's the only alert that should normally occur after handshake. On Monday, May 16, 2011, pradeepreddy pradeepreddy@gmail.com wrote: After lot of struggles, finally get rid of this error, but I cant tell the reason, how was it rectified. We installed our libs on a new machine. Now a different error is seen. After client and server conection is established, TLSv1 Encrypted Alert+21 is sent by the client. As shown by wireshark, I assume. Immediately after Finished (which wireshark is only able to shows as 'encrypted handshake message' 'contenttype:22')? Or after more data? Or a time delay (maybe timeout)? Yes, alerts are encrypted once handshake is completed. Aside from using a null cipher as suggested above, so the encrypted alert (and any other data) is readable: - does either your client or server or both log or display anything about the error? - if not, can you substitute s_server for the real server? It does display/log any error alert. But this will only work if the client is spontaneously sending the alert without waiting for or needing any data the real server sends. snip rest __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Application is failing with cipher or hash unavailable
can you give some specific cipher like rc4-md5 using the --cipher command and see if it goes thro? maybe the 1st cipher suite sent by the client is not available with the server or something..you can use mozilla and edit the cipher suites in the advance tab or use openssl client connect command and supply some specific cipher which u know for sure is available on the server. On Wed, May 11, 2011 at 2:54 PM, pradeepreddy pradeepreddy@gmail.comwrote: Hi , My application is running with OpenSSL 0.9.8h 28 May 2008 in gentoo linux: uname -a Linux localhost 2.6.32.9 #1 SMP Thu Jul 8 14:30:23 Local time zone must be set--see zic m i686 Intel(R) Pentium(R) D CPU 2.80GHz GenuineIntel GNU/Linux But ssl hand shake is failing with below error: SSL_ERROR_SSL error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable But on same linux, openssl s_client -connect server:8443 -cert client.pem -CAfile ca-win.pem, is wokring CONNECTED(0003) --- Certificate chain 0 s:/C=/ST=/L=/O=/OU=DGM/DC=CN=A1 1 s:/DC=/DC=/DC=/DC=/CN=A1 i:/DC=/DC=/DC=/DC=/CN=A1 --- Server certificate -BEGIN CERTIFICATE- MAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4IBAQBd4LfcDl5d3ODPjBBDy7bL YX6uDP6yG+RdbwR9ul4WRhOUXqb0jkHbaGy/Qlz70TGqfSme81yvLsYmChKTFloU 3NDIRAqagGntPXyaR6WjbV652SYtENTL7RONZhxGyeqDF0ns5fLUAdE2eGYN9f3Y X/k/vFrFnKEmEBEWlciwQjr7vag21YGBtIEeopqnRqN64HCGUVKWqap0sQXAJD/4 -END CERTIFICATE- subject=/C=/ST=/L=/O=/OU=/CN=XY2 issuer=/DC=/DC=/DC=dev/DC=/CN=A1 --- Acceptable client certificate CA names /DC=/DC=/DC=/DC=/CN=A1 --- SSL handshake has read 3241 bytes and written 3148 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher: DHE-RSA-AES256-SHA Session-ID: Session-ID-ctx: Master-Key: C47BF1691AB846E449B5FA9E29EC4E25312D4C501 Key-Arg : None Start Time: 1305122070 Timeout : 300 (sec) Verify return code: 0 (ok) --- -- View this message in context: http://old.nabble.com/Application-is-failing-with-cipher-or-hash-unavailable-tp31597508p31597508.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Clients glomming onto a listener
Eric, you must be really kidding this time :), servers with this architecture are susceptible to dos and what not..am sure for embedded systems where memory is a big limiting factor the best would be async design, also code becomes easily portable in future. On Wed, May 11, 2011 at 10:39 AM, Eric S. Eberhard fl...@vicsmba.comwrote: I have found that fork() on modern machines as a negligible affect on performance and in fact I almost always use inetd instead of writing my own servers, mainly because it is dead reliable, easier to code, and again seems to have negligible affect on performance. One would have to do millions upon millions of connects to notice or care. Having said that, I use AIX mostly, and that performs better under load than Linux on Intel, and even Linux on the IBM p series platform. I would do it cheap and easy and worry about performance after-the-fact. Eric At 04:46 PM 5/10/2011, you wrote: On 10 May 2011, at 4:13 PM, David Schwartz wrote: On 5/10/2011 2:10 AM, John Hollingum wrote: Pretty much immediately after the accept the program forks a handler, but the rogue clients must be glomming onto the main process before the SSL negotiation is complete. Calling 'fork' with an accepted SSL connection has all kinds of known issues. The fundamental problem is that there are many operations that must occur both before and after the 'fork', for different reasons, and obviously can't do both. You could accept just the TCP connection in the main process and do all of the SSL handshake in the forked process (I think IO::Socket::SSL-start_SSL() is what you want for that) --- this would not be a high-performance approach (no SSL session cache, fork overhead) but if it's fast enough it's fast enough. It's possible to use openssl in a non-blocking, event-driven manner but I don't think Perl's SSL modules expose enough of the openssl API to do that. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Core occurred while executing SSL_library_init() and call back method locking_function()
Can u share the parsed core file? On Wednesday, May 11, 2011, Mani Suresh suresh84...@gmail.com wrote: While executing the below code its coring randomly in two cases, 1) While executing the method SSL_library_init() in the constructor. 2) Coring while executing the call back method locking_function(). We are not sure, now the call back method is calling after it is set to NULL Ex : CRYPTO_set_locking_callback(NULL) Here, after we set to NULL its calling the call back method. We want to make sure it should not be called after setting to NULL. It will be great if someone explain me in detail, how the call back mechanism works internally. Code: - pthread_mutex_t *SslBIO::_lnSslBioMutex=NULL; void SslBIO::locking_function(int mode, int type, const char * file, int line) { int rstat; if (mode CRYPTO_LOCK) { fprintf(stderr, \nDEBUG: Locking the Mutex _lnSslBioMutex[%d] Mode = %d File :%s Line No : %d\n,type,mode,file,line); rstat = pthread_mutex_lock((SslBIO::_lnSslBioMutex[type])); lnChkMutex(rstat, FL); } else { fprintf(stderr, \nDEBUG: UnLocking the Mutex _lnSslBioMutex[%d] Mode = %d File :%s Line No : %d\n,type,mode,file,line); rstat = pthread_mutex_unlock((SslBIO::_lnSslBioMutex[type])); lnChkMutex(rstat, FL); } } unsigned long SslBIO::id_function() { unsigned long ulThreadId = (unsigned long)pthread_self(); fprintf(stderr, \nDEBUG: Thread ID = %d\n,ulThreadId); return (ulThreadId); } int SslBIO::init(const char * initarg) { int i; _lnSslBioMutex = (pthread_mutex_t *) OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); if (!_lnSslBioMutex) return 0; fprintf(stderr, \nDEBUG: Number of Locks(CRYPTO_NUM_LOCKS) = %d \n,CRYPTO_num_locks()); for(i=0;iCRYPTO_num_locks();i++) { fprintf(stderr, \nDEBUG: Initialize the Mutex _lnSslBioMutex[%d]\n,i); int rstat = pthread_mutex_init((_lnSslBioMutex[i]), pthread_mutexattr_default); lnChkMutex(rstat, FL); } CRYPTO_set_id_callback(SslBIO::id_function); CRYPTO_set_locking_callback(SslBIO::locking_function); return 0; } int SslBIO::terminate() { int i = 0; int rstat; if (!_lnSslBioMutex) { return 0; } CRYPTO_set_id_callback(NULL); CRYPTO_set_locking_callback(NULL); for(i=0;iCRYPTO_num_locks();i++) { fprintf(stderr, \nDEBUG: Cleanup the Mutex _lnSslBioMutex[%d]\n,i); rstat = pthread_mutex_destroy((_lnSslBioMutex[i])); lnChkMutex(rstat, FL); } OPENSSL_free(_lnSslBioMutex); _lnSslBioMutex = NULL; } SslBIO::SslBIO(const char *host, const int port, const int timeout, int retCode, int blockingConnect) { _debug = 0; _lnreqctx = 0; _type = SslBIO::CALLER; _totSent = 0; _totReceived = 0; _errBuf[0] = '\0'; if(host!=NULL) strcpy(_hostName,(char *)host); _portNum = port; retCode = FAIL; /* Set up the library */ SSL_library_init(); ERR_load_BIO_strings(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); _sslctx = SSL_CTX_new(SSLv23_client_method()); if(_sslctx == 0) { fprintf(stderr, failed SslBIO::SslBIO. SslBIO not initialized. _sslctx=0\n); return; } _bio = BIO_new_ssl_connect(_sslctx); BIO_get_ssl(_bio, _ssl); SSL_set_mode(_ssl, SSL_MODE_AUTO_RETRY); /* Create and setup the connection */ BIO_set_conn_hostname(_bio, _hostName); // cdc13-www.lexisnexis.com:https); BIO_set_conn_int_port(_bio, _portNum); // 443); if(BIO_do_connect(_bio) = 0) { fprintf(stderr, Error attempting to connect [%s[%d]]\n,_hostName,_portNum); ERR_print_errors_fp(stderr); BIO_free_all(_bio); _bio = NULL; //Nullify the _bio member object after deallocating return; } else { fprintf(stderr, SslBIO: connected[%s[%d]]\n,_hostName,_portNum); } /* Check the certificate */ if(SSL_get_verify_result(_ssl) != X509_V_OK) { fprintf(stderr, Certificate verification error: %i\n, SSL_get_verify_result(_ssl)); } _timeout = timeout; retCode = OK; } SslBIO::~SslBIO() { /* Close the connection and free the context */ if (_bio != 0) { BIO_free_all(_bio); _bio=NULL; // bulletproof for webstar 3019980 } if (_sslctx != 0) { fprintf(stderr, Freeing SslBIO::_sslctx\n); SSL_CTX_free(_sslctx); _sslctx=NULL; // bulletproof for webstar 3019980 } } int SslBIO::read(char *buf, int len, int currRead) { int retCode; if (buf == LN_NULL) { return(FAIL); } printf(DEBUG: Before Read \n); currRead = BIO_read(_bio, buf, len); printf(DEBUG: After Read currRead = %d Buf = %s Length = %d\n,currRead,buf,len); if (currRead = 0) { buf[currRead] = 0; if (_debug) { ostrstream strm; strm Out of SslBIO::read currRead = currRead endl; strm
Re: Multiple connection from 1 client
Hi Eric., First of all i am a she :) and I took a maternity break off from work..which is why I am jobless..but busy feeding and diapering my little one :)..sure I can take up your offer, please email me at suraj...@gmail.com. harsh., The thing is as Eric says, you really have to rewrite ur server code once you make the fd non blocking..a simple fcntl is enuf. Also I would personally prefer sys poll over select on Linux..u could research about the former. Select is boring to me. the whole idea of non blocking is that a single call to ssl accept is not going to finish the complete ssl handshake. If you read the rfc you will know the multiple messages that are exchanged for a single ssl handshake, so in-between every read and write for the ssl handshake the non blocking fd would actually give you time to do something else . So what you really need is a state machine, which is noting but a array of function pointers (2d) in this case. I would write something like this States: ssl accept pending, ssl accepted, ssl read blocked on write, ssl read, ssl write blocked on read, ssl write, ssl renegotiate Have a function for each state specified above which would do ssl_accept, ssl_read, ssl_write and so on. Thanks --Gayathri On Monday, May 9, 2011, Eric S. Eberhard fl...@vicsmba.com wrote: Harsh, I would take up his offer of help. Socket control over multiple sockets is tricky code and very specific to what you are trying to do. My environment is single threaded and does similar things to yours -- but as Gayathri said, there are many details and exceptions and although with some online help or books I am sure with enough time you could do it (took me forever the first time) I suspect that this offer is as good as they get. I am not jobless (lucky me) so I can't put in the time he can. Gayathri -- would you be interested in pure C coding on a contract basis (intermittent, not really a job, more like occasional tasks) -- the code we write runs on AIX, Linux, OS/X, SCO, HP/UX, Centos, etc. so it is a little tricky to make work. If you have interest let me know your rates and real email and so forth. Thanks, Eric At 08:33 PM 5/6/2011, you wrote: Harsh., If u have any specific doubts in writing this asynchronous state machine email me privately at suraj...@gmail.com. I am pretty much jobless right now and can spend some time on this. Thanks --Gayathri On Friday, May 6, 2011, Harshvir Sidhu hvssi...@gmail.com wrote: Thanks, I will give this a try. // Harshvir On Fri, May 6, 2011 at 6:44 PM, Eric S. Eberhard fl...@vicsmba.com wrote: Change the sockets. This is what I use: int setblock(fd, mode) int fd; int mode; /* True - blocking, False - non blocking */ { int flags; int prevmode; flags = fcntl(fd, F_GETFL, 0); prevmode = !(flags O_NDELAY); if (mode) flags = ~O_NDELAY; /* turn blocking on */ else flags |= O_NDELAY; /* turn blocking off */ fcntl(fd, F_SETFL, flags); return prevmode; } Since it returns the existing mode you can use as such: prevmode = setblock(fd,0) /* turn of blocking */ /* do your thing */ (void)setblock(fd,prevmode); /* restore to original condition */ At 04:15 PM 5/6/2011, you wrote: Thanks for the reply Gayathri. Do you mean to changing the sockets to non blocking, or when i create bio for ssl to make that as non blocking? Thanks. On Fri, May 6, 2011 at 6:03 PM, Gayathri Sundar mailto:suraj...@gmail.comsuraj...@gmail.com wrote: Harsh, Okay from what I can understand, if you make ur underlying fd non blocking then it would work fine. Blocking FDs, unless and until one client is finished with its processing the other client will not be able to communicate with the server as the previous fd is blocked. The server is waiting on the 1st client to finish. When you have 3 ports and 3 clients then ofcourse it will work. thanks --Gayathri On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu mailto:hvssi...@gmail.comhvssi...@gmail.com wrote: Gayatri, My server code is single threaded and i am using blocking sockets, i am using fd_set and select to wait for event on socket, and then performing operation based on the event that acts on a socket. I have an array of sockets to listen. So if i start listening on 3 different ports and from my client machien, i try to connect on them at different ports then it works fine, but when i use 1 listen port then it dont work properly. What i mean to say by work properly is that the connection is established, but when i am waiting for select to return event, then it dont show any activity when i send data from client, only 1 of them works, 2 dont work. In addition to that, when i use WireShark to see packets, then it shows that machine has received
Re: Multiple connection from 1 client
Hi., Yes, once you make the socket noblocking, your current ssl API,s will not work. that is why I asked you to write the asynchronous state machine. Go thro the man pages for ssl accept, ssl read, ssl write for non blocking cases. You need to handle special cases called want read and write errors. I will send a detailed email a little later. Thanks --Gayathri On Monday, May 9, 2011, Harshvir Sidhu hvssi...@gmail.com wrote: Hi, I used the following code to change the socket to non blocking, but its still not successful, now its not even able to complete SSL_Accept. I am changing the socket option for the accepted socket. unsigned long iMode = 1; int nReturn = ioctlsocket(sock, FIONBIO, iMode); if(nReturn != NO_ERROR) { printf((ioctlsocket failed with error: %ld\n, nReturn)); } Also i suspect, that if i change the socket to non blocking, then my current read write code will not work. i mean the one in which i use FD_SET and select to perform operations. Thanks. // Harshvir On Fri, May 6, 2011 at 10:33 PM, Gayathri Sundar suraj...@gmail.com wrote: Harsh., If u have any specific doubts in writing this asynchronous state machine email me privately at suraj...@gmail.com. I am pretty much jobless right now and can spend some time on this. Thanks --Gayathri On Friday, May 6, 2011, Harshvir Sidhu hvssi...@gmail.com wrote: Thanks, I will give this a try. // Harshvir On Fri, May 6, 2011 at 6:44 PM, Eric S. Eberhard fl...@vicsmba.com wrote: Change the sockets. This is what I use: int setblock(fd, mode) int fd; int mode; /* True - blocking, False - non blocking */ { int flags; int prevmode; flags = fcntl(fd, F_GETFL, 0); prevmode = !(flags O_NDELAY); if (mode) flags = ~O_NDELAY; /* turn blocking on */ else flags |= O_NDELAY; /* turn blocking off */ fcntl(fd, F_SETFL, flags); return prevmode; } Since it returns the existing mode you can use as such: prevmode = setblock(fd,0) /* turn of blocking */ /* do your thing */ (void)setblock(fd,prevmode); /* restore to original condition */ At 04:15 PM 5/6/2011, you wrote: Thanks for the reply Gayathri. Do you mean to changing the sockets to non blocking, or when i create bio for ssl to make that as non blocking? Thanks. On Fri, May 6, 2011 at 6:03 PM, Gayathri Sundar mailto:suraj...@gmail.comsuraj...@gmail.com wrote: Harsh, Okay from what I can understand, if you make ur underlying fd non blocking then it would work fine. Blocking FDs, unless and until one client is finished with its processing the other client will not be able to communicate with the server as the previous fd is blocked. The server is waiting on the 1st client to finish. When you have 3 ports and 3 clients then ofcourse it will work. thanks --Gayathri On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu mailto:hvssi...@gmail.comhvssi...@gmail.com wrote: Gayatri, My server code is single threaded and i am using blocking sockets, i am using fd_set and select to wait for event on socket, and then performing operation based on the event that acts on a socket. I have an array of sockets to listen. So if i start listening on 3 different ports and from my client machien, i try to connect on them at different ports then it works fine, but when i use 1 listen port then it dont work properly. What i mean to say by work properly is that the connection is established, but when i am waiting for select to return event, then it dont show any activity when i send data from client, only 1 of them works, 2 dont work. In addition to that, when i use WireShark to see packets, then it shows that machine has received the packet from client. But server dont show that alert. Thats why i think it could be some socket option which is affecting it. // Harshvir On Fri, May 6, 2011 at 5:37 PM, Gayathri Sundar mailto:suraj...@gmail.comsuraj...@gmail.com wrote: Harshvir, SO_REUSEADDR sock option has noting to do with ur problem, please go thro the socket ops man page to get a better understanding. First find out if ur server code is a blocking i/o or non blocking I/O..if former then connections will be handled sequentially..only after the 1st client is finished will the server be able to respond to the 2nd connect request. If non blocking then there should be no problem. Check the code if you see and O_NONBLOCK flag set in some fcntl call or check for FIONBIO flag. Thanks --Gayathri On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu mailto:hvssi...@gmail.comhvssi...@gmail.com wrote: Well i think this link is for my question. I have already done 1-5 from the Before you ask list. Number 6, i dont know anyone who use openssl. Number 7
Re: Multiple connection from 1 client
Harshvir, SO_REUSEADDR sock option has noting to do with ur problem, please go thro the socket ops man page to get a better understanding. First find out if ur server code is a blocking i/o or non blocking I/O..if former then connections will be handled sequentially..only after the 1st client is finished will the server be able to respond to the 2nd connect request. If non blocking then there should be no problem. Check the code if you see and O_NONBLOCK flag set in some fcntl call or check for FIONBIO flag. Thanks --Gayathri On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu hvssi...@gmail.com wrote: Well i think this link is for my question. I have already done 1-5 from the Before you ask list. Number 6, i dont know anyone who use openssl. Number 7, it will take a lot of time to go through all the code, i was just trying to save some time. I thought user discussion forums are for this only. I apologize for my understanding. On Fri, May 6, 2011 at 5:18 PM, Jeremy Farrell jfarr...@pillardata.comwrote: *From:* Harshvir Sidhu Hi, I have a server application, which accepts normal sockets and ssl socket connections. I am trying to make 3 connections to server from 1 client machine, on same server port. When i connect on normal sockets then it works with any number of connections. When i tried to connect SSL then they dont work. If i connect 1 client then it works. In my listen socket, I have SO_REUSEADDR socket option, at first i thought might be this is causing issue, but i tried to use SO_EXCLUSIVEADDRUSE even then it dont work. Has someone seen some issue like this, any possible suggestion for this? Thanks, // Harshvir http://www.catb.org/~esr/faqs/smart-questions.html
Re: Using OpenSSL with non-blocking I/O
I think the openssl src already has sample server and client programs which are written in non blocking mode ..check wserver2.c if I am able to recall. On Fri, May 6, 2011 at 2:42 PM, Graham Leggett minf...@sharp.fm wrote: On 06 May 2011, at 9:23 PM, derleader mail wrote: Can you show us the source code. Paste it into pastebin.org. We do non blocking SSL by accepting the socket in the normal way (using accept, not SSL_accept), and then wrapping the socket in a BIO like this: BIO *sbio = BIO_new_socket(c-socket, BIO_NOCLOSE); SSL *ssl = SSL_new(ctx); SSL_set_bio(ssl, sbio, sbio); SSL_set_connect_state(ssl); We then put the socket in the event loop, and on read and write events we called SSL_read and SSL_write as appropriate. The first time we call SSL_read, the proper handshake is completed. One thing that you need to support for non blocking SSL to work properly is to take account the fact that during SSL_write, SSL may want to read from the socket, and during SSL_read, SSL may want to write. We keep track of whether a ready to read event should call SSL_read or SSL_write as appropriate, reacting to the SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE result codes. Regards, Graham -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Multiple connection from 1 client
Harsh, Okay from what I can understand, if you make ur underlying fd non blocking then it would work fine. Blocking FDs, unless and until one client is finished with its processing the other client will not be able to communicate with the server as the previous fd is blocked. The server is waiting on the 1st client to finish. When you have 3 ports and 3 clients then ofcourse it will work. thanks --Gayathri On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu hvssi...@gmail.com wrote: Gayatri, My server code is single threaded and i am using blocking sockets, i am using fd_set and select to wait for event on socket, and then performing operation based on the event that acts on a socket. I have an array of sockets to listen. So if i start listening on 3 different ports and from my client machien, i try to connect on them at different ports then it works fine, but when i use 1 listen port then it dont work properly. What i mean to say by work properly is that the connection is established, but when i am waiting for select to return event, then it dont show any activity when i send data from client, only 1 of them works, 2 dont work. In addition to that, when i use WireShark to see packets, then it shows that machine has received the packet from client. But server dont show that alert. Thats why i think it could be some socket option which is affecting it. // Harshvir On Fri, May 6, 2011 at 5:37 PM, Gayathri Sundar suraj...@gmail.comwrote: Harshvir, SO_REUSEADDR sock option has noting to do with ur problem, please go thro the socket ops man page to get a better understanding. First find out if ur server code is a blocking i/o or non blocking I/O..if former then connections will be handled sequentially..only after the 1st client is finished will the server be able to respond to the 2nd connect request. If non blocking then there should be no problem. Check the code if you see and O_NONBLOCK flag set in some fcntl call or check for FIONBIO flag. Thanks --Gayathri On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu hvssi...@gmail.comwrote: Well i think this link is for my question. I have already done 1-5 from the Before you ask list. Number 6, i dont know anyone who use openssl. Number 7, it will take a lot of time to go through all the code, i was just trying to save some time. I thought user discussion forums are for this only. I apologize for my understanding. On Fri, May 6, 2011 at 5:18 PM, Jeremy Farrell jfarr...@pillardata.comwrote: *From:* Harshvir Sidhu Hi, I have a server application, which accepts normal sockets and ssl socket connections. I am trying to make 3 connections to server from 1 client machine, on same server port. When i connect on normal sockets then it works with any number of connections. When i tried to connect SSL then they dont work. If i connect 1 client then it works. In my listen socket, I have SO_REUSEADDR socket option, at first i thought might be this is causing issue, but i tried to use SO_EXCLUSIVEADDRUSE even then it dont work. Has someone seen some issue like this, any possible suggestion for this? Thanks, // Harshvir http://www.catb.org/~esr/faqs/smart-questions.html
Re: Multiple connection from 1 client
Yes, you need to make the underlying socket non blocking, and at the same time gotta change the way you call SSL_accept, SSL_read, write etc to handle non block error conditions like want_read, want_write errors, use the code Eric has given to make the fd non block, or u can also set the bio non block by using FIONBIO option. basically you really need to write an asynchronous state machine. Thanks --Gayathri On Friday, May 6, 2011, Harshvir Sidhu hvssi...@gmail.com wrote: Thanks for the reply Gayathri.Do you mean to changing the sockets to non blocking, or when i create bio for ssl to make that as non blocking? Thanks. On Fri, May 6, 2011 at 6:03 PM, Gayathri Sundar suraj...@gmail.com wrote: Harsh, Okay from what I can understand, if you make ur underlying fd non blocking then it would work fine. Blocking FDs, unless and until one client is finished with its processing the other client will not be able to communicate with the server as the previous fd is blocked. The server is waiting on the 1st client to finish. When you have 3 ports and 3 clients then ofcourse it will work. thanks--Gayathri On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu hvssi...@gmail.com wrote: Gayatri,My server code is single threaded and i am using blocking sockets, i am using fd_set and select to wait for event on socket, and then performing operation based on the event that acts on a socket. I have an array of sockets to listen. So if i start listening on 3 different ports and from my client machien, i try to connect on them at different ports then it works fine, but when i use 1 listen port then it dont work properly. What i mean to say by work properly is that the connection is established, but when i am waiting for select to return event, then it dont show any activity when i send data from client, only 1 of them works, 2 dont work. In addition to that, when i use WireShark to see packets, then it shows that machine has received the packet from client. But server dont show that alert.Thats why i think it could be some socket option which is affecting it. // Harshvir On Fri, May 6, 2011 at 5:37 PM, Gayathri Sundar suraj...@gmail.com wrote: Harshvir, SO_REUSEADDR sock option has noting to do with ur problem, please go thro the socket ops man page to get a better understanding. First find out if ur server code is a blocking i/o or non blocking I/O..if former then connections will be handled sequentially..only after the 1st client is finished will the server be able to respond to the 2nd connect request. If non blocking then there should be no problem. Check the code if you see and O_NONBLOCK flag set in some fcntl call or check for FIONBIO flag. Thanks--Gayathri On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu hvssi...@gmail.com wrote: Well i think this link is for my question.I have already done 1-5 from the Before you ask list.Number 6, i dont know anyone who use openssl. Number 7, it will take a lot of time to go through all the code, i was just trying to save some time. I thought user discussion forums are for this only. I apologize for my understanding. On Fri, May 6, 2011 at 5:18 PM, Jeremy Farrell jfarr...@pillardata.com wrote: From: Harshvir Sidhu Hi, I have a server application, which accepts normal sockets and ssl socket connections. I am trying to make 3 connections to server from 1 client machine, on same server port. When i connect on normal sockets then it works with any number of connections. When i tried to connect SSL then they dont work. If i connect 1 client then it works. In my listen socket, I have SO_REUSEADDR socket option, at first i thoug __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Multiple connection from 1 client
Harsh., If u have any specific doubts in writing this asynchronous state machine email me privately at suraj...@gmail.com. I am pretty much jobless right now and can spend some time on this. Thanks --Gayathri On Friday, May 6, 2011, Harshvir Sidhu hvssi...@gmail.com wrote: Thanks, I will give this a try. // Harshvir On Fri, May 6, 2011 at 6:44 PM, Eric S. Eberhard fl...@vicsmba.com wrote: Change the sockets. This is what I use: int setblock(fd, mode) int fd; int mode; /* True - blocking, False - non blocking */ { int flags; int prevmode; flags = fcntl(fd, F_GETFL, 0); prevmode = !(flags O_NDELAY); if (mode) flags = ~O_NDELAY; /* turn blocking on */ else flags |= O_NDELAY; /* turn blocking off */ fcntl(fd, F_SETFL, flags); return prevmode; } Since it returns the existing mode you can use as such: prevmode = setblock(fd,0) /* turn of blocking */ /* do your thing */ (void)setblock(fd,prevmode); /* restore to original condition */ At 04:15 PM 5/6/2011, you wrote: Thanks for the reply Gayathri. Do you mean to changing the sockets to non blocking, or when i create bio for ssl to make that as non blocking? Thanks. On Fri, May 6, 2011 at 6:03 PM, Gayathri Sundar mailto:suraj...@gmail.comsuraj...@gmail.com wrote: Harsh, Okay from what I can understand, if you make ur underlying fd non blocking then it would work fine. Blocking FDs, unless and until one client is finished with its processing the other client will not be able to communicate with the server as the previous fd is blocked. The server is waiting on the 1st client to finish. When you have 3 ports and 3 clients then ofcourse it will work. thanks --Gayathri On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu mailto:hvssi...@gmail.comhvssi...@gmail.com wrote: Gayatri, My server code is single threaded and i am using blocking sockets, i am using fd_set and select to wait for event on socket, and then performing operation based on the event that acts on a socket. I have an array of sockets to listen. So if i start listening on 3 different ports and from my client machien, i try to connect on them at different ports then it works fine, but when i use 1 listen port then it dont work properly. What i mean to say by work properly is that the connection is established, but when i am waiting for select to return event, then it dont show any activity when i send data from client, only 1 of them works, 2 dont work. In addition to that, when i use WireShark to see packets, then it shows that machine has received the packet from client. But server dont show that alert. Thats why i think it could be some socket option which is affecting it. // Harshvir On Fri, May 6, 2011 at 5:37 PM, Gayathri Sundar mailto:suraj...@gmail.comsuraj...@gmail.com wrote: Harshvir, SO_REUSEADDR sock option has noting to do with ur problem, please go thro the socket ops man page to get a better understanding. First find out if ur server code is a blocking i/o or non blocking I/O..if former then connections will be handled sequentially..only after the 1st client is finished will the server be able to respond to the 2nd connect request. If non blocking then there should be no problem. Check the code if you see and O_NONBLOCK flag set in some fcntl call or check for FIONBIO flag. Thanks --Gayathri On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu mailto:hvssi...@gmail.comhvssi...@gmail.com wrote: Well i think this link is for my question. I have already done 1-5 from the Before you ask list. Number 6, i dont know anyone who use openssl. Number 7, it will take a lot of time to go through all the code, i was just trying to save some time. I thought user discussion forums are for this only. I apologize for my understanding. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re:SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option...
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is used to thwart some CBC attacks. check out this link for details http://www.openssl.org/~bodo/tls-cbc.txt Thanks --Gayathri Hi, The client is configured with SSLv3_client_method. *ctx = SSL_CTX_new(SSLv3_client_method());* Whenever the client tries to connect to server with any CBC ciphers like DES-CBC3-SHA, the SSL handshake is successful but when the client tries to send data to server,say 10 bytes, I see from ethereal that two application records are sent. But the server does not report reading that data. With cipher RC4-MD5, this is not seen. 10 bytes are sent in one application record and server reports the receiving of that particular data. Now when I set the *SSL_CTX_set_options* with*SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS *(or SSL_OP_ALL), data exchange with CBC ciphers are successful. What is happening here? Can someone please explain the theory behind *SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS *option? Thanks, Prabhu. S
Fwd: [Fwd: Re: How to handle dead sessions with SSL_write]
From: Gayathri Sundar [EMAIL PROTECTED] Date: Fri, Feb 29, 2008 at 9:35 AM Subject: [Fwd: Re: How to handle dead sessions with SSL_write] Original Message Subject: Re: How to handle dead sessions with SSL_write From:Gayathri Sundar [EMAIL PROTECTED] Date:Fri, February 29, 2008 7:34 am To: openssl-users@openssl.org -- Hello, It is the job of TCP to return to SSL that the underlying FD is closed. If you attempt to do a socket write on an Invalid FD then some -ve value will be returned with errno set appropriately. Make sure you select on POLLINVAL and POLLERR, so that SSL_Write is first of all not even called in ur case. SSL does not take care of FD timeouts, it should be taken care of by the application making use of SSL, noting special is required, just start a timer everytime u establish a new TCP connection and restart it each time some data is sent over that. what ur facing is a TCP issue and not SSL. Find out why TCP returns valid bytes to SSL_write indicating that some bytes were written on that socket. Thanks --Gayathri I am developing client/server app and client should be mobile, thus connection can be easily lost. The problem is that i can't find a way to detect this lose of connection with openssl. For example, i send a request to the server from client and immediately remove the cable from client laptop. Connection disappears, but ssl_write, that server uses keeps returning positive values. It looks like openssl thinks there is a congestion in the network or smth like that, thus it tries to resend the packet again and again. Also it looks like there is no ssl timeout, because server been sending data for 2 minutes without even trying to assume that connection is down. Does anybody know how to deal with such scenarios? Thanks in advance. -- Sergey __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc.
Re: Problem with SSL_WRITE
Hi, We are using OPEN SSL library in our client server application. We are using SSL_WRITE and SSL_READ api used to read and write operations between them. Connection is broken When server sends very large message (more than 56K) using SSL_WRITE api. We fixed problem with set partial mode api like, SSL_CTX_set_mode(ctx,SSL_MODE_AUTO_RETRY | SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); After using this API, problem was resolved. But I want to know if any impact using this api. Can you tell me what the limitation relevant to message size? Not using the above api would have been problematic if non blocking mode was set, which for some reason never hit for you so far. So having this is the rite thing to do..in terms of impact what do u mean? There is no limit on the ssl buffer size except that its an integral multiple of 1k. So u can programmatically set the read/write buffer size to what you want..but having it as an integral multiple of the SSL record size is advisable. please give me a quick reply, it's very urgent for us. Note: For local client everything is working fine. Problem occurs for remote client only. Regards, Vinay
Query: DH Cipher Suite -- HELP
Hi There., Marek, hope ur reading this mail. I am hitting a strange problem with Openssl. Recently I migrated from OpenSSL-0.9.8a to OpenSSL-0.9.8d, from the release notes, I see that some fixes have gone into cipher selection logic of OpenSSL. Now for the same CLIENT HELLO message (same as in no diff to cipher order or ssl version from IE), OpenSSL-0.9.8d selects DH cipher suite when RC4-MD5, DES, 3DES, AES are sent ahead of this DH in the client hello. Now my question is simple. 1. Is this behaviour only restricted to OpenSSL-0.9.8d or other versions as well? 2. Why does this happen? Kindof an attack as a weak suite is negotiated. 3. When will a DH be selected by the server. Note: cipher selection priority is pointing to server (coded that way in the application). This is really strange and hope to get some inputs. Marek..I would appreciate your reply. Thanks --Gayathri This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Rehandshake in tls1
Thanks marek, I didnt know abt the R option on s_server. Is it possible to make IE renegotiate? I have a rather complex testing requirement and I cannot test using s_client, somehow I need to ensure the client triggers renegotiation. I got a KB on IE http://support.microsoft.com/kb/265369 and tried to introduce that symptom..but on XP its not happening.. Any suggestions as to how I can make IE trigger renegotiation once in few minutes? Thanks --Gayathri Hello, I would like to know as an ssl server, when do I send a Hello request on the wire? Based on what parameters should I trigger that? I have quite a few questions based on this A) Does the re-handshake happen on the existing tcp connection? i.e the tcp connection over which the hello request message is sent by the my server? Yes. B) After the rehandshake is completed, does application data continue to flow in the same tcp connection but now with the new cipher parameters? Yes. C) Does rehandhake involve public key operations as well? i.e does the premaster secret change? Yes. You can experiment with SSL renegotiation using openssl command. Run in server window command: $ openssl s_server -key vpn-server-key.pem -cert vpn-server-crt.pem -msg -debug -cipher AES256-SHA -state next, in client window run: $ openssl s_client -msg -debug -state and you will see proper SSL session established connection. Now, in server windows type: Renter this will trigger renegotation, you will see a lot of messages and on client side you will see client_key_exchange packet sent to server with new pre_master_secret. I am really confused and I did spend sometime with the RFC, but I am really lost..I was thinking if I called the API : SSL_CTX_set_timeout(), then the session will eventually expire and end up triggering a rehandshake if application data was flowing in that session at expiration time. But I didnt see any such messages go out on the wire. This sets only timeout for session resumption. This is done for performance reasons to not overload server with time-consuming private key operation. For example browser connection to WWW server over https with HTTP/1.0 can generate new session for any gif, html and other. So if this connections are made within preconfigured time, server may use already established encryption parameters (identified by session_id in client_hello packet) to get abbreviated handshake. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Rehandshake in tls1
Hi folks., I would like to know as an ssl server, when do I send a Hello request on the wire? Based on what parameters should I trigger that? I have quite a few questions based on this A) Does the re-handshake happen on the existing tcp connection? i.e the tcp connection over which the hello request message is sent by the my server? B) After the rehandshake is completed, does application data continue to flow in the same tcp connection but now with the new cipher parameters? C) Does rehandhake involve public key operations as well? i.e does the premaster secret change? I am really confused and I did spend sometime with the RFC, but I am really lost..I was thinking if I called the API : SSL_CTX_set_timeout(), then the session will eventually expire and end up triggering a rehandshake if application data was flowing in that session at expiration time. But I didnt see any such messages go out on the wire. Could anyone explain whats going on? Thanks --Gayathri This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re:do_cipher
Hi All, I am using EVP functions for AES encryption/Decryption. Please can any one tell me how to find the exact AES encryption/decryption routines called when do_cipher is invoked? did you try single stepping using gdb or something? thats the easiest way to find out..or checkout the cipher negotiated on wire using ethereal..or any packet sniffer..not sure why u wanted to recall this posting.. Regards, Jaya This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re:Verification error
Hi, I'm trying to verify a cert chain against a trusted chain of cert, and here's what i get error 20 at 1 depth lookup:unable to get local issuer certificate can someone shed some more light at the error, like 1) what doest it mean Its not able to find the CA that signed your certificate...whoever issued that certificate. It could either be because of some wrong ca certificate, or names mismatch or it some extensions do not tally. 2) and is the problem in the cert chain that i'm trying to validate as the depth is 1 and lookup failed, am thinking you are using a self signed certificate? 3) or theres some problem in cert chain that i trust. Thanks, any insight would be helpful -KB _ Download Messenger. Join the im Initiative. Help make a difference today. http://im.live.com/messenger/im/home/?source=TAGHM_APR07 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re:RSA Key Block
Whatever you have mailed is correct, but I believe the TLS 1.0 RFC explains all these in details. Try reading 2246 from ietf.org. Thanks --Gayathri Hi All I have a general question about RSA Key Block. The output of PRF with the master_secret to give us many keys. It includes: client_write_MAC_secret, server_wriet_MAC_secret, client_write_key, server_write_key, client_write_IV, server_write_IV. Could you Please verify what I think about how four of these keys being use correcly: 1) SSL record format: Length + Data + MAC ( in general) : client server client_write_MAC_secret is used to encrypted the MAC portion message from clientserver client_write_key is used to encrypted the Data portion message from client server 2) SSL record format: Length + Data + MAC ( in general) : server client servert_write_MAC_secret is used to encrypted the MAC portion message from server client client_write_key is used to encrypted the Data portion message from server client 3) Data from Sever to Client is encrypted with different key from Client to Server ???. I just want to understand what going on underneath openssl. Thank You TD This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re:BIO or no BIO ?
its always better to use BIO for easier migration in the future if for some reason some enhancement/changes are to be done in your product. Also while using SSL_set_fd, socket BIO is automatically created and attaches to the TCP fd. What you can do is to create explicitely a read bio and a write bio and attach the same tcp fd to both for better progamming (wrt to keeping future in mind). Its just a couple of lines and not much programming. Thanks --Gayathri Hello all, As we all know, the SSL object can work either with direct tcp sockets (SSL_set_fd()) or can work on top of socket BIO objects. In my current project, I am using SSL directly on top of tcp sockets (no BIOs). I wonder whether I loose some functionality provided by BIO layer? What are the advantages of using BIOs instead of tcp sockets? (As I understand it, BIO can be though of as a wrapper on tcp). What points should one take into account, while deciding whether to use BIOs or direct tcp sockets? Is there any security concern in using tcp sockets, instead of BIOs? Thanks, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL_connect and SSL_accept
Thanks for replying. I guess we are on the same page now. The only thing is that you are asking the same question that I am asking everyone on this list What scenario may cause the SSL_connect to return error to the caller, without writing a single byte on the underlying tcp connection (which is healthy) ? Can someone think of such a scenario? Has anyone ever experienced this before? I have spent quite some time with SSL_connect, and apart from tcp level socket failures (transient/fatal) and SSL Handshake failures it cannot return error, so ur case is NOT POSSIBLE unless the HOST has run out of memory wherein Openssl_malloc itself fails. So I dont suppose you need to worry about that. I guess you have already mentioned one such scenario ... memory allocation issues, which could cause SSL_connect to return before it could write something on the socket. Are there other such possibilities? SSL_init failures is not a candidate here, as I am already doing what you have suggested dont attempt SSL at all if SSL_init fails. What I am considering is *some* error, that occurs *just as I enter SSL_connect*. Looking at the SSL_connect code may provide an answer, and I will surely consider this option. But I was looking for a response from folks who already know this code, and have better idea of what SSL_connect does before it writes its first byte on the socket. May be they can say if they foresee a case when SSL_connect can error out without writing a byte on the socket. As far as the synchronization between the server and the client goes, may be I can consider reading a feed back from the server. So the execution sequence will be like Client calls SSL_connect() Client waits for servers response (No matter if SSL_connect fails or succeeds) Tell me if the client fails, why and how long will you wait for feedback? Also isnt that TCP's job? Why should the session layer worry about this? If the client failes with a malloc and memory corruption issues, you might as well restart your application..there is no point waiting on any feedback. You cannot fix the symptom, u need to fix the cause and that is why this HYPOTHETICAL error occured in the 1st place. The server has a non blocking socket it calls SSL_accept() if succeeds, it would report success to the client if failure (timeout), it would report failure to the client ~ Urjit - Original Message - From: Gayathri Sundar [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, March 30, 2007 9:25 AM Subject: Re: SSL_connect and SSL_accept I am quite clear with your problem and am not confused. The only point I have been stressing from beginning is that SSL_connect due to WHATEVER error it returns a failure to the calling application, the peer WILL know for the simple fact that a socket send cannot fail unless the FD itself is not created/the host is not in the network/ or the interface is down or simply if the HOST runs out of MEMORY, I am not able to think of an error case wherein the SSL_connect fails to send a message out when the underlying TCP connection is ALIVE and KICKING. WHY? WHAT SORT OF ERROR ARE YOU ANTICIPATING that SSL_connect will return FAILURE to its application without even sending 1 byte on the wire? UNLESS SSL_INIT itself fails on the client or SSL OBJECT creation fails? If that is the FAILURE ur worried about then you might as well initiate a TCP teardown from the client and not attempt SSL anymore.. I hope I am able to explain better..see only in severe application programming errors/memory leak or whatever the SSL init itself will fail..so if the SSL init fails on the client side DONT initiate SSL at all so that the server will not go into SSL_accept. Why will SSL OBJ creation fail? CAN you explain to me WHAT ERROR UR TALKING ABOUT that SSL_CONNECT will return FAILURE TO CALLING APPLICATION without sending 1BYTE on the wire when the TCP CONNECTION IS A-OK? I can think of BUGGY CODING..and I dont think Non blocking will solve ur problem as its never going to detect this FAILURE THAT UR TALKING ABOUT..unless you implement POLL TIMEOUT i.e the FD will never SELECT as it never receives any DATA, so ur POLL TIMER should cleanup that FD if say it doesnt select within 5mins or so.. This is my solution: 1. Make ur FDs non blocking 2. Start a timer per FD basis before ur add it into ur POLL table 3. Everytime the FD selects on a POLLIN/POLLOUT restart ur timer 4. On TimerExpiration clean up that FD coz it never received any DATA for the timeout period, due to n/w or client failures. Decide on a good timeout value.. Thanks --Gayathri Hmm... I am surprised to see how I have managed to confuse you. I thought my previous post was pretty clear. Anyway, I will try to explain again. The client and server have and existing tcp connection, which is healthy. There is no problem with the tcp connection throughout the scenario. The client, for some reason decides to have a secured session, and so with its own protocol, tells
RE: SSL_connect and SSL_accept
Yes, I agree with you, but then why would the CLIENT get an ERROR? 2) The client calls SSL_connect(). The underlying socket is in blocking mode 3) SSL_connect() returns error. 4) The server does not notice this, and continues to wait in SSL_accept(). if SSL_connect indeed has returned with ERROR..then the SSL_accept should also return with an ERROR, unless the data transmission was LOST!!! In ur case the CLIENT will go on retrying sending the same message with the TCP retransmitting the pkt as no ACK was received on the client side..and if I am correct..it tries 3 times on linux and returns with an error..so it does not block FOREVER..there is no concept of blocking FOREVER..literally.. yes but then NON BLOCKING sockets are ofcourse the best solution esp when ur appliance is designed for the enterprise markets. Thanks --Gayathri I am unable to think of a scenerio why ur case is possible unless some serious network congestion has developed and pkts were lost..i dont see how..but the experts might able to give u a better idea. You get a SYN, send a SYN ACK, other side sends an ACK, then the other side's Internet connection goes down due to an extended power failure. You will be waiting for it to send the first SSL handshake message forever. Blocking function block until the operation completes, fails, or it is proven impossible for it to ever succeed. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Regarding ssl3_mac
Thanks jimmy..I realised that much, the update is happening from ssl3_mac defined in s3_enc.c, some s2n of the length is called, followed by a digestupdate(md, 2)..in case of READ, md is an empty array..why do we copy the ssl record length into a temp var p and then do a s2n followed by an digest update? Thanks --Gayathri Gayathri Sundar wrote: Can someone give me inputs on the function ssl3_mac, especially where it is called s-method-ssl3_enc-mac(s,(p[wr-length]),1); I need to know what p[wr-length] is pointing to and why we do a digest update of 2 bytes from that. The code is taken from s3_pkt.c function ssl3_write_bytes. Thanks --Gayathri i hope u meant in 'do_ssl3_write()'. p[wr-length] is pointing to the place just after your data. this is where you want the mac to be placed. if you look at ssl3_mac(), the second param is the o/p param. where exactly is it in the code is it that you mentioned update of 2 bytes being done? -jb -- mathematician, n.: Some one who believes imaginary things appear right before your i's. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL_connect and SSL_accept
Urjit., 1st of all theoritically your are 100% correct, after all SSL runs in the SESSION layer, but it depends on the underlying transport connection, and if that has problems, SSL has problems. Now Am not sure why you expect the TCP connection to be A-OK and still get an SSL_connect failure. If the failure is with the HANDSHAKE, like mismatch in version/cipher suite or something the SSL ALERT RECORD will take care and eventually close the connection. The only case is what David says, if the peer has been disconnected coz of some power/network failure, then the client will succeed in SENDING the Handshake message but never receive any ACK, so the TCP will endup doing retransmissions. SSL_connect WILL NOT return with ERRORS in this case. Its all blocked, I agree, but YOUR scenerio of SSL_CONNECT failing and SSL_ACCEPT not knowing that CANNOT happen. SSL_connect will SUCCEED and BLOCK indifinitely, waiting for a PEER ACK, and the server will not even be alive. If the server was ALIVE, why would it not respond. Go for Non Blocking sockets, if that suits your requirement, but your scenerio cannot happen in blocking mode, infact if your scenerio does happen, then even in non blocking mode it will end up looping, only difference is between successive POLLs ur application has control, there will be a loop between ur SELECT and SSL_CONNECT, latter always retruning some TRANSIENT retry errors. Probably u could have a count and cleanup.. I dont see how Non Block will solve ur problem, IF it can occur. Thanks --Gayathri I believe you are confusing tcp/ip connection establishment and SSL session establishment. As far as my understanding goes: SSL is an application level protocol, that works on an existing tcp channel. So, SSL handshake can be thought of as two network applications talking to each other. It is obvious that, the moment first SSL handshake packet reaches the server, the server would change its state and will now start with the handshake. If anything goes wrong hereafter (Invalid packet, tcp error, lost packet ... ), the server's SSL_accept will detect that and report error. The problem may occur when: 1) Server is waiting for first SSL handshake packet in SSL_accept 2) Client attempts to establish SSL handshake with SSL_connect 3) SSL_connect fails even before it could send the first SSL handshake packet. So the client has put nothing on the network. Now, SSL_connect has returned an error in the client, and the server is still blocked in SSL_accept. Gayathri, You are correct about first forking and then attempting SSL_accept. This will save the main server from blocking into SSL_accept and failing to server other client connection requests. Here the forked child will be blocked in SSL_accept though. David, As I have already acknowledged in my previous post, the option of using non blocking socket seems to be the way to go. I have a few doubts on how a particular scenario can be handled, but I feel it is a bit off track with respect to the current thread. So I will send a new post for that. Thank you everyone for responding. ~ Urjit - Original Message - From: Gayathri Sundar [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, March 29, 2007 1:02 PM Subject: RE: SSL_connect and SSL_accept Yes, I agree with you, but then why would the CLIENT get an ERROR? 2) The client calls SSL_connect(). The underlying socket is in blocking mode 3) SSL_connect() returns error. 4) The server does not notice this, and continues to wait in SSL_accept(). if SSL_connect indeed has returned with ERROR..then the SSL_accept should also return with an ERROR, unless the data transmission was LOST!!! In ur case the CLIENT will go on retrying sending the same message with the TCP retransmitting the pkt as no ACK was received on the client side..and if I am correct..it tries 3 times on linux and returns with an error..so it does not block FOREVER..there is no concept of blocking FOREVER..literally.. yes but then NON BLOCKING sockets are ofcourse the best solution esp when ur appliance is designed for the enterprise markets. Thanks --Gayathri I am unable to think of a scenerio why ur case is possible unless some serious network congestion has developed and pkts were lost..i dont see how..but the experts might able to give u a better idea. You get a SYN, send a SYN ACK, other side sends an ACK, then the other side's Internet connection goes down due to an extended power failure. You will be waiting for it to send the first SSL handshake message forever. Blocking function block until the operation completes, fails, or it is proven impossible for it to ever succeed. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED
Re: SSL_connect and SSL_accept
I am quite clear with your problem and am not confused. The only point I have been stressing from beginning is that SSL_connect due to WHATEVER error it returns a failure to the calling application, the peer WILL know for the simple fact that a socket send cannot fail unless the FD itself is not created/the host is not in the network/ or the interface is down or simply if the HOST runs out of MEMORY, I am not able to think of an error case wherein the SSL_connect fails to send a message out when the underlying TCP connection is ALIVE and KICKING. WHY? WHAT SORT OF ERROR ARE YOU ANTICIPATING that SSL_connect will return FAILURE to its application without even sending 1 byte on the wire? UNLESS SSL_INIT itself fails on the client or SSL OBJECT creation fails? If that is the FAILURE ur worried about then you might as well initiate a TCP teardown from the client and not attempt SSL anymore.. I hope I am able to explain better..see only in severe application programming errors/memory leak or whatever the SSL init itself will fail..so if the SSL init fails on the client side DONT initiate SSL at all so that the server will not go into SSL_accept. Why will SSL OBJ creation fail? CAN you explain to me WHAT ERROR UR TALKING ABOUT that SSL_CONNECT will return FAILURE TO CALLING APPLICATION without sending 1BYTE on the wire when the TCP CONNECTION IS A-OK? I can think of BUGGY CODING..and I dont think Non blocking will solve ur problem as its never going to detect this FAILURE THAT UR TALKING ABOUT..unless you implement POLL TIMEOUT i.e the FD will never SELECT as it never receives any DATA, so ur POLL TIMER should cleanup that FD if say it doesnt select within 5mins or so.. This is my solution: 1. Make ur FDs non blocking 2. Start a timer per FD basis before ur add it into ur POLL table 3. Everytime the FD selects on a POLLIN/POLLOUT restart ur timer 4. On TimerExpiration clean up that FD coz it never received any DATA for the timeout period, due to n/w or client failures. Decide on a good timeout value.. Thanks --Gayathri Hmm... I am surprised to see how I have managed to confuse you. I thought my previous post was pretty clear. Anyway, I will try to explain again. The client and server have and existing tcp connection, which is healthy. There is no problem with the tcp connection throughout the scenario. The client, for some reason decides to have a secured session, and so with its own protocol, tells the server to allow a secured session. After seeing such request from client (This is still a tcp communication, SSL is still not in picture), the server creates a SSL object, calls SSL_set_fd(sock_serv) and then calls SSL_accept The Client creates its SSL object, calls SSL_set_fd(sock_cli) and calls SSL_connect() Now *before* SSL_connect can actually write something on the tcp channel, using tcp send() or write(), something goes wrong and it returns an error to its caller. So there is nothing placed on the tcp channel. The server is waiting for the SSL handshake packet which it never get because SSL_connect() could never send it. Hope the scenario I am talking about is clear now. The reason why I am interested in knowing if something like what is written above can happen is: I want my client and server to be able to communicate with/without SSL If the SSL session establishment fails, the client/server can decide to kill the underlying tcp channel, or can decide to go ahead unsecured. In the scenario mentioned above, the client knows that SSL session establishment has failed, because SSL_connect() returned an error. So it may, as per its configuration decide to go ahead with unsecured communication. On he other side of the tcp link, the server is still waiting for SSL handshake packet, which the client was expected to send, which the client never sent due to some error. So here is the problem. I want my server to detect that something went wrong with the client and it should fall back to the unsecured communication. The issue here is HOW can my server detect the SSL_connect() failure that occurred on the client side? Anything that the client would send after SSL_connect() failure, will in fact be taken up by SSL_accept() and SSL_accept() will now error out saying it read invalid SSL handshake packet. Now as I write down this whole thing, I wonder if even non-blocking sockets can help. Does it look more like a design issue ? ~ Urjit - Original Message - From: Gayathri Sundar [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, March 29, 2007 4:07 PM Subject: Re: SSL_connect and SSL_accept Urjit., 1st of all theoritically your are 100% correct, after all SSL runs in the SESSION layer, but it depends on the underlying transport connection, and if that has problems, SSL has problems. Now Am not sure why you expect the TCP connection to be A-OK and still get an SSL_connect failure. If the failure is with the HANDSHAKE, like mismatch in version/cipher suite or something the SSL
Regarding ssl3_mac
Can someone give me inputs on the function ssl3_mac, especially where it is called s-method-ssl3_enc-mac(s,(p[wr-length]),1); I need to know what p[wr-length] is pointing to and why we do a digest update of 2 bytes from that. The code is taken from s3_pkt.c function ssl3_write_bytes. Thanks --Gayathri This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL_connect and SSL_accept
I am wondering if the following scenario possible: 1) The server calls SSL_accept(). The underlying socket is in blocking mode 2) The client calls SSL_connect(). The underlying socket is in blocking mode 3) SSL_connect() returns error. 4) The server does not notice this, and continues to wait in SSL_accept(). Am not sure what you mean from the 4th point, server does not notice this. TCP is a connection oriented protocol and if the connect fails on the client, then the server will get a valid error message, but that depends on where the failure has happened. If the failure is at the TCP level say if the client fails to even open a socket (client application) then the server is not even bothered as its listening on port 443 and wont even receive any SYN packets. When SSL_Accept is made blocking, it only means that the call to SSL_accept will not return until the SSL handshake is completed and during that point of time, the application will not be able to accept any new tcp requests, provided its all handled as part of the same thread. If ur going to fork and then block, then u dont have any problem (if you dont want to go for non blocking mode). If the SSL handshake fails the appropriate error message will be seen by the server and it will definitely not MISS it..and if there is a tcp level failure after the tcp connection is established .. say u get a RST..then SSL_accept will break and return the error to the calling application. I am unable to think of a scenerio why ur case is possible unless some serious network congestion has developed and pkts were lost..i dont see how..but the experts might able to give u a better idea. Thanks --Gayathri If the scenario mentioned above is possible, then the server will be blocked in the SSL_accept() (until the underlying tcp connection is broken) and hence wont be able to service other clients' connection requests This is the Toyota Principle, you asked for it, you got it. If you don't want to block, don't use blocking sockets. The only mechanism that can assure that a socket operation will not block is non-blocking sockets. Thanks for responding. I will definitely consider using non blocking sockets here. But what I am more interested in knowing is 'whether' the scenario that I mentioned is possible, and has anyone ever experienced it. ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Key files in dat formats
its probably a shown as a data file coz its encrypted..how did you generate the cert? U should be using a PKCS12 format for importing that stuff into the browser/server..btw are you telling it from windows's perspective? Hi, I have a SSL server application in which the certificate file is rsa.der and key file rsakey.dat. What is the *.dat format? How does it differ from pem and der formats? How do we generate one with OpenSSL? Thanks Regards, Prabhu This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
IE not working with DSA certificates
Hi Folks., Am facing a persistant problem with Internet Explorer not able to talk to SSL Server when configured with a DSA certificate. SSL CTX has the set_tmp_dh_params enabled and the code looks pretty much correct as Mozilla/Firefox/Opera is working fine with the exact same SSL Server Configuration. IE has the initial handshake succeeding but unable to display the html page, Ethereal shows a TCP RST going out from IE during middle of Application Data Transfer, really not sure why this is happening. Am I missing something here? Has someone faced a similar problem. IE version used is 6. Also I tried the same from Openssl S_Server and hit the same issue. Only noticible stuff is that IE seems to negotiate EXP1024-DES-EDE-CBC-SHA but Mozilla/Firefox/Opera Negotiates AES with the SAME SSL SERVER. Now does IE have any issues with DES? S_SERVER also gets a Handshake failure when configured with ONLY DES. Any Inputs deeply appreciated. Thanks --Gayathri This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Compiling OpenSSL 0.9.8d for Win32
Check out ssl/ssl_ciph.c to get an idea. Thanks --Gayathri From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Krishna Vennamaneni Sent: Thursday, November 30, 2006 9:13 AM To: openssl-users@openssl.org Subject: Re: Compiling OpenSSL 0.9.8d for Win32 Hi, Does anybody have the list of cipher suites supported by openssl? Regards, Krishna. On 11/29/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote: On Wed, Nov 29, 2006, Mike Ehlert wrote: I am trying to compile OpenSSL 0.9.8d for Win32, and I run into a problem when running the do_masm batch file: C:\openssl-0.9.8dms\do_masm Generating x86 for MASM assember Bignum DES crypt(3) Blowfish CAST5 RC4 MD5 SHA1 RIPEMD160 RC5\32 C:\openssl-0.9.8dperl util\mkfiles.pl 1MINFO C:\openssl-0.9.8dperl util\mk1mf.pl VC-WIN32 1ms\nt.mak C:\openssl- 0.9.8dperl util\mk1mf.pl dll VC-WIN32 1ms\ntdll.mak C:\openssl-0.9.8dperl util\mkdef.pl 32 libeay 1ms\libeay32.def Warning: AES_bi_ige_encrypt does not have a number assigned Warning: AES_ige_encrypt does not have a number assigned C:\openssl-0.9.8dperl util\mkdef.pl 32 ssleay 1ms\ssleay32.def According to the troubleshooting section of install.w32, these warnings means that the Win32 ordinal files are not up to date. What is the best way to solve this? According to the troubleshooting section of Install.W32, I can avoid the errors by doing perl util\mkdef.pl crypto ssl update, but anything linking to my library may need to be recompiled, and I wish to use the library with pre-compiled code. Hmmm... looks like someone didn't do a make update before the official release. Does OpenSSL compile if you ignore those warnings? If so then ignore them and continue as normal. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: What does PEM mean?
Wow, I was thinking its Privacy Enhanced Mode!! ?? No? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mouse Sent: Tuesday, August 01, 2006 6:47 AM To: openssl-users@openssl.org Subject: RE: What does PEM mean? PEM = Privacy-Enhanced Mail. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bo Xie Sent: Monday, July 31, 2006 20:08 To: openssl-users@openssl.org Subject: What does PEM mean? I know openSSL supports .pem format. But what does PEM mean? Persoanl Encrypto Management? Thanks! Best Regards, Xie, Bo __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: openssl command
Wonder why you need a pfd format!! Does man openssl mean anything to you? Now how could anyone respond to ur query?? First of all let us know what you want to use it for Coz openssl commands are plenty.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaushal Shriyan Sent: Friday, July 28, 2006 12:52 PM To: openssl-users@openssl.org Subject: openssl command Hi ALL I wanted a PDF format of openssl command, Can any one explain me about openssl command with examples I mean How do i use it Thanks and Regards Kaushal __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Query On SSL Processing
Hi Marek., Thanks once again for the detailed response.. Me now have a few more doubts.. Does this read_mac_secret and write_mac_secret change with Every md5 hash verification? I am not able to locate the code which actually updates this tcp Seq numbers and so on..what does this hash_update function do? Wht does it update? Thanks --Gayathri -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola Sent: Friday, July 21, 2006 7:04 PM To: openssl-users@openssl.org Subject: RE: Query On SSL Processing Hello, Thanks Marek, can you explain more on this MAC verification errors? When SSL record is read from TCP socket first is decrypted (using read_secret and CBC xor vector) and then MAC of decrypted packet is checked. When calculating MAC of decrypted packet the following information is used: - read_mac_secret - implied read sequence number (packet number) - packet type (handshake, data, alert ...) - length of packet data - packet data if any of this information will be incorrect or out of order (like sequence number) calculated MAC will be different from this received in packet and connection will be dropped. So silently removing some packets at (for example) TCP layer will break sequence numbering and will lead to breaking connection. Of course SSL_read() see only data from application records, not from handshake, alert or change_cipher_spec because this data if part of internal implementation of SSL protocol. This is something like in SMTP, when you receive e-mail you will see only headers and body but not SMTP conversation at SMTP server layer (MAIL FROM:, RCPT TO: ...). Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Query On SSL Processing
Marek, There seems to be no such function in openssl (ssl3_record_sequence_update())!! Can you pls tell where exactly this SSL sequence number is updated. Thanks --Gayathri -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola Sent: Monday, July 24, 2006 2:01 PM To: openssl-users@openssl.org Subject: RE: Query On SSL Processing Hello, Does this read_mac_secret and write_mac_secret change with Every md5 hash verification? No, this values are calculated from pre_master_secret and until end or renegotiation stays the same. I am not able to locate the code which actually updates this tcp Seq numbers and so on..what does this hash_update function do? Wht does it update? This implied SSL packet sequence has no connection with TCP sequence. Every SSL packet read from socket or written has 8-byte counter which is incremented on every read/write (not SSL_read/SSL_write but full SSL packet read/write). Location of this variables you may find in SSL object, in structure s3: read_sequence, write_sequence Code witch updates this variables is located in s3_enc.c as function ssl3_record_sequence_update() On every renegotiation, or more precisely: on every send/recived change_cipher_spec packet, right variable is cleared. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Query On SSL Processing
Thanks Marek..appreciate ur help.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola Sent: Monday, July 24, 2006 4:04 PM To: openssl-users@openssl.org Subject: RE: Query On SSL Processing Hello, There seems to be no such function in openssl (ssl3_record_sequence_update())!! Can you pls tell where exactly this SSL sequence number is updated. Well, yes, this function was introduced in 0.9.8. In earlier versions there is code at the and of ssl3_mac() function in s3_enc.c file which looks like: for (i=7; i=0; i--) { ++seq[i]; if (seq[i] != 0) break; } Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Query On SSL Processing
Title: intoto Stationery What would happen if openssl is starved of application data records and is fed only control messages? Would it misbehave? Thanks --Gayathri
RE: Query On SSL Processing
Thanks Marek, can you explain more on this MAC verification errors? When I can ensure only control records are read by SSL_read, why should I get such errors? Yeah, ur correct, I will discard appliation records ;) (don't ask me how!!) but then openssl will work rite? What I have to do next depends on YOUR answer or anyone on this Mailing list :) Thanks --G(3) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola Sent: Friday, July 21, 2006 3:04 PM To: openssl-users@openssl.org Subject: Re: Query On SSL Processing Hello, What would happen if openssl is starved of application data records and is fed only control messages? Would it misbehave? SSL application records are not mandatory (but usually very useful :-) So you may establish SSL connection and do for example renegotiation after renegotiation or something like that. But you can not silently remove SSL application record because you will get MAC verification errors. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Query On SSL Processing
Ok, what I meant is I will be removing the SSL record along with the app data!! So this should be fine right? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Salz Sent: Friday, July 21, 2006 5:28 PM To: openssl-users@openssl.org Subject: RE: Query On SSL Processing The SSL records include a message digest (MAC) of the application data within the record. If you remove the application data, the SSL record is no longer valid. If you think about it, this is obvious. SSL guarantees the integrity of the application data. If someone modifies or removes the application data, then the SSL layer should, of course, notice this. /r$ -- SOA Appliances Application Integration Middleware __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Query On SSL Processing
Thanks Richard..but I was thinking only SSL RECORDS with Record Type APP DATA Contain application data!!! If I can ensure that only complete SSL Records of Type Handshake, Change cipher spec, and Alerts are given to OpenSSL, it can process it rite? This way how can openssl know that app data records have been removed..? Hope I am making sense here.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Salz Sent: Friday, July 21, 2006 5:41 PM To: openssl-users@openssl.org Subject: RE: Query On SSL Processing Ok, what I meant is I will be removing the SSL record along with the app data!! So this should be fine right? Then SSL will notice that records have been removed. Since records can contain application data, and SSL guarantees the integrity of the application bytestream, *ANY* attempt by an intermediary to prevent the recipient from getting all the original bytes that are sent will be noticed. Any SSL implementation that does not do this is fundamentally flawed. You'll have to hack the source. /r$ -- SOA Appliances Application Integration Middleware __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Does Openssl cache App data -- 2nd Try..
-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]]On Behalf Of David SchwartzSent: Friday, July 07, 2006 10:57 AMTo: openssl-users@openssl.orgSubject: RE: Does Openssl cache App data -- 2nd Try.. a. Does this msg_callback get executed after peek? or after read? if former, I could simply discard the buffer as peek does not dequeue the pkt, so the kernel can read it again. If its a "read", then I need to pass on that buffer to the kernel module which does the actual decryption. I can't quite follow you. The whole thing you are trying to avoid iscaching of application data, but this is SSL_peek's whole point. The maindifference between SSL_read and SSL_peek is that SSL_peek caches theapplication data (so you can peek at it again or read it later) whereasSSL_read discards it. I was thinking SSL_peek does a buffer copy internally and gives that to the application, and the actual bytes are still available in the TCP receive queue..the idea is although I tried to peek, the data is still available for a read by kernel, and so I neednt make use of the cache, inspite of one being available. As you said, kernel has to do a lot of processing wherein it should read the ssl record header, and if not(application data) hand the fd control back to userspace. We are going to somehow poll from userspace as well as kernel for the same connection, and do a fd transfer from userspace to kernel. This seems like an overly-complex solution. The kernel should always ownthe SSL connection. It should analyze received data to determine if it isprotocol or application. If application data, it should decrypt it andreturn it as application data. If protocol data, it should pass it touser-space for SSL protocol processing. This seems like a clean and simpleapproach. This is exactly what we want to do, but is not an FDrequired in the userspace to POLL and read the SSL Control Packets? Once the KERNEL sees the 1st Control Pkt on an FD, it will handover control back to the userspace module to continue processing that FD, until an application data packet is received, wherein control will be switched back to the KERNEL. so what I have now learnt from the responses is that I can expect that openssl will end up caching application data, as as the control pkts gets processed, userspace could endup reading app data..so if I do an SSL_peek before every SSL_read can I prevent processing of application data? I don't understand what SSL_peek and SSL_read are meant to be in thecontext you are using them. These are user-space OpenSSL functions and youare supposed to be doing SSL in kernel. Yes, I wanted to call them from userspace openssl module only inorder to process control packets, as SSL_read is the one which receives control packets as well and internally triggers renegotiations and change cipher specs..so if I can peek and check if its an application data packet, I can simply discard the buffer given by peek and give back control to KERNEL, which will READ the TCP receive queue and get back the same DATA, hoping SSL_peek is same as TCP_PEEK!! This is the clarification I require. From KERNEL openssl will never be invoked, we have our own kernel library which can only encrypt/decrypt. SSL_accept is done from userspace. You can think of this as an hardware accelerator working from kernel, except that its still software routines.. PS: If i am not making sense in more than 1 way(s) beg apoligies, am a newbie.. I guess I can't seem to follow your main architecture. Again, I recommendthe following:1) The kernel should always manage the SSL connection, it should probablypresent the SSL connection to the SSL user-space code and to the applicationusing the connection as two separate objects. Userspace accepts the incoming SSL connection using openssl SSL_accept, until the kernel has no work. Once accept is completed, userspace will transfer that FD to a kernel thread, which will continue polling on that FD using sock_poll(). Userspace will continue polling on the accepted FD. Note here we now have an FD pair, as we have transferred the userspace ssl accepted FD to a kernel thread using send_fd (AF_UNIX socket).2) For received data, the kernel should analyze it and determine if it'sapplication or protocol. Exactly, thats what will happen after sock_poll() returns.3) Received application data should be decrypted in the kernel and returnedas normal data to the application using the SSL connection. Correct4) Received protocol data should be passed to the user-space SSL protocolengine application. Precisely, so now the sock_poll() will not be polling on this FD, the userspace will start its poll. Call SSL_read() until openssl says that app data is now on the wire so I cant process anymore. But I dont want SSL_read to read the app data meaning I prefer to get some notification that thepkt is app data pkt using *(msg_handler) registered to ssl_st. I
RE: Does Openssl cache App data -- 2nd Try..
Thanks once again for the responses...I would like to add few more points here..there seems to be a callback function (msg_callback) within the ssl_st structure, which when registered by the application for a specific content type, SSL_read, seems to call that if a pkt of that content type is seen on the wire. I was thinking of making use of this, now my questions are a. Does this msg_callback get executed after peek? or after read? if former, I could simply discard the buffer as peek does not dequeue the pkt, so the kernel can read it again. If its a read, then I need to pass on that buffer to the kernel module which does the actual decryption. b. I dont see this msg_callback getting called for content type Application data, I see the code only for the other ssl record types..now am I missing something here. As you said, kernel has to do a lot of processing wherein it should read the ssl record header, and if not(application data) hand the fd control back to userspace. We are going to somehow poll from userspace as well as kernel for the same connection, and do a fd transfer from userspace to kernel. so what I have now learnt from the responses is that I can expect that openssl will end up caching application data, as as the control pkts gets processed, userspace could endup reading app data..so if I do an SSL_peek before every SSL_read can I prevent processing of application data? Also there seems to be no low/high level api to access this read buffer cache of ssl.. or is there? This read buffer anyhow is a pointer to the application read buffer rite? or is there some bufcopy happening internally within openssl? Coz if its just a pointer I am thinking if I could just pass a minimal buffer size wherein it can read only handshake record size pkts, then indirectly I could end up controlling the read. PS: If i am not making sense in more than 1 way(s) beg apoligies, am a newbie.. Thanks --Gayathri -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Schwartz Sent: Friday, July 07, 2006 1:47 AM To: openssl-users@openssl.org Subject: RE: Does Openssl cache App data -- 2nd Try.. Thanks david..let me add more clarity to my requirement... Is there someway for the application to know before calling ssl_read, that some app data buffer can be got for sure? Only by putting that data in a buffer, which seems to be what you don't want. Or can SSL_peek prevent me from hitting the case you have mentioned? SSL_peek does precisely what you claim you don't want, which is to put the data in a cache. The reason is we are in a scenerio wherein all ssl control pkts are gonna be processed from userspace using openssl and all app data pkts are gonne be processed from kernel using our own ssl implementation. So when userspace openssl does manage to read app data, I need to ensure that whatever it has cached (add data bytes), has to be cleared and copied into our ssl library in kernel, so that it can wait for the remaining bytes and do the decryption. So in a crux, what can I do to ensure that openssl does not read app data pkts at all.. You have to separate the data in the kernel. I would not recommend trying to hack OpenSSL's high-level functions for this purpose but use the low-level ones instead. Ignore SSL_read/SSL_peak/SSL_write and the like. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Does Openssl cache App data
Title: intoto Stationery Hi., Following isthe comments written on s3_pkt.c before the function ssl3_read_bytes Return up to 'len' payload bytes received in 'type' records.* 'type' is one of the following:** - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)* - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)* - 0 (during a shutdown, no data has to be returned)** If we don't have stored data to work from, read a SSL/TLS record first* (possibly multiple records if we still don't have anything to return).** This function must handle any surprises the peer may have for us, such as* Alert records (e.g. close_notify), ChangeCipherSpec records (not really* a surprise, but handled as if it were), or renegotiation requests.* Also if record payloads contain fragments too small to process, we store* them until there is enough for the respective protocol (the record protocol* may use arbitrary fragmentation and even interleaving):* Change cipher spec protocol* just 1 byte needed, no need for keeping anything stored* Alert protocol* 2 bytes needed (AlertLevel, AlertDescription)* Handshake protocol* 4 bytes needed (HandshakeType, uint24 length) -- we just have* to detect unexpected Client Hello and Hello Request messages* here, anything else is handled by higher layers* Application data protocol* none of our business*/ Can anyone explain what the highlighted line means? Does app data get cached within the ssl read buffers and the app end getting some WANT errors? For example if the given application buffer size to SSL_read happens to be less than the next incoming SSL Record size, what will happen? how does SSL_read handle this case, i.e if I pass a 16K buffer and I have 2 records on the receive queue which are 10k and 8k, how much of the data will SSL_read return and will the remaining 6k of the 2nd record get cached within ssl read buffers? Also if I set the SO_RCVLOWAT option to 4bytes, can I avoid caching of SSL Handshake messages? My requirement is that I dont want SSL to cache any bytes whatsoever. Kindly help me on this. Thanks --Gayathri
SSL_read/SSL_write from kernel
Hi., Does openssl as such provide support for packet processing from kernel..i.e what do I have to do to invoke SSL_read/write from kernel..has anyone attempted this before. Thanks --Gayathri __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
SSL_read/SSL_write from kernel
Title: intoto Stationery Hi., Does openssl as such provide support for packet processing from kernel..i.e what do I have to do to invoke SSL_read/write from kernel..has anyone attempted this before. Thanks --Gayathri
RE: SSL_read/SSL_write from kernel
Title: intoto Stationery Thanks, but let me rephrase my question. There seems to be a requirement for us to process SSL app data from kernel, wherein I would like to read the sk_buff and pass it to a crypto acclerator (hardware/software), but we face a problem wherein for block ciphers, we need to ensure the data segment within the sk_buff is a multiple of the block cipher length, otherwise, we need to do a buffer copy and maintain the remaining data in some kernel memory, prequeue it and append it to the next sk_buff.. If openssl does support SSL_read/SSL_write from kernel, then I could simply call it otherwise, have to write my own SSL_read/SSL_write functions.. Please let me know if such support is available or someone has already attempted this.. Thanks --Gayathri -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Vishnubhatla, Vijaya BhaskarSent: Wednesday, June 28, 2006 1:49 PMTo: openssl-users@openssl.orgSubject: RE: SSL_read/SSL_write from kernel Hi, U need to write a separate kernel module using open-ssl library. I don't think it is possible. Instead of that, u send your data to user space and there u use the SSL_read and SSL_write functions. Thanks, Bhaskar From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gayathri SundarSent: Wednesday, June 28, 2006 1:06 PMTo: openssl-users@openssl.orgSubject: SSL_read/SSL_write from kernel Hi., Does openssl as such provide support for packet processing from kernel..i.e what do I have to do to invoke SSL_read/write from kernel..has anyone attempted this before. Thanks --Gayathri
RE: SSL_read/SSL_write from kernel
Thanks Marek..yeah, its more to do with processing block ciphers from kernel rather than SSL as such, my question to be exactly precise is for me to find out how to feed exact multiples of block cipher length from sk_buff, when they are internally fragmented in physical/virtual memory within an sk_buff (scatter/gather io) and when the sk_buffs are chained. This now looks more like a linux kernel question rather than SSL, but any help is appreciated. Functions such as sock_read/sock_write in socket.c do a buffer copy into another char buffer in the kernel from the sk_buff associated to the sock fd, now we want to avoid that and directly pass the sk_buff-data to the crypto hardware if sk_buff-len = n * block_size otherwise do a memcpy.. Is there any function in linux which directly gives the sk_buff-data ptr without any memcpy? Thanks --Gayathri -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Marek Marcola Sent: Wednesday, June 28, 2006 8:06 PM To: openssl-users@openssl.org Subject: RE: SSL_read/SSL_write from kernel Hello, Thanks, but let me rephrase my question. There seems to be a requirement for us to process SSL app data from kernel, wherein I would like to read the sk_buff and pass it to a crypto acclerator (hardware/software), but we face a problem wherein for block ciphers, we need to ensure the data segment within the sk_buff is a multiple of the block cipher length, otherwise, we need to do a buffer copy and maintain the remaining data in some kernel memory, prequeue it and append it to the next sk_buff.. If openssl does support SSL_read/SSL_write from kernel, then I could simply call it otherwise, have to write my own SSL_read/SSL_write functions.. Please let me know if such support is available or someone has already attempted this.. I'm not sure whether we talking of SSL or some_block_cipher_mode. If you want get from some source stream of data encrypted by block cipher (for example in CBC mode) and decrypt it you may use OpenSSL EVP interface (which take care of block remainders on any stage). But if you want put this in kernel code - for me better solution is to write yourself some cipher_mode then get some parts from OpenSSL. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [Resending] Export 1024 ciphers
did you try man ciphers? EXP1024 has to work on 1024 bit key, which is why it is called so, definitely they are stronger than normal EXP ciphers..once again EXP ciphers are reduced in strength so that it can be exportable in US, and I believe now there are no such restrictions..atleast thats what I got from ICSA labs. Hi all, Is it true that all EXP1024 ciphers will only work with 512 bit key. I tried with 1024 bit key but I got a failure.If this is true why do we name these ciphers as EXP1024 ciphers they are as good as normal EXP ciphers. May be I am missing something but if anyone can give me a link where I can read more about these ciphers ,that will be very useful Thanks and Regd's Ritesh __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Question on PEM_read_RSA_PUBKEY
what do you mean by decrypt a signed message? either u have to decrypt the encrypted message, or rehash and check the msg digest i.e the sha/md5 signature. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ambarish Mitra Sent: Thursday, April 27, 2006 5:16 PM To: openssl-users@openssl.org Subject: RE: Question on PEM_read_RSA_PUBKEY David, Thanks a lot. This worked. Next logical question is: using this public key, how do I decrypt a signed message? This signed message was signed by the corresponding private key, and naturally, my application does not have that. My application has the cert, and this signed message. How to verify that the signed message was signed by this pub key? Best regards, Ambarish. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Schwartz Sent: Thursday, April 27, 2006 4:24 PM To: openssl-users@openssl.org Subject: RE: Question on PEM_read_RSA_PUBKEY Hi all, How to extract the public key from the certificate? 1) Read in the certificate. 2) Extract the public key. I have a question on the function: PEM_read_RSA_PUBKEY and PEM_read_bio_RSA_PUBKEY. The argument to these function is FILE *fp and BIO *bp respectively. Does this argument contain a X509 certificate? This I ask, since the public key is present in the certificate, and I want to extract the public key from the cert. No, these functions read in a public key, which you don't have. You want functions like 'PEM_read_bio_X509' followed by 'X509_get_pubkey'. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: errno=5 in SSL_read( )
I think the issue is wrt to clearing the error queue. Whenever you attempt to get the error number, we need to call ERR_clear_error() to clear it. Certain openssl API's call it internally, and some do not, now am not clear as to why or on what basis. So, before calling SSL_read, ensure you call the above mentioned function..this worked for me..I think it doesnt matter if the underlying fd is b/nb.. --Gayathri -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Haridharan NattamaiSent: Thursday, April 20, 2006 10:05 AMTo: openssl-users@openssl.orgSubject: Re: errno=5 in SSL_read( )Gayathri,Thanks for your message.I could see from your snippet you have used BIO in non blocking mode. But my application must be in such a way that it must wait to read the data. Do you have any idea on trying this for blocking mode. thanks,Haridharan On 4/20/06, Gayathri Sundar [EMAIL PROTECTED] wrote: I too faced similar problem when I pumped heavy data via smart bits.. this piece of code worked for me..btw the underlying bio in non blocking.. do { ERR_clear_error(); nbytesread = SSL_read(pSSLObject,pBuffer,BufSize); if(nbytesread 0 ) { totalbytesread += nbytesread; pBuffer = pBuffer + nbytesread; BufSize -= nbytesread; } if(errno == EAGAIN || errno == EINTR || errno == ENOMEM) { return (SSL_ERROR_NONE); } else if(!nbytesread) { return (-1 * SSL_ERROR_ZERO_RETURN); } else { err = SSL_get_error(pSSLObject,nbytesread); break; } }while(SSL_pending(pSSLObject) (BufSize 0)); -Original Message-From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]]On Behalf Of Haridharan NattamaiSent: Wednesday, April 19, 2006 6:59 PMTo: openssl-users@openssl.orgSubject: errno=5 in SSL_read( )Hi,I'm using openssl v0.9.7i. When I try to receive a huge amount of data sometimes I get errno=5(SSL_ERROR_SYSCALL) and the exact response code is "EOF was observed that violates the protocol". At some cases when this error occurs, I get TCP ZeroWindowViolation in ethereal's trace log. I like to know what could be the reason and how can I override this. Thanks in advance.Haridharan
RE: errno=5 in SSL_read( )
I too faced similar problem when I pumped heavy data via smart bits.. this piece of code worked for me..btw the underlying bio in non blocking.. do { ERR_clear_error(); nbytesread = SSL_read(pSSLObject,pBuffer,BufSize); if(nbytesread 0 ) { totalbytesread += nbytesread; pBuffer = pBuffer + nbytesread; BufSize -= nbytesread; } if(errno == EAGAIN || errno == EINTR || errno == ENOMEM) { return (SSL_ERROR_NONE); } else if(!nbytesread) { return (-1 * SSL_ERROR_ZERO_RETURN); } else { err = SSL_get_error(pSSLObject,nbytesread); break; } }while(SSL_pending(pSSLObject) (BufSize 0)); -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Haridharan NattamaiSent: Wednesday, April 19, 2006 6:59 PMTo: openssl-users@openssl.orgSubject: errno=5 in SSL_read( )Hi,I'm using openssl v0.9.7i. When I try to receive a huge amount of data sometimes I get errno=5(SSL_ERROR_SYSCALL) and the exact response code is "EOF was observed that violates the protocol". At some cases when this error occurs, I get TCP ZeroWindowViolation in ethereal's trace log. I like to know what could be the reason and how can I override this. Thanks in advance.Haridharan
RE: Problem connecting using SSL_connect
The accept could have failed for any reason such as mismatch of ssl versions/ no matching ciphers/ untrusted certificate / so check on the wire whats going on. From your code snipped, am not sure what exactly setup_client_ctx() does or what ciphers have been set on the server ctx..the SSL_METHOD used.. Am dead sure its just a minor handshake issue coz of misconfiguration.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Robert Stober Sent: Thursday, April 06, 2006 7:47 AM To: openssl-users@openssl.org Subject: Problem connecting using SSL_connect Hi, My application is very simple, a client that connects to a server and they verify each other's identity. Right now I'm just trying to get them to connect. I'm using OpenSSL 0.9.7. I started with the example application in the O'Reilly Network Security with OpenSSL book. I was able to integrate the client portion of the code in my application (with some mods). I tested it with the server they provided which demonstrated that the client code worked. When I integrated the server code into the application I had to make some serious mods because my server need only handle one connection (strange, but true). Anyway, it doesn't work and I can't figure out why. Here's the relevant client code: init_OpenSSL(); logInfo(Initialized OpenSSL library\n); /* IMPORTANT! * This must be properly seeded to ensure security. * look in chapter 4 for details on how to this. */ seed_prng(); ctx = setup_client_ctx(); logInfo(Loaded private key(s) and passphrase\n); conn = BIO_new_connect(SERVER : PORT); if (!conn) log_error(Error creating connection to BIO); if (BIO_do_connect(conn) = 0) log_error(Error connecting to remote machine); if (!(ssl = SSL_new(ctx))) log_error(Error creating an SSL context); SSL_set_bio(ssl, conn, conn); /* wait for eauth -s to become ready to establish SSL handshake */ if (SSL_connect(ssl) = 0) { logInfo(Error connecting to SSL object\n); } And here's the relevant server code. I suspect that the problem is here since the client used to work. The last thing I see in my logfile is step5: init_OpenSSL(); logInfo(Initialized OpenSSL library\n); seed_prng(); ctx = setup_server_ctx(); logInfo(Loaded private key(s) and passphrase\n); acc = BIO_new_accept(PORT); logInfo(step1\n); if (!acc) log_error(Error creating server socket); logInfo(step2\n); if (BIO_do_accept(acc) = 0) log_error(Error binding server socket); logInfo(step3\n); if (!(ssl = SSL_new(ctx))) log_error(Error creating SSL context); logInfo(step4\n); SSL_set_bio(ssl, acc, acc); logInfo(step5\n); if (SSL_accept(ssl) = 0) log_error(Error accepting SSL connection); else logInfo(SSL connection opened\n); err = SSL_read(ssl, sslbuf, sizeof(sslbuf)); Can anyone see any problems here? Probably something obvious that I'm missing? One more thing - the client is invoked up to one second before the server is invoked. Perhaps the client is attempting to connect before the server is ready? I tried the following but it never connected: if (SSL_connect(ssl) = 0) { logInfo(Error connecting to SSL object\n); } Is there any way to see --exactly-- what's going on? To log exactly what's going on during the connection/handshake procedure? Thank you very much, Robert Stober Senior Systems Engineer Platform Computing, Inc. 209-986-9298 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: closing client connection problem
AFAIK, tcp read can return Zero, as numbytes read, and does not mean than the fd is invalidated. I think you should use SSL_received_shutdown or something which checks if any close has been initiated by the server.. Attempting write when a close was received will result in sigpipe.. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of michael DorrianSent: Thursday, April 06, 2006 8:52 AMTo: openssl-users@openssl.orgSubject: closing client connection problemIf the server returns an error my client does not shut down the connection. I think i have to use SSL_Read and then if the return value is less than or equal to 0 then i just break. The problem is that when i use SSL_Read then my SSL_write does not seem to work...why is that.or is there a simpler way to check if the server has closed the connection?. How low will we go? Check out Yahoo! Messengers low PC-to-Phone call rates.
RE: SSL_accept blocks forever
Have you set the the underlying FD to nonblocking (FIONBIO?)..I dont see why if the socket non blocking flag is set, you should have this problem..it doesnt make sense.. Thanks --G3 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Henry Yip (hyip)Sent: Friday, March 10, 2006 10:28 PMTo: openssl-users@openssl.orgCc: Henry Yip (hyip)Subject: SSL_accept blocks forever Hi, I have a SSL server program that accepts SSL connections. But after receiving around 150 connections confirmed with the "netstat -a | grep ESTAB" command and many SYN_RECV half opened connections,the client is terminated. Thisforces the sockets to close. The number of ESTAB connectionsgoes to zero. The SYN_RECV half opened connection still lingers. The SSL server continue to process these SYN_RECV half opened connections and soon even though the client is terminated, some half opened connection went int other ESTAB state. At this point, the SSL server can no longer accept any new connections. This happens on all Redhat Linuxplatform that I tested with kernel 2.4.20, 2.4.18, and 2.6.x. Solaris 2.8 does not have this problem. Below is the stack trace on where the code is blocking in. [Switching to Thread -1210186048 (LWP 21173)]0x0012e7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2(gdb) where#0 0x0012e7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2#1 0x00bd33fb in __read_nocancel () from /lib/tls/libpthread.so.0#2 0x00608d24 in BIO_sock_should_retry () from /lib/libcrypto.so.4#3 0x00606d8c in BIO_read () from /lib/libcrypto.so.4#4 0x007b21b0 in ssl23_read_bytes () from /lib/libssl.so.4#5 0x007b0d31 in ssl23_get_client_hello () from /lib/libssl.so.4#6 0x007b1309 in ssl23_accept () from /lib/libssl.so.4#7 0x007b60ab in SSL_accept () from /lib/libssl.so.4#8 0xb7e093bc in ACE_SSL_SOCK_Acceptor::ssl_accept (this=0xb6f0, [EMAIL PROTECTED], timeout=0x0) at SSL_SOCK_Acceptor.cpp:74#9 0xb7e097d5 in ACE_SSL_SOCK_Acceptor::accept (this=0xb6f0, [EMAIL PROTECTED], remote_addr=0x0, timeout=0x0, restart=1, reset_new_handle=0) at SSL_SOCK_Acceptor.cpp:195#10 0x0804aace in main () Does anyone has any idea on what is going on? Thanks in advance. -Henry
RE: Choice of CAs in SSL/TLS handshake
you can put CA2 as part of the revocation list? if CA2 is part of the client's CRL, then it will automatically be rejected..is this what you want? Thanks --G3 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Olaf Gellert Sent: Tuesday, March 07, 2006 5:26 PM To: openssl-users@openssl.org Subject: Choice of CAs in SSL/TLS handshake Hi, I came across the following problem: I do have two user CAs under the same root CA: Root CA |- User CA 1 - User Certificate 1 |- User CA 2 - User Certificate 2 I want to tell a webserver to accept certificates from User CA 1 but not from User CA 2. But: In openssl s_server AND in mod_ssl I can only specify a list (as file or directory) of trusted CAs. These are used for two purposes: a) the server puts all of them in his certificate_request message during SSL connection establishment. b) they have to contain the root certificate as trust anchor. What I need is a way to specify the requested client CAs WITHOUT the root certificate. Otherwise clients (Mozilla/Firefox) think that both CAs are accepted (because the root certificate is in the certificate request message). Any way to do this? Is this just a missing feature or do I read the RFC wrong? This is what RFC 2246 says about the request message (sec. 7.4.4): certificate_authorities A list of the distinguished names of acceptable certificate authorities. These distinguished names may specify a desired distinguished name for a root CA or for a subordinate CA; thus, this message can be used both to describe known roots and a desired authorization space. So it should be possible to provide only the certificate of User CA 1? (but then openssl s_server and mod_ssl do not find a valid root certificate.) Thanks for any help, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Choice of CAs in SSL/TLS handshake
I think verify depth of 1 will work only for self signed certificates, in this case it wont work, you should override the default certificate checking functions by registering ur own callback for this function pointer in ssl_st. int (*verify_callback)(int ok,X509_STORE_CTX *ctx) as you already know CA2 issuername and common name, you can reject that certificate if presented. Hope this helps. Thanks --Gayathri -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Olaf Gellert Sent: Tuesday, March 07, 2006 8:34 PM To: openssl-users@openssl.org Subject: Re: Choice of CAs in SSL/TLS handshake Samy Thiyagarajan wrote: Hi, May be changing the verification of the depth level solve this issue. ( I mean check the chain only upto User CA 1 and not upto the Root CA ) In this case it should not report about missing valid root. Im not sure. this is just an idea. Good idea. But unfortunately it does not work out. I removed the root-certificate from the SSLCACertificateFile. The Server now only allows the user CA 1 (otherwise it still offers the root CA as valid CA). And I shortened the verifyDepth to one. But the server denies access saying: [Tue Mar 07 15:56:34 2006] [error] Certificate Verification: Error (20): unable to get local issuer certificate Seems that verifyDepth still requires a self-signed root certificate (so the chain has to reach the toplevel in the given number of steps). Hm... Any other proposals? :-) Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Testing private key - public key consistency
Probably you can try the openssl verify command? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Julien ALLANOS Sent: Monday, February 06, 2006 6:38 PM To: openssl-users@openssl.org Subject: Testing private key - public key consistency Hello, is there a quick way/function to verify that a private (EVP_PKEY) key matches a X509 certificate's public key? thanks, -- Julien ALLANOS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: SSL_shutdown and SIGPIPE
yeah, I have an unusual requirement dat, I cant ignore sigpipe.. meanwhile, SSL_get_shutdown will check the FD status, and if a FIN/RST was received, the return value will reflect dat..so I will not even attempt a write. Thanks --G3 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kyle Hamilton Sent: Monday, February 13, 2006 11:15 AM To: openssl-users@openssl.org Subject: Re: SSL_shutdown and SIGPIPE Why are you trying to avoid SIGPIPE, anyway? It's easy to ignore, and a global state would make it possible to determine what socket you were writing on (if you needed that). -Kyle H On 2/12/06, Gayathri Sundar [EMAIL PROTECTED] wrote: Probably you can call the following iRet = SSL_get_shutdown(pSSL); if(iRet = 0) SSL_shutdown(pSSL); This is because, SSL_shutdown writes data on the wire, i.e the closure alerts..and if a FIN was received meanwhile, you will catch a SIGPIPE..this piece of code, actually saves me from this.. Thanks --G3 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alberto Alonso Sent: Sunday, February 12, 2006 2:08 PM To: openssl-users@openssl.org Subject: SSL_shutdown and SIGPIPE I am getting SIGPIPE signals under Linux when calling on SSL_shutdown and the remote is gone. Basically, the remote end terminates the connection abruptly, then the server finishes doing whatever is doing and issues a SSL_shutdown on the ssl structure that used to handle the connection. This generates a SIGPIPE on the server. Is there anything I should be checking for before calling SSL_shutdown to make sure the connection is still OK? Thanks, Alberto -- Alberto AlonsoGlobal Gate Systems LLC. (512) 351-7233http://www.ggsys.net Hardware, consulting, sysadmin, monitoring and remote backups __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Certificate chain question
I think you should load myside.com as well onto the browser.. as it is needed to verify part.myside.com. Thanks --G3 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Zaid Sent: Sunday, February 12, 2006 5:33 AM To: openssl-users@openssl.org Subject: Certificate chain question I have a root CA which is loaded on my browser, the rootCA certify mysite.com which is also used to certify part.mysite.com when user go directly to part.mysite.com the browser complains because the certifcate chain is not complete. Has anyone experienced this problem or can perhaps explain why this would happen? Thanks, Zaid ++++ If we don't believe in freedom of expression for people we despise, we don't believe in it at all. Chomsky, Noam Zaid's Blog: http://drummergeek.blogspot.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: SSL_shutdown and SIGPIPE
Probably you can call the following iRet = SSL_get_shutdown(pSSL); if(iRet = 0) SSL_shutdown(pSSL); This is because, SSL_shutdown writes data on the wire, i.e the closure alerts..and if a FIN was received meanwhile, you will catch a SIGPIPE..this piece of code, actually saves me from this.. Thanks --G3 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alberto Alonso Sent: Sunday, February 12, 2006 2:08 PM To: openssl-users@openssl.org Subject: SSL_shutdown and SIGPIPE I am getting SIGPIPE signals under Linux when calling on SSL_shutdown and the remote is gone. Basically, the remote end terminates the connection abruptly, then the server finishes doing whatever is doing and issues a SSL_shutdown on the ssl structure that used to handle the connection. This generates a SIGPIPE on the server. Is there anything I should be checking for before calling SSL_shutdown to make sure the connection is still OK? Thanks, Alberto -- Alberto AlonsoGlobal Gate Systems LLC. (512) 351-7233http://www.ggsys.net Hardware, consulting, sysadmin, monitoring and remote backups __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Query on IE's SSL Renegotiation
Hi there., Have some queries on the way IE is handling SSL Renegotiation. 1. Whenever IE receives a Client Cert req from the Server, say when it is talking for the 1st time (IE gonna connect to this ssl server for the very 1st time), it immediately closes the TCP connection abrubtly by sending a FIN..now is this coz of some errors on the Server? The next connection from IE to the server, works fine and the client cert is sent out and renegotiation is completed on the same TCP connection..what I further notice is this is happening everytime I switch the Server CTX from SSL_VERIFY_NONE to SSL_VERIFY_PEER and vice versa..why is there is extra TCP connection? 2. When there are no client certs configured on the IE, it seems to send NULL Certificate..I mean I see the certificate message go out..but has ZERO payload length!!!? Can Openssl validate this? 3. Once the ssl renegotiation is through, how can the application know that the renegotiation succeeded and the client cert that was got is correct? By manipulating the SSL_OBJ i lose all the previous connection specific data.. I really dont know why SSL Renegotiation is happening over 2 TCP connections via IE..anyone experienced this before? Mozilla/Netscape are working A-OK.. Thanks --Gayathri __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: BIO_read is continuously returning -1
Hi Pankaj., This difference in the HTTP response header is very critical. It influences the way in which the Client is going to behave. In case of 1, as the Connection: Close header is sent as part of the response, the http server will initiate the tcp teardown and need not bother sending the content length of the application payload. In case of 2, the client is expected to keep the HTTP connection alive, so that perhaps subsequent http requests can be pipelined, this is a feature of HTTP1.1. when a 302 is sent from the server, it means that either a REDIRECT req needs to be sent by the client as the http resource is not available in the requested path, so this redirect url will be as part of the Redirect header of the HTTP response, also as the connection keep alive has been set, the redirect request from the client will have to go on the same tcp connection over which the 302 was got, which is not supported by your ssl server? Thanks --Gayathri When I tried to print the values returned by BIO_read it shows -1, 8, 12, 30, 24, 79, 407, 47, 10, 2, 61, 2, 3, 2, 80, 2, 2, -1, -1, -1. , -1 I tried to catch the error using perror which shows the error message Error 0 till the return value 2, after that Resource temporarily unavailable for all -1 returned values. If you want to see code then let me know. On 12/28/05, Pankaj [EMAIL PROTECTED] wrote: I am quite new for the OpenSSL programming. I am using Perl client program and C client program for connecting to the same server. Perl script works fine with the get_https request. But in C, I am getting -1 return value from the server while reading. C program implimentation is same as of sslcat method of SSLeay.pm module. I tried to differentiate between the reply header and found that there is only single difference between them as : Perl client script: CONNECTION: close C Script: HTTP/1.1 302 Found Proxy-Connection: Keep-Alive Connection: Keep-Alive i.e. 2 extra lines with difference in Connection header. Rest of the returned header content is same for both. I am not understanding that if server is getting connected for the Perl script (which uses Net::SSLeay::get_https() method), then what is the problem with the C code? While debugging I found that it getting connected, accepts request and replys back with the series of chunks (in BIO_read), but it seems that it is not ending (no 0 return). contineously it is giving -1. I am using openssl-0.9.7g version. If you require code then I will provide in next email. Any help in this regard will greatly appreciated. -- Best Regards, Pankaj Solanki [EMAIL PROTECTED] The Price of Greatness is responsibility over each of your thoughts -- Best Regards, Pankaj Solanki [EMAIL PROTECTED] Ph : 09810823740. The Price of Greatness is responsibility over each of your thoughts __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: BIO_read is continuously returning -1
Forgot to mention that perhaps your client does not understand HTTP 1.1? Check whether the redirect request came back to the server. Hi Pankaj., This difference in the HTTP response header is very critical. It influences the way in which the Client is going to behave. In case of 1, as the Connection: Close header is sent as part of the response, the http server will initiate the tcp teardown and need not bother sending the content length of the application payload. In case of 2, the client is expected to keep the HTTP connection alive, so that perhaps subsequent http requests can be pipelined, this is a feature of HTTP1.1. when a 302 is sent from the server, it means that either a REDIRECT req needs to be sent by the client as the http resource is not available in the requested path, so this redirect url will be as part of the Redirect header of the HTTP response, also as the connection keep alive has been set, the redirect request from the client will have to go on the same tcp connection over which the 302 was got, which is not supported by your ssl server? Thanks --Gayathri When I tried to print the values returned by BIO_read it shows -1, 8, 12, 30, 24, 79, 407, 47, 10, 2, 61, 2, 3, 2, 80, 2, 2, -1, -1, -1. , -1 I tried to catch the error using perror which shows the error message Error 0 till the return value 2, after that Resource temporarily unavailable for all -1 returned values. If you want to see code then let me know. On 12/28/05, Pankaj [EMAIL PROTECTED] wrote: I am quite new for the OpenSSL programming. I am using Perl client program and C client program for connecting to the same server. Perl script works fine with the get_https request. But in C, I am getting -1 return value from the server while reading. C program implimentation is same as of sslcat method of SSLeay.pm module. I tried to differentiate between the reply header and found that there is only single difference between them as : Perl client script: CONNECTION: close C Script: HTTP/1.1 302 Found Proxy-Connection: Keep-Alive Connection: Keep-Alive i.e. 2 extra lines with difference in Connection header. Rest of the returned header content is same for both. I am not understanding that if server is getting connected for the Perl script (which uses Net::SSLeay::get_https() method), then what is the problem with the C code? While debugging I found that it getting connected, accepts request and replys back with the series of chunks (in BIO_read), but it seems that it is not ending (no 0 return). contineously it is giving -1. I am using openssl-0.9.7g version. If you require code then I will provide in next email. Any help in this regard will greatly appreciated. -- Best Regards, Pankaj Solanki [EMAIL PROTECTED] The Price of Greatness is responsibility over each of your thoughts -- Best Regards, Pankaj Solanki [EMAIL PROTECTED] Ph : 09810823740. The Price of Greatness is responsibility over each of your thoughts __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
problems generating certificates
edit ur openssl.cnf to point to the correct ca certificate and its private key..obviously the file is not the path that the cnf is looking at.. hi everybody, well finally get install openssl v0.9.8a, now when i try to generate certificates to be used with freeradius (eap-tls or eap-peap) i use these commands to CERTIFICATE AUTHORITY GENERATION: #openssl req -new -x509 -keyout newreq.pem -out newreq.pem -passin pass:clue1 -passout pass:clue1 #openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12 -cacerts -passin pass:clue1 -passout pass:clue1 #openssl pkcs12 -in root.p12 -out root.pem -passin pass:clue1 -passout pass:clue1 (i copied root.p12 from freeradius files) #openssl x509 -inform PEM -outform DER -in root.pem -out root.der #rm -rf newreq.pem and these to SERVER CERTIFICATE GENERATION: #openssl req -new -keyout newreq.pem -out newreq.pem -passin pass:whatever -passout pass:clue1 #openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem right here, when using this command i get this error: Error opening CA private key ./demoCA/private/cakey.pem 4161:error:02001002:system library:fopen:No such file or directory:bss_file.c:349:fopen ('./demoCA/private/cakey.pem' ,'r') 4161:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:351: unable to load CA private key well i really don't understand what this mean but reviewed ./demoCA/private/cakey.pem and effectively it's there, so why openssl cann't locate it?? why unable to load CA private key?? so, i tried this: #openssl x509 -inform PEM -outform DER -in demoCA/cacert.pem -out demoCA/cacert.der but now get this: 4201:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE excuse if this question is so trivial but i really don't understand it. could any body help and tell me what is happening?? thanks for your patience and help. greetings _ Charla con tus amigos en línea mediante MSN Messenger: http://messenger.latam.msn.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re:Re: BIO_read is continuously returning -1
Original Message Subject: Re:Re: BIO_read is continuously returning -1 From:Gayathri Sundar [EMAIL PROTECTED] Date:Wed, December 28, 2005 4:59 am To: openssl-users@openssl.org -- If the Client Http Request has Http Version as 1.0 in its GET request or if the Connection: Close header is sent as part of the Client's GET request, the Server has to come back with Connection: Close..if the server follows RFC strictly..safest way is for the client to send HTTP 1.0 as its protocol version. The snipped is fine, can you give the code that sends the HTTP Request once SSL handshake is thro? Thanks --Gayathri Thanks Gayatri, I dont have access to the server, so I wont be able to verify that. I dont think that it is needed as both clients interacting with same server. For one client it is working and for second it is not, so I dont think that server has any problem. Also how can I make a client to get Connection: Close header as part of the response from server? I think there is some small mistake I am making, but not able to figure it out. Here is part of the code which creats connection object SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); ssl_ctx=SSL_CTX_new(SSLv23_client_method()); SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); /* tried to reset to all option again */ ssl=SSL_new(ssl_ctx); SSL_set_connect_state(ssl); ssl_bio=BIO_new(BIO_f_ssl()); BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE); sprintf(host, %s:%i, host_name, port_num); out=BIO_new(BIO_s_connect()); BIO_set_conn_hostname(out,host); BIO_set_nbio(out,1); out=BIO_push(ssl_bio,out); You may be able to catch the problem. Thanks, Pankaj On 12/28/05, Gayathri Sundar [EMAIL PROTECTED] wrote: Forgot to mention that perhaps your client does not understand HTTP 1.1? Check whether the redirect request came back to the server. Hi Pankaj., This difference in the HTTP response header is very critical. It influences the way in which the Client is going to behave. In case of 1, as the Connection: Close header is sent as part of the response, the http server will initiate the tcp teardown and need not bother sending the content length of the application payload. In case of 2, the client is expected to keep the HTTP connection alive, so that perhaps subsequent http requests can be pipelined, this is a feature of HTTP1.1. when a 302 is sent from the server, it means that either a REDIRECT req needs to be sent by the client as the http resource is not available in the requested path, so this redirect url will be as part of the Redirect header of the HTTP response, also as the connection keep alive has been set, the redirect request from the client will have to go on the same tcp connection over which the 302 was got, which is not supported by your ssl server? Thanks --Gayathri When I tried to print the values returned by BIO_read it shows -1, 8, 12, 30, 24, 79, 407, 47, 10, 2, 61, 2, 3, 2, 80, 2, 2, -1, -1, -1. , -1 I tried to catch the error using perror which shows the error message Error 0 till the return value 2, after that Resource temporarily unavailable for all -1 returned values. If you want to see code then let me know. On 12/28/05, Pankaj [EMAIL PROTECTED] wrote: I am quite new for the OpenSSL programming. I am using Perl client program and C client program for connecting to the same server. Perl script works fine with the get_https request. But in C, I am getting -1 return value from the server while reading. C program implimentation is same as of sslcat method of SSLeay.pm module. I tried to differentiate between the reply header and found that there is only single difference between them as : Perl client script: CONNECTION: close C Script: HTTP/1.1 302 Found Proxy-Connection: Keep-Alive Connection: Keep-Alive i.e. 2 extra lines with difference in Connection header. Rest of the returned header content is same for both. I am not understanding that if server is getting connected for the Perl script (which uses Net::SSLeay::get_https() method), then what is the problem with the C code? While debugging I found that it getting connected, accepts request and replys back with the series of chunks (in BIO_read), but it seems that it is not ending (no 0 return). contineously it is giving -1. I am using openssl-0.9.7g version. If you require code then I will provide in next email. Any help in this regard will greatly appreciated. -- Best Regards, Pankaj Solanki [EMAIL PROTECTED] The Price of Greatness is responsibility over each of your thoughts -- Best Regards, Pankaj Solanki [EMAIL PROTECTED] Ph : 09810823740. The Price of Greatness is responsibility over each of your thoughts
RE: How do I correctly handle SSL_shutdown?
AFAIK, if a close notify is not sent, the the ssl connection termination is considered premature and the session cannot be reused. The specification does not define it as a MUST, rather it is defined as a SHOULD. If session reuse is not a necessary criteria (if your willing to compromise performance) then server need not send the close notify. Thanks --Gayathri Hi, If I understand it correctly the close_notify alert is only there to prevent a truncation attack. If your higher level protocol can check that all expected data is present then it is OK just to close the socket. To be safe it would be better to call SSL_shutdown() in the client when it is complete. In the server you can call SSL_get_shutdown() when you expect the client may disconnect. In the server it should be fine to call SSL_shutdown() anyway. I don't think the SSL specification defines whether the server must send a close_notify. I hope this helps, Mark. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How do I correctly handle SSL_shutdown?
If the server is unable to see the SSL_RECEIVED_SHUTDOWN, then probably the close notify did not go on the wire, i.e client failed sending it? Can you check the wire to see if it actually went out? Try calling ssl_get_error to see the status on the error queue. Also by any chance have you set the quiet shutdown mode in ur ctx? if that is set, then the alert will not be sent on the wire.. This is what I get from man SSL_shutdown SSL_shutdown() tries to send the close notify shutdown alert to the peer. Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and a currently open session is considered closed and good and will be kept in the session cache for further reuse. I think I understand but I still seem to have an issue with my code. 1). Server opens an SSL port for a client to connect to 2). Client connects to this port and SSL_read and Write stuff. 3). Client Calls SSL_shutdown( sslSocket ); 4). Server Calls SSL_get_shutdown( sslSocket ), If shutdown is equal to SSL_RECEIVED_SHUTDOWN the server will then call SSL_shutdown( sslSocket ); So if the above is correct? I am doing the following to close the connection and my server does not seem to ever see SSL_RECEIVED_SHUTDOWN ? Could some one please tell me what I am doing wrong? ( Blocking IO ) 1). Client sends shutdown /* Client code to close SSL connection */ if( (SSL *)NULL != sslSocket ) { if( SSL_ST_OK == SSL_state( sslSocket ) ) { status = SSL_shutdown( sslSocket ); if( status == 0 ) { status = SSL_shutdown( sslSocket ); } } fd = SSL_get_fd( sslSocket ); close( fd ); SSL_free( sslSocket ); sslSocket = (SSL *)NULL; } 2). Server checks for shutdown and sends shutdown if SSL_RECEIVED_SHUTDOWN is returned. /* Server code to close SSL connection */ if( (SSL *)NULL != sslSocket ) { if( SSL_RECEIVED_SHUTDOWN == SSL_get_shutdown( sslSocket ) ) { SSL_shutdown( sslSocket ); } fd = SSL_get_fd( sslSocket ); close( fd ); SSL_free( sslSocket ); sslSocket = (SSL *)NULL; } Thanks, Perry Gayathri Sundar wrote: Hi., I think that depends on the mode of SSL meaning blocking/non blocking, If its the latter then you need to select again before calling the 2nd ssl shutdown and check whether the close notify from the peer is received by checking the ssl_received_shutdown flag. If this flag is not set, then you should cleanup or select for a timeout. This code snippet is true for blocking sockets. Thanks --Gayathri I am confused. If SSL_shutdown returns 0 then I need to call SSL_shutdown again? So would I do something like this on the client side? /* Client code to close SSL connection */ if( (SSL *)NULL != *sslSocket ) { if( SSL_ST_OK == SSL_state( *sslSocket ) ) { status = SSL_shutdown( *sslSocket ); if( status == 0 ) { status = SSL_shutdown( *sslSocket ); } } SSL_free( *sslSocket ); *sslSocket = (SSL *)NULL; } -- If this is the case what do I do on the server side do I need to uses SSL_state to check for some shutdown state? Thanks, Perry Victor Duchovni wrote: On Mon, Dec 19, 2005 at 11:22:11AM -0500, Perry L. Jones wrote: I have some questions about shutting down an SSL connection. The correct use of SSL_shutdown() is described in the SSL_shutdown manpage. Read the whole thing, and pay specific attention to: When the application is the first party to send the close notify alert, SSL_shutdown() will only send the alert and the set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in cache). SSL_shutdown() will then return with 0. If a unidi- rectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient. In order to complete the bidirectional shutdown handshake, SSL_shutdown() must be called again. The second call will make SSL_shutdown() wait for the peer's close notify shutdown alert. On success, the second call to SSL_shutdown() will return with 1. If the peer already sent the close notify alert and it was already processed implicitly inside another function (SSL_read(3)), the SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() will send the close notify alert, set the SSL_SENT_SHUTDOWN flag and will immediately return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the SSL_get_shutdown() (see also SSL_set_shutdown(3) call. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED
Re: How do I correctly handle SSL_shutdown?
Hi., I think that depends on the mode of SSL meaning blocking/non blocking, If its the latter then you need to select again before calling the 2nd ssl shutdown and check whether the close notify from the peer is received by checking the ssl_received_shutdown flag. If this flag is not set, then you should cleanup or select for a timeout. This code snippet is true for blocking sockets. Thanks --Gayathri I am confused. If SSL_shutdown returns 0 then I need to call SSL_shutdown again? So would I do something like this on the client side? /* Client code to close SSL connection */ if( (SSL *)NULL != *sslSocket ) { if( SSL_ST_OK == SSL_state( *sslSocket ) ) { status = SSL_shutdown( *sslSocket ); if( status == 0 ) { status = SSL_shutdown( *sslSocket ); } } SSL_free( *sslSocket ); *sslSocket = (SSL *)NULL; } -- If this is the case what do I do on the server side do I need to uses SSL_state to check for some shutdown state? Thanks, Perry Victor Duchovni wrote: On Mon, Dec 19, 2005 at 11:22:11AM -0500, Perry L. Jones wrote: I have some questions about shutting down an SSL connection. The correct use of SSL_shutdown() is described in the SSL_shutdown manpage. Read the whole thing, and pay specific attention to: When the application is the first party to send the close notify alert, SSL_shutdown() will only send the alert and the set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in cache). SSL_shutdown() will then return with 0. If a unidi- rectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient. In order to complete the bidirectional shutdown handshake, SSL_shutdown() must be called again. The second call will make SSL_shutdown() wait for the peer's close notify shutdown alert. On success, the second call to SSL_shutdown() will return with 1. If the peer already sent the close notify alert and it was already processed implicitly inside another function (SSL_read(3)), the SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() will send the close notify alert, set the SSL_SENT_SHUTDOWN flag and will immediately return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the SSL_get_shutdown() (see also SSL_set_shutdown(3) call. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Enable Client Authentication using [ Openssl s_server ]
Try using one of these two -verify arg - turn on peer certificate verification -Verify arg - turn on peer certificate verification, must have a cert. in the command, btw u can get the whole list of options in man s_server -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of am0ykam0te (sent by Nabble.com) Sent: Thursday, December 08, 2005 10:42 AM To: openssl-users@openssl.org Subject: Enable Client Authentication using [ Openssl s_server ] I am currently testing the ssl client i developed. I need to test it when it connects to a server which requires client authentication. However i do not know how to enable it in openssl's command line server (s_server). How do i enable client authentication in openssl s_server? Sent from the OpenSSL - User forum at Nabble.com: Enable Client Authentication using [ Openssl s_server ] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Doubt on SSL_ERROR_SYSCALL
Hi., Have a small doubt on how the application needs to react for an SSL_ERROR_SYSCALL. What do I have to do when I actually attempted an SSL_READ and endedup with that error code, now should the operation need to be retried based on errno or should this be regarded as a fatal? If it needs to be retried based on errno, could you pls tell for what set of values? The mail problem I am facing is wrt to performance, when I pump heavy https traffic say from smartbits, more than 30% is dropped because of this return value, happening from SSL_accept to SSL_read and SSL_Write as rite now I am treating this as a fatal. This is a serious performance blow and any help is deeply appreciated. Probably I am missing something else coz of which I am getting this particular error code (invariably errno = 5 when ssl returns with SSL_ERROR_SYSCALL) Thanks --Gayathri __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Client authentication problem
Hi Again., This is what I found from the log file you sent..is this pointing to the same CA cert itcilo-ca.crt, I put it in ssl.crt ? debug] ssl_engine_init.c(1112): CA certificate: /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=ITCILO CA/[EMAIL PROTECTED] [Wed Jul 13 11:48:34 2005] [debug] ssl_engine_init.c(703): Configuring server certificate chain (1 CA certificate) You will not find that option SSL_VERIFY_FAIL_IF_NO_PEER_CERT thats openssl macro..I thought you had written your own server.. found this link http://httpd.apache.org/docs-2.0/mod/mod_ssl.html perhaps your already aware of this..but sorry no idea abt apache mod ssl :) Thanks Gayathri Hi. Hi, Thanks for the reply Have you imported the CA of the client cert on the server side? Yes, it's the itcilo-ca.crt, I put it in ssl.crt (self-signed) A verify depth of 1 has been set, which could mean that the client cert is self signed? Can you set it to some higher value and try? Yes, it's a self signed certificate, I tried with a higher values (5) without any success Also can you check whether the option SSL_VERIFY_FAIL_IF_NO_PEER_CERT? I searched for the string on my server but can not find it. In which should I find it? Can you retry the same thing from Mozilla or something. I tried with firefox with the same result is your server mod_ssl? Yes, apache 2 on suse includes it by default. I turned the loglevel to debug and attached the log file below, just in case There are a lot of Wed Jul 13 11:48:34 2005] [debug] ssl_engine_kernel.c(1793): OpenSSL: Handshake: start [Wed Jul 13 11:48:34 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: Loop: before/accept initialization [Wed Jul 13 11:48:34 2005] [debug] ssl_engine_io.c(1518): OpenSSL: I/O error, 11 bytes expected to read on BIO#836ffc8 [mem: 8377648] [Wed Jul 13 11:48:34 2005] [debug] ssl_engine_kernel.c(1830): OpenSSL: Exit: error in SSLv2/v3 read client hello A [Wed Jul 13 11:48:34 2005] [info] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] [Wed Jul 13 11:48:34 2005] [info] Connection to child 9 closed with abortive shutdown(server tomcat-ssl.itcilo.org:443, client ::1) [Wed Jul 13 11:48:34 2005] [info] Connection to child 9 established (server tomcat-ssl.itcilo.org:443, client ::1) [Wed Jul 13 11:48:34 2005] [info] Seeding PRNG with 136 bytes of entropy and then [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1793): OpenSSL: Handshake: start [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: Loop: before/accept initialization [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1507): OpenSSL: read 11/11 bytes from BIO#8372060 [mem: 83776d8] (BIO dump follows) [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1454): +-+ [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | : 80 67 01 03 00 00 4e 00-00 00 10 .gN | [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1485): +-+ [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1507): OpenSSL: read 94/94 bytes from BIO#8372060 [mem: 83776e3] (BIO dump follows) [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1454): +-+ [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | : 01 00 80 03 00 80 07 00-c0 06 00 40 02 00 80 04 [EMAIL PROTECTED] | [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | 0010: 00 80 00 00 39 00 00 38-00 00 35 00 00 33 00 00 9..8..5..3.. | [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | 0020: 32 00 00 04 00 00 05 00-00 2f 00 00 16 00 00 13 2/.. | [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | 0030: 00 fe ff 00 00 0a 00 00-15 00 00 12 00 fe fe 00 | [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | 0040: 00 09 00 00 64 00 00 62-00 00 03 00 00 06 69 13 d..b..i. | [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | 0050: 73 ff 86 72 4e 7d 52 4a-fe 9a b9 38 b9 1es..rN}RJ...8.. | [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1485): +-+ [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: Loop: SSLv3 read client hello A [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: Loop: SSLv3 write server hello A [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: Loop: SSLv3 write certificate A [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1185): handing out temporary 1024 bit DH key [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: Loop: SSLv3 write key exchange A [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: Loop: SSLv3 write certificate request A [Wed Jul 13 11:48:42 2005] [debug]
Re: Client authentication problem
Hey can you try setting verify depth to Zero and not pointing to any CA cert i.e SSLCACertificatePath pointing to null? Thanks --Gayathri Hi Again., This is what I found from the log file you sent..is this pointing to the same CA cert itcilo-ca.crt, I put it in ssl.crt ? debug] ssl_engine_init.c(1112): CA certificate: /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=ITCILO CA/[EMAIL PROTECTED] [Wed Jul 13 11:48:34 2005] [debug] ssl_engine_init.c(703): Configuring server certificate chain (1 CA certificate) You will not find that option SSL_VERIFY_FAIL_IF_NO_PEER_CERT thats openssl macro..I thought you had written your own server.. found this link http://httpd.apache.org/docs-2.0/mod/mod_ssl.html perhaps your already aware of this..but sorry no idea abt apache mod ssl :) Thanks Gayathri Hi. Hi, Thanks for the reply Have you imported the CA of the client cert on the server side? Yes, it's the itcilo-ca.crt, I put it in ssl.crt (self-signed) A verify depth of 1 has been set, which could mean that the client cert is self signed? Can you set it to some higher value and try? Yes, it's a self signed certificate, I tried with a higher values (5) without any success Also can you check whether the option SSL_VERIFY_FAIL_IF_NO_PEER_CERT? I searched for the string on my server but can not find it. In which should I find it? Can you retry the same thing from Mozilla or something. I tried with firefox with the same result is your server mod_ssl? Yes, apache 2 on suse includes it by default. I turned the loglevel to debug and attached the log file below, just in case There are a lot of Wed Jul 13 11:48:34 2005] [debug] ssl_engine_kernel.c(1793): OpenSSL: Handshake: start [Wed Jul 13 11:48:34 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: Loop: before/accept initialization [Wed Jul 13 11:48:34 2005] [debug] ssl_engine_io.c(1518): OpenSSL: I/O error, 11 bytes expected to read on BIO#836ffc8 [mem: 8377648] [Wed Jul 13 11:48:34 2005] [debug] ssl_engine_kernel.c(1830): OpenSSL: Exit: error in SSLv2/v3 read client hello A [Wed Jul 13 11:48:34 2005] [info] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] [Wed Jul 13 11:48:34 2005] [info] Connection to child 9 closed with abortive shutdown(server tomcat-ssl.itcilo.org:443, client ::1) [Wed Jul 13 11:48:34 2005] [info] Connection to child 9 established (server tomcat-ssl.itcilo.org:443, client ::1) [Wed Jul 13 11:48:34 2005] [info] Seeding PRNG with 136 bytes of entropy and then [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1793): OpenSSL: Handshake: start [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: Loop: before/accept initialization [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1507): OpenSSL: read 11/11 bytes from BIO#8372060 [mem: 83776d8] (BIO dump follows) [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1454): +-+ [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | : 80 67 01 03 00 00 4e 00-00 00 10 .gN | [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1485): +-+ [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1507): OpenSSL: read 94/94 bytes from BIO#8372060 [mem: 83776e3] (BIO dump follows) [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1454): +-+ [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | : 01 00 80 03 00 80 07 00-c0 06 00 40 02 00 80 04 [EMAIL PROTECTED] | [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | 0010: 00 80 00 00 39 00 00 38-00 00 35 00 00 33 00 00 9..8..5..3.. | [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | 0020: 32 00 00 04 00 00 05 00-00 2f 00 00 16 00 00 13 2/.. | [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | 0030: 00 fe ff 00 00 0a 00 00-15 00 00 12 00 fe fe 00 | [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | 0040: 00 09 00 00 64 00 00 62-00 00 03 00 00 06 69 13 d..b..i. | [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | 0050: 73 ff 86 72 4e 7d 52 4a-fe 9a b9 38 b9 1es..rN}RJ...8.. | [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1485): +-+ [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: Loop: SSLv3 read client hello A [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: Loop: SSLv3 write server hello A [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: Loop: SSLv3 write certificate A [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1185): handing out temporary 1024 bit DH key [Wed Jul 13 11:48:42 2005]
Re: Client authentication problem
Hi. Have you imported the CA of the client cert on the server side? A verify depth of 1 has been set, which could mean that the client cert is self signed? Can you set it to some higher value and try? Also can you check whether the option SSL_VERIFY_FAIL_IF_NO_PEER_CERT? It looks to me a definitive server side issue.. Can you retry the same thing from Mozilla or something. FYI: I implemented the exacy same thing recently and didnt see such problems..is your server mod_ssl? Thanks --Gayathri The above indicates that. Make sure client cert processing is done correctly on the server side. If it is a program failure, then you need to get the programmer to debug the program. Thank you for your answer. I'm not sure what you intend with program failure: the pages served by this virtual host are for the time being only static html pages. The only programs involed are apache, openssl and the browser I tried the following command found in the openssl faq openssl s_client -connect tomcat-ssl.itcilo.org:443 -state -debug and it finished with the following error: SSL_connect:SSLv3 write client key exchange A write to 080B07A0 [080BFFC0] (6 bytes = -1 (0x)) SSL_connect:error in SSLv3 write finished A SSL_connect:error in SSLv3 write finished A I've googled a little bit but didn't really find something that allowed me to solve my problem. host:~/CA # openssl s_client -connect myhost:443 -showcerts -CAfile /root/CA/itcilo-ca.crt CONNECTED(0003) depth=1 /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=ITCILO CA/[EMAIL PROTECTED] verify return:1 depth=0 /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=myhost/[EMAIL PROTECTED] verify return:1 17680:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1052:SSL alert number 40 17680:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226: I also tried passing to openssl s_client the client certificate and key, with also an error, as you can see below: dolphin:~/CA # openssl s_client -cert lams.crt -key lams.key -CAfile itcilo-ca.crt -ssl3 -showcerts -connect myhost:443 CONNECTED(0003) depth=1 /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=ITCILO CA/[EMAIL PROTECTED] verify return:1 depth=0 /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=myhost/[EMAIL PROTECTED] verify return:1 17910:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:529: I tried with ssl2 with same exit. I'm searching but really don't understand the problem. I also created again all the certificates with the same result. Any help would be appreciated as I'm pretty baffled Regards, Gaël __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Reducing size of the OpenSSL library
Original Message Subject: Re: Reducing size of the OpenSSL library From:Gayathri Sundar [EMAIL PROTECTED] Date:Fri, June 24, 2005 12:05 am To: [EMAIL PROTECTED] -- Hi. could you pls tell how the ssl performance is affected by including the Os flag? looks like quite a few of the optimizations are disabled here. thanks -Gayathri -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of J. Wren Hunt Sent: Thursday, June 23, 2005 11:47 PM To: openssl-users@openssl.org Subject: Re: Reducing size of the OpenSSL library On Thu, 23 Jun 2005 11:11:18 -0700 (PDT), Krishna M Singh [EMAIL PROTECTED] said: Hi All I was trying to reduce the size of the openSsl library due to memory constraints on our platform. I tried to remove three patented ciphers idea, rc5 and mdc2. Any ideas what more can be done to reduce the final size of the library?. If you're not already using this switch you might give it a try: -Os Optimize for size. -Os enables all -O2 optimizations that do not typically increase code size. It also performs further optimizations designed to reduce code size. -Os disables the following optimization flags: -falign-functions -falign-jumps -falign-loops -falign-labels -freorder-blocks -fprefetch-loop-arrays Wren __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: [Fwd: Re: Queries over OpenSSL programs]
Hi there, Can any body please tell me, where can I find the answers to these questions? Thanks -Rohan Original Message Subject: Re: Queries over OpenSSL programs From:Rohan Shrivastava [EMAIL PROTECTED] Date:Wed, June 8, 2005 8:03 am To: openssl-users@openssl.org -- Riaz, Thanks for the help, I am able to dump the packets using ssldump. Some of my queries are still unanswered. I am again pasting it here. [#]. If they are able to communicate in a secured session, then how come they completed SSL handshake without random number source(I think it is required at time of Handshake)? the default random file is in /dev/urandom in linux .. check the environvent variable rand and see where its pointing to. [#]. How can I authenticate Clients (any sample code will help me a lot) or what is function used for asking Client's certificate ? There is an option in SSL that can be set either in the SSL_CTX or in the SSLOBJECT depending on whether you need to enforce client auth always or based on certain requirement. If set in CTX it is always enforced. SSL_CTX_set_verify(pSSLCtx, SSL_VERIFY_PEER, client_cert_verify_callback); SSL_set_verify(pSSLCtx,SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, client_cert_verify_callback); this callback function will be executed when the client cert is sent to the server, once this option is set, SSL_accept will automatically prompt for a client cert. [#]. Is the loading CAs list, required at the server/client (as here I did not load) ,if required then how can I create such list as I am using this in local network? This is not mandatory, depends on what ctx/sslobj options you have set. you can use openssl tools to generate the same. [#]. Also can I place the code here? Thanks -Rohan use ssldump or tcpdump to view if the connection is being established in a secure manner On 6/7/05, Rohan Shrivastava [EMAIL PROTECTED] wrote: Hello, I am new to OpenSSL programming through C. This is my first program, so I am not sure whether I have achieved secure session between client and server or not, though they are able to communicate using SSL_write/read functions. This is how I did the things At server I loaded certificate private key after accepting TCP connection I accepted SSL session request. then started communicating with Client. At client I just used SSLv3_method() SSL_CTX_new() functions to get new ctx object. Here after setting up TCP connection I initiated SSL connection request, on success it communicates with server. I tired to load Random file with the following code, but could not get through, so I did without random source (for both client server). #defile RANDOM /dev/random if (!(RAND_load_file(RANDOM,1024*1024))) { printf(\n Error in loading random file); exit(0); } I generated Certificate Keys with the following commands openssl -genrsa 1024 -out key.pem openssl req -new -key key.pem -x509 -days 3650 -out server_crt.pem Now my queries are: [#]. How can I be sure that session is secure? [#]. If they are able to communicate in a secured session, then how come they completed SSL handshake without random number source (I think it is required at time of Handshake)? [#]. How can I authenticate Clients (any sample code will help me a lot) or what is function used for asking Client's certificate ? [#]. Is the loading CAs list, required at the server/client (as here I did not load) ,if required then how can I create such list as I am using this in local network? [#]. Also can I place the code here? Any help will be highly appreciated Thanks -Rohan __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Thank you, Best Regards Riaz Ur Rahaman __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: [Fwd: Re: Queries over OpenSSL programs]
Hi there, Can any body please tell me, where can I find the answers to these questions? Thanks -Rohan Original Message Subject: Re: Queries over OpenSSL programs From:Rohan Shrivastava [EMAIL PROTECTED] Date:Wed, June 8, 2005 8:03 am To: openssl-users@openssl.org -- Riaz, Thanks for the help, I am able to dump the packets using ssldump. Some of my queries are still unanswered. I am again pasting it here. [#]. If they are able to communicate in a secured session, then how come they completed SSL handshake without random number source(I think it is required at time of Handshake)? the default random file is in /dev/urandom in linux .. check the environvent variable rand and see where its pointing to. [#]. How can I authenticate Clients (any sample code will help me a lot) or what is function used for asking Client's certificate ? There is an option in SSL that can be set either in the SSL_CTX or in the SSLOBJECT depending on whether you need to enforce client auth always or based on certain requirement. If set in CTX it is always enforced. SSL_CTX_set_verify(pSSLCtx, SSL_VERIFY_PEER, client_cert_verify_callback); SSL_set_verify(pSSLCtx,SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, client_cert_verify_callback); this callback function will be executed when the client cert is sent to the server, once this option is set, SSL_accept will automatically prompt for a client cert. [#]. Is the loading CAs list, required at the server/client (as here I did not load) ,if required then how can I create such list as I am using this in local network? This is not mandatory, depends on what ctx/sslobj options you have set. you can use openssl tools to generate the same. [#]. Also can I place the code here? Thanks -Rohan use ssldump or tcpdump to view if the connection is being established in a secure manner On 6/7/05, Rohan Shrivastava [EMAIL PROTECTED] wrote: Hello, I am new to OpenSSL programming through C. This is my first program, so I am not sure whether I have achieved secure session between client and server or not, though they are able to communicate using SSL_write/read functions. This is how I did the things At server I loaded certificate private key after accepting TCP connection I accepted SSL session request. then started communicating with Client. At client I just used SSLv3_method() SSL_CTX_new() functions to get new ctx object. Here after setting up TCP connection I initiated SSL connection request, on success it communicates with server. I tired to load Random file with the following code, but could not get through, so I did without random source (for both client server). #defile RANDOM /dev/random if (!(RAND_load_file(RANDOM,1024*1024))) { printf(\n Error in loading random file); exit(0); } I generated Certificate Keys with the following commands openssl -genrsa 1024 -out key.pem openssl req -new -key key.pem -x509 -days 3650 -out server_crt.pem Now my queries are: [#]. How can I be sure that session is secure? [#]. If they are able to communicate in a secured session, then how come they completed SSL handshake without random number source (I think it is required at time of Handshake)? [#]. How can I authenticate Clients (any sample code will help me a lot) or what is function used for asking Client's certificate ? [#]. Is the loading CAs list, required at the server/client (as here I did not load) ,if required then how can I create such list as I am using this in local network? [#]. Also can I place the code here? Any help will be highly appreciated Thanks -Rohan __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Thank you, Best Regards Riaz Ur Rahaman __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
[Fwd: Need help on NonBlock SSL Renegotiation]
Original Message Subject: Need help on NonBlock SSL Renegotiation From:Gayathri Sundar [EMAIL PROTECTED] Date:Thu, June 9, 2005 1:39 am To: 'openssl-users@openssl.org' -- Hi., Could someone please tell me whats wrong here, I am trying to do SSL_Renegotiation on non blocking sockets and the response from client is there in the TCP recv q, what function should I call to read that? I really dont have any clue asto whats missing here. tcp 86 0 rh.intotoind.com:https 192.168.5.54:2098 ESTABLISHED T_INT32 IGW_SSL_Start_Rehandshake(SSL *pSSL) { SSL_renegotiate(pSSL); SSL_do_handshake(pSSL); if(pSSL-state != SSL_ST_OK) { return T_FALSE; } pSSL-state |= SSL_ST_ACCEPT; SSL_do_handshake(pSSL); if(pSSL-state != SSL_ST_OK) { return T_FALSE; } return T_TRUE; } Thanks --Gayathri __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
[Fwd: RE:I am having a hard time getting SSL_Accept to work with a non blocking socket]
Original Message Subject: RE:I am having a hard time getting SSL_Accept to work with a non blocking socket From:Gayathri Sundar [EMAIL PROTECTED] Date:Sun, June 5, 2005 11:33 pm To: openssl-users@openssl.org -- Hi, while (((rc = SSL_accept(ssl)) = 0) ((SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ) || (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_WRITE))) { /* as on wait application can do something else */ do_other_stuff(); } hope you have called SSLBio = BIO_new_socket(ulFd, BIO_NOCLOSE); * Sets the BIO associated with Socket FD to Non Blocking Mode */ BIO_socket_ioctl(ulFd,FIONBIO,Switch) SSL_set_bio(SSLObj,SSLBio,SSLBio) int ssl_accept() { /* Do the handshake */ iRetVal = SSL_accept(SSLObj); if(iRetVal == 1) { return 1; } else { iRetVal = SSL_get_error(SSLObj, iRetVal); switch(iRetVal) { case SSL_WANT_READ: case SSL_WANT_ACCEPT: /* This means that the SSL_accept is blocked and should be retried when the fd is available for reading. So, add to the poll table to look for READ event */ /* application should poll for READ */ return(SSL_WANT_READ); case SSL_WANT_WRITE: case SSL_WANT_CONNECT: /* This means that the SSL_accept is blocked and should be retried when the fd is available for writing. So, add to the poll table to look for WRITE event */ /* application should poll for WRITE */ return(SSL_WANT_WRITE); default: /* Abort the accept as its a permanent error */ return 0; } } } === Hi there, I am pulling my hair out trying to get SSL_accept to work with a non blocking socket. When I make a call to SSL_accept and then perform an SSL_get_error. I get the error SSL_ERROR_WANT_READ. At this point what should I do. Currently I am doing the following: while (((rc = SSL_accept(ssl)) = 0) ((SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ) || (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_WRITE))) {} but I never get out of this loop. I am also using select to obtain read events for this socket. In the case mentioned above do I need to check select for a read event prior to calling retrying SSL_accept. HELP MUCH APPRECIATED! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE:I am having a hard time getting SSL_Accept to work with a non blocking socket
Hi, while (((rc = SSL_accept(ssl)) = 0) ((SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ) || (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_WRITE))) { /* as on wait application can do something else */ do_other_stuff(); } hope you have called SSLBio = BIO_new_socket(ulFd, BIO_NOCLOSE); * Sets the BIO associated with Socket FD to Non Blocking Mode */ BIO_socket_ioctl(ulFd,FIONBIO,Switch) SSL_set_bio(SSLObj,SSLBio,SSLBio) int ssl_accept() { /* Do the handshake */ iRetVal = SSL_accept(SSLObj); if(iRetVal == 1) { return 1; } else { iRetVal = SSL_get_error(SSLObj, iRetVal); switch(iRetVal) { case SSL_WANT_READ: case SSL_WANT_ACCEPT: /* This means that the SSL_accept is blocked and should be retried when the fd is available for reading. So, add to the poll table to look for READ event */ /* application should poll for READ */ return(SSL_WANT_READ); case SSL_WANT_WRITE: case SSL_WANT_CONNECT: /* This means that the SSL_accept is blocked and should be retried when the fd is available for writing. So, add to the poll table to look for WRITE event */ /* application should poll for WRITE */ return(SSL_WANT_WRITE); default: /* Abort the accept as its a permanent error */ return 0; } } } === Hi there, I am pulling my hair out trying to get SSL_accept to work with a non blocking socket. When I make a call to SSL_accept and then perform an SSL_get_error. I get the error SSL_ERROR_WANT_READ. At this point what should I do. Currently I am doing the following: while (((rc = SSL_accept(ssl)) = 0) ((SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ) || (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_WRITE))) {} but I never get out of this loop. I am also using select to obtain read events for this socket. In the case mentioned above do I need to check select for a read event prior to calling retrying SSL_accept. HELP MUCH APPRECIATED! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]