ERR_get_error() returns 0
Hi Guys, I came across a case where ERR_get_erro() returns 0 whereas I expect it to return some valid error code. The case is when an invalid certificate file is passed to SSL_CTX_load_verify_locations(). You may want to refer to the following url: http://rt.openssl.org/Ticket/Display.html?id=1670user=guestpass=guest So now I have two questions: 1) Has this behavior been fixed in the latest openssl library? 2) Are there any other scenarios where you would expect ERR_get_error() to return an error code, and it would not. Looking forward to any additional information about the same. Thanks a lot, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.
Re: SSL3_accept makes Server stuck
Looks like the server doesn't even get the Client hello message. Did you check the state of your client. Is it stuck in SSL_connect (it should be, I believe)? where is it stuck ? use s_client / s_server applications (comes with openssl.), if possible to figure out the issue. You may wish to use strace or like to figure out what calls your client/server make. This may hint towards the problem. Let us know what you get, and we might be able to help you further. ~ Urjit - Original Message - From: Jinsong Du [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, August 01, 2008 4:07 AM Subject: SSL3_accept makes Server stuck (I sent the following post through Google Group, but it seems not appear on the maillist) Hi all, I have a simple server using blocked socket and OpenSSL, its only function is for user registering an account. When an user connect to this server, it spawns a child process to handle the request. I found sometime child processes got stuck. I checked these malfunctioned process with gdb, and got the following output: (gdb) bt #0 0x2b80dffd7352 in read () from /lib/libc.so.6 #1 0x2b80de4160a1 in BIO_new_socket () from /usr/lib/libcrypto.so.0.9.8 #2 0x2b80de41449f in BIO_read () from /usr/lib/libcrypto.so.0.9.8 #3 0x2b80de23d57d in ssl3_read_n () from /usr/lib/libssl.so.0.9.8 #4 0x2b80de23dabd in ssl3_read_bytes () from /usr/lib/libssl.so.0.9.8 #5 0x2b80de23e795 in ssl3_get_message () from /usr/lib/libssl.so.0.9.8 #6 0x2b80de2340aa in ssl3_check_client_hello () from /usr/lib/libssl.so.0.9.8 #7 0x2b80de236855 in ssl3_accept () from /usr/lib/libssl.so.0.9.8 #8 0x00437945 in main () seems like during the function call of ssl3_accept(), server waits for hand-shaking packet from user machine, but never get it. Or maybe the user machine was cut off from Internet accidentally, so server never got any hint, still wait for input. The socket is blocked one. Anyone has any idea about this situation? Thanks in advance. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Encryption/Decryption
These functions do perform the encryption / decryption along with some other functionality. So you don't have to encrypt the message before you pass the buffer to SSL_write, or decrypt the data in the buffer you use with SSL_read. - Original Message - From: AlokBhatnagar To: openssl-users@openssl.org Sent: Friday, June 20, 2008 4:23 PM Subject: Encryption/Decryption Hi, Do SSL_Write() and SSL_Read() functions perform the encryption and decryption respectively or we need to do it before calling these functions? Regards Alok Bhatnagar Subscribe to MicroWorld's free security newsletter @ http://www.mwti.net/support/newsletter_subscribe.asp DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.
SSL performance hit + buffer sizes
Hello everyone, I would like to know your view on Would the performance impact for transmitting 'X' bytes of unencrypted data over SSLized channel be almost same irrespective of the number of SSL_* calls ? Consider I am using a buffer of size 'buf_size' for SSL_read/write (SSL_read(ssl_obj,buf,buf_size) ): If buf_size 'X' I would require more number of SSL_reads/writes. If buf_size 'X' a single SSL_read/write should suffice. So would the performance hit for end to end transmission of this 'X' bytes of data be the same in the cases mentioned above? I am assuming ideal network (no network latency etc) and 'X' is not big enough to fill kernel buffers on either side. ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.
Re: How can I create libeay32.dll and ssleay32.dll with visual stadio 2005?
You can either build these from the source, or get the binaries. If you prefer to build from the source, download the source from http://www.openssl.org/source and read INSTALL.W32 If you prefer to get the precompiled libraries, you can get them from http://www.openssl.org/related/binaries.html HTH ~ Urjit - Original Message - From: learning openssl To: openssl-users@openssl.org Sent: Tuesday, March 04, 2008 1:59 AM Subject: How can I create libeay32.dll and ssleay32.dll with visual stadio 2005? Hello, I hope to create libeay32.dll and ssleay32.dll with visual stadio 2005. But I don't know how to do it. Please help me! -- Express yourself instantly with MSN Messenger! MSN Messenger DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.
Taking care of missing random number generator
Hello, I had sent this mail to the list some time back, and didnt hear back. So I am not sure if it even reached the group. Here is the second attempt. Any help/suggestion is highly appricited. ~ Urjit I observed that on few platforms, the random device is missing. Due to this, the SSL_connect fails. I would have to use -rand option of s_client for successful connection. On such platforms, even my client application fails due to the missing random number generator device. For eg. On my solaris box, my client fails and truss gives the following output: = 0.0999 open(/dev/urandom, O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT 0.1003 open(/dev/random, O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT 0.1007 open(/dev/srandom, O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT 0.1013 so_socket(1, 2, 0, , 1) = 5 0.1018 connect(5, 0xFFBEE3F8, 19, 1) Err#2 ENOENT 0.1021 close(5)= 0 0.1025 so_socket(1, 2, 0, , 1) = 5 0.1029 connect(5, 0xFFBEE3F8, 15, 1) Err#2 ENOENT 0.1032 close(5)= 0 0.1035 so_socket(1, 2, 0, , 1) = 5 0.1039 connect(5, 0xFFBEE3F8, 15, 1) Err#2 ENOENT 0.1041 close(5)= 0 0.1046 so_socket(1, 2, 0, , 1) = 5 0.1050 connect(5, 0xFFBEE3F8, 14, 1) Err#2 ENOENT = And then the SSL_connect fails with SSL_ERROR_SYSCALL and errno set to 2. In such cases, I had thought of using RAND_write_file() followed by RAND_load_file() just after loading required libraries (SSL_load_error_strings, SSL_library_init). Do you think this is sensible approach? If not, could you suggest ways to deal with situations when the random device is missing? If yes, I have another question. How to detect, programatically if the random device is missing? The RAND_write_file() and RAND_load_file() should be used only if the random device is missing, right? Any help in understanding this is highly appriciated. Thank you, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.
Handling missing random number generator
Hello, I observed that on few platforms, the random device is missing. Due to this, the SSL_connect fails. I would have to use -rand option of s_client for successful connection. On such platforms, even my client application fails due to the missing random number generator device. For eg. On my solaris box, my client fails and truss gives the following output: = 0.0999 open(/dev/urandom, O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT 0.1003 open(/dev/random, O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT 0.1007 open(/dev/srandom, O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT 0.1013 so_socket(1, 2, 0, , 1) = 5 0.1018 connect(5, 0xFFBEE3F8, 19, 1) Err#2 ENOENT 0.1021 close(5)= 0 0.1025 so_socket(1, 2, 0, , 1) = 5 0.1029 connect(5, 0xFFBEE3F8, 15, 1) Err#2 ENOENT 0.1032 close(5)= 0 0.1035 so_socket(1, 2, 0, , 1) = 5 0.1039 connect(5, 0xFFBEE3F8, 15, 1) Err#2 ENOENT 0.1041 close(5)= 0 0.1046 so_socket(1, 2, 0, , 1) = 5 0.1050 connect(5, 0xFFBEE3F8, 14, 1) Err#2 ENOENT = And then the SSL_connect fails with SSL_ERROR_SYSCALL and errno set to 2. In such cases, I had thought of using RAND_write_file() followed by RAND_load_file() just after loading required libraries (SSL_load_error_strings, SSL_library_init). Do you think this is sensible approach? If not, could you suggest ways to deal with situations when the random device is missing? If yes, I have another question. How to detect, programatically if the random device is missing? The RAND_write_file() and RAND_load_file() should be used only if the random device is missing, right? Any help in understanding this is highly appriciated. Thank you, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.
Problem in handling SSL_connect failures
Hello everyone, I have a client that attempts to open a secured session with the server. After calling SSL_connect(), on failure, the client would free the SSL object, and read the response on normal tcp socket. On the other hand, the server calls SSL_accept(), and on failure, would free the SSL object, and return the error message to the client on normal tcp socket. But what I see is, the client receives some 9 bytes of data after SSL_connect fails. This data seems to be SSL control data, as it reaches the client even before the server actually sends out the error message. The 9 bytes are (16 03 00 00 04 0e 00 00 00). The client is on Windows and the server is on Linux. The server is performing SSL_accept on non-blocking socket. The SSL connection failure is due to server certificate verification failure. Here is the code snippet from the client code that is in trouble, and receives these 9 bytes. the value returned in beresp is the first byte of these 9. Am I missing something while handling SSL_connect failures? === if ( SSL_connect(sock-ssl) != 1 ) { printf(\t%s', ERR_reason_error_string(ERR_get_error())); SSL_free(sock-ssl); ssl = NULL; } else secured = 1; } beresp = get_char(sock); === Please let me know if I can provide any more information that might be of help to understand the scenario Thanks, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.
Re: Problem in handling SSL_connect failures
To begin with, when the client calls SSL_connect(), it is guaranteed that the server is waiting / looping in SSL_accept(). So I believe there is no chance that SSL_connect() will read any plaintext data. In my scenario, the ERR_reason_error_string(ERR_get_error()) tells me that there was a problem in server certificate verification. Also on the server side, SSL_accept reports 'SSL alert number 42'. In this case the SSL_connect() failed because it knew what was wrong, not because it didn't understand what the server had sent. Now as this failure is a result of SSL handshake, and as the reason of the failure is knows to the client, SSL_connect should have clean all the data sent by the server as part of SSL handshake. The tcp channel should have been cleaned before SSL_connect() returned. Now when the SSL_connect() fails (and it would imply that corresponding SSL_accept would have also failed), the client knows that the server is going to send the error message back to the client in plain text. So the client reads next packet in plain text. Allow me to explain what I see on the client-server communication (The server is using non blocking sockets) The first call of SSL_accept() return WANT_READ The client initiates SSL_connect() As we detect readability, we call SSL_accept(), which now return WANT_WRITE (I guess this is the data that reached me after SSL_connect returned). By this time, the client SSL_connect() has already returned with -1. The client assumes that the next data that would come would be plain text error message sent by the server. And this is where it fails. I will be glad if you could give me a sample code snippet that will show how one can handle SSL_connect / SSL_accept failures correctly and gracefully. Thank you for all the help. ~ Urjit - Original Message - From: David Schwartz [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, December 14, 2007 7:48 PM Subject: RE: Problem in handling SSL_connect failures I have a client that attempts to open a secured session with the server. After calling SSL_connect(), on failure, the client would free the SSL object, and read the response on normal tcp socket. On the other hand, the server calls SSL_accept(), and on failure, would free the SSL object, and return the error message to the client on normal tcp socket. But what I see is, the client receives some 9 bytes of data after SSL_connect fails. This data seems to be SSL control data, as it reaches the client even before the server actually sends out the error message. The 9 bytes are (16 03 00 00 04 0e 00 00 00). How could you ensure that both the server and the client fail at precisely the same point? That would seem to be nearly impossible. Here is the code snippet from the client code that is in trouble, and receives these 9 bytes. the value returned in beresp is the first byte of these 9. Am I missing something while handling SSL_connect failures? === if ( SSL_connect(sock-ssl) != 1 ) { printf(\t%s', ERR_reason_error_string(ERR_get_error())); SSL_free(sock-ssl); ssl = NULL; } else secured = 1; } beresp = get_char(sock); This is complete nonsense. Since SSL_connect returned an error, that means it read something it didn't like. Since it didn't understand what the other side sent, how can it ensure it read all of it? Please let me know if I can provide any more information that might be of help to understand the scenario The scenario seems to require the impossible in several regards. First, SSL_connect must somehow be careful not to read the plaintext failure message. But how can it do this? Second, SSL_connect must be sure to read all the non-plaintext when it fails to understand what's going on. But how can it do this? Your scheme doesn't seem to make any sense at all. You can't ensure a failure will be perfect. You can probably make this work 99% of the time with extreme ugliness if it's an absolute requirement. Have the server send the message, sleep a second or two, send it again, and so on. Use unique byte codes to mark the beginning and the end of the message. The client must carefully scan the stream paying attention only to the data in-between the start and end markers. This should ensure the other end fails eventually, and when it does, it won't matter if there's leftover SSL stuff or some of the message was eaten. Eventually, it will find the beginning and end of the error message. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is
Re: libssl and libcrypto
However, when I want to link openssl from my application, linker cannot resolve the functions that are archived into libcrypto, and as I could see from the make command line outputs libcrypto is not archived into libssl. Is it possible to combine libcrypto into libssl? Or is it worth to force my application to link libcrypto besides libssl? In addition, why libcrypto is a generated to be a seperate library in openssl software packet? Thanks in advice... I am linking libssl and libcrypto statically with my applications. As you said, libcrypto is not archieved in libssl, one has to link both the archieves saperately. Do you see any problem in linking libcrypto with you application? How would it be different than having libcrypto archieved in libssl? As Dan suggested, you need to link both the archieves with your application. use -lcrypto -lssl (and possibly -ldl). I believe libcrypto is restricted to the crypto algorithms, whereas libssl gives you ssl implementation. If one need only the crypto algorithms, one can link libcrypto only with the application. This seems to be the reason behind having two seperate libraries. DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to get useful error messages?
No response yet :-( Please let me know if you guys need any more information in order to help me understand what is going wrong here. ERR_reason_error_string() and ERR_get_error() do not give me anything back. - Original Message - From: Urjit Gokhale To: Urjit Gokhale ; openssl-users@openssl.org Sent: Wednesday, October 03, 2007 8:27 PM Subject: Re: How to get useful error messages? Hello everyone, I modified my code to add the following two lines after initializing the ssl library with SSL_library_init(): --- RAND_write_file(prngseed.dat); RAND_load_file(prngseed.dat, -1); --- And this solved the problem on HPUX. Now I am facing the same connectivity problem on AIX box. Note that the above two lines are still there. strace on the AIX box doesn't give any output at all. I have no clue why the SSL_connect is failing. It will be great if anyone could suggest a way to figure out what is going wrong here. ~ Urjit - Original Message - From: Urjit Gokhale To: openssl-users@openssl.org Sent: Monday, September 24, 2007 1:48 PM Subject: How to get useful error messages? Hi, I am running an application on HPUX 11i. The application fails in SSL_connect(). I tried to print the error message with the following code snippet: == ret = SSL_connect(ssl) if (ret != 1) { char *m_file, *m_data; int m_line = 0 , m_flags = 0; printf(error code is %d,SSL_get_error(conn-sock-ssl, ret)); printf(errno is %d,errno); ERR_peek_error_line_data((const char**)(m_file), m_line, (const char**)(m_data), m_flags); printf(filename: %s\tline :%d\ndata: %s\nflags: %d,m_file,m_line,m_data,m_flags); printf(%s\n,ERR_reason_error_string(ERR_peek_error())); } == The error code is 5 (SSL_ERROR_SYSCALL) and errno is 2 (ENOENT). But the function ERR_peek_error_line_data() fails, and I dont get any filename / line number etc. I used tusc on HPUX to trace the calls, and found that SSL_connect fails to find a random number generator and hence errno is 2. Here is the relevent part of the trace generated by tusc: == open(/tmp/cacert.pem, O_RDONLY|O_LARGEFILE, 0666) ... = 5 ioctl(5, TCGETA, 0x7a005278) .. ERR#25 ENOTTY read(5, - - - - - B E G I N C E R T I .., 8192) ... = 1184 read(5, 0x4002a2c0, 8192) . = 0 getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) close(5) .. = 0 send(4, \0\0\006\0\f, 6, 0) . = 6 time(NULL) = 1190620890 getpid() .. = 21419 (21418) time(NULL) = 1190620890 time(NULL) = 1190620890 getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) open(/dev/urandom, O_RDONLY|O_NONBLOCK|O_NOCTTY, 0) . ERR#2 ENOENT open(/dev/random, O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460) . ERR#2 ENOENT open(/dev/srandom, O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460) ERR#2 ENOENT socket(AF_UNIX, SOCK_STREAM, 0
Re: How to get useful error messages?
Hello everyone, I modified my code to add the following two lines after initializing the ssl library with SSL_library_init(): --- RAND_write_file(prngseed.dat); RAND_load_file(prngseed.dat, -1); --- And this solved the problem on HPUX. Now I am facing the same connectivity problem on AIX box. Note that the above two lines are still there. strace on the AIX box doesn't give any output at all. I have no clue why the SSL_connect is failing. It will be great if anyone could suggest a way to figure out what is going wrong here. ~ Urjit - Original Message - From: Urjit Gokhale To: openssl-users@openssl.org Sent: Monday, September 24, 2007 1:48 PM Subject: How to get useful error messages? Hi, I am running an application on HPUX 11i. The application fails in SSL_connect(). I tried to print the error message with the following code snippet: == ret = SSL_connect(ssl) if (ret != 1) { char *m_file, *m_data; int m_line = 0 , m_flags = 0; printf(error code is %d,SSL_get_error(conn-sock-ssl, ret)); printf(errno is %d,errno); ERR_peek_error_line_data((const char**)(m_file), m_line, (const char**)(m_data), m_flags); printf(filename: %s\tline :%d\ndata: %s\nflags: %d,m_file,m_line,m_data,m_flags); printf(%s\n,ERR_reason_error_string(ERR_peek_error())); } == The error code is 5 (SSL_ERROR_SYSCALL) and errno is 2 (ENOENT). But the function ERR_peek_error_line_data() fails, and I dont get any filename / line number etc. I used tusc on HPUX to trace the calls, and found that SSL_connect fails to find a random number generator and hence errno is 2. Here is the relevent part of the trace generated by tusc: == open(/tmp/cacert.pem, O_RDONLY|O_LARGEFILE, 0666) ... = 5 ioctl(5, TCGETA, 0x7a005278) .. ERR#25 ENOTTY read(5, - - - - - B E G I N C E R T I .., 8192) ... = 1184 read(5, 0x4002a2c0, 8192) . = 0 getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) close(5) .. = 0 send(4, \0\0\006\0\f, 6, 0) . = 6 time(NULL) = 1190620890 getpid() .. = 21419 (21418) time(NULL) = 1190620890 time(NULL) = 1190620890 getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) open(/dev/urandom, O_RDONLY|O_NONBLOCK|O_NOCTTY, 0) . ERR#2 ENOENT open(/dev/random, O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460) . ERR#2 ENOENT open(/dev/srandom, O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460) ERR#2 ENOENT socket(AF_UNIX, SOCK_STREAM, 0) ... = 5 connect(5, 0x7a004750, 19) ERR#2 ENOENT close(5) .. = 0 socket(AF_UNIX, SOCK_STREAM, 0) ... = 5 connect(5, 0x7a004750, 15) ERR#2 ENOENT close(5
Re: Safe signed certificate generation during server installation ?
considered as proposition to discussion. Real, secure programming should be based on existing, well checked protocols (which is possible in this case). The OP was going to embed his CA's private key in his installer. The OP was not thinking clearly about key management. My first response to the OP outlined what needs to be done for key-management (a human assisted enrollment process). Thank you all for all the responses and the discussion. I learn from this discussion, that for a complete secured system, I need to consider the key management in better fashion. I will definitely think over it. But for now, I would like you guys to comment if the scheme of allowing the admin to create certificate through installer work ? I am assuming that the admin will guard the installer (and hence the cert generation capability) well, so that no one else gets to create a CA signed cert. Isn't this as if the installer itself is working as a CA tool, and the admin is acting as a local CA, issuing / creating certificates for the servers to use? I believe the MITM can be avoided with this, in the following way: The admin knows the name of the machine where he is installing the server. He will put this information in the certificate. The client will indeed verify this name as part of cert verification. We assume that acting as a local CA, the admin will not use installer to create incorrect certificates. BTW. I would like to know more about the finished messages David was talking about. Could someone point me to the documentation / article on this? Thank you once again. ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
How to get useful error messages?
Hi, I am running an application on HPUX 11i. The application fails in SSL_connect(). I tried to print the error message with the following code snippet: == ret = SSL_connect(ssl) if (ret != 1) { char *m_file, *m_data; int m_line = 0 , m_flags = 0; printf(error code is %d,SSL_get_error(conn-sock-ssl, ret)); printf(errno is %d,errno); ERR_peek_error_line_data((const char**)(m_file), m_line, (const char**)(m_data), m_flags); printf(filename: %s\tline :%d\ndata: %s\nflags: %d,m_file,m_line,m_data,m_flags); printf(%s\n,ERR_reason_error_string(ERR_peek_error())); } == The error code is 5 (SSL_ERROR_SYSCALL) and errno is 2 (ENOENT). But the function ERR_peek_error_line_data() fails, and I dont get any filename / line number etc. I used tusc on HPUX to trace the calls, and found that SSL_connect fails to find a random number generator and hence errno is 2. Here is the relevent part of the trace generated by tusc: == open(/tmp/cacert.pem, O_RDONLY|O_LARGEFILE, 0666) ... = 5 ioctl(5, TCGETA, 0x7a005278) .. ERR#25 ENOTTY read(5, - - - - - B E G I N C E R T I .., 8192) ... = 1184 read(5, 0x4002a2c0, 8192) . = 0 getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) close(5) .. = 0 send(4, \0\0\006\0\f, 6, 0) . = 6 time(NULL) = 1190620890 getpid() .. = 21419 (21418) time(NULL) = 1190620890 time(NULL) = 1190620890 getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) getpid() .. = 21419 (21418) open(/dev/urandom, O_RDONLY|O_NONBLOCK|O_NOCTTY, 0) . ERR#2 ENOENT open(/dev/random, O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460) . ERR#2 ENOENT open(/dev/srandom, O_RDONLY|O_NONBLOCK|O_NOCTTY, 040460) ERR#2 ENOENT socket(AF_UNIX, SOCK_STREAM, 0) ... = 5 connect(5, 0x7a004750, 19) ERR#2 ENOENT close(5) .. = 0 socket(AF_UNIX, SOCK_STREAM, 0) ... = 5 connect(5, 0x7a004750, 15) ERR#2 ENOENT close(5) .. = 0 == So, is there a way to get this erro printed as part of error handling in the code? NOTE: I noticed that s_client throws an error warning, not much extra random data, consider using the -rand option. But that is done as part of explicit erro handling for app_RAND_load_file() and RAND_status() calls. Can I get the error as part of error reporting mechanism in openssl, when any SSL_* call fails? Also, which function should I use to make sure random number generator is working properly. I want this to be portable, as the application will run on many platforms including Windows. Thanks, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential
Re: Safe signed certificate generation during server installation ?
Thank you very much David for your response. I doubt if self signed certificate will be a good idea, as against a signed certificate. With the approach I am proposing, the server installer itself works like a CA. Only an authorized person will have access to this installer (say admin) and can generate a signed certificate. I don't know if you're familiar with how real CAs operate, but trust me, restricting access to your installer won't provide anywhere near the security that real CAs do. Here is my understanding about a real CA. A real CA would be an agency or like, which would have the infrastructure required to sign certificate requests (say openssl toolkit, its own key pair, its own root certificate etc). In addition to this, it would have capabilities / mechanism to verify the information provided by the requester (subject) in the certificate request. Once the CA verifies that the information provided in the certificate request is correct, it would sign the request, and provide the signed certificate to the requester (subject). If I am missing anything that is important to know, I will be really happy to learn about it. Now what happens if someone changes the key and the certificate in the server? If I am using a self signed certificate, this change will not be detected. Perhaps you misunderstand what I'm proposing. If you use a self-signed certificate, the change will be detected because the certificate will now be different. I'm suggesting the client use the public key itself as the server's identity. Hmm ... So are you suggesting that my clients would store the certificate produced by the server, the first time they connect to the server, and thereafter each time they connect to the server, they check if the certificate has changed? As I understand, a self signed certificate can be verified using the public key present in the certificate iteself. So how can my client detect the change in the certificate unless they store the public key (or the certificate itself) the first time they connect to the server, and then for every successive connection attempt, check the certificate presented with this stored public key / certificate ? Am I still missing something? If I am using a CA signed certificate (which only the admin can do through the installer), any such change / modification to the server certificate will be detected as the modified certificate will not be validated at the client side (as it will not be signed). The problem is that anyone who has access to your installer can impersonate any server. Absolutely true. Whether or not this is acceptable depends upon a few factors. I would submit that if your client is a traditional program like IE or Firefox and your target network is the Internet, this is absolutely unacceptable. If your client is custom software and/or your target network is private, this might be reasonable. Right. Now, my clients are custom software and the target (as of now) is a private network. This is the reason, why I plan to use a CA signed cert instead of self signed cert at the server. What's your client software? Is it a browser or custom software? Nops. It is a custome software. If a browser, and you're expecting the client to add your CA as a trusted root, you are compelling your users to trust an awful lot to anyone who might get access to your installer, accidentally or intentionally. A leak of your installer would mean a serious security compromise to all your users. That is right. So, my server / client are custom s/w and the target network is a private network. Please bear with me as I put down the purpose behind this whole thinking, once again. 1. I will be giving my server + clients to my customers. 2. These servers will need to have their own distinct certificates. 3. As part of shipping my s/w (server + client) to the customers, I burn them on a CD and ship them. 4. If I have to generate a unique certificate for every server, myself, I would have to burn so many different CDs. In addition to that, I will have to maintain almost a complete CA system. 5. This is doable, when the number of customers is small, say 5 - 10. But I doubt how well this would scale with the increasing number of customers. So, I was thinking that embedding certificate generation capability in my installer will be good, as it can scale well. An admin at customer C1 would have complete access to the server (h/w + s/w). As it is , it would be this admin who would have prepared the cert request, if I would be issuing signed certificate. So why not allow him to create a certificate for himself ? Now the question was, how can I embed the root CA cert + associated private key in the installer, such that it can not be retrieved easily? Has anyone ever done anything like this before? Does anyone have any better approach to suggest? Thank you very much for your help. ~ Urjit DISCLAIMER == This e-mail may contain
Re: Safe signed certificate generation during server installation ?
For now, my purpose is not to establish and identity of a server with the certificate. I plan to use a signed certificate, so that the client can be sure that the server indeed holds the private key associated with the public key provided by the server in its certificate. You have a non-standard security model. The standard SSL security model has the CA sign the certificate to verify that the *name* in the certificate belongs to the key in the certificate. It is almost always a mistake to try to get commodity software to enforce a non-standard security model. That is, you can't expect programs like firefox and IE to connect to SSL servers using certificates generated with a non-standard security model and get any kind of sane behavior. It sounds like you don't need a certificate at all. You just need the server to be able to prove that it own a particular private key. Presumably this is for server persistence (so I can tell I'm talking to the same server I was last time). So I think the servers should be using self-signed certificates and the clients should be configured to accept self-signed certificates (since they don't care about being able to verifyt the common name). There is no point in having a CA at all, as I understand your problem. The only point in embedding the CA in the installer and configured the clients to trust the CA would be to all the clients to trust the common name in the certificate. But clearly the clients *can't* trust the common name in the certificate. So it seems like you're trying to solve a problem that's actually a design property of your security model. I doubt if self signed certificate will be a good idea, as against a signed certificate. With the approach I am proposing, the server installer itself works like a CA. Only an authorized person will have access to this installer (say admin) and can generate a signed certificate. Now what happens if someone changes the key and the certificate in the server? If I am using a self signed certificate, this change will not be detected. If I am using a CA signed certificate (which only the admin can do through the installer), any such change / modification to the server certificate will be detected as the modified certificate will not be validated at the client side (as it will not be signed). This is the reason, why I plan to use a CA signed cert instead of self signed cert at the server. Also, I do plan to user server certificates (and client certificate also) for proving the identity, but not in this phase. DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Safe signed certificate generation during server installation ?
Thank you very much for your response , David and Victor. I really appreciate it. So could someone guide me with the best practices used in such scenarios? Is there a way to securely embed the private key in the installers / CA certificate? I guess I'm confused. What purpose would a certificate serve if anyone can generate one that serves any purpose? If I can generate a certificate that says I'm the pope just by entering that into your installer, then a certificate that says I'm the pope doesn't prove I'm the pope. For now, my purpose is not to establish and identity of a server with the certificate. I plan to use a signed certificate, so that the client can be sure that the server indeed holds the private key associated with the public key provided by the server in its certificate. So what's the point of the entire exercise?! For the requirement of certificate generation on the fly (during installation) following is the scenario: A] I have a client - server application that I would be shipping to different customers. The admin at every customer will install the client and server software on different machines. For the SSL to work, the client software would require a root CA cert, and the server software would require its certificate + key. (NOTE: Only the clients in a particular customer's network will be able to access the server in that particular customer's n/w.) B] I plan to provide the required root cert + server cert to the customer to kick start the applications in the customer environment. I have a CA established at my end. The root CA cert of this CA will be used to generate server certificates (NOTE: I will not be using a CA chain. There will be only one certificate issuing authority) C] Now from the point of view of 'ease of deployment', I would like to burn the same image of my server/client software on say 10 CDs and ship them to 10 customers. But, every customer will need to have a distinct server certificate for his server installation. ( Also, it is possible that a customer may wish to run two servers on two machines in the same network. So he will need two different server certificates.) So, if I have to provide the certificates to the customer as part of my product, I would have to generate 10 distinct certificate, and one certificate to one CD. So basically I will be writing 10 distinct CD images for 10 customers. Also, I would be generating the certificates for these customers based on the information that 'they' provide to me. So considering the points above, I thought of providing the certificate generation capability as part of my installation itself. This way, I will have to burn the same image on all the 10 CDs. Also, my customers will be saved from sending me the information required to generate a certificate for them. Instead, they themselves (The admin who installs the server) can provide this information as part of installation and the certificate will be generated behind the scenes. Victor, Typically this means that the administrator has some way to authenticate to a credential enrollment system (kadmind, X.509 cert enrollment website, ...) and can interact with the system to generate the cert for the newly built host I am sorry but I am not sure I followed what you said about Could you please explain this, may be with an example scenario / real life scenario? I will highly appreciate any comments / suggestions / help tackling this scenario. Thank you. ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Safe signed certificate generation during server installation ?
Hello everyone, I have a server application that will use Openssl to communicate with its clients over SSL secured channel. This server requires a unique signed server certificate. I plan to use my personal CA to issue these server certificates. Now for the ease of deployment, I plan to create server certificates as part of server installation procedure. For this, I plan to embed the openssl utility in my server installer. The user will be prompted for some information like C/ST/OU/CN etc. and a certificate request will be generated using the embedded openssl application. With this, every server will have its own certificate request. Now in order to get these requests signed by the CA, I can either: 1. Ask the user to send the request to me, and I will send back the signed certificate 2. Embed my CA certificate in the installer, and sign the certificate request then and there as it is generated. I am more inclined towards the second option as it saves the user and myself from exchanging the cert request / signed certificates. But I feel that this will be more risky, as in order to sign the certificate, I will have to make my CA private key available in the installer (Is this correct understanding?). So could someone guide me with the best practices used in such scenarios? Is there a way to securely embed the private key in the installers / CA certificate? Thanks, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
Re: Openssl 0.9.8e build fails on HP Itanium
Can I get some more help on this please? Could someone tell me if I am doing something wrong while building openssl? Is this a known issue with openssl + HP itanium 64 bit build ? Thanks, ~ Urjit - Original Message - From: Grzegorz Rusin [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Monday, September 10, 2007 2:37 PM Subject: Re: Openssl 0.9.8e build fails on HP Itanium On 9/10/07, Urjit Gokhale [EMAIL PROTECTED] wrote: ld: Duplicate symbol __divxf3 in files /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divxf3.oS] and /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divxf3.oS] It looks like one object file is being passed two times to the linker. -- Pozdrawiam. Grzegorz Rusin, skype: mr.pks __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Openssl 0.9.8e build fails on HP Itanium
Thanks for your reply. I would like to know if this is a known issue with HP itanium build (shared lib mode) ? Does anyone know how to get rid of this problem? Is it some setting on my HP itanium box, or do I need to change something in the openssl source? Thanks, ~ Urjit - Original Message - From: Grzegorz Rusin [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Monday, September 10, 2007 2:37 PM Subject: Re: Openssl 0.9.8e build fails on HP Itanium On 9/10/07, Urjit Gokhale [EMAIL PROTECTED] wrote: ld: Duplicate symbol __divxf3 in files /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divxf3.oS] and /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divxf3.oS] It looks like one object file is being passed two times to the linker. -- Pozdrawiam. Grzegorz Rusin, skype: mr.pks __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Openssl 0.9.8e build fails on HP Itanium
Hello all, I had sent this mail on openssl-dev, and havent heard back yet. Thought of asking it here. Apologies if there are unnecessary details, but I felt like providing as much information as possible. I am building openssl0.9.8e on HP Itanium system. --- bash-2.05b$ uname -a HP-UX ia64-bld B.11.23 U ia64 3226910008 unlimited-user license bash-2.05b$ gcc -v Reading specs from /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/specs Configured with: /scratch/zack/pkgbuild/3.3.1/hpux-11/gcc-3.4.3/configure --enable-languages=c,c++ --enable-threads=posix --with-gnu-as --without-gnu-ld --with-as=/usr/local/bin/as --prefix=/usr/local Thread model: posix gcc version 3.4.3 --- The build fails with Duplicate symbols errors, when it is configured to generate 'shared' objects. I will be glad if anyone could tell what wrong I am doing. $ ./Configure hpux64-ia64-gcc shared $ make This generates libcrypto.a, and then errors out with Duplicate symbols errors --- making all in crypto/pqueue... make[2]: Entering directory `/home/nz/urjit/openssl-0.9.8e/crypto/pqueue' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nz/urjit/openssl-0.9.8e/crypto/pqueue' if [ -n libcrypto.so.0.9.8 libssl.so.0.9.8 ]; then \ (cd ..; make libcrypto.so.0.9.8); \ fi make[2]: Entering directory `/home/nz/urjit/openssl-0.9.8e' make[3]: Entering directory `/home/nz/urjit/openssl-0.9.8e' make[4]: Entering directory `/home/nz/urjit/openssl-0.9.8e' ld: Duplicate symbol __divxf3 in files /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divxf3.oS] and /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divxf3.oS] ld: Duplicate symbol __divtf3 in files /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divxf3.oS] and /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divxf3.oS] ld: Duplicate symbol __divdf3 in files /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divdf3.oS] and /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divdf3.oS] ld: Duplicate symbol __divsf3 in files /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divsf3.oS] and /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divsf3.oS] ld: Duplicate symbol __divdi3 in files /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divdi3.oS] and /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divdi3.oS] ld: Duplicate symbol __moddi3 in files /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__moddi3.oS] and /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__moddi3.oS] . --- After this, I tried to build ssl library with make build_ssl, but that also errored out after creating libssl.a --- ar r ../libssl.a s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o d1_meth.o d1_srvr.o d1_clnt.o d1_lib.o d1_pkt.o d1_both.o d1_enc.o ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o ssl_ciph.o ssl_stat.o ssl_rsa.o ssl_asn1.o ssl_txt.o ssl_algs.o bio_ssl.o ssl_err.o kssl.o ar: creating ../libssl.a /usr/local/bin/ranlib ../libssl.a || echo Never mind. if [ -n libcrypto.so.0.9.8 libssl.so.0.9.8 ]; then \ (cd ..; make libssl.so.0.9.8); \ fi make[2]: Entering directory `/home/nz/urjit/openssl-0.9.8e' make[3]: Entering directory `/home/nz/urjit/openssl-0.9.8e' make[4]: Entering directory `/home/nz/urjit/openssl-0.9.8e' ld: Duplicate symbol __divxf3 in files /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divxf3.oS] and /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divxf3.oS] ld: Duplicate symbol __divtf3 in files /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divxf3.oS] and /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divxf3.oS] ld: Duplicate symbol __divdf3 in files /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divdf3.oS] and /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divdf3.oS] ld: Duplicate symbol __divsf3 in files /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divsf3.oS] and /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divsf3.oS] ld: Duplicate symbol __divdi3 in files /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divdi3.oS] and /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divdi3.oS] ld: Duplicate symbol __moddi3 in files /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__moddi3.oS] and /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__moddi3.oS] ld: Duplicate symbol __udivdi3 in files /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__udivdi3.oS] and /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__udivdi3.oS] ld: Duplicate symbol __umoddi3 in files
Re: Automated certificate creation
Thank you everyone for your replies. I will try them out and will get back to you again in case I have any more questions. Thanks a lot. ~ Urjit - Original Message - From: Smith, Ryan-P56787 [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Wednesday, August 08, 2007 11:37 PM Subject: RE: Automated certificate creation Here is an OpenSSL command that I have had success with this in the past. openssl req -new -out certreq.pem -subj '/C=US/ST=Arizona/L=City/O=Organization/CN=My Common Name' -passout pass:password Of course this certificate request needs to be signed by the CA to become a valid certificate openssl ca -batch -keyfile cakey.pem -cert cacert.pem -key password -out cert.pem -infiles certreq.pem Note: The use of the -key option may not be a good idea, as it bares the Root Key password in cleartext. Similarly, the use of the -passout option in the first command bares the new private key password (corresponding to the new certificate). While this is not as big of deal as revealing the Root Key password, it is sitll a risk. However, this method allows one to create a certificate without input on the command line. Leaving either of these options out, OpenSSL will prompt you to type in the password. Also, any options that are not explicitly set via command line options (key length and algorithm, message digest, etc...) will be obtained from the config file. You can also go the other way with this and put all of the settings in the configuration file (passwords, subj, etc...). Hope this helps. Ryan G Smith __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Automated certificate creation
Hi, while creating certificate requests using openssl, one is prompted for some information like Country name, Sate, Locality name etc. Though these parameters have defaults set, one has to hit return to move ahead. Is there a way to achieve this without being prompted for any information (either by using default values, or making the appropriate values in some file) ? I believe this can be done through some script, but I was just wondering if such a script already exists. Any hint towards achieving this will be highly appreciated. thank you, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
Is securing a communication channel so simple?
Hello everyone, I have been writing code to secure my client-server application. It has been almost a year now, since I entered the world of OpenSSL. I have been reading about key exchange, symmetric ciphers, certificates etc. and for that matter I have used all this in the code through the APIs provided by OpenSSL. but one question that has been coming to mind since quite some time is: Is securing your communication channel so simple? Choosing a good size key, selecting a good algorithm ... is that all? It sounds too simple to be true. So, what does it really take to secure your communication channel? (at this point, I am not talking about securing application, as I believe that it has much vast scope). Just having a long key doesn't seem to be sufficient, right? Could someone point me to the literature that I have not read yet? which explains pitfalls when it comes to securing the communication? Am I the only one with this question? or did others also have this doubt? Thanks for all the support I have got from this group, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
Re: How to change mode from Blocking to Non-blocking
This has nothing to do with openssl in particular. This is a general socket programming scenario. You can set your socket to non-blocking mode using fcntl(socket, F_SETFL, O_NONBLOCK) / ioctlsocket(AcceptSocket, FIONBIO, NonBlock) Google or RTFM if you wish to know more about these functions. You will have to handle ssl on non-blocking sockets differently though. HTH ~ Urjit - Original Message - From: Rahul Malegaonkar (rmalegao) To: openssl-users@openssl.org Sent: Saturday, June 23, 2007 6:04 AM Subject: How to change mode from Blocking to Non-blocking Hi, I am working on an application which currently uses Blocking I/O. At SSL_connect, my client waits for a long time till the SSL connection is established. I would like to change my I/O to non-blocking mode. Can you tell me the steps to follow for the same ? Thanks, Rahul Rahul Malegaonkar College Intern Product Development [EMAIL PROTECTED] Phone :1-4089023770 Mobile :1-2152751701 771 Alder Drive MILPITAS CA - 95035 United States www.cisco.com This e-mail may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply e-mail and delete all copies of this message. DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. spacer.giffooterHead.giffooter.gif
Re: RSA and DH
As per my understanding, using public key cryptography for encryption is much more expensive than using symmetric key cryptography. So generally the main communication is encrypted using symmetric key cryptography, whereas public key cryptography is used to exchange keys and other information that will be used for symmetric key cryptography. Secondly, if someone manages to guess/retrieve the key used for symmetric key cryptography, s/he can only decrypt the current session. As new session keys are generated every time, the other communications are still safe. HTH. Group, Please correct me if I am wrong. ~ Urjit - Original Message - From: jackie jackie To: openssl-users@openssl.org Sent: Saturday, June 23, 2007 3:50 AM Subject: RSA and DH Hi, I am a newbie to SSL as well as RSA security etc. However read quite a bit of books and on the net. But one thing flew over my head. Pl. see if any can help me understand the following. Suppose server and client used RSA based private/public key pairs. I understood that these would be used to authenticate each other. Leaving DSA totally aside, considering only RSA alone, I did not fully understand what DH params are being used for in such communication. There is some explanation about DH params need in terms of key exchange etc, but did not follow. Looked around quite a bit, but not found a clear/direct answer. The article at http://support.microsoft.com/kb/257591 tries to explain somewhat but is at very high level and does not even mention DH params by name at all. My vague understanding is that, though RSA based private/public key pair is useful for authentication, but there still appears to be a need to generate (symmetric ones ?) some keys for encryption on a session by session basis. It appears that either temporary RSA keys (not used it seems to due to some security violations. OK , fine) and DH params can be used. This is thing went over my head. I did not understand - why is there a need for generating session to session keys DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
Re: Certificates, users and machines
Still no response :-( Could someone please help me clarify my doubts? thanks, ~ Urjit - Original Message - From: Urjit Gokhale [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, May 24, 2007 4:28 PM Subject: Re: Certificates, users and machines Thanks for your reply. I would like to have your opinion on one scenario, and my approach to provide needed functionality: 1) I have a server that listens to connection requests from the clients over the internet (meaning anyone and everyone who knows my ip/port can send me connection request. I am not behind a proxy). 2) I trust a CA (my_ca). So I have this CA's root certificate, which I can use to verify client certificates. 3) I wish to service client requests coming only from a particular group. So I need client authentication. Now, if I do not specify any certificate verification callback in the server, any and every client who has a certificate signed by 'my_ca' will be able to connect to me, because by default (I believe) openssl will only verify that the client certificate is authentic (signed by trusted CA). Is this understanding right? Assuming that this is true, I will 'have to' specify a callback that will actually validate the certificate presented by the client, by looking at information other than the public key present in the certificate, right? How do I retrieve this information from the certificate? Could someone point me to APIs which retrieve this information from the certificate? considering that retrieving and validating certificate information is possible, can I (rather the trusted CA my_ca) issue ONE unique certificate to a bunch of people(this means giving the same private-public key to all these people), such that they represent a group that my server is interested in entertaining? This question arises as I need to clarify if it is possible to issue ONE certificate to multiple individuals, or is it necessary to issue ONE certificate to EACH individual. Thanks, ~ Urjit - Original Message - From: Kyle Hamilton [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Wednesday, May 16, 2007 4:45 PM Subject: Re: Certificates, users and machines A certificate binds the public key of a public/private (asymmetric) key pair with additional information. A certificate is trusted by some trusting authority. In most cases, this is a certifying authority (CA) -- and the asymmetric signature by the CA is an assertion that the CA believes that the binding is correct. The additional information can relate to the user, or the user +machine, or machine itself, or literally any other combination. For purposes of your question, though, it relates to these three options. The certificate is never, ever used in isolation. It is used in conjunction with the private key, at a minimum, but it may also be used with protocol data. (i.e., machine address.) I am unable to provide you with sample code for this purpose. However, I must warn that there exist software proxies which are capable of masking the true originating host. (If you wish to be certain that a connection is from a host in your IP range, for example, you must ensure that a proxy software is not in place on that host.) You can perform such a check by getting the peer's address on the connection in question... and then verifying that the host is valid. (You can do this from information stored in the certificate, or from information stored in a database that only the verifier has access to.) You may also verify a given computer based on its IP, versus information stored in the certificate and signed by your CA. Again, the 'proxy' problem asserts itself, but such an attack might be more sophisticated. Regardless, there exist no 100% guarantees. You must weigh the value of any given attack versus the cost of that attack, and set your policies appropriately.) I hope this information helps. -Kyle H On May 16, 2007, at 3:33 AM, Urjit Gokhale wrote: Hello everyone, I have some doubts about certificates, which I wish to get clarification on. Here is my understanding about certificates: * Certificates bind the public key with some other information like the name= of the owner(user), who generated the certificate, the validity period etc. * The certificates are signed by some entity (CA), just to assure that assoc= iation between the public key and the other information is correct. This hel= ps in identifying the authenticity of the certificate. Now, I state what *I believe* is true in case of PKI and certificates: 1) A private key-public key pair created, can be a) given to a specific user, b) stored on a specific machine. (By some authority ?) 2) In the first case, the user can take the keys with him, and use these for= communication from any machine. The other end, on seeing
Re: Certificates, users and machines
Thank you very much for the response. For both the responses I got, it looks like the server need to access the information (whether identity or attribute or whatever) present in the certificate and use that to decide the permissions for the peer that represented this certificate. Is my understanding correct? Yes. The problem of granting access based on membership in a group is an authorization problem. This doesn't have anything to do with certificates -- permissions and roles change independently of binding of key to identity. LDAP, flat files, /etc/group, etc. I also agree that this is authorization problem. I was just trying to get information on whether certificate handling in openssl restricts me from issuing certificates to a group instead of individuals. I guees I know it now. Mostly correct. Often is convenient to have not only identity - but also attributes of it certified. I.e. for the sake of the argument identity Michael may have an attribute employee of Tenebras, and another attribute permitted access to dev repository A12. I'm driving at Attribute Certificates. They are supposed to have shorter life than identity certs, but still long enough to be usable. You could have a hierarchy, with a subordinate CA for each role or group, if you want to manage it that way. I wouldn't. He would have to have attribute CA's for each attribute - not necessarily for each value of the attribute. I.e. an attribute CA Personnel Department could issue attribute certificates employed in position X, granted access to resource Y... Sounds good. Now, my server will be expecting a few specfic attributes in the certificate presented by peer, in order to regulate access to different services, right? So the question is which APIs in openssl allow me to access this information in the certificate? Also, it will be really great if someone could explain the default certificate verification process in openssl. Thank you once again for your response. ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Certificates, users and machines
Thanks for your reply. I would like to have your opinion on one scenario, and my approach to provide needed functionality: 1) I have a server that listens to connection requests from the clients over the internet (meaning anyone and everyone who knows my ip/port can send me connection request. I am not behind a proxy). 2) I trust a CA (my_ca). So I have this CA's root certificate, which I can use to verify client certificates. 3) I wish to service client requests coming only from a particular group. So I need client authentication. Now, if I do not specify any certificate verification callback in the server, any and every client who has a certificate signed by 'my_ca' will be able to connect to me, because by default (I believe) openssl will only verify that the client certificate is authentic (signed by trusted CA). Is this understanding right? Assuming that this is true, I will 'have to' specify a callback that will actually validate the certificate presented by the client, by looking at information other than the public key present in the certificate, right? How do I retrieve this information from the certificate? Could someone point me to APIs which retrieve this information from the certificate? considering that retrieving and validating certificate information is possible, can I (rather the trusted CA my_ca) issue ONE unique certificate to a bunch of people(this means giving the same private-public key to all these people), such that they represent a group that my server is interested in entertaining? This question arises as I need to clarify if it is possible to issue ONE certificate to multiple individuals, or is it necessary to issue ONE certificate to EACH individual. Thanks, ~ Urjit - Original Message - From: Kyle Hamilton [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Wednesday, May 16, 2007 4:45 PM Subject: Re: Certificates, users and machines A certificate binds the public key of a public/private (asymmetric) key pair with additional information. A certificate is trusted by some trusting authority. In most cases, this is a certifying authority (CA) -- and the asymmetric signature by the CA is an assertion that the CA believes that the binding is correct. The additional information can relate to the user, or the user +machine, or machine itself, or literally any other combination. For purposes of your question, though, it relates to these three options. The certificate is never, ever used in isolation. It is used in conjunction with the private key, at a minimum, but it may also be used with protocol data. (i.e., machine address.) I am unable to provide you with sample code for this purpose. However, I must warn that there exist software proxies which are capable of masking the true originating host. (If you wish to be certain that a connection is from a host in your IP range, for example, you must ensure that a proxy software is not in place on that host.) You can perform such a check by getting the peer's address on the connection in question... and then verifying that the host is valid. (You can do this from information stored in the certificate, or from information stored in a database that only the verifier has access to.) You may also verify a given computer based on its IP, versus information stored in the certificate and signed by your CA. Again, the 'proxy' problem asserts itself, but such an attack might be more sophisticated. Regardless, there exist no 100% guarantees. You must weigh the value of any given attack versus the cost of that attack, and set your policies appropriately.) I hope this information helps. -Kyle H On May 16, 2007, at 3:33 AM, Urjit Gokhale wrote: Hello everyone, I have some doubts about certificates, which I wish to get clarification on. Here is my understanding about certificates: * Certificates bind the public key with some other information like the name= of the owner(user), who generated the certificate, the validity period etc. * The certificates are signed by some entity (CA), just to assure that assoc= iation between the public key and the other information is correct. This hel= ps in identifying the authenticity of the certificate. Now, I state what *I believe* is true in case of PKI and certificates: 1) A private key-public key pair created, can be a) given to a specific user, b) stored on a specific machine. (By some authority ?) 2) In the first case, the user can take the keys with him, and use these for= communication from any machine. The other end, on seeing the certificate ca= n know that user 'xyz' is communicating with it. 3) in the second case, any user using that particular machine can use the ke= y pair to communicate (assuming he has access rights). The other end, on see= ing the certificate can know that someone from machine 'abc.def.ghi.jkl' is= communicating
Certificates, users and machines
Hello everyone, I have some doubts about certificates, which I wish to get clarification on. Here is my understanding about certificates: * Certificates bind the public key with some other information like the name of the owner(user), who generated the certificate, the validity period etc. * The certificates are signed by some entity (CA), just to assure that association between the public key and the other information is correct. This helps in identifying the authenticity of the certificate. Now, I state what *I believe* is true in case of PKI and certificates: 1) A private key-public key pair created, can be a) given to a specific user, b) stored on a specific machine. (By some authority ?) 2) In the first case, the user can take the keys with him, and use these for communication from any machine. The other end, on seeing the certificate can know that user 'xyz' is communicating with it. 3) in the second case, any user using that particular machine can use the key pair to communicate (assuming he has access rights). The other end, on seeing the certificate can know that someone from machine 'abc.def.ghi.jkl' is communicating with it. Is this understanding correct? If yes, I would like to know how can I generate a certificate that binds the public key with a particular username or a particular machine? how can a peer authenticate / validate this particular certificate? Could someone please provide a sample validation callback function code? Also, DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
BIO or no BIO ?
Hello all, As we all know, the SSL object can work either with direct tcp sockets (SSL_set_fd()) or can work on top of socket BIO objects. In my current project, I am using SSL directly on top of tcp sockets (no BIOs). I wonder whether I loose some functionality provided by BIO layer? What are the advantages of using BIOs instead of tcp sockets? (As I understand it, BIO can be though of as a wrapper on tcp). What points should one take into account, while deciding whether to use BIOs or direct tcp sockets? Is there any security concern in using tcp sockets, instead of BIOs? Thanks, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
Re: SSL_connect and SSL_accept
Thanks for replying. I guess we are on the same page now. The only thing is that you are asking the same question that I am asking everyone on this list What scenario may cause the SSL_connect to return error to the caller, without writing a single byte on the underlying tcp connection (which is healthy) ? Can someone think of such a scenario? Has anyone ever experienced this before? I guess you have already mentioned one such scenario ... memory allocation issues, which could cause SSL_connect to return before it could write something on the socket. Are there other such possibilities? SSL_init failures is not a candidate here, as I am already doing what you have suggested dont attempt SSL at all if SSL_init fails. What I am considering is *some* error, that occurs *just as I enter SSL_connect*. Looking at the SSL_connect code may provide an answer, and I will surely consider this option. But I was looking for a response from folks who already know this code, and have better idea of what SSL_connect does before it writes its first byte on the socket. May be they can say if they foresee a case when SSL_connect can error out without writing a byte on the socket. As far as the synchronization between the server and the client goes, may be I can consider reading a feed back from the server. So the execution sequence will be like Client calls SSL_connect() Client waits for servers response (No matter if SSL_connect fails or succeeds) The server has a non blocking socket it calls SSL_accept() if succeeds, it would report success to the client if failure (timeout), it would report failure to the client ~ Urjit - Original Message - From: Gayathri Sundar [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, March 30, 2007 9:25 AM Subject: Re: SSL_connect and SSL_accept I am quite clear with your problem and am not confused. The only point I have been stressing from beginning is that SSL_connect due to WHATEVER error it returns a failure to the calling application, the peer WILL know for the simple fact that a socket send cannot fail unless the FD itself is not created/the host is not in the network/ or the interface is down or simply if the HOST runs out of MEMORY, I am not able to think of an error case wherein the SSL_connect fails to send a message out when the underlying TCP connection is ALIVE and KICKING. WHY? WHAT SORT OF ERROR ARE YOU ANTICIPATING that SSL_connect will return FAILURE to its application without even sending 1 byte on the wire? UNLESS SSL_INIT itself fails on the client or SSL OBJECT creation fails? If that is the FAILURE ur worried about then you might as well initiate a TCP teardown from the client and not attempt SSL anymore.. I hope I am able to explain better..see only in severe application programming errors/memory leak or whatever the SSL init itself will fail..so if the SSL init fails on the client side DONT initiate SSL at all so that the server will not go into SSL_accept. Why will SSL OBJ creation fail? CAN you explain to me WHAT ERROR UR TALKING ABOUT that SSL_CONNECT will return FAILURE TO CALLING APPLICATION without sending 1BYTE on the wire when the TCP CONNECTION IS A-OK? I can think of BUGGY CODING..and I dont think Non blocking will solve ur problem as its never going to detect this FAILURE THAT UR TALKING ABOUT..unless you implement POLL TIMEOUT i.e the FD will never SELECT as it never receives any DATA, so ur POLL TIMER should cleanup that FD if say it doesnt select within 5mins or so.. This is my solution: 1. Make ur FDs non blocking 2. Start a timer per FD basis before ur add it into ur POLL table 3. Everytime the FD selects on a POLLIN/POLLOUT restart ur timer 4. On TimerExpiration clean up that FD coz it never received any DATA for the timeout period, due to n/w or client failures. Decide on a good timeout value.. Thanks --Gayathri Hmm... I am surprised to see how I have managed to confuse you. I thought my previous post was pretty clear. Anyway, I will try to explain again. The client and server have and existing tcp connection, which is healthy. There is no problem with the tcp connection throughout the scenario. The client, for some reason decides to have a secured session, and so with its own protocol, tells the server to allow a secured session. After seeing such request from client (This is still a tcp communication, SSL is still not in picture), the server creates a SSL object, calls SSL_set_fd(sock_serv) and then calls SSL_accept The Client creates its SSL object, calls SSL_set_fd(sock_cli) and calls SSL_connect() Now *before* SSL_connect can actually write something on the tcp channel, using tcp send() or write(), something goes wrong and it returns an error to its caller. So there is nothing placed on the tcp channel. The server is waiting for the SSL handshake packet which it never get because SSL_connect() could never send it. Hope the scenario I am talking about is clear now. The reason why I am interested in
Re: SSL_connect and SSL_accept
snip I have spent quite some time with SSL_connect, and apart from tcp level socket failures (transient/fatal) and SSL Handshake failures it cannot return error, so ur case is NOT POSSIBLE unless the HOST has run out of memory wherein Openssl_malloc itself fails. So I dont suppose you need to worry about that. /snip So what you are saying is the scenario we have been discussing so far is possible ONLY in case of memory allocation issues NOT OTHERWISE. I guess I will have a look at the SSL_connect code before I just trust this :-) Tell me if the client fails, why and how long will you wait for feedback? Also isnt that TCP's job? Why should the session layer worry about this? The response from the server is guarenteed unless the underlying tcp channel is in trouble. If SSL_connect fails, the client will block in tcp recv(). If SSL_connect succeeds, the client will block in SSL_read() The client is guarenteed to return, either when it gets The client either gets a response from the server or gets a tcp error and then decides what to do next. The session layer should be concerned about this, as long as it does not get any tcp errors. If the client failes with a malloc and memory corruption issues, you might as well restart your application..there is no point waiting on any feedback. Agreed. You cannot fix the symptom, u need to fix the cause and that is why this HYPOTHETICAL error occured in the 1st place. First thing is that I am more worried about my server blocking in a SSL_accept() forever. I might be able to get rid of this with timeout. Secondly, I want the communication to continue even if SSL session establishment fails. Now it is obvious that I can not do much in case the error due to which SSL_connect returnd failure is unrecoverable (memory issue is one of them). But if the error is recoverable (which as per your openion an IMPOSSIBLE thing) I would like to attempt further communication on plain tcp socket, for which I want my server to be ready to accept next tcp data packet. I guess I will have a look at the SSL code to see if there are possibilities, other than memory allocation issues, when SSL_connect returns error, unless of course someone who knows the code makes any authoritive statement here :-) Thank you very much for your help. ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL_connect and SSL_accept
Hmm... I am surprised to see how I have managed to confuse you. I thought my previous post was pretty clear. Anyway, I will try to explain again. The client and server have and existing tcp connection, which is healthy. There is no problem with the tcp connection throughout the scenario. The client, for some reason decides to have a secured session, and so with its own protocol, tells the server to allow a secured session. After seeing such request from client (This is still a tcp communication, SSL is still not in picture), the server creates a SSL object, calls SSL_set_fd(sock_serv) and then calls SSL_accept The Client creates its SSL object, calls SSL_set_fd(sock_cli) and calls SSL_connect() Now *before* SSL_connect can actually write something on the tcp channel, using tcp send() or write(), something goes wrong and it returns an error to its caller. So there is nothing placed on the tcp channel. The server is waiting for the SSL handshake packet which it never get because SSL_connect() could never send it. Hope the scenario I am talking about is clear now. The reason why I am interested in knowing if something like what is written above can happen is: I want my client and server to be able to communicate with/without SSL If the SSL session establishment fails, the client/server can decide to kill the underlying tcp channel, or can decide to go ahead unsecured. In the scenario mentioned above, the client knows that SSL session establishment has failed, because SSL_connect() returned an error. So it may, as per its configuration decide to go ahead with unsecured communication. On he other side of the tcp link, the server is still waiting for SSL handshake packet, which the client was expected to send, which the client never sent due to some error. So here is the problem. I want my server to detect that something went wrong with the client and it should fall back to the unsecured communication. The issue here is HOW can my server detect the SSL_connect() failure that occurred on the client side? Anything that the client would send after SSL_connect() failure, will in fact be taken up by SSL_accept() and SSL_accept() will now error out saying it read invalid SSL handshake packet. Now as I write down this whole thing, I wonder if even non-blocking sockets can help. Does it look more like a design issue ? ~ Urjit - Original Message - From: Gayathri Sundar [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, March 29, 2007 4:07 PM Subject: Re: SSL_connect and SSL_accept Urjit., 1st of all theoritically your are 100% correct, after all SSL runs in the SESSION layer, but it depends on the underlying transport connection, and if that has problems, SSL has problems. Now Am not sure why you expect the TCP connection to be A-OK and still get an SSL_connect failure. If the failure is with the HANDSHAKE, like mismatch in version/cipher suite or something the SSL ALERT RECORD will take care and eventually close the connection. The only case is what David says, if the peer has been disconnected coz of some power/network failure, then the client will succeed in SENDING the Handshake message but never receive any ACK, so the TCP will endup doing retransmissions. SSL_connect WILL NOT return with ERRORS in this case. Its all blocked, I agree, but YOUR scenerio of SSL_CONNECT failing and SSL_ACCEPT not knowing that CANNOT happen. SSL_connect will SUCCEED and BLOCK indifinitely, waiting for a PEER ACK, and the server will not even be alive. If the server was ALIVE, why would it not respond. Go for Non Blocking sockets, if that suits your requirement, but your scenerio cannot happen in blocking mode, infact if your scenerio does happen, then even in non blocking mode it will end up looping, only difference is between successive POLLs ur application has control, there will be a loop between ur SELECT and SSL_CONNECT, latter always retruning some TRANSIENT retry errors. Probably u could have a count and cleanup.. I dont see how Non Block will solve ur problem, IF it can occur. Thanks --Gayathri I believe you are confusing tcp/ip connection establishment and SSL session establishment. As far as my understanding goes: SSL is an application level protocol, that works on an existing tcp channel. So, SSL handshake can be thought of as two network applications talking to each other. It is obvious that, the moment first SSL handshake packet reaches the server, the server would change its state and will now start with the handshake. If anything goes wrong hereafter (Invalid packet, tcp error, lost packet ... ), the server's SSL_accept will detect that and report error. The problem may occur when: 1) Server is waiting for first SSL handshake packet in SSL_accept 2) Client attempts to establish SSL handshake with SSL_connect 3) SSL_connect fails even before it could send the first SSL handshake packet. So the client has put nothing on the network. Now, SSL_connect has returned an error in the
SSL_connect and SSL_accept
Hello, I am wondering if the following scenario possible: 1) The server calls SSL_accept(). The underlying socket is in blocking mode 2) The client calls SSL_connect(). The underlying socket is in blocking mode 3) SSL_connect() returns error. 4) The server does not notice this, and continues to wait in SSL_accept(). This question might have an obvious answer, but I would still like to hear your views/opinions/facts. If the scenario mentioned above is possible, then the server will be blocked in the SSL_accept() (until the underlying tcp connection is broken) and hence wont be able to service other clients' connection requests Any comments? DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
Re: SSL_connect and SSL_accept
If the scenario mentioned above is possible, then the server will be blocked in the SSL_accept() (until the underlying tcp connection is broken) and hence wont be able to service other clients' connection requests This is the Toyota Principle, you asked for it, you got it. If you don't want to block, don't use blocking sockets. The only mechanism that can assure that a socket operation will not block is non-blocking sockets. Thanks for responding. I will definitely consider using non blocking sockets here. But what I am more interested in knowing is 'whether' the scenario that I mentioned is possible, and has anyone ever experienced it. ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: My ssl client connects without the knowledge of root CA certificate
Hello, Could someone help me understand what is happening here? ~ Urjit - Original Message - From: Urjit Gokhale [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, January 18, 2007 9:13 PM Subject: Re: My ssl client connects without the knowledge of root CA certificate No. The function call sequence in the client goes like: SSL_load_error_strings() SSL_library_init() SSL_CTX_new() SSL_new() SSL_set_cipher_list() SSL_set_fd() SSL_connect() and then the client continues with SSL_read() and SSL_write(). I still wonder how my client manages to do a successful SSL_connect! Anyway, thanks for the reply, ~ Urjit - Original Message - From: Alexis Lefort [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, January 18, 2007 2:43 PM Subject: Re: My ssl client connects without the knowledge of root CA certificate Hi, Do you use: SSL_CTX_set_verify (sslctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback); If not it is probably the solution ;) Alexis Urjit Gokhale a écrit : Hi, I have a sample SSLized client server program. I am not using SSL_CTX_load_verify_locations() in the client and still my client is able to connect to the server. I wonder how this could be possible. How would the client be able to authenticate the server certificate without the knowledge of the root CA certificate that signed the server certificate. The server certificate, as far as I know, is not self signed. (server certificate file is attached). Could someone explain to how my client connects to the server without the knowledge of the root CA? Could someone list down the necessary and sufficient conditions, for a certificate to be considered as self-signed? Thank you, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. -- Alexis Lefort Ingenieur departement etudes Tel: +33 (0)2 37 62 88 88 Fax: +33 (0)2 37 62 88 01 CXR - Rue de l'Ornette - 28410 ABONDANT [EMAIL PROTECTED] http://cxr.anderson-jacobson.com/ Ce message et toutes les pièces jointes sont confidentiels et établis a l'intention exclusive de ses destinataires. Toute modification, édition, utilisation ou diffusion non autorisée est interdite. Tout message électronique est susceptible d'altération. CXR Anderson Jacobson décline toute responsabilité au titre de ce message s'il a été altéré, déformé, falsifié, édité ou diffusé sans autorisation. This message and any attachments are confidential and intended solely for the addressees. Any unauthorised alteration, printing, use or dissemination is prohibited. E-mails are susceptible to alteration. CXR Anderson Jacobson shall not be liable for the message if altered, changed, falsified, printed or disseminated without authorisation. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: My ssl client connects without the knowledge of root CAcertificate
Hello Marek, Bernhard, Thank you for your help. I will try SS_CTX_set_verify(). Thank you once again. ~ Urjit - Original Message - From: Marek Marcola [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Tuesday, February 13, 2007 4:36 PM Subject: Re: My ssl client connects without the knowledge of root CAcertificate Hello, Could someone help me understand what is happening here? ~ Urjit - Original Message - From: Urjit Gokhale [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, January 18, 2007 9:13 PM Subject: Re: My ssl client connects without the knowledge of root CA certificate No. The function call sequence in the client goes like: SSL_load_error_strings() SSL_library_init() SSL_CTX_new() SSL_new() SSL_set_cipher_list() SSL_set_fd() SSL_connect() and then the client continues with SSL_read() and SSL_write(). I still wonder how my client manages to do a successful SSL_connect! Anyway, thanks for the reply, This may depend on negotiated cipher (anonymous for example). But if (for example) you use RSA then certificate sent from server to client (for encryption of pre_master_secret) is not verified by default. It is just used. (Server proves having right private key by proper decryption of pre_master_key). Do you use: SSL_CTX_set_verify (sslctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback); If not it is probably the solution ;) Alexis For client SSL_CTX_set_verify (sslctx, SSL_VERIFY_PEER, NULL) should be enough. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
My ssl client connects without the knowledge of root CA certificate
Hi, I have a sample SSLized client server program. I am not using SSL_CTX_load_verify_locations() in the client and still my client is able to connect to the server. I wonder how this could be possible. How would the client be able to authenticate the server certificate without the knowledge of the root CA certificate that signed the server certificate. The server certificate, as far as I know, is not self signed. (server certificate file is attached). Could someone explain to how my client connects to the server without the knowledge of the root CA? Could someone list down the necessary and sufficient conditions, for a certificate to be considered as self-signed? Thank you, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. svr_cert.pem Description: Binary data
Re: My ssl client connects without the knowledge of root CA certificate
No. The function call sequence in the client goes like: SSL_load_error_strings() SSL_library_init() SSL_CTX_new() SSL_new() SSL_set_cipher_list() SSL_set_fd() SSL_connect() and then the client continues with SSL_read() and SSL_write(). I still wonder how my client manages to do a successful SSL_connect! Anyway, thanks for the reply, ~ Urjit - Original Message - From: Alexis Lefort [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, January 18, 2007 2:43 PM Subject: Re: My ssl client connects without the knowledge of root CA certificate Hi, Do you use: SSL_CTX_set_verify (sslctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback); If not it is probably the solution ;) Alexis Urjit Gokhale a écrit : Hi, I have a sample SSLized client server program. I am not using SSL_CTX_load_verify_locations() in the client and still my client is able to connect to the server. I wonder how this could be possible. How would the client be able to authenticate the server certificate without the knowledge of the root CA certificate that signed the server certificate. The server certificate, as far as I know, is not self signed. (server certificate file is attached). Could someone explain to how my client connects to the server without the knowledge of the root CA? Could someone list down the necessary and sufficient conditions, for a certificate to be considered as self-signed? Thank you, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. -- Alexis Lefort Ingenieur departement etudes Tel: +33 (0)2 37 62 88 88 Fax: +33 (0)2 37 62 88 01 CXR - Rue de l'Ornette - 28410 ABONDANT [EMAIL PROTECTED] http://cxr.anderson-jacobson.com/ Ce message et toutes les pièces jointes sont confidentiels et établis a l'intention exclusive de ses destinataires. Toute modification, édition, utilisation ou diffusion non autorisée est interdite. Tout message électronique est susceptible d'altération. CXR Anderson Jacobson décline toute responsabilité au titre de ce message s'il a été altéré, déformé, falsifié, édité ou diffusé sans autorisation. This message and any attachments are confidential and intended solely for the addressees. Any unauthorised alteration, printing, use or dissemination is prohibited. E-mails are susceptible to alteration. CXR Anderson Jacobson shall not be liable for the message if altered, changed, falsified, printed or disseminated without authorisation. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL_read()
Check this out http://www.openssl.org/docs/crypto/ERR_error_string.html HTH ~ Urjit - Original Message - From: Carlo Agopian [EMAIL PROTECTED] To: openssl-users@openssl.org Cc: Carlo Agopian [EMAIL PROTECTED] Sent: Tuesday, October 24, 2006 9:58 PM Subject: RE: SSL_read() Hi Mark, SSL_get_error() returned 0 Carlo -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Sent: Thursday, October 19, 2006 8:09 AM To: openssl-users@openssl.org Subject: RE: SSL_read() Hi Carlo, I have a single threaded application where a SSL_read() is returning a return code of 0. The openSSL doc suggests that this is due to a socket shutdown by the peer. Upon this error, is there anything that I can do to recover the connection and/or data or do I just need to start over? Thank you. Call SSL_get_error() to find out the reason. Regards, Mark __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to share SSL session when using CreateProcess/execv
Why are you forking a child that you want to directly access the SSL stream, then? Why not have the child write into shared memory, and have the parent send it out itself? Well ... an option of creating a thread in the parent that would work as a proxy for the child, taking care of all the encryption/decryptions is under consideration. I remember one design that we had to retrofit SSL into where the parent process forked, sharing the open handles with the child, which then wrote out to all of them when the child's work was finished. Needless to say, this dropped all the connections that used SSL when it happened. Sorry, but I am not quite sure I follow what you are saying. Basically, what happened was this: When the child was forked, it inherited the handles, as well as the then-current state of all of the SSL objects. The child took some time to complete, and during that time there was communication between the parent and the client. When the child completed, it tried to write using its own idea of the SSL states (the ones that hadn't had the HMAC and sequence numbers updated), thus causing a fatal alert to be sent by the client. Heh ... I also experienced exactly the same thing when I attempted to avoid exec() by making the child code, part of the parent code, and just use fork(). This is exactly why I though of *sharing the same SSL object* between the parent and fork()'ed child. And here I am trying to find a way to achieve this. A standard TCP session being written to by multiple processes is no problem, since the TCP is managed by the kernel and writes by multiple processes all go through the single interface. SSL/TLS, though, is MUCH more stringent, especially as it's implemented in user space. Right. I understand this now. Another possibility is if you have the SSL object in shared memory, surrounded by a mutex. I advise against this as it's extremely difficult to debug in these situations. Thank you for warning me about this, as I had never thought of debugging issues. But neverthless, I would like to konw how an SSL object could be put in the shared memory and be accessed by two processes (the parent child scenario described above). I can think of two approaches to put a SSL object in shared memory. 1. One is to have ssl library create the ssl object (SSL_new()) in a shared memory region. I think you should be able to do this (note, however, that I take no responsibility if this blows up in your face, as I've never had a design like this). Allocate the memory within the shared region and then SSL_new() on that memory. Well ... this is exactly what I wanted to do, but so far I havent found a way to achieve this. As far as my knowledge goes, SSL_new() internally calls CRYPTO_malloc, which in turn makes call to malloc(). Now malloc() would just allocate a block of memory from the heap. The question here is how to tell malloc (called my CRYPTO_malloc called my SSL_new) to allocate memory from the shared region? I understand that this question is more of a C programming question than OpenSSL question, but I would highly appriciate any help / pointers tha you could provide. Also, as per Marek's response, would I have to allocate the SSL_CTX objects also in the shared region? (Remember that ALL access to shared memory must be surrounded by a mutex, and that you're going to need to do your own memory management, including a bitmap of what SSL-structure containing regions are in use and which are free and its associated mutex.) Okay. 2. copy the SSL object (memcpy?) into shared memory region and then use this object in further SSL_read and SSL_write. I am not sure how to go about achieving approac 1. and am not sure if approach 2. is safe and guarenteed to wrok. I don't know if there's anything that refers to the SSL object once it's been created. If there are references to it, it's not safe to move it. I believe, as per Marek's response, this is not a good idea. So I am throwing this option away. Thank you, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to share SSL session when using CreateProcess/execv
I think that all SSL read/write operation may be performed in parent. Child may communicate with socket/pipe/popen or other IPC mechanism. For example assume that server parent has established SSL connection with client parent and waits for commands from client. Client sends information to server parent that it wants to send data to this process, server parent allocates (for example) two pipe()'s, and fork()'s. Server parent close one pipe() for reading and second for writing so server parent now has now one fd for writing to child, one fd for reading from child and one fd for read/write to client (in SSL object). Server child close one pipe() for writing and second for reading so server child has now one fd for reading from parent and second fd for writing to parent. Optionally server child may dup2() this fds to STDIN and STDOUT which may help when forking programs which read/write to stdin/stdout (/bin/more for example :-) Now server child exec()'s some program which simply use this two fds or STDIN/STDOUT. In server parent now we have to exchange data between this three fds using select(), read(), write(), SSL_read(), SSL_write() and maybe in meantime do something else :-) (with central loop). I do not know if this is acceptable solution for you but ... who knows :-). Best regards, -- Marek Marcola [EMAIL PROTECTED] Thank you Marek for your response. We are already considering this approach. We plan to use socketpair as means of communication between the parent and child. I was just trying to weigh the option of doing things with shared memory. I believe mod_ssl does this ... possibly they share ssl sessions through shared memory, but I dont have the details. ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to share SSL session when using CreateProcess/execv
Hi, Hello, For the moment, i have a kind of supervisor which, accept a connection, read some datas on the socket and then start the process which is able to handle this datas. ( using createprocess/execv). The socket's handle is shared to this process and therefor the process is able to exchange datas with the client. Now i want my application to use SSL_V3. But it looks like there is a problem, as it seems there is no way to share an SSL session between diferents process. I really hope that there is a way to do it. And i would be very happy if someone can help me. You can not share ssl3/tls1 session by using SSL object in two different processes. For example one process establish ssl session then fork()'s and two processes use SSL object for reading and writing. SSL objects has information on current read/write MAC which must be properly updated. But (I may guess) reading in one process and writing in second may succeed because read/write MAC secrets and implied sequences are counted individually. So are you suggesting that it is possible to share ssl3 session between two processes, provided one process reads and other writes? If yes, could you suggest a way to share the session. What if I am having a shared memory that the two processes use to communicate. Could this be used in some way to share the session? Would copying the SSL object to shared memory and then using this object in the two process work (provided the access to the object is protected by mutexes)? Is it possible to create a SSL object in the shared memory region itself, so that we need not 'copy' the object? I will highly appreciate if you or anyone could guide me through these questions. Thank you, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to share SSL session when using CreateProcess/execv
Thank you for the quick reply. Please find my comments inline - Original Message - From: Kyle Hamilton [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Tuesday, October 10, 2006 11:48 PM Subject: Re: How to share SSL session when using CreateProcess/execv The receiver state and the sender state are different. So, in theory, this could work... though it'd be difficult with the way that OpenSSL handles renegotiation. I wouldn't recommend it, though. The way I'd do it is hand off the SSL session entirely to the child. (Then, the parent could close the socket, and since the client still has it it would stay open.) I cant do this. The design of this system is like this: The parent already has a ssl session open with the client. Based on some request from the client, the parent forks a child. In the mean time the client has started a new thread, on which it is going to write some data. This thread is only going to write data to the server, no reading. The main client thread is waiting to read some response from the server. On the server side, the child is going to read the data sent by the client and process it. The server parent is doing something else here. It will start writing back to the client when either the child is done reading, or the child encountered some error. So, the server parent cant close the socket etc. as it has things to do once the server child is done. I remember one design that we had to retrofit SSL into where the parent process forked, sharing the open handles with the child, which then wrote out to all of them when the child's work was finished. Needless to say, this dropped all the connections that used SSL when it happened. Sorry, but I am not quite sure I follow what you are saying. Another possibility is if you have the SSL object in shared memory, surrounded by a mutex. I advise against this as it's extremely difficult to debug in these situations. Thank you for warning me about this, as I had never thought of debugging issues. But neverthless, I would like to konw how an SSL object could be put in the shared memory and be accessed by two processes (the parent child scenario described above). I can think of two approaches to put a SSL object in shared memory. 1. One is to have ssl library create the ssl object (SSL_new()) in a shared memory region. 2. copy the SSL object (memcpy?) into shared memory region and then use this object in further SSL_read and SSL_write. I am not sure how to go about achieving approac 1. and am not sure if approach 2. is safe and guarenteed to wrok. Could you help me on this? Could you suggest any other possible option that I might not have considered yet. Thank you for your help. ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
OpenSSL, multiple processes and SSL object cloning
Hi all, I am in the process of securing an existing application, and am weighing the feasibility of different approaches. I have already asked a few questions on the list in this regard and got pretty good response, that helped me understand OpenSSL implementation better. I thank you all for that. Here I am again asking a few question to judge the feasibility of an approach, that would help me provide security with minimal architectural changes to the existing application. The main behavior I am trying to understand better is "would it be okay to create a copy of the SSL object and use this copy between two processes (say through shared mem)"? Following is the context that leads to this question. The application has a server parent process that establishes aTCP session with the client. Thereafter, depending on the client request, the server parent fork() - exec() a new process (say server child). These server child now communicates with the client (in the mean time, server parent is busy doing something else). After the server child is done talking to the client (or if it encounters an error, or gets killed), the server parent resumes its communication with the client. This scenario works fine with normal TCP/IP sockets. When it comes to providing security with SSL, it is desired that the same SSL session established between the server parent and client should be used by server child and client. (we preferably do not want to instantiate a new SSL session between the server child and the client). But the problems I could see here are: a. SSL objects are in memory objects, and are lost on exec(). b. SSL objects have function pointer which would point to the addresses in the server parent process space. Now would the following scenario work? a. Instead of fork() - exec(), the server parent will just fork() (NO exec()). b. The code of server child is now part of server parent process itself. So now after fork(), instead of exec(), it is just a function call. c. Before fork()'ing the server parent process will make a copy of its SSL object in shared memory. d. The server child will use this copy in the shared memory to communicate with the client e. The server parent and child will use mutexes to take care of synchronization. So, a. Would this be a good solution? b. Will this work with current implementation of OpenSSL? c. Is it possible to clone SSL object? d. If yes, do I need to take any special precautions, handle any specific scenarios like cleanup etc.? I would really appreciate if you could help me out. Thank you, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
Re: Need help: Understanding SSL object in multi-threaded environment
- Original Message - From: Darryl Miles [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, October 06, 2006 4:50 PM Subject: Re: Need help: Understanding SSL object in multi-threaded environment Mark wrote: I think it would be helpful for me. If we need to prevent calling SSL functions on the same object (i.e. SSL_read() and SSL_write()) from different threads then I would think that OpenSSL would not need any internal synchronisation, unless it creates its own threads internally. But you are allowed to have multiple threads each having their own SSL * instance. You are allowed to make SSL_x() calls on two different SSL * handles at the same time. The internal locking protects operations happening upon different handles simultaneously. For example there is an SSL session cache that can be shared between multiple SSL handles. Another example is the use of SSL_CTX being used to stamp out new SSL *. It is allowed for your application to allocate SSL_new(SSL_CTX *) from two threads at the same time, yadda, yadda. But the SSL_() API set is not re-entrant with respect of the same SSL * handle. So you have to serialize all API calls upon the same SSL * handle. This is why you can't mix SSL_read() with any other SSL_() API call on the same handle instance at the same time. Darryl Thank you very much everybody for your responses. The things are becoming more clear with these discussions. ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Need help: Understanding SSL object in multi-threaded environment
Hi all, I have some doubts about openssl and multithreaded environment. I will appreciate if you could help me understand this better. It is said that openssl is thread-safe with a limitation that "an SSL connection may not concurrently be used by multiple threads" I am not clear on this point. What is meant by "using SSL connection concurrently by multiple threads" ? I read somewhere that anSSL object modifies and maintains its state during reads and writes. So if the same object is used in multiple threads concurrently, chances are that due to state mismatch, the read/write may fail. Could someone explain this in more details. I believe that multiple threads would share the sameSSL object. So in fact, they will be using 'the sameSSL object'. Is this understanding correct? If yes, what is the issue with using the same object in multiple threads? I am struggling to understand this. Could someone make the picture more clear? Thank you, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
Re: Need help: Understanding SSL object in multi-threaded environment
- Original Message - From: Mark [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, October 05, 2006 2:49 PM Subject: RE: Need help: Understanding SSL object in multi-threaded environment you may use the same H_SSL_CTX (handle to an SSL context) in concurrent threads. This structure serves as a factory of ssl connections. You use SSL_new to create SSL connection handles (H_SSL). These you can use only within one thread. So, you may share H_SSL_CTX, you may not share H_SSL. I can't find anything in the documentation to suggest that you cannot share a SSL object between threads. The important thing is to implement the locking callbacks [CRYPTO_set_locking_callback() etc.]. [Urjit]: Correct. One should implement the locking callbacks. What I am confused about is the statement in openssl faq (http://www.openssl.org/support/faq.html#PROG1) that reads: --- 1. Is OpenSSL thread-safe? Yes (with limitations: an SSL connection may not concurrently be used by multiple threads) --- ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL objects in fork() - exec scenario
Hi Vlad and Dave, Thank you for your response. Unfortunately I do not have the freedom to change the existing implementation from fork/exec to threads (as suggested by Dave). Actually, the server reads certain input data from the client, and then based on the information it receives, it fork/exec the new process. Now, this information coming from the client has to be secured. So I secured the session between the Client and the Server right from the beginning (immediately after establishing a TCP connection). Also, the client does not care if fork/exec is taking place at the Server. It would continue to work based on the responses it would get from the server. In order to open a new session (SSL_connect() etc.) between the Client and the just fork/execed Child, the client would have to be aware of a connection request it would receive from the backend (Child). I do not want this. I am looking for a solution that will work exactly like classic TCP/IP session. The Client and Server establish a session. The Server fork/exec a new process. The Server lets go the session, and the Client and Child continue communication over this session. Is this possible with SSL ? Would the following solution work? -- After the fork/exec the Child process will create its own SSL object with SSL_ctx_new() - SSL_new(). It will then use the socket descriptor given by the Server and use it for SSL_set_fd(). So I am associating this new SSL object with the same socket. Then the new SSL object will initiate a renegotiation with the Client. After successful renegotiation, the Child and Client will start talking on this session. I am not sure what the Server should do in the mean time. Should it do a SSL_shutdown() or a simple SSL_free() or something different? Would the renegotiation triggered by the Child, on the same socket, with a completely new SSL object, work? Would a SSL_shutdown() or SSL_free() done by the server be safe? Would there be a race condition between the SSL_shutdown() / SSL_free() on Server and SSL renegotiation initiated by the Child? What could be the ramifications of such race condition? I am struggling to find answers to these questions ... Could someone help? Could someone share his experience? Could someone point to relevant information. Thank you for your help. ~ Urjit - Original Message - From: Vlad W. [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, September 28, 2006 4:47 PM Subject: Re: SSL objects in fork() - exec scenario The possible solution is to create own SSL instance in the child process and to assign the socket returned by accept system call, i.e., before SSL handshake. The parent server process should not handle SSL for the current connection at all. E.g.: /* sock is the socket descriptor, ctx is a pointer to SSL_CTX */ ... SSL *ssl = SSL_new(ctx); SSL_set_fd(sock); ... /* continue with SSL handshake */ Thanks, Vlad On 9/28/06, Urjit Gokhale [EMAIL PROTECTED] wrote: Hi, Mentioned below is a normal tcp scenario. Could someone tell me how the following scenario be handled in SSL secured environment A. Client establishes a tcp connection with the Server B. Server Forks. C. Server exec's to start a new process. It passes its socket descriptor to the new process as command line argument. D. The new process uses the socket descriptor to communicate with the client. The idea here is to use the existing tcp connection for communication. Now, if we have this channel secured with SSL, the Client and Server both would have their SSL objects. They will communicate securely through these SSL object. The question here is, how can we provide the required SSL object to the new process, so that it would start using the pre established secured session / channel? One possible solution I could think of is to use shared memory between the Server and new process. The server, before it exec the new process would create a copy of its SSL object in the shared memory and the new process then will use it. But I am not sure if such copying of SSL object is safe. Is there any other solution possible? Could someone guide me through this? Thank you, ~ UrjitDISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing List
Re: SSL objects in fork() - exec scenario
Hi Dave, Thank you for the response. Please find my reply inline - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 29, 2006 4:43 PM Subject: FW: SSL objects in fork() - exec scenario Hi Urjit: I think if the server parent executes and SSL_accept() and sends/recvs data with the client, your server-child process will not be able to work correctly. If you issue SSL_shutdown on the parent, it will notify the client that a shutdown is in progress. [Urjit]: Umm... Could you explain why? I mean, when the parent fork()'s the child has the exact image as that of the server. So even the SSL object and the SSL context object etc. will be copied as is in the child process space, correct? So why would the further communication from server-child will cause problem? I agree that if the server sends a SSL_shutdown() we would have issues. But then, what if the server, after knowing that the client has successfully been created, would just do a SSL_free to free its copy of the SSL object and go back to accepting more client connections? The server-child should still be able to use the SSL session, right? The other advice you got about deferring SSL_connect/SSL_accept sequence until AFTER the fork is the only option that I know of in this scenario. Since you don't have the freedom to start threads instead, it's pretty tricky. [Urjit]: Correct. This option would obviously work in a simple parent-child case. But the problem is more involved. My server parent would first establish a secured connection with the client. Then it would fork (but no exec here) and the child process would start communicating with the client. After this, at some point in time, the second process will detect a request from the client, which it will service by fork/exec ing yet another child. This is the point where I face problem. Now, When the server parent process forks a child, it has no idea if the child is further going to fork/exec a process. So even if I delay the SSL session creation and do it in first child, i would fall flat when this child fork/execs another process :-( This scheme worked fine with normal tcp/ip sockets, untill the need to secure the channel came up. Are you adding SSL support to an existing application? [Urjit]: Yes :-( If so, do you have to allow for a client who doesn't know how to negotiate the secure connection? If this is true, can you exchange the essential application handshake information in the clear, and start SSL work in the child? [Urjit]: Well ... that is possible. But two issues here. 1) I do not want the essential handshake information to be sent unencrypted, if both the client and server support SSL. 2) Even if I release this restriction, the second problem remains ... What when my child fork/exec a new process to serve the client request? In this case, we are facing the same issue again :-( snip I had this very challenge: I had to guarantee that older clients who didn't speak .. .(you might find my original questions and the answers about how to negotiate non-secure-upgrade-to-secure sessions). /snip Good luck; I'd love to know how you solve it. [Urjit]: And I will love get this thing resolved, and share with all :-) Thank you for your response. ~ Urjit Dave McLellan -- Common Management Platform Engineering EMC Corporation 228 South St. Mail Stop: 228 2/C-19 Hopkinton, MA 01748 USA +1-508-249-1257 F: +1-508-497-8030 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Urjit Gokhale Sent: Friday, September 29, 2006 5:03 AM To: openssl-users@openssl.org Subject: Re: SSL objects in fork() - exec scenario Hi Vlad and Dave, Thank you for your response. Unfortunately I do not have the freedom to change the existing implementation from fork/exec to threads (as suggested by Dave). Actually, the server reads certain input data from the client, and then based on the information it receives, it fork/exec the new process. Now, this information coming from the client has to be secured. So I secured the session between the Client and the Server right from the beginning (immediately after establishing a TCP connection). Also, the client does not care if fork/exec is taking place at the Server. It would continue to work based on the responses it would get from the server. In order to open a new session (SSL_connect() etc.) between the Client and the just fork/execed Child, the client would have to be aware of a connection request it would receive from the backend (Child). I do not want this. I am looking for a solution that will work exactly like classic TCP/IP session. The Client and Server establish a session. The Server fork/exec a new process. The Server lets go the session, and the Client and Child continue communication over this session. Is this possible with SSL ? Would the following solution work? -- After the fork/exec
SSL objects in fork() - exec scenario
Hi, Mentioned below is a normal tcp scenario. Could someone tell me how the following scenario be handled in SSL secured environment A. Client establishes a tcp connection with the Server B. Server Forks. C. Server exec's to start a new process. It passes its socket descriptor to the new process as command line argument. D. The new process uses the socket descriptor to communicate with the client. The idea here is to use the existing tcp connection for communication. Now, if we have this channel secured with SSL, the Client and Server both would have their SSL objects. They will communicate securely through these SSL object. The question here is,how can we provide the required SSL object to the new process, so that it would start using the pre established secured session / channel? One possible solution I could think of is to use shared memory between the Server and new process. The server, before it exec the new process would create a copy of its SSL object in the shared memory and the new process then will use it. But I am not sure if such copying of SSL object is safe. Is there any other solution possible? Could someone guide me through this? Thank you, ~ UrjitDISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
Re: Build problem on HP Itanium 64 bit machine
Hi, This is interesting ... 1) The piece of code in the Makefile that builds the shared object libcrypto.so and libssl.so is here. You can notice SHLIBDEPS='-lcrypto' for libssl.so == libcrypto$(SHLIB_EXT): libcrypto.a @if [ $(SHLIB_TARGET) != ]; then \ $(MAKE) SHLIBDIRS=crypto build-shared; \ else \ echo There's no support for shared libraries on this platform 2; \ exit 1; \ fi libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a @if [ $(SHLIB_TARGET) != ]; then \ $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ else \ echo There's no support for shared libraries on this platform 2; \ exit 1; \ fi == If I remove SHLIBDEPS='-lcrypto', the libssl.so is created. Otherwise I get the unknown file type error from ld. I still fail to understand what problem ld may have with libcrypto.so. It reports unknown file type error whereas 'file' command gives information about the shared object as: == openssl-0.9.8b file libcrypto.so libcrypto.so: ELF-32 executable object file - IA64 == After this, though I could create libssl.so, The make proceeds ahead and stops while building all in engines directory. Here is the make output: == + rm -f libssl.exp + rm -f libssl.so + ln -s libssl.so.0.9.8 libssl.so making all in engines... + LIBDEPS=-L.. -lcrypto -ldl + SHAREDCMD=cc + SHAREDFLAGS=+Z -DOPENSSL_PIC -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H - D_REENTRANT -Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -D AES_ASM +DD64 -b -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,lib4758cca.sl + nm -Pg e_4758cca.o + grep [BDT] + cut -f1 -d + 1 lib4758cca.exp + + echo -L.. + grep ^ *-L + 1 /dev/null 2 1 + echo -L.. + uniq + sed -e s/^ *-L// + echo -lcrypto + grep ^ *-L + 1 /dev/null 2 1 + echo -ldl + grep ^ *-L + 1 /dev/null 2 1 LIBPATH=.. + + echo .. + sed -e s/ /:/g LIBPATH=.. + cc +Z -DOPENSSL_PIC -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -D_REENTRANT - Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -D AES_ASM +DD64 -b -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,lib4758cca.sl -o lib4758cca.sl -Wl,+forceload e_4758cca.o -L.. -lcrypto -ldl + LD_LIBRARY_PATH=..:/usr/lib/hpux64 (Bundled) cc: warning 922: -Ae is unsupported in the bundled compiler, ignored. (Bundled) cc: warning 922: +O3 is unsupported in the bundled compiler, ignored. (Bundled) cc: warning 922: +Olit=all is unsupported in the bundled compiler, ignored. (Bundled) cc: warning 922: -b is unsupported in the bundled compiler, ignored. ld: Unknown input file type: ../libcrypto.so Fatal error. + rm -f lib4758cca.exp chmod: can't access lib4758cca.sl *** Error exit code 1 Stop. *** Error exit code 1 Stop. *** Error exit code 1 === Leif, could you please throw some more light on the changes made from 0.9.7 to 0.9.8 and what changes you think cause this problem. It will be great if you could share with us, what changes you made to the Makefile to things to work Thanks, ~ Urjit - Original Message - From: Leif Thuresson [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Tuesday, August 29, 2006 11:35 PM Subject: Re: Build problem on HP Itanium 64 bit machine Hi, I have also had problems building shared version of openssl-0.9.8b on hpux-11.00 parisc using the hp ansi-c compiler. It looks like the openssl shared-library building part is completely re-implemented in 0.9.8 (compared to 0.9.7 which worked out of the box) In 0.9.7 shared libraries where linked using ld directly on this platform, but in 0.9.8 the configuration is setup to link shared libraries by running cc as a frontend to ld and this does not work for me. (maybe I have an ancient version of hp ansi-c that does not support this?) You can get a bit more insight into what is going on during the linking by uncommenting the #SET_X=set -x line in the Makefile.shared At this stage I have hand edited the Makefile and Makefile.shared to make it link directly with ld as in 0.9.7 and I have now managed to build shared libraries. I'm running the tests as I write this and it looks at least some test works okay now. :-) /Leif Urjit Gokhale wrote: Hi everyone, I am having problem building openssl on HP Itanium 64 bit box. Attached are the files that show the output of Configure and make. The output of make is stripped to show the last section where error is reported. The error is ld: Unknown input file type: ./libcrypto.so Fatal error. I am also getting many Unsatisfied symbol errors during make. The cc version is: openssl-0.9.8b cc --version (Bundled) cc: HP aC++/ANSI C B3910B A.05.50 [May 15 2003] at the end of unsuccessful make, this is what I have libcrypto.a libcrypto.so - libcrypto.so.0.9.8 libcrypto.so.0.9.8
Build problem on HP Itanium 64 bit machine
Hi everyone, I am having problem building openssl on HP Itanium 64 bit box. Attached are the files that show the output of Configure and make. The output of make is stripped to show the last section where error is reported. The error is ld: Unknown input file type: "./libcrypto.so"Fatal error. I am also getting many "Unsatisfied symbol" errors during make. The cc version is: openssl-0.9.8b cc --version(Bundled) cc: HP aC++/ANSI C B3910B A.05.50 [May 15 2003] at the end of unsuccessfulmake, this is what I have libcrypto.alibcrypto.so - libcrypto.so.0.9.8libcrypto.so.0.9.8libssl.a Has anyone faced this problem? Does openssl have dependency on a specific version of cc? Is there any problem with the enable-shared option? If you require any more information about the environment, please let me know. Thanks, ~ UrjitDISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
TLS1 support in openssl?
Hi, how does openssl 0.9.8b support tls? I went through the code and it looks like tls is just like an alias for SSLv3. Can someone tell me where exactly TLS1 and SSLv3 differ? What are the changes that they will differ in future? Thank you, ~ UrjitDISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
Re: TLS1 support in openssl?
- Original Message - From: Marek Marcola [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Tuesday, August 22, 2006 3:41 PM Subject: Re: TLS1 support in openssl? Hello, how does openssl 0.9.8b support tls? I went through the code and it looks like tls is just like an alias for SSLv3. Can someone tell me where exactly TLS1 and SSLv3 differ? In general they are very close, but main difference are: - protocol version in messages (SSL3: 0300, TLS1: 0301) - altert protocol messages ( SSL3: 12, TLS1: 23) - message authentication mechanism - key material generation mechanism - CertificateVerify handshake packet calculation - Finished handshake packet calculation Thank you for the quick reply. So, I guess SSLv3 and TLS are almost identicle as far as encryptions are concerned and TLS differs from SSLv3 in terms of handshake, authentication, key management. If this is correct, then now onwards what should be preffered methods used for SSL_CTX_new() ? Should it be SSLv3 or TLSv1? Any perticular or obvious resons for selecting one over the other? thanks, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
timeout for SSL_read ?
Hi, The application I am writing has requirement that after a request is sent to server, it should hear from the server in xyz seconds. With normal tcp socket, i can achieve this through select() function. But how do I achieve this for SSL_read? As I understand from last few threads on this group, a select() will just tell the application that some bytes are available in the tcp buffer for the layer above to read. But select does not distinguish between application data and control data (renegotiation data). So will select() be really able to tell me that the next SSL_read() will succeed immediatelyand fill application buffer with the server's response? What if my server and client are not going to renegotiate ever? In that case would a hit from select() indicate availability of application data only? Thank you, ~ UrjitDISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
Problem building openssl on windows with cygwin
Hi, I am facing problem while building openssl on my windows box (Windows 2000 Professional) with Cygwin (CYGWIN_NT-5.0). I downloaded the source for openssl 0.9.8b. I followed the steps given inINSTALL.W32: 1) ./config: This goes smooth without any problem 2) make: At this stage I am facing a problem. make gives me the following error make[2]: Entering directory `/cygdrive/d/Downloads/openssl-0.9.8b/crypto/mdc2'gcc -I.. -I../.. -I../../include -D_WINDLL -DOPENSSL_PIC -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486-Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o mdc2dgst.o mdc2dgst.cIn file included from mdc2dgst.c:63:../../include/openssl/mdc2.h:69:2: #error MDC2 is disabled.make[2]: *** [mdc2dgst.o] Error 1make[2]: Leaving directory `/cygdrive/d/Downloads/openssl-0.9.8b/crypto/mdc2'make[1]: *** [subdirs] Error 1make[1]: Leaving directory `/cygdrive/d/Downloads/openssl-0.9.8b/crypto'make: *** [build_crypto] Error 1 = I don't understand what is going wrong here. Has anyone faced similar problem earlier? Does anyone knows what is going wrong? Am I am missing something obvious here? Thank you in advance. ~ UrjitDISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
using openssl as CA ?
Hi, I am planning to ssl enable my client server application, that I will be making available for commercial use. In this process I had planned to use openssl command line utility as CA to give out certificates (I am going to work as private CA). But just then, I came across a section in "Network Security with openSSL" (O'Reilly),that states "Since OpenSSL's command-line CA functionality was intended primarily as an example of how to use OpenSSL to build a CA, we don't recommend that you attempt to use it in a large production environment." It also talks about freely available CA packages such as openCA and pyCA. So now I am a little confused about using openssl command line utility as CA to give out certificates. What could be the reasons for using anything other than openssl as CA? Are there security issues? Are people using openssl as their private CA? are any particular problems reported regarding the use of openssl as private CA on large scale? I google'd a bit regarding this, could not get any information as such. So decided to ask this on the list. ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
Re: Connection problem with some ciphers ... ServerHello seemsto be the problem
Hi, I have attached the sample server and client programs for your consideration. As these are minimal sample codes that reproduce my problem, error handling is not done. To run the server, you need to provide the port on the command line To run the client, you need to provide host and port where server is listening for ssl connections on the command line. For me this seems that server do not want to accept this proposition because: - do not have RSA support (maybe) - do not have SHA support (maybe) - do not have DES support (maybe) or DES40 is too weak. As you would see in the server code, there are no explicit restrictions except for the fact that both server and client set the ssl method as SSLv3 and ssl cipher list as EXP-DES-CBC-SHA. So I am not sure if the support for RSA / SHA / DES is disabled. Well ... as per my understanding, the cipher support is property of the crypto library. And my client and server both use the same crypto library. So I wonder why would the server reject the clients request. Yes, but you have control what ciphers should be used. If you are suggesting the use of SSL_set_cipher_list(), I have already used it. If you are talking about some other approach, could you please elaborate more? But after some testing I think that incompatible SSL3/TLS1 method may cause problem (as suggested by girish1729). For example, running server with command: $ openssl s_server -key key.pem -cert cert.pem -tls1 I am not sure if what you are trying here represents the same scenario that I am talking about. Here you are explicitly using tls1 method for server and hence the connection attempt will surely fail. But this is not the case with my application. I am setting ssl method as SSLv3 in both server and client and still the server refuses the connection :-( And on server side we see: 8064:error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number:s3_srvr.c:685: My suggestion is to display errors after bad SSL_accept() in server code, for example: char buf[256]; u_long err; while ((err = ERR_get_error()) != 0) { ERR_error_string_n(err, buf, sizeof(buf)); fprintf(stderr, %s, buf); } I did try this and all I get is error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher Googling for this error message did not return any helful information. other methods may be callback function at state or msg layer. I will have to try this. Any pointer in this direction will be helpful Kyle, in your response you mentioned something about export ciphers. Could you take a look at the code and comment on whether server really requires non-export cipher suits? Because my understanding is that the server doesn't having any such restriction :-( I am reiterating here that all the 4 binaries, sample_server, sample_client, s_server and s_client are using the same ssl library. I confirmed that with ldd. So the question still remains ... Why sample_server reject connection request from s_client, whereas s_server works just fine? Thanks a lot for your responses, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. sample_client.c Description: Binary data sample_server.c Description: Binary data
Re: Connection problem with some ciphers ... ServerHello seemsto be the problem
Hi, Thanks for the reply. Urjit, I got it working once I replaced EXP-DES-CBC-SHA with DES-CBC-SHA I think you might have to do something special to enable export quality ciphers. They can place restrictions on the size of the RSA key used for kex exchange. That means that if the key in the certificate is larger than the limit a temporary RSA key is used instead. You need to supply that. Well ... In that case, A] how is it that s_server and s_client can communicate 1) Using the same ssl library 2) Using the same certificates 3) Using the same cipher suits B] How is it that my sample_client connects to s_server using EXP-DES-CBC-SHA ? Does this mean that ristrictions are applied only at the server side? Or is it just that the server is the first one to process the certificate and fails to do so due to different RSA key size, and s_server somehow manages to handle exportable cipher suite and the presented certificate (?) ? Another question is: Is it only the key size restrictions or something else as well, that is different between EXP-DES-CBC... and DES-CBC... ? Also, what are the general scenarios when one would prefer an exportable cipher suite over non-exportable cipher suits? Steve. ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Connection problem with some ciphers ... ServerHello seemsto be the problem
Well ... In that case, A] how is it that s_server and s_client can communicate 1) Using the same ssl library 2) Using the same certificates 3) Using the same cipher suits You mean can't , don't u? That is bcoz SSL protocol itself is different in the export case. As Steve mentioned there is an additional key exchange stage, kex in the case of export ciphers. [Urjit]: Nops. I mean that they can! and thats why I am confused. Not just that, but even my sample client can connect to the s_server with same certificate and same cipher suite B] How is it that my sample_client connects to s_server using EXP-DES-CBC-SHA ? Does this mean that ristrictions are applied only at the server side? Or is it just that the server is the first one to process the certificate and fails to do so due to different RSA key size, and s_server somehow manages to handle exportable cipher suite and the presented certificate (?) ? In fact I commented out ur client cert stuff. Server is king in SSL. :-) Client hardly matters. [Urjit]: Oh yes. I got confused a little earlier. DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Connection problem with some ciphers ... ServerHello seemsto be the problem
SSL protocol differs in server_key_exchange packet (with may be used not only for export restriction). This requires temporary RSA key in context. If you add to server initialization routine something like: RSA *rsa; rsa=RSA_generate_key(512,RSA_F4,NULL,NULL); if (!SSL_CTX_set_tmp_rsa(SSL_context,rsa)){ ExitPostmaster(1); } RSA_free(rsa); your code will work. Which I might add s_server sets up automatically which explains why connecting to s_server works... Steve. Thanks. It did work.I really appreciate your help. I guess I will need to read more about the key exchange. Will dig more into it. Thank you every one, once again for all the help. ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Connection problem with some ciphers ... ServerHello seems to be the problem
Hello everyone, I have a sample client-server application written in C, that communicates using SSL. I observed that for some cipher suites, the client and server fail to establish ssl connection. But for the same cipher, the s_client and s_server can establish ssl connection and exchange data. The certificates used by my application and by s_client and s_server are same. So I fail to understand what might be going wrong when my client and server try to connect. To check if my client or server is causing the problem, I ran my client with s_server and ran my server with s_client. my client can connect to s_server without any trouble. But s_client can not connect to my server. Here is information s_client dumps on my screen: = (urjit) test_appopenssl s_client -cipher 'EXP-DES-CBC-SHA' -connect localhost: -verify client_cert/cacert.pem -cert client_cert/cli-cert.pem -crlf -key client_cert/cli-key.pem -ssl3 -debug -msg -state verify depth is 0 CONNECTED(0003) SSL_connect:before/connect initialization write to 0x80e6a10 [0x80f1768] (50 bytes = 50 (0x32)) - 16 03 00 00 2d 01 00 00-29 03 00 44 ab 8b 5e db -...)..D..^. 0010 - df 4c 4d ff 08 f9 2b 85-9c 1e 1b 49 04 00 db 92 .LM...+I 0020 - 59 53 17 7c a7 45 98 ca-c6 33 48 00 00 02 00 08 YS.|.E...3H. 0030 - 01. 0032 - SPACES/NULS SSL 3.0 Handshake [length 002d], ClientHello 01 00 00 29 03 00 44 ab 8b 5e db df 4c 4d ff 08 f9 2b 85 9c 1e 1b 49 04 00 db 92 59 53 17 7c a7 45 98 ca c6 33 48 00 00 02 00 08 01 00 SSL_connect:SSLv3 write client hello A read from 0x80e6a10 [0x80ecf58] (5 bytes = 5 (0x5)) - 15 03 00 00 02. read from 0x80e6a10 [0x80ecf5d] (2 bytes = 2 (0x2)) - 02 28 .( SSL 3.0 Alert [length 0002], fatal handshake_failure 02 28 SSL3 alert read:fatal:handshake failure SSL_connect:failed in SSLv3 read server hello A 31545:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1057:SSL alert number 40 31545:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:534: By looking at earlier successful connection (with different cipher) and comparing the information, I see that the data sent by server as ServerHello is causing the trouble. The length of payload is reported as 2. I am not sure what is causing this. Could someone help. Thanks, ~ Urjit DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Problem building openssl on windows with cygwin
Hi, I am facing problem while building openssl on my windows box (Windows 2000 Professional) with Cygwin. I downloaded the source for openssl 0.9.8b. I followed the steps given inINSTALL.W32: 1) ./config: This goes smooth without any problem 2) make: At this stage I am facing a problem. make gives me the following error make[2]: Entering directory `/cygdrive/d/Downloads/openssl-0.9.8b/crypto/mdc2'gcc -I.. -I../.. -I../../include -D_WINDLL -DOPENSSL_PIC -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486-Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o mdc2dgst.o mdc2dgst.cIn file included from mdc2dgst.c:63:../../include/openssl/mdc2.h:69:2: #error MDC2 is disabled.make[2]: *** [mdc2dgst.o] Error 1make[2]: Leaving directory `/cygdrive/d/Downloads/openssl-0.9.8b/crypto/mdc2'make[1]: *** [subdirs] Error 1make[1]: Leaving directory `/cygdrive/d/Downloads/openssl-0.9.8b/crypto'make: *** [build_crypto] Error 1 = I don't understand what is going wrong here. On the other hand, make depend runs fine. Has anyone faced similar problem earlier and knows whets is going wrong? Could someone tell me if I am missing something here? If you need any more details, that could help you understand the situation better and provide a solution, please let me know. Thank you in advance. ~ Urjit
Problem building openssl on windows with cygwin
Hi, I am facing problem while building openssl on my windows box (Windows 2000 Professional) with Cygwin. I downloaded the source for openssl 0.9.8b. I followed the steps given inINSTALL.W32: 1) ./config: This goes smooth without any problem 2) make: At this stage I am facing a problem. make gives me the following error make[2]: Entering directory `/cygdrive/d/Downloads/openssl-0.9.8b/crypto/mdc2'gcc -I.. -I../.. -I../../include -D_WINDLL -DOPENSSL_PIC -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486-Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o mdc2dgst.o mdc2dgst.cIn file included from mdc2dgst.c:63:../../include/openssl/mdc2.h:69:2: #error MDC2 is disabled.make[2]: *** [mdc2dgst.o] Error 1make[2]: Leaving directory `/cygdrive/d/Downloads/openssl-0.9.8b/crypto/mdc2'make[1]: *** [subdirs] Error 1make[1]: Leaving directory `/cygdrive/d/Downloads/openssl-0.9.8b/crypto'make: *** [build_crypto] Error 1 = I don't understand what is going wrong here. On the other hand, make depend runs fine. Has anyone faced similar problem earlier and knows what is going wrong? Could someone tell me if I am missing something here? If you need any more details, that could help you understand the situation better and provide a solution, please let me know. Thank you in advance. ~ Urjit
Problem building openssl on windows with cygwin
Hi, I am facing problem while building openssl on my windows box (Windows 2000 Professional) with Cygwin. I downloaded the source for openssl 0.9.8b. I followed the steps given inINSTALL.W32: 1) ./config: This goes smooth without any problem 2) make: At this stage I am facing a problem. make gives me the following error make[2]: Entering directory `/cygdrive/d/Downloads/openssl-0.9.8b/crypto/mdc2'gcc -I.. -I../.. -I../../include -D_WINDLL -DOPENSSL_PIC -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486-Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o mdc2dgst.o mdc2dgst.cIn file included from mdc2dgst.c:63:../../include/openssl/mdc2.h:69:2: #error MDC2 is disabled.make[2]: *** [mdc2dgst.o] Error 1make[2]: Leaving directory `/cygdrive/d/Downloads/openssl-0.9.8b/crypto/mdc2'make[1]: *** [subdirs] Error 1make[1]: Leaving directory `/cygdrive/d/Downloads/openssl-0.9.8b/crypto'make: *** [build_crypto] Error 1 = I don't understand what is going wrong here. On the other hand, make depend runs fine. Has anyone faced similar problem earlier and knows what is going wrong? Could someone tell me if I am missing something here? If you need any more details, that could help you understand the situation better and provide a solution, please let me know. Thank you in advance. ~ Urjit
Re: Problem building openssl on windows with cygwin
My earlier mail was sent thrice to the list. I guess there was some problem with my mail client. Apologies to all. ~ Urjit - Original Message - From: Urjit Gokhale To: openssl-users@openssl.org Sent: Monday, May 08, 2006 6:42 PM Subject: Problem building openssl on windows with cygwin Hi, I am facing problem while building openssl on my windows box (Windows 2000 Professional) with Cygwin. I downloaded the source for openssl 0.9.8b. I followed the steps given inINSTALL.W32: 1) ./config: This goes smooth without any problem 2) make: At this stage I am facing a problem. make gives me the following error make[2]: Entering directory `/cygdrive/d/Downloads/openssl-0.9.8b/crypto/mdc2'gcc -I.. -I../.. -I../../include -D_WINDLL -DOPENSSL_PIC -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486-Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c -o mdc2dgst.o mdc2dgst.cIn file included from mdc2dgst.c:63:../../include/openssl/mdc2.h:69:2: #error MDC2 is disabled.make[2]: *** [mdc2dgst.o] Error 1make[2]: Leaving directory `/cygdrive/d/Downloads/openssl-0.9.8b/crypto/mdc2'make[1]: *** [subdirs] Error 1make[1]: Leaving directory `/cygdrive/d/Downloads/openssl-0.9.8b/crypto'make: *** [build_crypto] Error 1 = I don't understand what is going wrong here. On the other hand, make depend runs fine. Has anyone faced similar problem earlier and knows what is going wrong? Could someone tell me if I am missing something here? If you need any more details, that could help you understand the situation better and provide a solution, please let me know. Thank you in advance. ~ Urjit
Re: How is default cipher selected ?
- Original Message - From: Dr. Stephen Henson [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Saturday, March 04, 2006 5:24 AM Subject: Re: How is default cipher selected ? On Sat, Mar 04, 2006, Urjit Gokhale wrote: Hi All, I have an echo server (a C application) which uses SSL. In the serve, calling SSL_get_cipher() and SSL_get_cipher_version() after SSL_accept() returns this: == SSL cipher is : DES-CBC3-SHA SSL cipher version is : TLSv1/SSLv3 == I would like to know how this default cipher suite is selected? Is there any parameter in some configuration file? Is it related to the certificate that the server/client uses? snip Hi Steve, Thanks for replying. snip The ciphersuites the server supports depends on a number of factors... 1. The type of certificates the server uses. Some require RSA some DSA others ECDSA. How does this depend on the certificate? Is there some field in the certificate that specifies this? I need to know this in a little more detail as I will be creating my own CA and issuing certificates to my server and clients. 2. Whether the server has a set of DH or ECDH parameters loaded. I will read more about DH and revert back if I have any more doubts on this. 3. Which ciphersuites are explicitly disabled by the cipher string. Yes. I infact did try that in the server and could see it working. I used SSL_set_cipher_list() for this. 4. Which ciphersuites are disable by the library compilation options: e.g IDEA support may not be compiled in. Okay. In that case, how do I check if some ciphersuites, or any feature for that matter, is (un)available in the library ? What if the feature (a specific ciphersuite in this case) that I need is disabled in the library I am using? I belive the only solution to this is to take the source and build library with that feature enabled? This question is a bit important to me as I need to take a call between using libraries on the customer's machines, or statically linking my application with my library (the one that I know has all the required features enabled) and ship the library alongwith the application to the customer. What do you suggest regarding this ? Steve. Thanks, ~ Urjit __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Can I have SSL for peer authentication only? (and not for data encryption)
Hi all, Thanks for all those mails. I now understand that I can use NULL cipher suite to exchange data without encryption. I understand that on specifying NULL cipher suite, ssl will use RSA authentication. I believe that I will have to call SSL_CTX_set_cipher_list with second argument as NULL SSL_CTX_set_cipher_list(ctx, NULL); And then the application should be able to communicate using SSL_read() and SSL_write(). Please correct me if I am wrong. Now I have a source for a server application. The server goes through the following function sequence: === SSL_context = SSL_CTX_new(SSLv23_method()); SSL_CTX_use_certificate_file(SSL_context, fnbuf, SSL_FILETYPE_PEM); SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM); SSL_CTX_check_private_key(SSL_context); port-ssl = SSL_new(SSL_context); SSL_set_fd(port-ssl, port-sock); SSL_accept(port-ssl); SSL_read(port-ssl, pkt-ptr, pkt-nrtodo); === Now the questions I have here is: 1) Is the server using NULL cipher ? 2) If not, then which authentication and which cipher would it be using ? 3) If I want to force NULL cipher, do I give a call to SSL_CTX_set_cipher_list() before I call SSL_new ? If you want any more information in order to answer the above questions, please do ask me. Thanks, ~ Urjit - Original Message - From: Kyle Hamilton [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, February 02, 2006 9:37 PM Subject: Re: Can I have SSL for peer authentication only? (and not for data encryption) On 2/2/06, Katie Lucas [EMAIL PROTECTED] wrote: On Tue, Jan 24, 2006 at 06:44:30PM +0530, Urjit Gokhale wrote: Hi all, I am planning to use SSL for the communication between my client and server. The idea is to use SSL *mainly* for peer authentication and validation (Both server and client authentication by means of certificates). Regarding the data encryption, I would like to have it as an optional feature. This is already possible with the NULL cipher suite. 1) Is it possible to use SSL only for the sake of peer authentication + validation and transfer un-encrypted data over this channel ? Yes. Remember that SSL/TLS also provides an integrity check to ensure that a session hasn't been hijacked. If this is important to your application, don't shut down the SSL layer as Ms. Lucas suggests. How about; you open the sockets using your socket level interface. Then you attach SSL constructs to both ends, but with the don't close this option. They connect, authenticate each other. You can then use the connection objects to get the peer certificates (you need to do this because the connection will succeed if the client doesn't offer a certificate, whereas you're after BOTH parties being authenticated). If both ends get a validated certificate presented, the connection is authenticated. Close the SSL layer, which will leave you with two natice connected sockets to talk over. 2) Would sacrificing on encryption *really* improve the performance ? We're sending video data, so your mileage may vary, but SSL's symmetric encryption is far faster than the network can move the data and the overhead of TLS is non-noticable for those volumes of data. Yes, it'll remove some strain from your machine, but next year's CPUs will remove that strain from notice. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Can I have SSL for peer authentication only? (and not for data encryption)
Hi all, I am planning to use SSL for the communication between my client and server. The idea is to use SSL *mainly* for peer authentication and validation (Both server and client authentication by means of certificates). Regarding the data encryption, I would like to have it as an optional feature. The motivation behind this desirable feature is that in a particular environment, I am not really worried about the data, but the client talking to my server. I would like to give up on encryption in favor of performance. So the questionsare: 1) Is it possible to use SSL only for the sake of peer authentication + validation and transfer un-encrypted data over this channel ? 2) Would sacrificing on encryption *really* improve the performance ? Thanks, ~ Urjit PS: This is my first mail to this list. So, in case, you think that my questions are out of the scope of this group, or you know of some other group which can yield me better answers, could you please point me to such groups ?