Re: Multiple connection from 1 client

[Gayathri Sundar]

Harshvir,

SO_REUSEADDR sock option has noting to do with ur problem, please go thro
the socket ops man page to get a better understanding. First find out if ur
server code is a blocking i/o or non blocking I/O..if former then
connections will be handled sequentially..only after the 1st client is
finished will the server be able to respond to the 2nd connect request. If
non blocking then there should be no problem. Check the code if you see and
O_NONBLOCK flag set in some fcntl call or check for FIONBIO flag.

Thanks
--Gayathri

On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu  wrote:

> Well i think this link is for my question.
> I have already done 1-5 from the Before you ask list.
> Number 6, i dont know anyone who use openssl.
> Number 7, it will take a lot of time to go through all the code, i was just
> trying to save some time. I thought user discussion forums are for this
> only. I apologize for my understanding.
>
>
> On Fri, May 6, 2011 at 5:18 PM, Jeremy Farrell wrote:
>
>>
>>
>>  *From:* Harshvir Sidhu
>>
>>  Hi,
>>
>>I have a server application, which accepts normal sockets and ssl
>> socket connections. I am trying to make 3 connections to server from 1
>> client machine, on same server port.
>>When i connect on normal sockets then it works with any number of
>> connections.
>>When i tried to connect SSL then they dont work. If i connect 1 client
>> then it works.
>>
>>In my listen socket, I have SO_REUSEADDR socket option, at first i
>> thought might be this is causing issue, but i tried to use
>> SO_EXCLUSIVEADDRUSE even then it dont work.
>>
>>Has someone seen some issue like this, any possible suggestion for
>> this?
>>
>> Thanks,
>>
>> // Harshvir
>>
>>
>> http://www.catb.org/~esr/faqs/smart-questions.html
>>
>>
>>
>
>

Re: Using OpenSSL with non-blocking I/O

[Gayathri Sundar]

I think the openssl src already has sample server and client programs which
are written in non blocking mode ..check wserver2.c if I am able to recall.

On Fri, May 6, 2011 at 2:42 PM, Graham Leggett  wrote:

> On 06 May 2011, at 9:23 PM, derleader mail wrote:
>
>   Can you show us the source code. Paste it into pastebin.org.
>>
>
> We do non blocking SSL by accepting the socket in the normal way (using
> accept, not SSL_accept), and then wrapping the socket in a BIO like this:
>
>BIO *sbio = BIO_new_socket(c->socket, BIO_NOCLOSE);
>SSL *ssl = SSL_new(ctx);
>SSL_set_bio(ssl, sbio, sbio);
>SSL_set_connect_state(ssl);
>
> We then put the socket in the event loop, and on read and write events we
> called SSL_read and SSL_write as appropriate. The first time we call
> SSL_read, the proper handshake is completed.
>
> One thing that you need to support for non blocking SSL to work properly is
> to take account the fact that during SSL_write, SSL may want to read from
> the socket, and during SSL_read, SSL may want to write. We keep track of
> whether a "ready to read" event should call SSL_read or SSL_write as
> appropriate, reacting to the SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE
> result codes.
>
> Regards,
> Graham
> --
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
>

Re: Multiple connection from 1 client

[Gayathri Sundar]

Harsh,

Okay from what I can understand, if you make ur underlying fd non blocking
then it would work fine. Blocking FDs, unless and until one client is
finished with its processing the other client will not be able to
communicate with the server as the previous fd is blocked. The server is
waiting on the 1st client to finish. When you have 3 ports and 3 clients
then ofcourse it will work.

thanks
--Gayathri

On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu  wrote:

> Gayatri,
> My server code is single threaded and i am using blocking sockets, i am
> using fd_set and select to wait for event on socket, and then performing
> operation based on the event that acts on a socket.
> I have an array of sockets to listen. So if i start listening on 3
> different ports and from my client machien, i try to connect on them at
> different ports then it works fine, but when i use 1 listen port then it
> dont work properly. What i mean to say by work properly is that the
> connection is established, but when i am waiting for select to return event,
> then it dont show any activity when i send data from client, only 1 of them
> works, 2 dont work.
> In addition to that, when i use WireShark to see packets, then it shows
> that machine has received the packet from client. But server dont show that
> alert.
> Thats why i think it could be some socket option which is affecting it.
>
> // Harshvir
>
>
> On Fri, May 6, 2011 at 5:37 PM, Gayathri Sundar wrote:
>
>> Harshvir,
>>
>> SO_REUSEADDR sock option has noting to do with ur problem, please go thro
>> the socket ops man page to get a better understanding. First find out if ur
>> server code is a blocking i/o or non blocking I/O..if former then
>> connections will be handled sequentially..only after the 1st client is
>> finished will the server be able to respond to the 2nd connect request. If
>> non blocking then there should be no problem. Check the code if you see and
>> O_NONBLOCK flag set in some fcntl call or check for FIONBIO flag.
>>
>> Thanks
>> --Gayathri
>>
>>
>> On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu wrote:
>>
>>> Well i think this link is for my question.
>>> I have already done 1-5 from the Before you ask list.
>>> Number 6, i dont know anyone who use openssl.
>>> Number 7, it will take a lot of time to go through all the code, i was
>>> just trying to save some time. I thought user discussion forums are for this
>>> only. I apologize for my understanding.
>>>
>>>
>>> On Fri, May 6, 2011 at 5:18 PM, Jeremy Farrell 
>>> wrote:
>>>
>>>>
>>>>
>>>>  *From:* Harshvir Sidhu
>>>>
>>>>  Hi,
>>>>
>>>>I have a server application, which accepts normal sockets and ssl
>>>> socket connections. I am trying to make 3 connections to server from 1
>>>> client machine, on same server port.
>>>>When i connect on normal sockets then it works with any number of
>>>> connections.
>>>>When i tried to connect SSL then they dont work. If i connect 1
>>>> client then it works.
>>>>
>>>>In my listen socket, I have SO_REUSEADDR socket option, at first i
>>>> thought might be this is causing issue, but i tried to use
>>>> SO_EXCLUSIVEADDRUSE even then it dont work.
>>>>
>>>>Has someone seen some issue like this, any possible suggestion for
>>>> this?
>>>>
>>>> Thanks,
>>>>
>>>> // Harshvir
>>>>
>>>>
>>>> http://www.catb.org/~esr/faqs/smart-questions.html
>>>>
>>>>
>>>>
>>>
>>>
>>
>

Re: Multiple connection from 1 client

[Gayathri Sundar]

Yes, you need to make the underlying socket non blocking, and at the
same time gotta change the way you call SSL_accept, SSL_read, write
etc to handle non block error conditions like want_read, want_write
errors, use the code Eric has given to make the fd non block, or u can
also set the bio non block by using FIONBIO option. basically you
really need to write an asynchronous state machine.

Thanks
--Gayathri

On Friday, May 6, 2011, Harshvir Sidhu  wrote:
> Thanks for the reply Gayathri.Do you mean to changing the sockets to non 
> blocking, or when i create bio for ssl to make that as non blocking?
> Thanks.
> On Fri, May 6, 2011 at 6:03 PM, Gayathri Sundar  wrote:
> Harsh,
> Okay from what I can understand, if you make ur underlying fd non blocking 
> then it would work fine. Blocking FDs, unless and until one client is 
> finished with its processing the other client will not be able to communicate 
> with the server as the previous fd is blocked. The server is waiting on the 
> 1st client to finish. When you have 3 ports and 3 clients then ofcourse it 
> will work.
>
>
> thanks--Gayathri
>
> On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu  wrote:
> Gayatri,My server code is single threaded and i am using blocking sockets, i 
> am using fd_set and select to wait for event on socket, and then performing 
> operation based on the event that acts on a socket.
>
> I have an array of sockets to listen. So if i start listening on 3 different 
> ports and from my client machien, i try to connect on them at different ports 
> then it works fine, but when i use 1 listen port then it dont work properly. 
> What i mean to say by work properly is that the connection is established, 
> but when i am waiting for select to return event, then it dont show any 
> activity when i send data from client, only 1 of them works, 2 dont work.
>
>
> In addition to that, when i use WireShark to see packets, then it shows that 
> machine has received the packet from client. But server dont show that 
> alert.Thats why i think it could be some socket option which is affecting it.
>
>
>
> // Harshvir
>
> On Fri, May 6, 2011 at 5:37 PM, Gayathri Sundar  wrote:
> Harshvir,
> SO_REUSEADDR sock option has noting to do with ur problem, please go thro the 
> socket ops man page to get a better understanding. First find out if ur 
> server code is a blocking i/o or non blocking I/O..if former then connections 
> will be handled sequentially..only after the 1st client is finished will the 
> server be able to respond to the 2nd connect request. If non blocking then 
> there should be no problem. Check the code if you see and O_NONBLOCK flag set 
> in some fcntl call or check for FIONBIO flag.
>
>
>
>
> Thanks--Gayathri
>
> On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu  wrote:
> Well i think this link is for my question.I have already done 1-5 from the 
> Before you ask list.Number 6, i dont know anyone who use openssl.
>
>
>
> Number 7, it will take a lot of time to go through all the code, i was just 
> trying to save some time. I thought user discussion forums are for this only. 
> I apologize for my understanding.
>
>
> On Fri, May 6, 2011 at 5:18 PM, Jeremy Farrell  
> wrote:
>
>
>
>
>
>
>
>
>
>
>
>
>   From: Harshvir Sidhu
>
>
>
>   Hi,
>
>      I have a server application, which accepts normal sockets
>   and ssl socket connections. I am trying to make 3 connections to server
>   from 1 client machine, on same server port.
>      When i connect on normal sockets then it works with any
>   number of connections.
>      When i tried to connect SSL then they dont work. If i
>   connect 1 client then it works.
>
>      In my listen socket, I have SO_REUSEADDR
>   socket option, at first i thoug
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Multiple connection from 1 client

[Gayathri Sundar]

Harsh.,

If u have any specific doubts in writing this asynchronous state
machine email me privately at suraj...@gmail.com.
I am pretty much jobless right now and can spend some time on this.

Thanks
--Gayathri


On Friday, May 6, 2011, Harshvir Sidhu  wrote:
> Thanks, I will give this a try.
> // Harshvir
>
> On Fri, May 6, 2011 at 6:44 PM, Eric S. Eberhard  wrote:
> Change the sockets.  This is what I use:
>
> int setblock(fd, mode)
> int fd;
> int mode;                       /* True - blocking, False - non blocking */
> {
>         int flags;
>         int prevmode;
>
>         flags = fcntl(fd, F_GETFL, 0);
>         prevmode = !(flags & O_NDELAY);
>         if (mode)
>                 flags &= ~O_NDELAY;             /* turn blocking on */
>         else
>                 flags |= O_NDELAY;              /* turn blocking off */
>         fcntl(fd, F_SETFL, flags);
>
>         return prevmode;
> }
>
> Since it returns the existing mode you can use as such:
>
> prevmode = setblock(fd,0)                       /* turn of blocking */
> /* do your thing */
> (void)setblock(fd,prevmode);                    /* restore to original 
> condition */
>
> At 04:15 PM 5/6/2011, you wrote:
>
> Thanks for the reply Gayathri.
> Do you mean to changing the sockets to non blocking, or when i create bio for 
> ssl to make that as non blocking?
>
> Thanks.
>
>
> On Fri, May 6, 2011 at 6:03 PM, Gayathri Sundar 
> <<mailto:suraj...@gmail.com>suraj...@gmail.com> wrote:
> Harsh,
>
> Okay from what I can understand, if you make ur underlying fd non blocking 
> then it would work fine. Blocking FDs, unless and until one client is 
> finished with its processing the other client will not be able to communicate 
> with the server as the previous fd is blocked. The server is waiting on the 
> 1st client to finish. When you have 3 ports and 3 clients then ofcourse it 
> will work.
>
> thanks
> --Gayathri
>
>
>
> On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu 
> <<mailto:hvssi...@gmail.com>hvssi...@gmail.com> wrote:
> Gayatri,
> My server code is single threaded and i am using blocking sockets, i am using 
> fd_set and select to wait for event on socket, and then performing operation 
> based on the event that acts on a socket.
> I have an array of sockets to listen. So if i start listening on 3 different 
> ports and from my client machien, i try to connect on them at different ports 
> then it works fine, but when i use 1 listen port then it dont work properly. 
> What i mean to say by work properly is that the connection is established, 
> but when i am waiting for select to return event, then it dont show any 
> activity when i send data from client, only 1 of them works, 2 dont work.
> In addition to that, when i use WireShark to see packets, then it shows that 
> machine has received the packet from client. But server dont show that alert.
> Thats why i think it could be some socket option which is affecting it.
>
> // Harshvir
>
>
>
> On Fri, May 6, 2011 at 5:37 PM, Gayathri Sundar 
> <<mailto:suraj...@gmail.com>suraj...@gmail.com> wrote:
> Harshvir,
>
> SO_REUSEADDR sock option has noting to do with ur problem, please go thro the 
> socket ops man page to get a better understanding. First find out if ur 
> server code is a blocking i/o or non blocking I/O..if former then connections 
> will be handled sequentially..only after the 1st client is finished will the 
> server be able to respond to the 2nd connect request. If non blocking then 
> there should be no problem. Check the code if you see and O_NONBLOCK flag set 
> in some fcntl call or check for FIONBIO flag.
>
> Thanks
> --Gayathri
>
>
>
> On Fri, May 6, 2011 at 5:29 PM, Harshvir Sidhu 
> <<mailto:hvssi...@gmail.com>hvssi...@gmail.com> wrote:
> Well i think this link is for my question.
> I have already done 1-5 from the Before you ask list.
> Number 6, i dont know anyone who use openssl.
> Number 7, it will take a lot of time to go through all the code, i was just 
> trying to save some time. I thought user discussion forums are for this only. 
> I apologize for my understanding.
>
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Multiple connection from 1 client

[Gayathri Sundar]

Hi.,

Yes, once you make the socket noblocking, your current ssl API,s will
not work. that is why I asked you to write the asynchronous state
machine. Go thro the man pages for ssl accept, ssl read, ssl write for
non blocking cases. You need to handle special cases called want read
and write errors.

I will send a detailed email a little later.

Thanks
--Gayathri
On Monday, May 9, 2011, Harshvir Sidhu  wrote:
>
> Hi,
>     I used the following code to change the socket to non blocking, but its 
> still not successful, now its not even able to complete SSL_Accept. I am 
> changing the socket option for the accepted socket.
>
>  unsigned long iMode = 1;
>  int nReturn = ioctlsocket(sock, FIONBIO, &iMode);
>  if(nReturn != NO_ERROR)
>  {
>  printf(("ioctlsocket failed with error: %ld\n", nReturn));
>  }
>
>     Also i suspect, that if i change the socket to non blocking, then my 
> current read write code will not work. i mean the one in which i use FD_SET 
> and select to perform operations.
>
> Thanks.
>
> // Harshvir
>
>
>
>
> On Fri, May 6, 2011 at 10:33 PM, Gayathri Sundar  wrote:
> Harsh.,
>
> If u have any specific doubts in writing this asynchronous state
> machine email me privately at suraj...@gmail.com.
> I am pretty much jobless right now and can spend some time on this.
>
> Thanks
> --Gayathri
>
>
>
>
>
> On Friday, May 6, 2011, Harshvir Sidhu  wrote:
>> Thanks, I will give this a try.
>> // Harshvir
>>
>> On Fri, May 6, 2011 at 6:44 PM, Eric S. Eberhard  wrote:
>> Change the sockets.  This is what I use:
>>
>> int setblock(fd, mode)
>> int fd;
>> int mode;                       /* True - blocking, False - non blocking */
>> {
>>         int flags;
>>         int prevmode;
>>
>>         flags = fcntl(fd, F_GETFL, 0);
>>         prevmode = !(flags & O_NDELAY);
>>         if (mode)
>>                 flags &= ~O_NDELAY;             /* turn blocking on */
>>         else
>>                 flags |= O_NDELAY;              /* turn blocking off */
>>         fcntl(fd, F_SETFL, flags);
>>
>>         return prevmode;
>> }
>>
>> Since it returns the existing mode you can use as such:
>>
>> prevmode = setblock(fd,0)                       /* turn of blocking */
>> /* do your thing */
>> (void)setblock(fd,prevmode);                    /* restore to original 
>> condition */
>>
>> At 04:15 PM 5/6/2011, you wrote:
>>
>> Thanks for the reply Gayathri.
>> Do you mean to changing the sockets to non blocking, or when i create bio 
>> for ssl to make that as non blocking?
>>
>> Thanks.
>>
>>
>> On Fri, May 6, 2011 at 6:03 PM, Gayathri Sundar 
>> <<mailto:suraj...@gmail.com>suraj...@gmail.com> wrote:
>> Harsh,
>>
>> Okay from what I can understand, if you make ur underlying fd non blocking 
>> then it would work fine. Blocking FDs, unless and until one client is 
>> finished with its processing the other client will not be able to 
>> communicate with the server as the previous fd is blocked. The server is 
>> waiting on the 1st client to finish. When you have 3 ports and 3 clients 
>> then ofcourse it will work.
>>
>> thanks
>> --Gayathri
>>
>>
>>
>> On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu 
>> <<mailto:hvssi...@gmail.com>hvssi...@gmail.com> wrote:
>> Gayatri,
>> My server code is single threaded and i am using blocking sockets, i am 
>> using fd_set and select to wait for event on socket, and then performing 
>> operation based on the event that acts on a socket.
>> I have an array of sockets to listen. So if i start listening on 3 different 
>> ports and from my client machien, i try to connect on them at different 
>> ports then it works fine, but when i use 1 listen port then it dont work 
>> properly. What i mean to say by work properly is that the connection is 
>> established, but when i am waiting for select to return event, then it dont 
>> show any activity when i send data from client, only 1 of them works, 2 dont 
>> work.
>> In addition to that, when i use WireShark to see packets, then it shows that 
>> machine has received the packet from client. But server dont show that alert.
>> Thats why i think it could be some socket option which is affecting it.
>>
>> // Harshvir
>>
>>
>>
>> On Fri, May 6, 2011 at 5:37 PM, Gayathri Sundar 
>> <<mailto:suraj...@gmail.com>suraj...@gmail.com> wrote:
>> Harshv

Re: Multiple connection from 1 client

[Gayathri Sundar]

Hi Eric.,

First of all i am a she :) and I took a maternity break off from
work..which is why I am jobless..but busy feeding and diapering my
little one :)..sure I can take up your offer, please email me at
suraj...@gmail.com.

harsh.,

The thing is as Eric says, you really have to rewrite ur server code
once you make the fd non blocking..a simple fcntl is enuf. Also I
would personally prefer sys poll over select on Linux..u could
research about the former. Select is boring to me.
the whole idea of non blocking is that a single call to ssl accept is
not going to finish the complete ssl handshake. If you read the rfc
you will know the multiple messages that are exchanged for a single
ssl handshake, so in-between every read and write for the ssl
handshake the non blocking fd would actually give you time to do
"something else" . So what you really need is a state machine, which
is noting but a array of function pointers (2d) in this case.

I would write something like this

States:  ssl accept pending, ssl accepted, ssl read blocked on write,
ssl read,  ssl write blocked on read, ssl write,  ssl renegotiate
Have a function for each state specified above which would do
ssl_accept, ssl_read, ssl_write and so on.

Thanks
--Gayathri



On Monday, May 9, 2011, Eric S. Eberhard  wrote:
> Harsh,
>
> I would take up his offer of help.  Socket control over multiple sockets is 
> tricky code and very specific to what you are trying to do.  My environment 
> is single threaded and does similar things to yours -- but as Gayathri said, 
> there are many details and exceptions and although with some online help or 
> books I am sure with enough time you could do it (took me forever the first 
> time) I suspect that this offer is as good as they get.  I am not jobless 
> (lucky me) so I can't put in the time he can.
>
> Gayathri -- would you be interested in pure C coding on a contract basis 
> (intermittent, not really a job, more like occasional tasks) -- the code we 
> write runs on AIX, Linux, OS/X, SCO, HP/UX, Centos, etc. so it is a little 
> tricky to make work.  If you have interest let me know your rates and real 
> email and so forth.
>
> Thanks, Eric
>
>
> At 08:33 PM 5/6/2011, you wrote:
>
> Harsh.,
>
> If u have any specific doubts in writing this asynchronous state
> machine email me privately at suraj...@gmail.com.
> I am pretty much jobless right now and can spend some time on this.
>
> Thanks
> --Gayathri
>
>
> On Friday, May 6, 2011, Harshvir Sidhu  wrote:
>> Thanks, I will give this a try.
>> // Harshvir
>>
>> On Fri, May 6, 2011 at 6:44 PM, Eric S. Eberhard  wrote:
>> Change the sockets.  This is what I use:
>>
>> int setblock(fd, mode)
>> int fd;
>> int mode;                       /* True - blocking, False - non blocking */
>> {
>>         int flags;
>>         int prevmode;
>>
>>         flags = fcntl(fd, F_GETFL, 0);
>>         prevmode = !(flags & O_NDELAY);
>>         if (mode)
>>                 flags &= ~O_NDELAY;             /* turn blocking on */
>>         else
>>                 flags |= O_NDELAY;              /* turn blocking off */
>>         fcntl(fd, F_SETFL, flags);
>>
>>         return prevmode;
>> }
>>
>> Since it returns the existing mode you can use as such:
>>
>> prevmode = setblock(fd,0)                       /* turn of blocking */
>> /* do your thing */
>> (void)setblock(fd,prevmode);                    /* restore to original 
>> condition */
>>
>> At 04:15 PM 5/6/2011, you wrote:
>>
>> Thanks for the reply Gayathri.
>> Do you mean to changing the sockets to non blocking, or when i create bio 
>> for ssl to make that as non blocking?
>>
>> Thanks.
>>
>>
>> On Fri, May 6, 2011 at 6:03 PM, Gayathri Sundar 
>> <<mailto:suraj...@gmail.com>suraj...@gmail.com> wrote:
>> Harsh,
>>
>> Okay from what I can understand, if you make ur underlying fd non blocking 
>> then it would work fine. Blocking FDs, unless and until one client is 
>> finished with its processing the other client will not be able to 
>> communicate with the server as the previous fd is blocked. The server is 
>> waiting on the 1st client to finish. When you have 3 ports and 3 clients 
>> then ofcourse it will work.
>>
>> thanks
>> --Gayathri
>>
>>
>>
>> On Fri, May 6, 2011 at 5:50 PM, Harshvir Sidhu 
>> <<mailto:hvssi...@gmail.com>hvssi...@gmail.com> wrote:
>> Gayatri,
>> My server code is single threaded and i am using blocking sockets, i am 
>> using fd_set and select to wait for event on socket, and then performing 
&

Re: Clients glomming onto a listener

[Gayathri Sundar]

Eric, you must be really kidding this time :), servers with this
architecture are susceptible to dos and what not..am sure for embedded
systems where memory is a big limiting factor the best would be async
design, also code becomes easily portable in future.

On Wed, May 11, 2011 at 10:39 AM, Eric S. Eberhard wrote:

> I have found that fork() on modern machines as a negligible affect on
> performance and in fact I almost always use inetd instead of writing my own
> servers, mainly because it is dead reliable, easier to code, and again seems
> to have negligible affect on performance.  One would have to do millions
> upon millions of connects to notice or care.  Having said that, I use AIX
> mostly, and that performs better under load than Linux on Intel, and even
> Linux on the IBM p series platform.  I would do it cheap and easy and worry
> about performance after-the-fact. Eric
>
> At 04:46 PM 5/10/2011, you wrote:
>
>  On 10 May 2011, at 4:13 PM, David Schwartz wrote:
>> > On 5/10/2011 2:10 AM, John Hollingum wrote:
>> >> Pretty much immediately after the accept the program forks a handler,
>> >> but the rogue clients must be glomming onto the main process before the
>> >> SSL negotiation is complete.
>> >
>> > Calling 'fork' with an accepted SSL connection has all kinds of known
>> issues. The fundamental problem is that there are many operations that must
>> occur both before and after the 'fork', for different reasons, and obviously
>> can't do both.
>>
>> You could accept just the TCP connection in the main process and do all of
>> the SSL handshake in the forked process (I think
>> IO::Socket::SSL->start_SSL() is what you want for that) --- this would not
>> be a high-performance approach (no SSL session cache, fork overhead) but if
>> it's fast enough it's fast enough.
>>
>> It's possible to use openssl in a non-blocking, event-driven manner but I
>> don't think Perl's SSL modules expose enough of the openssl API to do that.
>>
>>
>> __
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing Listopenssl-users@openssl.org
>> Automated List Manager   majord...@openssl.org
>>
>
>
> Eric S. Eberhard
> (928) 567-3727  Voice
> (928) 567-6122  Fax
> (928) 301-7537   Cell
>
> Vertical Integrated Computer Systems, LLC
> Metropolis Support, LLC
>
> For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com
>
> Pictures of Snake in Spring
>
> http://www.facebook.com/album.php?aid=115547&id=1409661701&l=1c375e1f49
>
> Pictures of Camp Verde
>
> http://www.facebook.com/album.php?aid=12771&id=1409661701&l=fc0e0a2bcf
>
> Pictures of Land Cruiser in Sedona
>
> http://www.facebook.com/album.php?aid=50953&id=1409661701
>
> Pictures of Flagstaff area near our cabin
>
> http://www.facebook.com/album.php?aid=12750&id=1409661701
>
> Pictures of Cheryl in a Horse Show
>
> http://www.facebook.com/album.php?aid=32484&id=1409661701
>
>
> Pictures of the AZ Desert
>
> http://www.facebook.com/album.php?aid=58827&id=1409661701
>
> (You can see why we love this state :-) )
>
>
>
>
>
>
>
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
>

Re: Core occurred while executing SSL_library_init() and call back method locking_function()

[Gayathri Sundar]

Can u share the parsed core file?

On Wednesday, May 11, 2011, Mani Suresh  wrote:
>
> While executing the below code its coring randomly in two cases,
>
> 1) While executing the method SSL_library_init() in the constructor.
> 2) Coring while executing the call back method locking_function().
>
> We are not sure, now the call back method is calling after it is set to NULL
>
> Ex : CRYPTO_set_locking_callback(NULL)
>
> Here, after we set to NULL its calling the call back method.
>
> We want to make sure it should not be called after setting to NULL.
>
> It will be great if someone explain me in detail, how the call back
> mechanism works internally.
>
> Code:
> -
> pthread_mutex_t *SslBIO::_lnSslBioMutex=NULL;
>
> void SslBIO::locking_function(int mode, int type, const char * file, int
> line)
> {
>   int rstat;
>   if (mode & CRYPTO_LOCK)
>   {
>     fprintf(stderr, "\nDEBUG: Locking the Mutex _lnSslBioMutex[%d] Mode = %d
> File :%s Line No : %d\n",type,mode,file,line);
>     rstat = pthread_mutex_lock(&(SslBIO::_lnSslBioMutex[type]));
>     lnChkMutex(rstat, FL);
>   }
>   else
>   {
>     fprintf(stderr, "\nDEBUG: UnLocking the Mutex _lnSslBioMutex[%d] Mode =
> %d File :%s Line No : %d\n",type,mode,file,line);
>     rstat = pthread_mutex_unlock(&(SslBIO::_lnSslBioMutex[type]));
>     lnChkMutex(rstat, FL);
>   }
> }
>
> unsigned long SslBIO::id_function()
> {
>   unsigned long ulThreadId = (unsigned long)pthread_self();
>   fprintf(stderr, "\nDEBUG: Thread ID = %d\n",ulThreadId);
>   return (ulThreadId);
> }
>
> int SslBIO::init(const char * initarg)
> {
>      int i;
>
>     _lnSslBioMutex = (pthread_mutex_t *) OPENSSL_malloc(CRYPTO_num_locks() *
> sizeof(pthread_mutex_t));
>
>     if (!_lnSslBioMutex)
>       return 0;
>
>     fprintf(stderr, "\nDEBUG: Number of Locks(CRYPTO_NUM_LOCKS) = %d
> \n",CRYPTO_num_locks());
>
>     for(i=0;i     {
>       fprintf(stderr, "\nDEBUG: Initialize the Mutex
> _lnSslBioMutex[%d]\n",i);
>       int rstat = pthread_mutex_init(&(_lnSslBioMutex[i]),
> pthread_mutexattr_default);
>       lnChkMutex(rstat, FL);
>     }
>
>     CRYPTO_set_id_callback(SslBIO::id_function);
>     CRYPTO_set_locking_callback(SslBIO::locking_function);
>
>
>    return 0;
> }
>
> int SslBIO::terminate()
> {
>   int i = 0;
>   int rstat;
>   if (!_lnSslBioMutex)
>   {
>     return 0;
>   }
>
>   CRYPTO_set_id_callback(NULL);
>   CRYPTO_set_locking_callback(NULL);
>
>   for(i=0;i   {
>     fprintf(stderr, "\nDEBUG: Cleanup the Mutex _lnSslBioMutex[%d]\n",i);
>     rstat = pthread_mutex_destroy(&(_lnSslBioMutex[i]));
>     lnChkMutex(rstat, FL);
>   }
>
>   OPENSSL_free(_lnSslBioMutex);
>   _lnSslBioMutex = NULL;
> }
>
> SslBIO::SslBIO(const char *host,
>                  const int port, const int timeout,
>                  int &retCode, int blockingConnect)
> {
>   _debug = 0;
>   _lnreqctx = 0;
>   _type = SslBIO::CALLER;
>   _totSent = 0;
>   _totReceived = 0;
>   _errBuf[0] = '\0';
>   if(host!=NULL)
>     strcpy(_hostName,(char *)host);
>   _portNum = port;
>
>   retCode = FAIL;
>
>
>
>   /* Set up the library */
>   SSL_library_init();
>   ERR_load_BIO_strings();
>   SSL_load_error_strings();
>   OpenSSL_add_all_algorithms();
>
>   _sslctx = SSL_CTX_new(SSLv23_client_method());
>   if(_sslctx == 0)
>   {
>     fprintf(stderr, "failed SslBIO::SslBIO. SslBIO not initialized.
> _sslctx=0\n");
>     return;
>   }
>
>   _bio = BIO_new_ssl_connect(_sslctx);
>
>
>   BIO_get_ssl(_bio, &_ssl);
>   SSL_set_mode(_ssl, SSL_MODE_AUTO_RETRY);
>
>   /* Create and setup the connection */
>   BIO_set_conn_hostname(_bio, _hostName); //
> "cdc13-www.lexisnexis.com:https");
>   BIO_set_conn_int_port(_bio, &_portNum); // "443");
>
>   if(BIO_do_connect(_bio) <= 0)
>   {
>       fprintf(stderr, "Error attempting to connect
> [%s[%d]]\n",_hostName,_portNum);
>       ERR_print_errors_fp(stderr);
>       BIO_free_all(_bio);
>       _bio = NULL; //Nullify the _bio member object after deallocating
>       return;
>   }
>   else
>   {
>     fprintf(stderr, "SslBIO: connected[%s[%d]]\n",_hostName,_portNum);
>   }
>
>   /* Check the certificate */
>
>   if(SSL_get_verify_result(_ssl) != X509_V_OK)
>   {
>       fprintf(stderr, "Certificate verification error: %i\n",
> SSL_get_verify_result(_ssl));
>   }
>
>   _timeout = timeout;
>   retCode = OK;
> }
>
>
> SslBIO::~SslBIO() {
>
>   /* Close the connection and free the context */
>   if (_bio != 0)
>   {
>     BIO_free_all(_bio);
>     _bio=NULL; // bulletproof for webstar 3019980
>   }
>   if (_sslctx != 0)
>   {
>     fprintf(stderr, "Freeing SslBIO::_sslctx\n");
>     SSL_CTX_free(_sslctx);
>     _sslctx=NULL; // bulletproof for webstar 3019980
>   }
> }
>
> int SslBIO::read(char *buf, int len, int &currRead)
> {
>   int  retCode;
>
>   if (buf == LN_NULL)
>   {
>       return(FAIL);
>   }
>
>   printf("DEBUG: Before Read \n");
>   currRead = BIO_read(_bio, buf, len);
>   printf("DEBUG: After Read currRead = %d Buf = %s Length =
> %d\n",currRead,buf,len);
>
>   if

Re: Application is failing with cipher or hash unavailable

[Gayathri Sundar]

can you give some specific cipher like rc4-md5 using the --cipher command
and see if it goes thro? maybe the 1st cipher suite sent by the client is
not available with the server or something..you can use mozilla and edit the
cipher suites in the advance tab or use openssl client connect command and
supply some specific cipher which u know for sure is available on the
server.

On Wed, May 11, 2011 at 2:54 PM, pradeepreddy wrote:

>
> Hi ,
>
> My application is running with OpenSSL 0.9.8h 28 May 2008 in gentoo linux:
> >uname -a
> Linux localhost 2.6.32.9 #1 SMP Thu Jul 8 14:30:23 Local time zone must be
> set--see zic m i686 Intel(R) Pentium(R) D CPU 2.80GHz GenuineIntel
> GNU/Linux
>
> But ssl hand shake is failing with below error:
> SSL_ERROR_SSL error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or
> hash unavailable
>
> But on same linux, "openssl s_client -connect "server:8443" -cert
> client.pem
> -CAfile ca-win.pem", is wokring
>
> CONNECTED(0003)
> ---
> Certificate chain
>  0 s:/C=/ST=/L=/O=/OU=DGM/DC=CN=A1
>  1 s:/DC=/DC=/DC=/DC=/CN=A1
>   i:/DC=/DC=/DC=/DC=/CN=A1
> ---
> Server certificate
> -BEGIN CERTIFICATE-
> MAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4IBAQBd4LfcDl5d3ODPjBBDy7bL
> YX6uDP6yG+RdbwR9ul4WRhOUXqb0jkHbaGy/Qlz70TGqfSme81yvLsYmChKTFloU
> 3NDIRAqagGntPXyaR6WjbV652SYtENTL7RONZhxGyeqDF0ns5fLUAdE2eGYN9f3Y
> X/k/vFrFnKEmEBEWlciwQjr7vag21YGBtIEeopqnRqN64HCGUVKWqap0sQXAJD/4
> -END CERTIFICATE-
> subject=/C=/ST=/L=/O=/OU=/CN=XY2
> issuer=/DC=/DC=/DC=dev/DC=/CN=A1
> ---
> Acceptable client certificate CA names
> /DC=/DC=/DC=/DC=/CN=A1
> ---
> SSL handshake has read 3241 bytes and written 3148 bytes
> ---
> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
> Server public key is 2048 bit
> Compression: NONE
> Expansion: NONE
> SSL-Session:
>Protocol  : TLSv1
>Cipher: DHE-RSA-AES256-SHA
>Session-ID:
>Session-ID-ctx:
>Master-Key: C47BF1691AB846E449B5FA9E29EC4E25312D4C501
>Key-Arg   : None
>Start Time: 1305122070
>Timeout   : 300 (sec)
>Verify return code: 0 (ok)
> ---
>
> --
> View this message in context:
> http://old.nabble.com/Application-is-failing-with-cipher-or-hash-unavailable-tp31597508p31597508.html
> Sent from the OpenSSL - User mailing list archive at Nabble.com.
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
>

Re: Application is failing with cipher or hash unavailable

[Gayathri Sundar]

You could hack ur client and server to use cipher null and see the
alert in clear..most,y should be digest failure.

On Monday, May 16, 2011, pradeepreddy  wrote:
>
> Hi,
>
>
> After lot of struggles, finally get rid of this error, but I cant tell the
> reason, how was it rectified.
> We installed our libs on a new machine.
>
> Now a different error is seen.
>
> After client and server conection is established, TLSv1 Encrypted Alert+21
> is sent by the client.
>
> Google search did not help. All I could find out was, error alert is
> encrypted. Did not understand what condition was seen by client's openssl to
> throw this error and how to know the condition?
>
> Any inputs on this.
>
>
> Dave Thompson-5 wrote:
>>
>>> From: owner-openssl-us...@openssl.org On Behalf Of pradeepreddy
>>> Sent: Thursday, 12 May, 2011 18:37
>>
>>> I have tried with all the ciphers. This same application works well on
>>> windows.
>>>
>>> I run my application again with s_server, but hit with the same error:
>>> SSL_ERROR_SSL
>>> error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or
>>> hash unavailable
>>>
>>> And on s_server [with -msg -debug], folwing messages are :
>>>
>>> client hello
>>> server hello
>>> SSL_accept:SSLv3 write certificate A
>>> >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
>>>     0e 00 00 00
>>> SSL_accept:SSLv3 write server done A
>>> SSL_accept:SSLv3 flush data
>>> SSL_accept:failed in SSLv3 read client certificate A
>>> ERROR
>>> shutting down SSL
>>> CONNECTION CLOSED
>>> SSL_accept:failed in SSLv3 read client certificate A
>>
>> Both -msg and -debug should have given you (redundant)
>> hex dumps of all messages; did you delete them?
>> But only -state, which you didn't say you used, should give
>> lines like 'SSL_accept:SSLv3 write server done A' .
>>
>> If there is no ServerKeyExchange (you didn't just delete it)
>> then the selected suite probably uses RSA key agreement.
>> But that doesn't help much; there are kRSA suites with
>> all or nearly all data-ciphers and several hashes.
>>
>> You can decode the dump of client-hello to determine what
>> list of suites (and compressions) the client is offering,
>> and of server-hello to determine what the server selected.
>> If you can install wireshark from www.wireshark.org on a
>> personal Windows machine that sees the same network link,
>> that can do the decode for you automatically.
>> There may be equivalent tools for Unix, but I don't know.
>>
>>> This mean, client and server are agreed on cipher.  In what
>>> cases client
>>> verifies the TLS1_SETUP_KEY_BLOCK? which drove client to
>>> throw this error?
>>>
>> It's not a matter of verifying. The client is trying to
>> *do* setup for the selected suite, and also compression,
>> and failing. "Key" setup is a slightly misleading name;
>> it's actually setting several internal pointers as well as
>> the actual keys, and this first step -- determining pointers
>> effectively to code for the selected cipher, hash, and
>> compression -- is what is failing.
>>
>> Most likely the client has offered a suite or compression
>> it doesn't actually support, which it shouldn't, or some of
>> OpenSSL's memory has been clobbered by a bug in your client.
>>
>> Look at the selected suite in server-hello, and compare
>> to the build options for the build(s) you are using.
>>
>>
>>
>> __
>> OpenSSL Project                                 http://www.openssl.org
>> User Support Mailing List                    openssl-users@openssl.org
>> Automated List Manager                           majord...@openssl.org
>>
>>
>
> --
> View this message in context: 
> http://old.nabble.com/Application-is-failing-with-cipher-or-hash-unavailable-tp31597508p31628139.html
> Sent from the OpenSSL - User mailing list archive at Nabble.com.
>
> __
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org
>
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Application is failing with cipher or hash unavailable

[Gayathri Sundar]

Alert 21 seems to be decryption failure.

Sent from my iPad

On May 16, 2011, at 6:12 AM, pradeepreddy  wrote:

> 
> Hi,
> 
> 
> After lot of struggles, finally get rid of this error, but I cant tell the
> reason, how was it rectified.
> We installed our libs on a new machine.
> 
> Now a different error is seen.
> 
> After client and server conection is established, TLSv1 Encrypted Alert+21
> is sent by the client.
> 
> Google search did not help. All I could find out was, error alert is
> encrypted. Did not understand what condition was seen by client's openssl to
> throw this error and how to know the condition? 
> 
> Any inputs on this.
> 
> 
> Dave Thompson-5 wrote:
>> 
>>> From: owner-openssl-us...@openssl.org On Behalf Of pradeepreddy
>>> Sent: Thursday, 12 May, 2011 18:37
>> 
>>> I have tried with all the ciphers. This same application works well on
>>> windows.
>>> 
>>> I run my application again with s_server, but hit with the same error:
>>> SSL_ERROR_SSL
>>> error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or 
>>> hash unavailable
>>> 
>>> And on s_server [with -msg -debug], folwing messages are :
>>> 
>>> client hello
>>> server hello
>>> SSL_accept:SSLv3 write certificate A
>> TLS 1.0 Handshake [length 0004], ServerHelloDone
>>>0e 00 00 00
>>> SSL_accept:SSLv3 write server done A
>>> SSL_accept:SSLv3 flush data
>>> SSL_accept:failed in SSLv3 read client certificate A
>>> ERROR
>>> shutting down SSL
>>> CONNECTION CLOSED
>>> SSL_accept:failed in SSLv3 read client certificate A
>> 
>> Both -msg and -debug should have given you (redundant) 
>> hex dumps of all messages; did you delete them?
>> But only -state, which you didn't say you used, should give 
>> lines like 'SSL_accept:SSLv3 write server done A' .
>> 
>> If there is no ServerKeyExchange (you didn't just delete it) 
>> then the selected suite probably uses RSA key agreement.
>> But that doesn't help much; there are kRSA suites with 
>> all or nearly all data-ciphers and several hashes.
>> 
>> You can decode the dump of client-hello to determine what 
>> list of suites (and compressions) the client is offering, 
>> and of server-hello to determine what the server selected.
>> If you can install wireshark from www.wireshark.org on a 
>> personal Windows machine that sees the same network link, 
>> that can do the decode for you automatically. 
>> There may be equivalent tools for Unix, but I don't know.
>> 
>>> This mean, client and server are agreed on cipher.  In what 
>>> cases client
>>> verifies the TLS1_SETUP_KEY_BLOCK? which drove client to 
>>> throw this error?
>>> 
>> It's not a matter of verifying. The client is trying to 
>> *do* setup for the selected suite, and also compression, 
>> and failing. "Key" setup is a slightly misleading name; 
>> it's actually setting several internal pointers as well as 
>> the actual keys, and this first step -- determining pointers 
>> effectively to code for the selected cipher, hash, and 
>> compression -- is what is failing.
>> 
>> Most likely the client has offered a suite or compression 
>> it doesn't actually support, which it shouldn't, or some of 
>> OpenSSL's memory has been clobbered by a bug in your client.
>> 
>> Look at the selected suite in server-hello, and compare 
>> to the build options for the build(s) you are using.
>> 
>> 
>> 
>> __
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing Listopenssl-users@openssl.org
>> Automated List Manager   majord...@openssl.org
>> 
>> 
> 
> -- 
> View this message in context: 
> http://old.nabble.com/Application-is-failing-with-cipher-or-hash-unavailable-tp31597508p31628139.html
> Sent from the OpenSSL - User mailing list archive at Nabble.com.
> 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Application is failing with cipher or hash unavailable

[Gayathri Sundar]

Am not sure what the poster of this msg is actually doing, but I faced a
similar problem when I was trying to achieve SSL from kernel, I had to work
on sk_buff chains and fragmented SSL Records, and during my development, I
got a lot of error alerts of 21 as some boundary conditions were not met. I
am sure here they are trying to process SSL from kernel and not using
openssl from userland..there is no other reason as to why this alert has to
come.

thanks
--Gayathri

On Mon, May 16, 2011 at 8:12 PM, Dave Thompson wrote:

> > From: owner-openssl-us...@openssl.org On Behalf Of Gayathri Sundar
> > Sent: Monday, 16 May, 2011 10:18
>  You could hack ur client and server to use cipher null and see the
> > alert in clear..most,y should be digest failure.
> >
> If you mean MAC failure (actually MAC-or-decryption-failure,
> since they were combined to avoid possibly helping an attacker),
> that should *never* happen unless there is a bug at either peer
> or actual tampering in the communication channel.
>
> It could also be close-notify. That's the only alert
> that should normally occur after handshake.
>
> > On Monday, May 16, 2011, pradeepreddy
> >  wrote:
>
> > > After lot of struggles, finally get rid of this error, but
> > I cant tell the
> > > reason, how was it rectified.
> > > We installed our libs on a new machine.
> > >
> > > Now a different error is seen.
> > >
> > > After client and server conection is established, TLSv1
> > Encrypted Alert+21
> > > is sent by the client.
> > >
> As shown by wireshark, I assume. Immediately after Finished
> (which wireshark is only able to shows as
> 'encrypted handshake message' 'contenttype:22')?
> Or after more data? Or a time delay (maybe timeout)?
>
> Yes, alerts are encrypted once handshake is completed.
> Aside from using a null cipher as suggested above,
> so the encrypted alert (and any other data) is readable:
>
> - does either your client or server or both log or display
> anything about the error?
>
> - if not, can you substitute s_server for the real server?
> It does display/log any error alert. But this will only work
> if the client is spontaneously sending the alert without
> waiting for or needing any data the real server sends.
>
> 
>
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
>

Re: SSL Communication using BIO

[Gayathri Sundar]

as Neo Liu has pointed out, if you try to use memory bio pair for
communcation, then its ur responsibility to read and write every byte
out the fd using tcp_send and recv() calls, as openssl would only read and
write into the bio. This approach is very very tedious and not sure if thats
the only way to solve ur problem.

thanks
--Gayathri
On Sun, May 22, 2011 at 9:01 PM, Neo Liu  wrote:

> BIO pair is non-blocking BIO, so you need to call SSL_accept() or
> SSL_do_handshake() for server times.
> The example code looks like follows:
>
> BIO_write(ebio, ...)
> SSL_accept(ssl)
> BIO_read(ebio, ...)
>
> you can use BIO_pending() and BIO_wpending() to watch the buffer status of
> the BIO pairs.
>
>
> On Mon, May 23, 2011 at 9:18 AM, G S  wrote:
>
>> Ah, yes, I realized later that there wasn't any communication info in
>> there.  I only use it for encryption.
>>
>> Good luck!
>>
>
>

Re: SSL Communication using BIO

[Gayathri Sundar]

actually I would seriously recommend you read the OpenSSL book written by
Eric Rescorla, it discusses all the use cases of openssl, BIO, async/sync
usages..so that you get an idea of how OpenSSL itself works.

On Mon, May 23, 2011 at 6:02 PM, Neo Liu  wrote:

> I think you can read this article and it will be help.
>
> http://www.lenholgate.com/blog/2002/11/using-openssl-with-asynchronous-sockets.html
>
>  On Mon, May 23, 2011 at 4:59 PM, Harshvir Sidhu wrote:
>
>> David,
>>So are you suggesting that i change the approach in my Code. My
>> application is for Windows and in Managed C++. In that i am using Callback
>> function for receive, when the callback function is called, and when i call
>> SSL_read in that, it hangs at recv call in the OpenSSL code, my assumption
>> is that data was already read from socket, when callback was called. Another
>> thing i would like to mention is I am using Sockets Managed Class, not the
>> native sockets.
>>
>>
>>>
>>
>>
>

Re: SSL Communication using BIO

[Gayathri Sundar]

So finally u have agreed to my initial suggestion of state machines :)

The basic steps in terms of am algorithm are as follows

A. Create the ssl ctx and ssl. Obj
B. Create a pair of memory bios and attach them to the ssl obj, one is
for read and the other is for write.
C. Create the tcp fds and complete the tcp handshake
D.  Once tcp connect is done, u have an fd on which u receive and send data
E. Initialize ur state machine for ssl connect pending
F.  Take the buffer to be sent, copy it to the memory write bio,
encrypt it using ssl connect, then do a tcp send
G. While still connect pending, do tcp read, copy to read bio, call
ssl connect to decrypt.

Thanks
--Gayathri

On Wednesday, May 25, 2011, Harshvir Sidhu  wrote:
> Hi,
>    I am trying to implement State Machine based on the demo application, that 
> is a server code.
>    Like i am writting the client side.
>    So when i try to do handshake, by calling SSL_connect, which i have used 
> memory bios, after that i check for data available, and then i read data and 
> send to server, on server side i am getting error.
>
> 180:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown 
> protocol:.\ssl\s23_srvr.c:584: shutting down SSL
>
>    My question is which is a good place to do handshake in case we use state 
> machine, i am doing just after initializing ctx and ssl, and then i send data 
> 1 time and in performing rest of operations in my receive callback, but 
> s_server give me error on first packet only.
>
>
> Thanks.
>
> // Harshvir
>
> 2011/5/25 Michael Ströder 
>
> Eric S. Eberhard wrote:
> or ... keep it simple and at least consider using stunnel.
>
> I use stunnel myself in some situations. It's a great tool.
>
> But bear in mind that the application then has no access to authentication 
> information of the SSL layer.
>
> Ciao, Michael.
>
>
>
> __
> OpenSSL Project                                 
> http://www.openssl.org 
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org
>
>
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: SSL Communication using BIO

[Gayathri Sundar]

Okay, u r writing the client, so you need to do connect, now ssl_connect is
going to do the complete SSL handshake, which involves multiple read and
writes, now since you are using memory bios, ssl connect is going to read
from the r_membio and write into the w_membio. The data has to go out the
tcp fd you have created and connected with the server. So its ur duty to
take data out the w_membio and do a tcp_send(). That is what I meant by
saying "write". Application data transfer may be initiated by your server
once the ssl connect is thro. There are apis which tell if ssl connect is
completed and ssl connect itself will return ssl_success, until then u will
be getting the want_read and want_write error codes, so your state machine
would be in the "connect pending" state until ssl connect returns success.
Please understand that SSL_Connect itself will be called multiple times in
the asyn architecture.

BTW if the protocol nego has failed, perhaps you need to see what the server
supports, maybe it understands only tls and not sslv3 etc.

thanks
--Gayathri

On Wed, May 25, 2011 at 10:12 AM, Harshvir Sidhu  wrote:

> Thanks Gayatri.
> This is what i am doing, but i dont have any buffer to send initially, my
> data transfer start from server side.
> What i was doing is, calling SSL_connect after initialization and then in
> the socket read and write code, i was doing encrypt and decrypt accordingly,
> but the very first moment i send data to s_server, it gives error, "unknown
> protocol"
>  Thanks.
>
> // Harshvir
> On Wed, May 25, 2011 at 10:02 AM, Gayathri Sundar wrote:
>
>> So finally u have agreed to my initial suggestion of state machines :)
>>
>> The basic steps in terms of am algorithm are as follows
>>
>> A. Create the ssl ctx and ssl. Obj
>> B. Create a pair of memory bios and attach them to the ssl obj, one is
>> for read and the other is for write.
>> C. Create the tcp fds and complete the tcp handshake
>> D.  Once tcp connect is done, u have an fd on which u receive and send
>> data
>> E. Initialize ur state machine for ssl connect pending
>> F.  Take the buffer to be sent, copy it to the memory write bio,
>> encrypt it using ssl connect, then do a tcp send
>> G. While still connect pending, do tcp read, copy to read bio, call
>> ssl connect to decrypt.
>>
>> Thanks
>> --Gayathri
>>
>> On Wednesday, May 25, 2011, Harshvir Sidhu  wrote:
>> > Hi,
>> >I am trying to implement State Machine based on the demo application,
>> that is a server code.
>> >Like i am writting the client side.
>> >So when i try to do handshake, by calling SSL_connect, which i have
>> used memory bios, after that i check for data available, and then i read
>> data and send to server, on server side i am getting error.
>> >
>> > 180:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
>> protocol:.\ssl\s23_srvr.c:584: shutting down SSL
>> >
>> >My question is which is a good place to do handshake in case we use
>> state machine, i am doing just after initializing ctx and ssl, and then i
>> send data 1 time and in performing rest of operations in my receive
>> callback, but s_server give me error on first packet only.
>> >
>> >
>> > Thanks.
>> >
>> > // Harshvir
>> >
>> > 2011/5/25 Michael Ströder 
>> >
>> > Eric S. Eberhard wrote:
>> > or ... keep it simple and at least consider using stunnel.
>> >
>> > I use stunnel myself in some situations. It's a great tool.
>> >
>> > But bear in mind that the application then has no access to
>> authentication information of the SSL layer.
>> >
>> > Ciao, Michael.
>> >
>> >
>> >
>> > __
>> > OpenSSL Project http://www.openssl.org
>>  <http://www.openssl.org/>
>>  > User Support Mailing Listopenssl-users@openssl.org
>> > Automated List Manager   majord...@openssl.org
>> >
>> >
>> __
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing Listopenssl-users@openssl.org
>> Automated List Manager   majord...@openssl.org
>>
>
>

Re: State Machine with Managed C++

[Gayathri Sundar]

Did you implement fd timeouts and appropriate cleanups after some
expiration? It's impossible for non blocking sockets to hang..so I am
assuming ur having a lot of unused fds on ur poll table.

On Friday, July 1, 2011, Harshvir Sidhu  wrote:
> Hi,
>   I have implemented the state machine in my managed C++ application. 
> Everything works fine for sometime, but after a while Asynchronous socket 
> call beginreceive hangs, it never come out of that. I do not see any relation 
> to this with SSL but this happens only when i am calling SSL routines in 
> between. When i disable SSL function calls, then this issue dont happen.
>
>
>   Have anyone else seen this issue? If Yes, Any suggestions on how to get 
> past this issue?
>
> Thanks.
>
> // Harshvir
>
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Query Regarding usage of SSL_Connect()

[Gayathri Sundar]

Please dont expect much response to this question. Going thro the man pages
of openssl will have all the necessary answers you are expecting. Do you
homework before coding.

Thanks
--Gayathri

On Thu, Jul 14, 2011 at 8:17 AM, Amit Kumar  wrote:

> Hi team,
>I am using SSL_Connect() in one of my projects and this SSL_connect is
> returning a value of -1.
>
>With SSL_get_error() i can see it is *SSL_ERROR_WANT_READ ?*
> *
> *
> *   Now i am not understanding why this can come and if this is there then
> should i call SSL_Connect again.
> *
>
>I am really new to OpenSSL API's and learning it. Please consider me as
> a beginner while replying.
>
>   Any help will be greatly appreciated.
>
> --
> Amit Kumar
> Engineer
>

Re: Which openssl.cnf?

[Gayathri Sundar]

strace is a unix command wherein u need to attach the process which is
linking with ur openssl library. It would tell the path from which all the
libraries are loaded (for that process) along with a ton of other info. You
would need to search the output of strace manually to figure out ur library
path.



On Fri, Aug 12, 2011 at 1:46 PM, Eric Raunig  wrote:

> I don't know this syntax ie:
> # openssl strace
> openssl:Error: 'strace' is an invalid command.
>
> Standard commands
> asn1parse caciphers   cms
> crl   crl2pkcs7 dgst  dh
> dhparam   dsa   dsaparam  ec
> ecparam   enc   engineerrstr
> gendh gendsagenpkey   genrsa
> nseq  ocsp  passwdpkcs12
> pkcs7 pkcs8 pkey  pkeyparam
> pkeyutl   prime rand  req
> rsa   rsautls_client  s_server
> s_timesess_id   smime speed
> spkac tsverifyversion
> x509
>
> Message Digest commands (see the `dgst' command for more details)
> md4   md5   mdc2  rmd160
> sha   sha1
>
> Cipher commands (see the `enc' command for more details)
> aes-128-cbc   aes-128-ecb   aes-192-cbc   aes-192-ecb
> aes-256-cbc   aes-256-ecb   base64bf
> bf-cbcbf-cfbbf-ecbbf-ofb
> camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb
> camellia-256-cbc  camellia-256-ecb  cast  cast-cbc
> cast5-cbc cast5-cfb cast5-ecb cast5-ofb
> des   des-cbc   des-cfb   des-ecb
> des-ede   des-ede-cbc   des-ede-cfb   des-ede-ofb
> des-ede3  des-ede3-cbc  des-ede3-cfb  des-ede3-ofb
> des-ofb   des3  desx  idea
> idea-cbc  idea-cfb  idea-ecb  idea-ofb
> rc2   rc2-40-cbcrc2-64-cbcrc2-cbc
> rc2-cfb   rc2-ecb   rc2-ofb   rc4
> rc4-40seed  seed-cbc  seed-cfb
> seed-ecb  seed-ofb
>
>
> On Fri, Aug 12, 2011 at 12:25 PM, Coda Highland wrote:
>
>> strace will show all of the syscalls executed by the application,
>> including opening files.
>>
>> /s/ Adam
>>
>> On Fri, Aug 12, 2011 at 10:46 AM, Eric Raunig  wrote:
>> > Background:
>> > I have the problem in which there are multiple versions of openssl.cnf
>> on my
>> > Linux (Ubuntu 11.04) installation.
>> >
>> > I had some problems with the default openssl-0.9.8. So I installed
>> OpenSSL
>> > (1.0.0d 8 Feb 2011).
>> >
>> > I also have Zend Server CE (+zend framework +mysql etc)  installed which
>> is
>> > intended for the local intranet.
>> >
>> > The problem is that when attempting to load a secure page: there is no
>> > handshake (Firefox: ssl_error_rx_record_too_long)
>> >
>> > With regards to openssl:
>> >
>> > Is there a command that will show which openssl.cnf that it is reading
>> from?
>> >
>> >
>> >
>> >
>> __
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing Listopenssl-users@openssl.org
>> Automated List Manager   majord...@openssl.org
>>
>
>

Re: hi

[Gayathri Sundar]

Hi,

First of all your question is really strange. Please check your client and
server settings as to which highest ssl version is enabled. Generally SSLv2
should be disabled and never negotiated.
The code your referring to is a piece of code that would be called when
sslv3 is negotiated during the handshake.

Disable sslv2 on ur client, enable tls on both sides, and you will see that
the highest common version is selected automatically by the server. Check
your client hello message on the wire and see what versions are actually
sent out.

Thanks
--Gayathri

On Thu, Aug 18, 2011 at 5:46 AM, Shashidhar RP wrote:

>  forgot to mention that
>
>  /* s->version = SSL3_VERSION */
> the above line is commented in the code of ssl3_connect ();
> is there any issue with this as the client version is updating  and ssl
> version not updating ??
>
>
>  --
> *From:* owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org]
> On Behalf Of Shashidhar RP [shashidhar...@hcl.com]
> *Sent:* Thursday, August 18, 2011 3:24 PM
> *To:* openssl-users@openssl.org
> *Subject:* hi
>
>
>   Hi ,
>   I have a problem while establishing a session using ssl.. I have
> a client and when the session is establised
> i found that the client version is V3 but the ssl version is v2, due to
> which i am facing other problem.
>
> I saw the ssl code - s3_cln.c is which i saw a part of this code
>
>/* s->version = SSL3_VERSION */
>
>   This is there in ssl3_connect code.
> Is there any chance of a V2 client becoming V3 and while connect its
> version is
> not updated?
> And
> where does this version wil be set? and when it can change?
>
> Plz give some I/p on this so that ican move further.
>
>
> Regards
> shashidhar
>
>
>
> --
> ::DISCLAIMER::
>
> ---
>
> The contents of this e-mail and any attachment(s) are confidential and
> intended for the named recipient(s) only.
> It shall not attach any liability on the originator or HCL or its
> affiliates. Any views or opinions presented in
> this email are solely those of the author and may not necessarily reflect
> the opinions of HCL or its affiliates.
> Any form of reproduction, dissemination, copying, disclosure, modification,
> distribution and / or publication of
> this message without the prior written consent of the author of this e-mail
> is strictly prohibited. If you have
> received this email in error please delete it and notify the sender
> immediately. Before opening any mail and
> attachments please check them for viruses and defect.
>
>
> ---
> __
> OpenSSL Project http://www.openssl.org User Support Mailing List
> openssl-users@openssl.org Automated List Manager majord...@openssl.org
>  __
> OpenSSL Project http://www.openssl.org User Support Mailing List
> openssl-users@openssl.org Automated List Manager majord...@openssl.org
>

Re: hi

[Gayathri Sundar]

Ethereal, pls listen on port 443 and check out the handshake messages.
Btw the initial client hello (for the very 1st time) would be sent in sslv3
(assuming u have disabled v2, am not sure why ur bothered abt that version,
pls disable on ur client and server). Once the initial client hello is
sent,  the highest supported protocol version would be selected
automatically by the server, choosing of a lower version is not allowed.

Thanks
--Gayathri

On Mon, Aug 22, 2011 at 5:58 AM, Shashidhar RP wrote:

>  Hi,
> Thanks for your quich response.
> One more question.
> 1) Can you please tell us is there any want to check wat version client
> and server is using?
> 2) If the client rollback happens the client can rollback form version 3 to
> version 2 rt? In this case will it send
>  V2 hello handshake or V3 hello handshake.?
> 3) Is there a possiblility that the client version is V3 but it can send V2
> hello msg to the server? If yes then will the server treat it as V2 client
> and server will rollback to V2?
> 4) At any point of time to check the server and client version wat is the
> command?
> 5)and to check weather the client/server has rollbacked to different
> verion is there any way to figure out??
> 6)Is there any chance of server getting rollback from V3 to V2? If yes plz
> tell us in which cases?
>
> Plz help with the answers for the above questions.
>
> Regards
> Shashidhar
>
>
>
>  --
> *From:* owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org]
> On Behalf Of Gayathri Sundar [suraj...@gmail.com]
> *Sent:* Thursday, August 18, 2011 8:14 PM
> *To:* openssl-users@openssl.org
> *Subject:* Re: hi
>
>  Hi,
>
> First of all your question is really strange. Please check your client and
> server settings as to which highest ssl version is enabled. Generally SSLv2
> should be disabled and never negotiated.
> The code your referring to is a piece of code that would be called when
> sslv3 is negotiated during the handshake.
>
> Disable sslv2 on ur client, enable tls on both sides, and you will see that
> the highest common version is selected automatically by the server. Check
> your client hello message on the wire and see what versions are actually
> sent out.
>
> Thanks
> --Gayathri
>
> On Thu, Aug 18, 2011 at 5:46 AM, Shashidhar RP wrote:
>
>>  forgot to mention that
>>
>>  /* s->version = SSL3_VERSION */
>> the above line is commented in the code of ssl3_connect ();
>> is there any issue with this as the client version is updating  and ssl
>> version not updating ??
>>
>>
>>  --
>> *From:* owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org]
>> On Behalf Of Shashidhar RP [shashidhar...@hcl.com]
>> *Sent:* Thursday, August 18, 2011 3:24 PM
>> *To:* openssl-users@openssl.org
>> *Subject:* hi
>>
>>
>>   Hi ,
>>   I have a problem while establishing a session using ssl.. I have
>> a client and when the session is establised
>> i found that the client version is V3 but the ssl version is v2, due to
>> which i am facing other problem.
>>
>> I saw the ssl code - s3_cln.c is which i saw a part of this code
>>
>>/* s->version = SSL3_VERSION */
>>
>>   This is there in ssl3_connect code.
>> Is there any chance of a V2 client becoming V3 and while connect its
>> version is
>> not updated?
>> And
>> where does this version wil be set? and when it can change?
>>
>> Plz give some I/p on this so that ican move further.
>>
>>
>> Regards
>> shashidhar
>>
>>
>>
>> --
>> ::DISCLAIMER::
>>
>> ---
>>
>> The contents of this e-mail and any attachment(s) are confidential and
>> intended for the named recipient(s) only.
>> It shall not attach any liability on the originator or HCL or its
>> affiliates. Any views or opinions presented in
>> this email are solely those of the author and may not necessarily reflect
>> the opinions of HCL or its affiliates.
>> Any form of reproduction, dissemination, copying, disclosure,
>> modification, distribution and / or publication of
>> this message without the prior written consent of the author of this
>> e-mail is strictly prohibited. If you have
>> received this email in error please delete it and notify the sender
>> immediately. Before opening any mail and
>> attachments please check them for viruses and defect.
>>
>>
>

Re: creating Master-Key for encryption/decryption

[Gayathri Sundar]

Please read the RFC, it would clearly explain how the master secret is
dervied, and from that how the read and write keys are derived. With that
you can get to know how to extract the read n write keys. Meanwhile the read
and wirte keys are available as part of the ssl object.
Check that structure out.

Thanks
--Gayathri

On Mon, Aug 22, 2011 at 10:24 AM, krishnamurthy santhanam <
krishnamurth...@gmail.com> wrote:

> I have more than 100 clients that will connect to my server and communicate
> the data. I am implementing SSL on server side to authenticate the client
> certificate(X.509) and also client will authenticate the servers
> certificate. Once the mutual authentication has completed I have to generate
> master key for encryption and decryption.  I am going to use AES for
> encryption and decryption.
>
>  I had generated the client and server certificates using the bellow
> commands and signed by the root,
>
> 1. CLIENT CERTIFICATE:
>
> openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out clientreq.pem
>
> openssl x509 -req -in clientreq.pem -sha1 -extfile openssl.cnf  -extensions
> usr_cert -CA rootcert.pem  -CAkey rootkey.pem -CAcreateserial   -out
> clientcert.pem
>
> cat clientkey.pem  clientcert.pem rootcert.pem > client.pem
>
> openssl x509  -subject -issuer -noout -in client.pem
>
> 2. SERVER CERTIFICATE:
>
> openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out serverreq.pem
>
> openssl x509 -req -in serverreq.pem -sha1 -extfile openssl.cnf  -extensions
> usr_
>
> cert -CA rootcert.pem  -CAkey rootkey.pem -CAcreateserial   -out
> servercert.pem
>
> cat serverkey.pem  servercert.pem rootcert.pem > server.pem
>
> openssl x509  -subject -issuer -noout -in server.pem
>
> 3. ROOT CERTIFICATE:
>
> openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem
>
> openssl x509 -req -in rootreq.pem -sha1 -extfile root.cnf -extensions v3_ca
> -sig
>
> nkey rootkey.pem -out rootcert.pem
>
> cat rootcert.pem rootkey.pem  > root.pem
>
> openssl x509  -subject -issuer -noout -in root.pem
>
>
>
> Initially I  am writing ssl/tls programming for server and client. In this
> I am able to communicate the data between client and server.
>
> I was struck on master key generation, I have added the below LOC to
> programs to get MASTER KEY,
>
> printf("session A\n");
>
> SSL_SESSION *session = SSL_get_session(ssl);
>
> SSL_SESSION_print(out, session);
>
> It is printing like this ,
>
>  session A
>
> SSL-Session:
>
> Protocol  : TLSv1
>
> Cipher: AES256-SHA
>
> Session-ID:
> 9FCE46513DD74882D3FF0E0E84CC4A6BE12192B65C426E0B27D0FA15F81D7D5E
>
> Session-ID-ctx:
>
> Master-Key:
> 56F90B0D90DEB3430207A74793C9B6565744E06ECA191D9DFA04C29B1EE2B782
>
> 6B602878597465F739AD69091DDF6499
>
> Key-Arg   : None
>
> Krb5 Principal: None
>
>Compression: 1 (zlib compression)
>
> Start Time: 1314015355
>
> Timeout   : 7200 (sec)
>
> Is this the Master key for both the server and client?
>
> Is this the key that should be used for the encryption in client side and
> decryption in server side?
>
> If this is the Master key how can I extract the key?
>
> Please guide me if I understood anything wrong.
>

Re: creating Master-Key for encryption/decryption

[Gayathri Sundar]

Master key is unique per session, and its same for both client and server,
thats the concept behind the SSL handshake. The RFC would state the
information accurately.  Perhaps you can send the master secret as part of
ur application data, to  the client, which can decrypt and use.
Thanks
--Gayathri

On Tue, Aug 23, 2011 at 12:41 PM, krishnamurthy santhanam <
krishnamurth...@gmail.com> wrote:

> Thanks. I gone through the RFC 2246 and understood the Master key
> generation part. The Master key is generated and able to print the client
> side(test C program) using ssl strucure.
>
>
> printf("session A\n");
>
> SSL_SESSION *session = SSL_get_session(ssl);
>
> SSL_SESSION_print(out, session);
>
> for (i=0; i<(unsigned int)session->master_key_length; i++)
> {
> BIO_printf(bp,"%02X",session->master_key[i]) );
> }
>
> How i can get the same Master key in server side?
>
> in my scenario, server side program is running in C. JDBC clients will
> establish the connection to the server. will the same Mester key generated
> in the cross platforms(JDBC client side)?
>
> Any help will be great.
>
> Thanks for your time,
>
> Krishnamurthy
>
> On Mon, Aug 22, 2011 at 9:03 PM, Gayathri Sundar wrote:
>
>> Please read the RFC, it would clearly explain how the master secret is
>> dervied, and from that how the read and write keys are derived. With that
>> you can get to know how to extract the read n write keys. Meanwhile the read
>> and wirte keys are available as part of the ssl object.
>> Check that structure out.
>>
>> Thanks
>> --Gayathri
>>
>>   On Mon, Aug 22, 2011 at 10:24 AM, krishnamurthy santhanam <
>> krishnamurth...@gmail.com> wrote:
>>
>>> I have more than 100 clients that will connect to my server and
>>> communicate the data. I am implementing SSL on server side to authenticate
>>> the client certificate(X.509) and also client will authenticate the servers
>>> certificate. Once the mutual authentication has completed I have to generate
>>> master key for encryption and decryption.  I am going to use AES for
>>> encryption and decryption.
>>>
>>>  I had generated the client and server certificates using the bellow
>>> commands and signed by the root,
>>>
>>> 1. CLIENT CERTIFICATE:
>>>
>>> openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out
>>> clientreq.pem
>>>
>>> openssl x509 -req -in clientreq.pem -sha1 -extfile openssl.cnf  -extensions
>>> usr_cert -CA rootcert.pem  -CAkey rootkey.pem -CAcreateserial   -out
>>> clientcert.pem
>>>
>>> cat clientkey.pem  clientcert.pem rootcert.pem > client.pem
>>>
>>> openssl x509  -subject -issuer -noout -in client.pem
>>>
>>> 2. SERVER CERTIFICATE:
>>>
>>> openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out
>>> serverreq.pem
>>>
>>> openssl x509 -req -in serverreq.pem -sha1 -extfile openssl.cnf  -extensions
>>> usr_
>>>
>>> cert -CA rootcert.pem  -CAkey rootkey.pem -CAcreateserial   -out
>>> servercert.pem
>>>
>>> cat serverkey.pem  servercert.pem rootcert.pem > server.pem
>>>
>>> openssl x509  -subject -issuer -noout -in server.pem
>>>
>>> 3. ROOT CERTIFICATE:
>>>
>>> openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem
>>>
>>> openssl x509 -req -in rootreq.pem -sha1 -extfile root.cnf -extensions
>>> v3_ca -sig
>>>
>>> nkey rootkey.pem -out rootcert.pem
>>>
>>> cat rootcert.pem rootkey.pem  > root.pem
>>>
>>> openssl x509  -subject -issuer -noout -in root.pem
>>>
>>>
>>>
>>> Initially I  am writing ssl/tls programming for server and client. In
>>> this I am able to communicate the data between client and server.
>>>
>>> I was struck on master key generation, I have added the below LOC to
>>> programs to get MASTER KEY,
>>>
>>> printf("session A\n");
>>>
>>> SSL_SESSION *session = SSL_get_session(ssl);
>>>
>>> SSL_SESSION_print(out, session);
>>>
>>> It is printing like this ,
>>>
>>>  session A
>>>
>>> SSL-Session:
>>>
>>> Protocol  : TLSv1
>>>
>>> Cipher: AES256-SHA
>>>
>>> Session-ID:
>>> 9FCE46513DD74882D3FF0E0E84CC4A6BE12192B65C426E0B27D0FA15F81D7D5E
>>>
>>> Session-ID-ctx:
>>>
>>> Master-Key:
>>> 56F90B0D90DEB3430207A74793C9B6565744E06ECA191D9DFA04C29B1EE2B782
>>>
>>> 6B602878597465F739AD69091DDF6499
>>>
>>> Key-Arg   : None
>>>
>>> Krb5 Principal: None
>>>
>>>Compression: 1 (zlib compression)
>>>
>>> Start Time: 1314015355
>>>
>>> Timeout   : 7200 (sec)
>>>
>>> Is this the Master key for both the server and client?
>>>
>>> Is this the key that should be used for the encryption in client side and
>>> decryption in server side?
>>>
>>> If this is the Master key how can I extract the key?
>>>
>>> Please guide me if I understood anything wrong.
>>>
>>
>>
>

Re: hi

[Gayathri Sundar]

My windows knowlegde is at zero. sorry cant help there ..


On Wed, Aug 24, 2011 at 2:35 AM, Shashidhar RP wrote:

>  hi Gayatri,
>   Can you please tell me where can i find the ssl.conf file
> for windows.
> will it be the same ssl.conf file or a different .conf file.?
> for my linux client i found in "/etc/httpd/conf.d"
> I have searched over the net i couldnt find this. For windows will it be
> openssl.conf or some thing else?
> Please give the appropriate configuration file and the location it
> will/might be.
>
> -shashidhar
>
>
>  --
> *From:* owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org]
> On Behalf Of Gayathri Sundar [suraj...@gmail.com]
> *Sent:* Thursday, August 18, 2011 8:14 PM
> *To:* openssl-users@openssl.org
> *Subject:* Re: hi
>
>  Hi,
>
> First of all your question is really strange. Please check your client and
> server settings as to which highest ssl version is enabled. Generally SSLv2
> should be disabled and never negotiated.
> The code your referring to is a piece of code that would be called when
> sslv3 is negotiated during the handshake.
>
> Disable sslv2 on ur client, enable tls on both sides, and you will see that
> the highest common version is selected automatically by the server. Check
> your client hello message on the wire and see what versions are actually
> sent out.
>
> Thanks
> --Gayathri
>
> On Thu, Aug 18, 2011 at 5:46 AM, Shashidhar RP wrote:
>
>>  forgot to mention that
>>
>>  /* s->version = SSL3_VERSION */
>> the above line is commented in the code of ssl3_connect ();
>> is there any issue with this as the client version is updating  and ssl
>> version not updating ??
>>
>>
>>  --
>> *From:* owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org]
>> On Behalf Of Shashidhar RP [shashidhar...@hcl.com]
>> *Sent:* Thursday, August 18, 2011 3:24 PM
>> *To:* openssl-users@openssl.org
>> *Subject:* hi
>>
>>
>>   Hi ,
>>   I have a problem while establishing a session using ssl.. I have
>> a client and when the session is establised
>> i found that the client version is V3 but the ssl version is v2, due to
>> which i am facing other problem.
>>
>> I saw the ssl code - s3_cln.c is which i saw a part of this code
>>
>>/* s->version = SSL3_VERSION */
>>
>>   This is there in ssl3_connect code.
>> Is there any chance of a V2 client becoming V3 and while connect its
>> version is
>> not updated?
>> And
>> where does this version wil be set? and when it can change?
>>
>> Plz give some I/p on this so that ican move further.
>>
>>
>> Regards
>> shashidhar
>>
>>
>>
>> --
>> ::DISCLAIMER::
>>
>> ---
>>
>> The contents of this e-mail and any attachment(s) are confidential and
>> intended for the named recipient(s) only.
>> It shall not attach any liability on the originator or HCL or its
>> affiliates. Any views or opinions presented in
>> this email are solely those of the author and may not necessarily reflect
>> the opinions of HCL or its affiliates.
>> Any form of reproduction, dissemination, copying, disclosure,
>> modification, distribution and / or publication of
>> this message without the prior written consent of the author of this
>> e-mail is strictly prohibited. If you have
>> received this email in error please delete it and notify the sender
>> immediately. Before opening any mail and
>> attachments please check them for viruses and defect.
>>
>>
>> ---
>> __
>> OpenSSL Project http://www.openssl.org User Support Mailing List
>> openssl-users@openssl.org Automated List Manager majord...@openssl.org
>>  __
>> OpenSSL Project http://www.openssl.org User Support Mailing List
>> openssl-users@openssl.org Automated List Manager majord...@openssl.org
>>
>
>  __
> OpenSSL Project http://www.openssl.org User Support Mailing List
> openssl-users@openssl.org Automated List Manager majord...@openssl.org
>

Re: creating Master-Key for encryption/decryption

[Gayathri Sundar]

I think the problem this person seem to have is not finding a way to extract
the master secret on the client side, which is why I suggested he can send
it as a payload from  the server as part of the app data, since its the
exactly the same. Also, krishna, pls understand that the master secret is
not used for eny/dec, its used to derive the actualy auth and enc keys using
specific methods as mentioned in the RFC. These keys are unique per
connection  basis, mixed by some randoms. The master secret is unique for a
session. A session can contain many connections each represented by a SSL
OBJ, and the enc/dec keys are different for every connection, which can be
obtained from the SSL OBJ.

Please understand TLS as such from the RFC.

Thanks
--Gayathri

On Wed, Aug 24, 2011 at 9:43 AM, Erik Tkal  wrote:

>  I’m not sure you are understanding this.  Both sides derive the same
> master key, so there is no need to send it.  After the handshake the SSL
> code will use that key to generate specific encryption keys and perform
> encryption of further traffic through the tunnel.  If you are only using the
> handshake to generate the master key to be used elsewhere (e.g. for
> proprietary encryption), then you can get it from the SSL_SESSION object
> (not sure if there’s a get method).
>
>
> 
> *Erik Tkal**
> *Juniper OAC/UAC/Pulse Development
>
> 
>
> ** **
>
> *From:* owner-openssl-us...@openssl.org [mailto:
> owner-openssl-us...@openssl.org] *On Behalf Of *krishnamurthy santhanam
> *Sent:* Wednesday, August 24, 2011 12:51 AM
> *To:* openssl-users@openssl.org
> *Subject:* Re: creating Master-Key for encryption/decryption
>
> ** **
>
> Thanks. As per my understanding,Before sending master key to client ,
> server has to maintain the master key. How i can get this in server side? is
> there any code sample or snippet to get this key?
>
>  
>
> Krishna
>
> On Tue, Aug 23, 2011 at 11:54 PM, Gayathri Sundar 
> wrote:
>
> Master key is unique per session, and its same for both client and server,
> thats the concept behind the SSL handshake. The RFC would state the
> information accurately.  Perhaps you can send the master secret as part of
> ur application data, to  the client, which can decrypt and use.
>
> Thanks
>
> --Gayathri
>
>  
>
> On Tue, Aug 23, 2011 at 12:41 PM, krishnamurthy santhanam <
> krishnamurth...@gmail.com> wrote:
>
> Thanks. I gone through the RFC 2246 and understood the Master key
> generation part. The Master key is generated and able to print the client
> side(test C program) using ssl strucure. 
>
> ** **
>
> printf("session A\n");
>
> SSL_SESSION *session = SSL_get_session(ssl);
>
> SSL_SESSION_print(out, session);
>
> for (i=0; i<(unsigned int)session->master_key_length; i++)
> {
> BIO_printf(bp,"%02X",session->master_key[i]) );
> }
>
> How i can get the same Master key in server side? 
>
> in my scenario, server side program is running in C. JDBC clients will
> establish the connection to the server. will the same Mester key generated
> in the cross platforms(JDBC client side)?
>
> Any help will be great.
>
> Thanks for your time,
>
> Krishnamurthy
>
> ** **
>
> On Mon, Aug 22, 2011 at 9:03 PM, Gayathri Sundar 
> wrote:
>
> Please read the RFC, it would clearly explain how the master secret is
> dervied, and from that how the read and write keys are derived. With that
> you can get to know how to extract the read n write keys. Meanwhile the read
> and wirte keys are available as part of the ssl object.
>
> Check that structure out.
>
>  
>
> Thanks
>
> --Gayathri
>
> On Mon, Aug 22, 2011 at 10:24 AM, krishnamurthy santhanam <
> krishnamurth...@gmail.com> wrote:
>
> I have more than 100 clients that will connect to my server and communicate
> the data. I am implementing SSL on server side to authenticate the client
> certificate(X.509) and also client will authenticate the servers
> certificate. Once the mutual authentication has completed I have to generate
> master key for encryption and decryption.  I am going to use AES for
> encryption and decryption.
>
>  I had generated the client and server certificates using the bellow
> commands and signed by the root,
>
> 1. CLIENT CERTIFICATE:
>
> openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out clientreq.pem
> 
>
> openssl x509 -req -in clientreq.pem -sha1 -extfile openssl.cnf  -extensions
> usr_cert -CA rootcert.pem  -CAkey rootkey.pem -CAcreateserial   -out
&

Re: Deadlock - SSL_Connect()

[Gayathri Sundar]

did you try making use of non blocking fd? it cannot deadlock in if you use
that.

Thanks
--Gayathri

On Mon, Jan 16, 2012 at 10:17 AM, Nathan Smyth  wrote:

> Just seeking advice/things to consider for deadlock (or 'wait') on a
> SSL_Connect(). Unfortunately it stalls here, so there's no return code.
>
> The project establishes a number of SSL conns between various application
> instances. It's in C++, where standard socket libs are used to establish
> the connection, SSL added via SSL_Set_Fd and then SSL_connect()/accept().
> Normal sockets (i.e. without SSL) are used for local inter-proc comms -
> maybe this is relevant?
>
> I've been stuck for a while - and advice as to common
> areas/mistakes/considerations are most appreciated.
>
> Thanks!
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
>

Re: Deadlock - SSL_Connect()

[Gayathri Sundar]

you should be setting the non blocking thing before the ssl connect is
called, which is part of the SSL handshake. SSL_connect will internally do
socket read/write, so if its blocking then it will not come out until the
underlying operation is completed. setting it after the SSL connect is
done, will help only on application data read/write.

Thanks
--Gayathri

On Mon, Jan 16, 2012 at 10:47 AM, Nathan Smyth  wrote:

> Yes, strangely this doesn't help. Actually, what I do is set the socket to
> non-blocking AFTER the SSL handshake, which I thought should work...
>
> Could there be some issue with numerous SSL connections between the same
> parties? Or maybe it's some threading issue - perhaps SSL has some special
> considerations?
>
>   ------
> *From:* Gayathri Sundar 
> *To:* openssl-users@openssl.org
> *Sent:* Monday, 16 January 2012, 16:21
> *Subject:* Re: Deadlock - SSL_Connect()
>
> did you try making use of non blocking fd? it cannot deadlock in if you
> use that.
>
> Thanks
> --Gayathri
>
> On Mon, Jan 16, 2012 at 10:17 AM, Nathan Smyth  wrote:
>
> Just seeking advice/things to consider for deadlock (or 'wait') on a
> SSL_Connect(). Unfortunately it stalls here, so there's no return code.
>
> The project establishes a number of SSL conns between various application
> instances. It's in C++, where standard socket libs are used to establish
> the connection, SSL added via SSL_Set_Fd and then SSL_connect()/accept().
> Normal sockets (i.e. without SSL) are used for local inter-proc comms -
> maybe this is relevant?
>
> I've been stuck for a while - and advice as to common
> areas/mistakes/considerations are most appreciated.
>
> Thanks!
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
>
>
>
>
>

Re:SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option...

[Gayathri Sundar]

SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is used to thwart some CBC attacks.
check out this link for details

http://www.openssl.org/~bodo/tls-cbc.txt

Thanks
--Gayathri

> Hi,
>
> The client is configured with SSLv3_client_method.
>
> *ctx = SSL_CTX_new(SSLv3_client_method());*
>
>  Whenever the client tries to connect to server with any CBC ciphers like
> DES-CBC3-SHA, the SSL handshake is successful but when the
> client tries to send data to server,say 10 bytes, I see from ethereal that
> two application records are sent. But the server does not report reading
> that data. With cipher RC4-MD5, this is not seen. 10 bytes are sent in one
> application record and server reports the receiving of that particular
> data.
>
> Now when I set the *SSL_CTX_set_options*
> with*SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
> *(or SSL_OP_ALL), data exchange with CBC ciphers are successful.
>
> What is happening here? Can someone please explain the theory behind
> *SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
> *option?
>
> Thanks,
> Prabhu. S
>

Re: openssl on a home LAN

[Gayathri Sundar]

unless somebody is gonna tap your LAN connection, I don't see a point in
using SSL. Generally its useful only when you want to send secure
application data over the internet. Intranets are safe esp ur 2 home
computers :).

thanks
--Gayathri

On Tue, Sep 11, 2012 at 11:36 AM, John A. Wallace wrote:

> **
>
> I am trying to figure out whether there is any point in using openssl on
> a home LAN between two computers. Would that improve on security in any
> way?  Would I be limited in the types of OS connections? I mean, could 
> Iconnect Windows with Linux? Also, if
> I want to make such a connection between two OS running in virtual
> machines, could that be done too? Thanks.
>
>

Re: openssl on a home LAN

[Gayathri Sundar]

Hi John,

I definitely do not agree with charles's email, but what I think he meant
is, you need to write programs to use OpenSSL. Its an installable library,
which you need to invoke from your application using its exposed APIs and
recompile your code, link OpenSSL library and execute for it to work. Its
not a SSL solution if that is what your looking for.

Just installing OpenSSL is not going to give u SSL.

Thanks
--Gayathri

On Tue, Sep 11, 2012 at 8:36 PM, John A. Wallace wrote:

> Charlie, 
>
> ** **
>
> Frankly, you condescending manner is starting to annoy me, considerably.
>  Furthermore, your name is not on this page as one of the moderators of
> this group:   http://www.openssl.org/about/.  
>
> ** **
>
> Moreover, I don’t believe I need your permission to “hang out here”.  You
> need to read the link I provided you all the way to the end, it says that
> this group is for 
>
> ** **
>
> **1.   **Developers
>
> **2.   **OpenSSL usage
>
> **3.   **Installation problems
>
> ** **
>
> Now inasmuch as my question pertained to “OpenSSL Usage”, i.e., number 2
> above, well I think that makes my asking it a legitimate question for this
> group. If you don’t like it, you can just learn to use your reading program
> and ignore me. Thank you very much.   J
>
> ** **
>
> John
>
> ** **
>
> ** **
>
> *From:* owner-openssl-us...@openssl.org [mailto:
> owner-openssl-us...@openssl.org] *On Behalf Of *Charles Mills
> *Sent:* Tuesday, September 11, 2012 3:22 PM
>
> *To:* openssl-users@openssl.org
> *Subject:* RE: openssl on a home LAN
>
> ** **
>
> Right. Are you an application developer? In other words, do you write
> computer programs? Does the following mean anything to you?
>
> ** **
>
> int main(int argc, char *argv[])
>
> {
>
> printf(“hello world\n”);
>
> return 0;
>
> }
>
> ** **
>
> Or alternatively, are you a Web site operator? Do you host a Web site that
> others access?
>
> ** **
>
> If the answer to both of these questions is No, then you are welcome to
> hang out here but the answer to your original question, “whether there is
> any point in using openssl” is No.
>
> ** **
>
> *Charles*
>
> *From:* owner-openssl-us...@openssl.org [
> mailto:owner-openssl-us...@openssl.org ]
> *On Behalf Of *John A. Wallace
> *Sent:* Tuesday, September 11, 2012 12:07 PM
> *To:* openssl-users@openssl.org
> *Subject:* RE: openssl on a home LAN
>
> ** **
>
> Hi.  I am not trying to be mean or something, but you may want to take a
> look at this page:
>
> ** **
>
> http://www.openssl.org/support/community.html
>
> ** **
>
> Focusing on the part that describes this list, one can read this about its
> purpose:
>
> ** **
>
> Application Development, OpenSSL Usage, Installation Problems, etc.
>
> ** **
>
> That looks clear to me in that this list would provide support for the
> type of question I just asked, or did I misunderstand you? J
>
> ** **
>
> Thanks.
>
> ** **
>
> ** **
>
> *From:* owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Charles Mills
> *Sent:* Tuesday, September 11, 2012 12:52 PM
> *To:* openssl-users@openssl.org
> *Subject:* RE: openssl on a home LAN
>
> ** **
>
> Do you write computer programs, or are you a home user of personal
> computers?
>
> ** **
>
> If you don’t write computer programs, then using OpenSSL at the level
> addressed by this mailing list is not what you are looking for.
>
> ** **
>
> Some of the products you might buy might use OpenSSL “under the covers,”
> but you would get support generally directly from the companies that
> produce those products, not this mailing list.
>
> ** **
>
> Not trying to be mean or off-putting. If I have missed the mark please let
> me know.
>
> ** **
>
> *Charles*
>
> *From:* owner-openssl-us...@openssl.org [
> mailto:owner-openssl-us...@openssl.org ]
> *On Behalf Of *John A. Wallace
> *Sent:* Tuesday, September 11, 2012 9:36 AM
> *To:* openssl-users@openssl.org
> *Subject:* openssl on a home LAN
>
> ** **
>
> I am trying to figure out whether there is any point in using openssl on a
> home LAN between two computers. Would that improve on security in any
> way?  Would I be limited in the types of OS connections? I mean, could I
> connect Windows with Linux? Also, if I want to make such a connection
> between two OS running in virtual machines, could that be done too? Thanks.
> 
>

Re: openssl on a home LAN

[Gayathri Sundar]

Charles,

I think he wanted to use SSL for data transfer between 2 computers. What
you have used is the PKI infrastructure.
Infact even for SSL there are sample client and server codes in the
examples folder, but that does not hook into your application.

Thanks
--Gayathri

On Wed, Sep 12, 2012 at 1:29 PM, Steven Madwin  wrote:

> Hi John,
>
> ** **
>
> As an aside to what Gayathri said, I’m not a developer, but I have used
> OpenSSL to create a complete PKI universe for testing. Using the
> pre-compiled, downloadable installer I’ve been able to create Root
> certificates, Intermediate CA certificates, and end-entity certificates of
> all shapes and sizes (e.g. DSA, RSA, EC with varying key sizes). I’ve also
> used it to manage revocation checking by creating CRLs and running it as an
> (admittedly, a very light weight) OCSP server. I even used it once to
> create an SSL certificate for an internal server :)
>
> ** **
>
> My point is, although the primary use seems to be incorporating the
> OpenSSL libraries into your compiled code so you can take advantage of its
> cryptographic capabilities, even someone who is not a computer scientist
> can use OpenSSL from the command line to do a lot of work. What it really
> boils down to is what is it that you are looking to do?
>
> ** **
>
> Steve
>
> ** **
>
> *From:* owner-openssl-us...@openssl.org [mailto:
> owner-openssl-us...@openssl.org] *On Behalf Of *John A. Wallace
> *Sent:* Wednesday, September 12, 2012 9:58 AM
> *To:* openssl-users@openssl.org
> *Subject:* RE: openssl on a home LAN
>
> ** **
>
> Hi, Gayathri,
>
> ** **
>
> I appreciate the clarification. It was helpful, yes. I think my confusion
> stemmed from the fact that in the past while installing one or another
> program, I found it to say that “OpenSSL must be installed on your system
> for this program to work properly.” Okay, I think I got it now, the light
> has made it into my obstinate, thick skull.  Clarity is a beautiful thing,
> thank you.
>
> ** **
>
> John
>
> ** **
>
> ** **
>
> *From:* owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Gayathri Sundar
> *Sent:* Wednesday, September 12, 2012 10:07 AM
> *To:* openssl-users@openssl.org
> *Subject:* Re: openssl on a home LAN
>
> ** **
>
> Hi John,
>
> ** **
>
> I definitely do not agree with charles's email, but what I think he meant
> is, you need to write programs to use OpenSSL. Its an installable library,
> which you need to invoke from your application using its exposed APIs and
> recompile your code, link OpenSSL library and execute for it to work. Its
> not a SSL solution if that is what your looking for.
>
> ** **
>
> Just installing OpenSSL is not going to give u SSL.
>
> ** **
>
> Thanks
>
> --Gayathri
>
> On Tue, Sep 11, 2012 at 8:36 PM, John A. Wallace 
> wrote:
>
> Charlie, 
>
>  
>
> Frankly, you condescending manner is starting to annoy me, considerably.
>  Furthermore, your name is not on this page as one of the moderators of
> this group:   http://www.openssl.org/about/.  
>
>  
>
> Moreover, I don’t believe I need your permission to “hang out here”.  You
> need to read the link I provided you all the way to the end, it says that
> this group is for 
>
>  
>
> 1.   Developers
>
> 2.   OpenSSL usage
>
> 3.   Installation problems
>
>  
>
> Now inasmuch as my question pertained to “OpenSSL Usage”, i.e., number 2
> above, well I think that makes my asking it a legitimate question for this
> group. If you don’t like it, you can just learn to use your reading program
> and ignore me. Thank you very much.   J
>
>  
>
> John
>
>  
>
>  
>
> *From:* owner-openssl-us...@openssl.org [mailto:
> owner-openssl-us...@openssl.org] *On Behalf Of *Charles Mills
> *Sent:* Tuesday, September 11, 2012 3:22 PM
>
>
> *To:* openssl-users@openssl.org
> *Subject:* RE: openssl on a home LAN
>
>  
>
> Right. Are you an application developer? In other words, do you write
> computer programs? Does the following mean anything to you?
>
>  
>
> int main(int argc, char *argv[])
>
> {
>
> printf(“hello world\n”);
>
> return 0;
>
> }
>
>  
>
> Or alternatively, are you a Web site operator? Do you host a Web site that
> others access?
>
>  
>
> If the answer to both of these questions is No, then you are welcome to
> hang out here but the answer to your original 

Question on ECC (openssl vs wcurve)

[Gayathri Sundar]

Hi All,


Have a basic ECC question, I have a predefined scalar K, and I used the
x9.62 256 prime curve. Invoking the scalar multiplication method
EC_POINT_mul with the generator of that curve, I get a different output,
when compared with wcurve of python.

The curve is fixed, K is fixed but the generator multiply to get the public
key is different.

Any clues would be helpful.

Thanks
--Gayathri

RE: Compiling OpenSSL 0.9.8d for Win32

[Gayathri Sundar]

Check out ssl/ssl_ciph.c to get an idea.

Thanks
--Gayathri



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Krishna Vennamaneni
Sent: Thursday, November 30, 2006 9:13 AM
To: openssl-users@openssl.org
Subject: Re: Compiling OpenSSL 0.9.8d for Win32


Hi,

Does anybody have the list of cipher suites supported by openssl?

Regards,

Krishna.


On 11/29/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
On Wed, Nov 29, 2006, Mike Ehlert wrote:

> I am trying to compile OpenSSL 0.9.8d for Win32, and I run into a problem
> when running the do_masm batch file:
>
> C:\openssl-0.9.8d>ms\do_masm
> Generating x86 for MASM assember
> Bignum
> DES
> "crypt(3)"
> Blowfish
> CAST5
> RC4
> MD5
> SHA1
> RIPEMD160
> RC5\32
> C:\openssl-0.9.8d>perl util\mkfiles.pl  1>MINFO
> C:\openssl-0.9.8d>perl util\mk1mf.pl VC-WIN32  1>ms\nt.mak
> C:\openssl- 0.9.8d>perl util\mk1mf.pl dll VC-WIN32  1>ms\ntdll.mak
> C:\openssl-0.9.8d>perl util\mkdef.pl 32 libeay  1>ms\libeay32.def
> Warning: AES_bi_ige_encrypt does not have a number assigned
> Warning: AES_ige_encrypt does not have a number assigned
> C:\openssl-0.9.8d>perl util\mkdef.pl 32 ssleay  1>ms\ssleay32.def
>
> According to the troubleshooting section of install.w32, these warnings
> means that the Win32 ordinal files are not up to date. What is the best
> way to solve this?
>
> According to the troubleshooting section of Install.W32, I can avoid the
> errors by doing "perl util\mkdef.pl crypto ssl update", but anything
> linking to my library may need to be recompiled, and I wish to use the
> library with pre-compiled code.
>

Hmmm... looks like someone didn't do a "make update" before the official
release.

Does OpenSSL compile if you ignore those warnings? If so then ignore them and
continue as normal.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]





This email message (including any attachments) is for the sole use of the 
intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any 
unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended 
recipient, 
please immediately notify the sender by reply email and destroy all copies of 
the original message. 
Thank you.
 
Intoto Inc. 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

IE not working with DSA certificates

[Gayathri Sundar]

Hi Folks.,

Am facing a persistant problem with Internet Explorer not able to talk to
SSL Server when configured with a DSA certificate. SSL CTX has the
set_tmp_dh_params enabled and the code looks pretty much correct as
Mozilla/Firefox/Opera is working fine with the exact same SSL Server
Configuration.

IE has the initial handshake succeeding but unable to display the html
page, Ethereal shows a TCP RST going out from IE during middle of
Application Data Transfer, really not sure why this is happening.

Am I missing something here? Has someone faced a similar problem.
IE version used is 6. Also I tried the same from Openssl S_Server and hit
the same issue. Only noticible stuff is that IE seems to negotiate
EXP1024-DES-EDE-CBC-SHA but Mozilla/Firefox/Opera Negotiates AES with the
SAME SSL SERVER. Now does IE have any issues with DES? S_SERVER also gets
a Handshake failure when configured with ONLY DES.

Any Inputs deeply appreciated.

Thanks
--Gayathri



This email message (including any attachments) is for the sole use of the 
intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any 
unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended 
recipient, 
please immediately notify the sender by reply email and destroy all copies of 
the original message. 
Thank you.
 
Intoto Inc. 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Regarding ssl3_mac

[Gayathri Sundar]

Can someone give me inputs on the function ssl3_mac, especially where it
is called s->method->ssl3_enc->mac(s,&(p[wr->length]),1);

I need to know what p[wr->length] is pointing to and why we do a digest
update of 2 bytes from that.

The code is taken from s3_pkt.c function ssl3_write_bytes.

Thanks
--Gayathri



This email message (including any attachments) is for the sole use of the 
intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any 
unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended 
recipient, 
please immediately notify the sender by reply email and destroy all copies of 
the original message. 
Thank you.
 
Intoto Inc. 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: SSL_connect and SSL_accept

[Gayathri Sundar]

>I am wondering if the following scenario possible:
>1) The server calls SSL_accept(). The underlying socket is in blocking mode
>2) The client calls SSL_connect(). The underlying socket is in blocking
>mode
>3) SSL_connect() returns error.
>4) The server does not notice this, and continues to wait in SSL_accept().

Am not sure what you mean from the 4th point, "server does not notice this".

TCP is a connection oriented protocol and if the connect fails on the
client, then the server will get a valid error message, but that depends
on where the failure has happened. If the failure is at the TCP level say
if the client fails to even open a socket (client application) then the
server is not even bothered as its listening on port 443 and wont even
receive any SYN packets.

When "SSL_Accept" is made blocking, it only means that the call to
SSL_accept will not return until the SSL handshake is completed and during
that point of time, the application will not be able to accept any new tcp
requests, provided its all handled as part of the same thread.
If ur going to fork and then block, then u dont have any problem (if you
dont want to go for non blocking mode). If the SSL handshake fails the
appropriate error message will be seen by the server and it will
definitely not MISS it..and if there is a tcp level failure after the tcp
connection is established .. say u get a RST..then SSL_accept will break
and return the error to the calling application.

I am unable to think of a scenerio why ur case is possible unless some
serious network congestion has developed and pkts were lost..i dont see
how..but the experts might able to give u a better idea.

Thanks
--Gayathri


> > If the scenario mentioned above is possible, then the server will be
> > blocked in the SSL_accept() (until the underlying tcp connection is
> > broken) and hence wont be able to service other clients' connection
> > requests
>
> This is the Toyota Principle, "you asked for it, you got it." If you
> don't want to block, don't use blocking sockets. The only mechanism
> that can assure that a socket operation will not block is non-blocking
sockets.

Thanks for responding.
I will definitely consider using non blocking sockets here.
But what I am more interested in knowing is 'whether' the scenario that I
mentioned is possible, and has anyone ever experienced it.

~ Urjit


DISCLAIMER
==
This e-mail may contain privileged and confidential information which is
the property of Persistent Systems Pvt. Ltd. It is intended only for the
use of the individual or entity to which it is addressed. If you are not
the intended recipient, you are not authorized to read, retain, copy,
print, distribute or use this message. If you have received this
communication in error, please notify the sender and delete all copies of
this message. Persistent Systems Pvt. Ltd. does not accept any liability
for virus infected mails.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]




This email message (including any attachments) is for the sole use of the 
intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any 
unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended 
recipient, 
please immediately notify the sender by reply email and destroy all copies of 
the original message. 
Thank you.
 
Intoto Inc. 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Key files in dat formats

[Gayathri Sundar]

its probably a shown as a data file coz its encrypted..how did you
generate the cert? U should be using a PKCS12 format for importing that
stuff into the browser/server..btw are you telling it from windows's
perspective?

>Hi,

>I have a SSL server application in which the certificate file is rsa.der
>and key file rsakey.dat.

>What is the *.dat format? How does it differ from pem and der formats?
>How do we generate one with OpenSSL?
>Thanks & Regards,
>Prabhu




This email message (including any attachments) is for the sole use of the 
intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any 
unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended 
recipient, 
please immediately notify the sender by reply email and destroy all copies of 
the original message. 
Thank you.
 
Intoto Inc. 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: SSL_connect and SSL_accept

[Gayathri Sundar]

Yes, I agree with you, but then why would the CLIENT get an ERROR?

>2) The client calls SSL_connect(). The underlying socket is in blocking
>mode
>3) SSL_connect() returns error.
>4) The server does not notice this, and continues to wait in SSL_accept().

if SSL_connect indeed has returned with ERROR..then the SSL_accept should
also return with an ERROR, unless the data transmission was LOST!!!

In ur case the CLIENT will go on retrying sending the same message with
the TCP retransmitting the pkt as no ACK was received on the client
side..and if I am correct..it tries 3 times on linux and returns with an
error..so it does not block FOREVER..there is no concept of blocking
FOREVER..literally..
yes but then NON BLOCKING sockets are ofcourse the best solution esp when
ur appliance is designed for the enterprise markets.

Thanks
--Gayathri

> I am unable to think of a scenerio why ur case is possible unless some
> serious network congestion has developed and pkts were lost..i dont
> see how..but the experts might able to give u a better idea.

You get a SYN, send a SYN ACK, other side sends an ACK, then the other
side's Internet connection goes down due to an extended power failure. You
will be waiting for it to send the first SSL handshake message forever.

Blocking function block until the operation completes, fails, or it is
proven impossible for it to ever succeed.

DS


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]




This email message (including any attachments) is for the sole use of the 
intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any 
unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended 
recipient, 
please immediately notify the sender by reply email and destroy all copies of 
the original message. 
Thank you.
 
Intoto Inc. 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Regarding ssl3_mac

[Gayathri Sundar]

Thanks jimmy..I realised that much, the update is happening from ssl3_mac
defined in s3_enc.c, some "s2n" of the length is called, followed by a
digestupdate(md, 2)..in case of READ, md is an empty array..why do we copy
the ssl record length into a temp var "p" and then do a s2n followed by an
digest update?

Thanks
--Gayathri

Gayathri Sundar wrote:
> Can someone give me inputs on the function ssl3_mac, especially where
> it is called s->method->ssl3_enc->mac(s,&(p[wr->length]),1);
>
> I need to know what p[wr->length] is pointing to and why we do a
> digest update of 2 bytes from that.
>
> The code is taken from s3_pkt.c function ssl3_write_bytes.
>
> Thanks
> --Gayathri

i hope u meant in 'do_ssl3_write()'.

p[wr->length] is pointing to the place just after your data. this is where
you want the mac to be placed. if you look at ssl3_mac(), the second param
is the o/p param.

where exactly is it in the code is it that you mentioned update of 2 bytes
being done?


-jb
--
mathematician, n.:
Some one who believes imaginary things appear right before your i's.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]




This email message (including any attachments) is for the sole use of the 
intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any 
unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended 
recipient, 
please immediately notify the sender by reply email and destroy all copies of 
the original message. 
Thank you.
 
Intoto Inc. 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: SSL_connect and SSL_accept

[Gayathri Sundar]

Urjit.,

1st of all theoritically your are 100% correct, after all SSL runs in the
SESSION layer, but it depends on the underlying transport connection, and
if that has problems, SSL has problems. Now Am not sure why you expect the
TCP connection to be A-OK and still get an SSL_connect failure. If the
failure is with the HANDSHAKE, like mismatch in version/cipher suite or
something the SSL ALERT RECORD will take care and eventually close the
connection.

The only case is what David says, if the peer has been disconnected coz of
some power/network failure, then the client will succeed in SENDING the
Handshake message but never receive any ACK, so the TCP will endup doing
retransmissions. SSL_connect WILL NOT return with ERRORS in this case.
Its all blocked, I agree, but YOUR scenerio of SSL_CONNECT failing and
SSL_ACCEPT not knowing that CANNOT happen. SSL_connect will SUCCEED and
BLOCK indifinitely, waiting for a PEER ACK, and the server will not even
be alive. If the server was ALIVE, why would it not respond.

Go for Non Blocking sockets, if that suits your requirement, but your
scenerio cannot happen in blocking mode, infact if your scenerio does
happen, then even in non blocking mode it will end up looping, only
difference is between successive POLLs ur application has control, there
will be a loop between ur SELECT and SSL_CONNECT, latter always retruning
some TRANSIENT retry errors. Probably u could have a count and cleanup..

I dont see how Non Block will solve ur problem, IF it can occur.

Thanks
--Gayathri

I believe you are confusing tcp/ip connection establishment and SSL
session establishment.

As far as my understanding goes:
SSL is an application level protocol, that works on an existing tcp channel.
So, SSL handshake can be thought of as two network applications talking to
each other.
It is obvious that, the moment first SSL handshake packet reaches the
server, the server would change its state and will now start with the
handshake. If anything goes wrong hereafter (Invalid packet, tcp error,
lost packet  ... ), the server's SSL_accept will detect that and report
error.

The problem may occur when:
1) Server is waiting for first SSL handshake packet in SSL_accept
2) Client attempts to establish SSL handshake with SSL_connect
3) SSL_connect fails even before it could send the first SSL handshake
packet. So the client has put nothing on the network.
Now, SSL_connect has returned an error in the client, and the server is
still blocked in SSL_accept.

Gayathri,
You are correct about first forking and then attempting SSL_accept. This
will save the main server from blocking into SSL_accept and failing to
server other client connection requests. Here the forked child will be
blocked in SSL_accept though.

David,
As I have already acknowledged in my previous post, the option of using
non blocking socket seems to be the way to go.


I have a few doubts on how a particular scenario can be handled, but I
feel it is a bit off track with respect to the current thread. So I will
send a new post for that.
Thank you everyone for responding.
~ Urjit

- Original Message -
From: "Gayathri Sundar" <[EMAIL PROTECTED]>
To: 
Sent: Thursday, March 29, 2007 1:02 PM
Subject: RE: SSL_connect and SSL_accept


Yes, I agree with you, but then why would the CLIENT get an ERROR?

>2) The client calls SSL_connect(). The underlying socket is in blocking
>mode
>3) SSL_connect() returns error.
>4) The server does not notice this, and continues to wait in SSL_accept().

if SSL_connect indeed has returned with ERROR..then the SSL_accept should
also return with an ERROR, unless the data transmission was LOST!!!

In ur case the CLIENT will go on retrying sending the same message with
the TCP retransmitting the pkt as no ACK was received on the client
side..and if I am correct..it tries 3 times on linux and returns with an
error..so it does not block FOREVER..there is no concept of blocking
FOREVER..literally..
yes but then NON BLOCKING sockets are ofcourse the best solution esp when
ur appliance is designed for the enterprise markets.

Thanks
--Gayathri

> I am unable to think of a scenerio why ur case is possible unless some
> serious network congestion has developed and pkts were lost..i dont
> see how..but the experts might able to give u a better idea.

You get a SYN, send a SYN ACK, other side sends an ACK, then the other
side's Internet connection goes down due to an extended power failure. You
will be waiting for it to send the first SSL handshake message forever.

Blocking function block until the operation completes, fails, or it is
proven impossible for it to ever succeed.

DS


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Man

Re: SSL_connect and SSL_accept

[Gayathri Sundar]

I am quite clear with your problem and am not confused. The only point I
have been stressing from beginning is that SSL_connect due to WHATEVER
error it returns a failure to the calling application, the peer WILL know
for the simple fact that a "socket send " cannot fail unless the FD itself
is not created/the host is not in the network/ or the interface is down or
simply if the HOST runs out of MEMORY, I am not able to think of an error
case wherein the SSL_connect fails to send a message out when the
underlying TCP connection is ALIVE and KICKING. WHY? WHAT SORT OF ERROR
ARE YOU ANTICIPATING that SSL_connect will return FAILURE to its
application without even sending 1 byte on the wire?  UNLESS SSL_INIT
itself fails on the client or SSL OBJECT creation fails? If that is the
FAILURE ur worried about then you might as well initiate a TCP teardown
from the client and not attempt SSL anymore..

I hope I am able to explain better..see only in severe application
programming errors/memory leak or whatever the SSL init itself will
fail..so
if the SSL init fails on the client side DONT initiate SSL at all so that
the server will not go into SSL_accept. Why will SSL OBJ creation fail?

CAN you explain to me WHAT ERROR UR TALKING ABOUT that SSL_CONNECT will
return FAILURE TO CALLING APPLICATION without sending 1BYTE on the wire
when the TCP CONNECTION IS A-OK?

I can think of "BUGGY CODING"..and I dont think Non blocking will solve ur
problem as its never going to detect this FAILURE THAT UR TALKING
ABOUT..unless you implement POLL TIMEOUT i.e the FD will never SELECT as
it never receives any DATA, so ur POLL TIMER should cleanup that FD if say
it doesnt select within 5mins or so..

This is my solution:

1. Make ur FDs non blocking
2. Start a timer per FD basis before ur add it into ur POLL table
3. Everytime the FD selects on a POLLIN/POLLOUT restart ur timer
4. On TimerExpiration clean up that FD coz it never received any DATA for
the timeout period, due to n/w or client failures.

Decide on a good timeout value..

Thanks
--Gayathri


Hmm...
I am surprised to see how I have managed to confuse you. I thought my
previous post was pretty clear.
Anyway, I will try to explain again.

The client and server have and existing tcp connection, which is healthy.
There is no problem with the tcp connection throughout the scenario.
The client, for some reason decides to have a secured session, and so with
its own protocol, tells the server to allow a secured session.
After seeing such request from client (This is still a tcp communication,
SSL is still not in picture), the server creates a SSL object, calls
SSL_set_fd(sock_serv) and then calls SSL_accept The Client creates its SSL
object, calls SSL_set_fd(sock_cli) and calls
SSL_connect()

Now *before* SSL_connect can actually write something on the tcp channel,
using tcp send() or write(), something goes wrong and it returns an error
to its caller.
So there is nothing placed on the tcp channel. The server is waiting for
the SSL handshake packet which it never get because SSL_connect() could
never send it.

Hope the scenario I am talking about is clear now.

The reason why I am interested in knowing if something like what is
written above can happen is:
I want my client and server to be able to communicate with/without SSL If
the SSL session establishment fails, the client/server can decide to kill
the underlying tcp channel, or can decide to go ahead unsecured.
In the scenario mentioned above, the client knows that SSL session
establishment has failed, because SSL_connect() returned an error. So it
may, as per its configuration decide to go ahead with unsecured
communication.
On he other side of the tcp link, the server is still waiting for SSL
handshake packet, which the client was expected to send, which the client
never sent due to some error.
So here is the problem. I want my server to detect that something went
wrong with the client and it should fall back to the unsecured
communication. The issue here is HOW can my server detect the
SSL_connect() failure that occurred on the client side?
Anything that the client would send after SSL_connect() failure, will in
fact be taken up by SSL_accept() and SSL_accept() will now error out
saying it read invalid SSL handshake packet.

Now as I write down this whole thing, I wonder if even non-blocking
sockets can help.
Does it look more like a design issue ?

 ~ Urjit



- Original Message -----
From: "Gayathri Sundar" <[EMAIL PROTECTED]>
To: 
Sent: Thursday, March 29, 2007 4:07 PM
Subject: Re: SSL_connect and SSL_accept


Urjit.,

1st of all theoritically your are 100% correct, after all SSL runs in the
SESSION layer, but it depends on the underlying transport connection, and
if that has problems, SSL has problems. Now Am not sure why you expect the
TCP connection to be A-OK and still get an SSL_connect failure. If the
failure is with the HANDSHAKE, like mismatch in version/cipher suite or

Re: SSL_connect and SSL_accept

[Gayathri Sundar]

Thanks for replying. I guess we are on the same page now. The only thing
is that you are asking the same question that I am asking everyone on this
list 
"What scenario may cause the SSL_connect to return error to the caller,
without writing a single byte on the underlying tcp connection (which is
healthy) ?"
Can someone think of such a scenario?
Has anyone ever experienced this before?

 I have spent quite some time with SSL_connect, and apart from tcp level
socket failures (transient/fatal) and SSL Handshake failures it cannot
return error, so ur case is NOT POSSIBLE unless the HOST has run out of
memory wherein Openssl_malloc itself fails. So I dont suppose you need to
worry about that.

I guess you have already mentioned one such scenario ... memory allocation
issues, which could cause SSL_connect to return before it could write
something on the socket.
Are there other such possibilities? SSL_init failures is not a candidate
here, as I am already doing what you have suggested "dont attempt SSL at
all if SSL_init fails". What I am considering is *some* error, that occurs
*just as I enter SSL_connect*. Looking at the SSL_connect code may provide
an answer, and I will surely consider this option. But I was looking for a
response from folks who already know this code, and have better idea of
what SSL_connect does before it writes its first byte on the socket. May
be they can say if they foresee a case when SSL_connect can error out
without writing a byte on the socket.

As far as the synchronization between the server and the client goes, may
be I can consider reading a feed back from the server. So the execution
sequence will be like

Client calls SSL_connect()
Client waits for servers response (No matter if SSL_connect fails or
succeeds)

>> Tell me if the client fails, why and how long will you wait for feedback?
Also isnt that TCP's job? Why should the session layer worry about this?

>>If the client failes with a malloc and memory corruption issues, you
might >>as well restart your application..there is no point waiting on
any >>feedback.

>>You cannot fix the symptom, u need to fix the cause and that is why this
>>HYPOTHETICAL error occured in the 1st place.

The server has a non blocking socket
it calls SSL_accept()
if succeeds, it would report success to the client if failure (timeout),
it would report failure to the client

~ Urjit
- Original Message -
From: "Gayathri Sundar" <[EMAIL PROTECTED]>
To: 
Sent: Friday, March 30, 2007 9:25 AM
Subject: Re: SSL_connect and SSL_accept


I am quite clear with your problem and am not confused. The only point I
have been stressing from beginning is that SSL_connect due to WHATEVER
error it returns a failure to the calling application, the peer WILL know
for the simple fact that a "socket send " cannot fail unless the FD itself
is not created/the host is not in the network/ or the interface is down or
simply if the HOST runs out of MEMORY, I am not able to think of an error
case wherein the SSL_connect fails to send a message out when the
underlying TCP connection is ALIVE and KICKING. WHY? WHAT SORT OF ERROR
ARE YOU ANTICIPATING that SSL_connect will return FAILURE to its
application without even sending 1 byte on the wire?  UNLESS SSL_INIT
itself fails on the client or SSL OBJECT creation fails? If that is the
FAILURE ur worried about then you might as well initiate a TCP teardown
from the client and not attempt SSL anymore..

I hope I am able to explain better..see only in severe application
programming errors/memory leak or whatever the SSL init itself will
fail..so
if the SSL init fails on the client side DONT initiate SSL at all so that
the server will not go into SSL_accept. Why will SSL OBJ creation fail?

CAN you explain to me WHAT ERROR UR TALKING ABOUT that SSL_CONNECT will
return FAILURE TO CALLING APPLICATION without sending 1BYTE on the wire
when the TCP CONNECTION IS A-OK?

I can think of "BUGGY CODING"..and I dont think Non blocking will solve ur
problem as its never going to detect this FAILURE THAT UR TALKING
ABOUT..unless you implement POLL TIMEOUT i.e the FD will never SELECT as
it never receives any DATA, so ur POLL TIMER should cleanup that FD if say
it doesnt select within 5mins or so..

This is my solution:

1. Make ur FDs non blocking
2. Start a timer per FD basis before ur add it into ur POLL table
3. Everytime the FD selects on a POLLIN/POLLOUT restart ur timer
4. On TimerExpiration clean up that FD coz it never received any DATA for
the timeout period, due to n/w or client failures.

Decide on a good timeout value..

Thanks
--Gayathri


Hmm...
I am surprised to see how I have managed to confuse you. I thought my
previous post was pretty clear.
Anyway, I will try to explain again.

The client and server have and existing tcp connection, which is healthy.
There is no problem with the tcp connection throughout the scenario.
T

Re:BIO or no BIO ?

[Gayathri Sundar]

its always better to use BIO for easier migration in the future if for
some reason some enhancement/changes are to be done in your product. Also
while using SSL_set_fd, socket BIO is automatically created and attaches
to the TCP fd.  What you can do is to create explicitely a read bio and a
write bio
and attach the same tcp fd to both for better progamming (wrt to keeping
future in mind). Its just a couple of lines and not much programming.

Thanks
--Gayathri


Hello all,

As we all know, the SSL object can work either with direct tcp sockets
(SSL_set_fd()) or can work on top of socket BIO objects.
In my current project, I am using SSL directly on top of tcp sockets (no
BIOs).
I wonder whether I loose some functionality provided by BIO layer?
What are the advantages of using BIOs instead of tcp sockets? (As I
understand it, BIO can be though of as a wrapper on tcp).
What points should one take into account, while deciding whether to use
BIOs or direct tcp sockets?
Is there any security concern in using tcp sockets, instead of BIOs?

Thanks,
~ Urjit

DISCLAIMER == This e-mail may contain privileged and confidential
information which is the property of Persistent Systems Pvt. Ltd. It is
intended only for the use of the individual or entity to which it is
addressed. If you are not the intended recipient, you are not authorized
to read, retain, copy, print, distribute or use this message. If you have
received this communication in error, please notify the sender and delete
all copies of this message. Persistent Systems Pvt. Ltd. does not accept
any liability for virus infected mails.




This email message (including any attachments) is for the sole use of the 
intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any 
unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended 
recipient, 
please immediately notify the sender by reply email and destroy all copies of 
the original message. 
Thank you.
 
Intoto Inc. 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re:Verification error

[Gayathri Sundar]

Hi,

I'm trying to verify a cert chain against a trusted chain of cert, and
here's what i get

"error 20 at 1 depth lookup:unable to get local issuer certificate"

can someone shed some more light at the error, like
1) what doest it mean

 Its not able to find the CA that signed your certificate...whoever
issued that certificate. It could either be because of some wrong ca
certificate, or names mismatch or it some extensions do not tally.

2) and is the problem in the cert chain that i'm trying to validate

 as the depth is 1 and lookup failed, am thinking you are using a
self signed certificate?

3) or theres some problem in cert chain that i trust.

Thanks, any insight would be helpful

-KB

_
Download Messenger. Join the i’m Initiative. Help make a difference today.
http://im.live.com/messenger/im/home/?source=TAGHM_APR07

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]




This email message (including any attachments) is for the sole use of the 
intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any 
unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended 
recipient, 
please immediately notify the sender by reply email and destroy all copies of 
the original message. 
Thank you.
 
Intoto Inc. 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re:RSA Key Block

[Gayathri Sundar]

Whatever you have mailed is correct, but I believe the TLS 1.0 RFC explains
all these in details.  Try reading 2246 from ietf.org.

Thanks
--Gayathri

Hi All
I have a general question about RSA Key Block.

The output of PRF with the master_secret to give us many keys. It
includes: client_write_MAC_secret, server_wriet_MAC_secret,
client_write_key, server_write_key, client_write_IV, server_write_IV.
Could you Please verify what I think about how four of these keys being
use correcly:

1) SSL record format: Length + Data + MAC ( in general)  : client> server

client_write_MAC_secret is used to encrypted the MAC portion message
from client>server
client_write_key is used to encrypted the Data portion message from
client> server

2) SSL record format: Length + Data + MAC ( in general)  : server> client

servert_write_MAC_secret is used to encrypted the MAC portion message
from server> client
client_write_key is used to encrypted the Data portion message from 
server> client

3) Data from Sever to Client is encrypted with different key from Client
to Server ???.

I just want to understand what going on underneath openssl.

Thank You
TD




This email message (including any attachments) is for the sole use of the 
intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any 
unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended 
recipient, 
please immediately notify the sender by reply email and destroy all copies of 
the original message. 
Thank you.
 
Intoto Inc. 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re:do_cipher

[Gayathri Sundar]

>Hi All,

>I am using EVP functions for AES encryption/Decryption. Please can any
one >tell me how to find the exact AES encryption/decryption routines
called >when do_cipher is invoked?

did you try single stepping using gdb or something? thats the easiest way
to find out..or checkout the cipher negotiated on wire using ethereal..or
any packet sniffer..not sure why u wanted to recall this posting..

>Regards,
>Jaya




This email message (including any attachments) is for the sole use of the 
intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any 
unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended 
recipient, 
please immediately notify the sender by reply email and destroy all copies of 
the original message. 
Thank you.
 
Intoto Inc. 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Rehandshake in tls1

[Gayathri Sundar]

Hi folks.,

I would like to know as an ssl server, when do I send a "Hello request" on
the wire? Based on what parameters should I trigger that? I have quite a
few questions based on this

A) Does the re-handshake happen on the existing tcp connection? i.e the
tcp connection over which the "hello request" message is sent by the my
server?

B) After the rehandshake is completed, does application data continue to
flow in the same tcp connection but now with the new cipher parameters?

C) Does rehandhake involve public key operations as well? i.e does the
premaster secret change?

I am really confused and I did spend sometime with the RFC, but I am
really lost..I was thinking if I called the API : SSL_CTX_set_timeout(),
then the session will eventually expire and end up triggering a
rehandshake if application data was flowing in that session at expiration
time. But I didnt see any such messages go out on the wire. Could anyone
explain whats going on?

Thanks
--Gayathri



This email message (including any attachments) is for the sole use of the 
intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any 
unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended 
recipient, 
please immediately notify the sender by reply email and destroy all copies of 
the original message. 
Thank you.
 
Intoto Inc. 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Rehandshake in tls1

[Gayathri Sundar]

Thanks marek, I didnt know abt the R option on s_server.
Is it possible to make IE renegotiate? I have a rather complex testing
requirement and I cannot test using s_client, somehow I need to ensure the
client triggers renegotiation. I got a KB on IE

http://support.microsoft.com/kb/265369

and tried to introduce that symptom..but on XP its not happening..
Any suggestions as to how I can make IE trigger renegotiation once in
few minutes?

Thanks
--Gayathri


Hello,
> I would like to know as an ssl server, when do I send a "Hello
> request" on the wire? Based on what parameters should I trigger that?
> I have quite a few questions based on this
>
> A) Does the re-handshake happen on the existing tcp connection? i.e
> the tcp connection over which the "hello request" message is sent by
> the my server?
Yes.

> B) After the rehandshake is completed, does application data continue
> to flow in the same tcp connection but now with the new cipher parameters?
Yes.

> C) Does rehandhake involve public key operations as well? i.e does the
> premaster secret change?
Yes.
You can experiment with SSL renegotiation using openssl command.
Run in "server" window command:

$ openssl s_server -key vpn-server-key.pem -cert vpn-server-crt.pem -msg
-debug -cipher AES256-SHA -state

next, in "client" window run:

$ openssl s_client -msg -debug -state

and you will see proper SSL session established connection.

Now, in "server" windows type:

R

this will trigger renegotation, you will see a lot of messages and on
client side you will see client_key_exchange packet sent to server with
new pre_master_secret.

> I am really confused and I did spend sometime with the RFC, but I am
> really lost..I was thinking if I called the API :
> SSL_CTX_set_timeout(), then the session will eventually expire and end
> up triggering a rehandshake if application data was flowing in that
> session at expiration time. But I didnt see any such messages go out on
the wire.
This sets only timeout for session resumption.
This is done for performance reasons to not overload server with
time-consuming private key operation. For example browser connection to
WWW server over https with HTTP/1.0 can generate new session for any gif,
html and other. So if this connections are made within preconfigured time,
server may use already established encryption parameters (identified by
session_id in client_hello packet) to get abbreviated handshake.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]




This email message (including any attachments) is for the sole use of the 
intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any 
unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended 
recipient, 
please immediately notify the sender by reply email and destroy all copies of 
the original message. 
Thank you.
 
Intoto Inc. 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Query: DH Cipher Suite -- HELP

[Gayathri Sundar]

Hi There.,

Marek, hope ur reading this mail.

I am hitting a strange problem with Openssl. Recently I migrated from
OpenSSL-0.9.8a to OpenSSL-0.9.8d, from the release notes, I see that some
fixes have gone into cipher selection logic of OpenSSL.

Now for the same CLIENT HELLO message (same as in no diff to cipher order
or ssl version from IE), OpenSSL-0.9.8d selects DH cipher suite when
RC4-MD5, DES, 3DES, AES are sent ahead of this DH in the client hello.

Now my question is simple.

1. Is this behaviour only restricted to OpenSSL-0.9.8d or other versions
as well?
2. Why does this happen? Kindof an attack as a weak suite is negotiated.
3. When will a DH be selected by the server.

Note: cipher selection priority is pointing to server (coded that way in
the application).

This is really strange and hope to get some inputs.
Marek..I would appreciate your reply.

Thanks
--Gayathri



This email message (including any attachments) is for the sole use of the 
intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any 
unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended 
recipient, 
please immediately notify the sender by reply email and destroy all copies of 
the original message. 
Thank you.
 
Intoto Inc. 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Problem with SSL_WRITE

[Gayathri Sundar]

> Hi,
>
>
>
> We are using OPEN SSL library in our client server application. We are
> using SSL_WRITE and SSL_READ api used to read and
>
>
>
> write operations between them. Connection is broken When server sends
> very large message (more than 56K) using SSL_WRITE api.
>
>
>
> We fixed problem with set partial mode api like,
>
>
>
>SSL_CTX_set_mode(ctx,SSL_MODE_AUTO_RETRY |
> SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
>
>
>
> After using this API, problem was resolved. But I want to know if any
> impact using this api. Can you tell me what the limitation relevant to
> message size?
>
   Not using the above api would have been problematic if non blocking
mode was set, which for some reason never hit for you so far. So having
this is the rite thing to do..in terms of impact what do u mean? There
is no limit on the ssl buffer size except that its an integral multiple
of 1k. So u can programmatically set the read/write buffer size to what
you want..but having it as an integral multiple of the SSL record size
is advisable.

>
>
> please give me a quick reply, it's very urgent for us.
>
>
>
>
>
> Note: For local client everything is working fine. Problem occurs for
> remote client only.
>
>
>
> Regards,
>
> Vinay
>
>
>
>
>
>
>
>
>
>
>
>

Fwd: [Fwd: Re: How to handle dead sessions with SSL_write]

[Gayathri Sundar]

From: Gayathri Sundar <[EMAIL PROTECTED]>
Date: Fri, Feb 29, 2008 at 9:35 AM
Subject: [Fwd: Re: How to handle dead sessions with SSL_write]



 Original Message 
Subject: Re: How to handle dead sessions with SSL_write
From:"Gayathri Sundar" <[EMAIL PROTECTED]>
Date:Fri, February 29, 2008 7:34 am
To:  openssl-users@openssl.org
--

Hello,

It is the job of TCP to return  to SSL that  the underlying FD is closed.
If you attempt to do a socket write on an Invalid FD then some -ve value
will be returned with errno set appropriately. Make sure you select on
POLLINVAL and POLLERR, so that SSL_Write is first of all not even called
in ur case.

SSL does not take care of FD timeouts, it should be taken care of by the
application making use of SSL, noting special is required, just start a
timer everytime u establish a new TCP connection and restart it each time
some data is sent over that.

what ur facing is a TCP issue and not SSL. Find out why TCP returns valid
bytes to SSL_write indicating that some bytes were written on  that
socket.

Thanks
--Gayathri



> I am developing client/server app and client should be mobile, thus
> connection can be easily lost. The problem is that i can't find a way
> to detect this lose of connection with openssl.
>
> For example, i send a request to the server from client and
> immediately remove the cable from "client" laptop. Connection
> disappears, but ssl_write, that server uses keeps returning positive
> values.
>
> It looks like openssl thinks there is a congestion in the network or
> smth like that, thus it tries to resend the packet again and again.
> Also it looks like there is no ssl timeout, because server been
> sending data for 2 minutes without even trying to assume that
> connection is down.
>
> Does anybody know how to deal with such scenarios? Thanks in advance.
>
> --
> Sergey
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   [EMAIL PROTECTED]
>




This email message (including any attachments) is for the sole use of the
intended recipient(s)
and may contain confidential, proprietary and privileged information. Any
unauthorized review,
use, disclosure or distribution is prohibited. If you are not the intended
recipient,
please immediately notify the sender by reply email and destroy all copies
of the original message.
Thank you.

Intoto Inc.





This email message (including any attachments) is for the sole use of the
intended recipient(s)
and may contain confidential, proprietary and privileged information. Any
unauthorized review,
use, disclosure or distribution is prohibited. If you are not the intended
recipient,
please immediately notify the sender by reply email and destroy all copies
of the original message.
Thank you.

Intoto Inc.

Doubt on SSL_ERROR_SYSCALL

[Gayathri Sundar]

Hi.,

Have a small doubt on how the application needs to "react" for an
SSL_ERROR_SYSCALL. What do I have to do when I actually attempted
an SSL_READ and endedup with that error code, now should the operation
need to be retried based on "errno" or should this be regarded
as a "fatal"?

If it needs to be retried based on errno, could you pls tell for
what set of values?

The mail problem I am facing is wrt to performance, when I pump
heavy https traffic say from smartbits, more than 30% is dropped
because of this return value, happening from SSL_accept to SSL_read and
SSL_Write as rite now I am treating this as a fatal.
This is a serious performance blow and any help is deeply appreciated.

Probably I am missing something else coz of which I am getting this
particular error code (invariably errno = 5 when ssl returns with
SSL_ERROR_SYSCALL)

Thanks
--Gayathri


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Enable Client Authentication using [ Openssl s_server ]

[Gayathri Sundar]

Try using one of these two

 -verify arg   - turn on peer certificate verification
 -Verify arg   - turn on peer certificate verification, must have a cert.

in the command, btw u can get the whole list of options in man s_server

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of am0ykam0te (sent by
Nabble.com)
Sent: Thursday, December 08, 2005 10:42 AM
To: openssl-users@openssl.org
Subject: Enable Client Authentication using [ Openssl s_server ]


I am currently testing the ssl client i developed. I need to test it when
it connects to a server which requires client authentication. However i do
not know how to enable it in openssl's command line server (s_server). How
do i enable client authentication in openssl s_server?


Sent from the OpenSSL - User forum at Nabble.com:
Enable Client Authentication using [ Openssl s_server ]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: How do I correctly handle SSL_shutdown?

[Gayathri Sundar]

Hi.,

I think that depends on the mode of SSL meaning blocking/non blocking,
If its the latter then you need to select again before calling the
2nd ssl shutdown and check whether the close notify from the peer is
received by checking the ssl_received_shutdown flag. If this flag is not
set, then you should cleanup or select for a timeout.

This code snippet is true for blocking sockets.

Thanks
--Gayathri



I am confused.

If SSL_shutdown returns 0 then I need to call SSL_shutdown again? So
would I do something like this on the client side?

/* Client code to close SSL connection */
  if( (SSL *)NULL != *sslSocket )
 {
   if( SSL_ST_OK == SSL_state( *sslSocket ) )
 {
   status = SSL_shutdown( *sslSocket );
   if( status == 0 )
   {
  status = SSL_shutdown( *sslSocket );
   }
 }
 SSL_free( *sslSocket );
 *sslSocket = (SSL *)NULL;
 }

--

If this is the case what do I do on the server side do I need to uses
SSL_state to check for some shutdown state?

Thanks,
Perry

Victor Duchovni wrote:

>On Mon, Dec 19, 2005 at 11:22:11AM -0500, Perry L. Jones wrote:
>
>
>
>>I have some questions about shutting down an SSL connection.
>>
>>
>>
>
>The correct use of SSL_shutdown() is described in the SSL_shutdown
>manpage. Read the whole thing, and pay specific attention to:
>
>   When the application is the first party to send the "close notify"
>   alert, SSL_shutdown() will only send the alert and the set the
>   SSL_SENT_SHUTDOWN flag (so that the session is considered good and
will
>   be kept in cache). SSL_shutdown() will then return with 0. If a
unidi-
>   rectional shutdown is enough (the underlying connection shall be
closed
>   anyway), this first call to SSL_shutdown() is sufficient. In order to
>   complete the bidirectional shutdown handshake, SSL_shutdown() must be
>   called again. The second call will make SSL_shutdown() wait for the
>   peer's "close notify" shutdown alert. On success, the second call to
>   SSL_shutdown() will return with 1.
>   If the peer already sent the "close notify" alert and it was already
>   processed implicitly inside another function (SSL_read(3)), the
>   SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() will send the
"close
>   notify" alert, set the SSL_SENT_SHUTDOWN flag and will immediately
>   return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be
>   checked using the SSL_get_shutdown() (see also SSL_set_shutdown(3)
>   call.
>
>
>
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: How do I correctly handle SSL_shutdown?

[Gayathri Sundar]

If the server is unable to see the SSL_RECEIVED_SHUTDOWN, then probably
the "close notify" did not go on the wire, i.e client failed sending it?
Can you check the wire to see if it actually went out?
Try calling ssl_get_error to see the status on the error queue.

Also by any chance have you set the "quiet shutdown" mode in ur ctx?
if that is set, then the alert will not be sent on the wire..

This is what I get from man SSL_shutdown

SSL_shutdown() tries to send the "close notify" shutdown alert to the
peer.  Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN
flag is set and a currently open session is considered closed and good
and will be kept in the session cache for further reuse.


I think I understand but I still seem to have an issue with my code.

1). Server opens an SSL port for a client to connect to
2). Client connects to this port and SSL_read and Write stuff.
3). Client Calls SSL_shutdown( sslSocket );
4). Server Calls SSL_get_shutdown( sslSocket ), If shutdown is equal to
SSL_RECEIVED_SHUTDOWN the server will
 then call SSL_shutdown( sslSocket );

So if the above is correct?  I am doing the following to close the
connection and my server does not seem to ever see SSL_RECEIVED_SHUTDOWN
?  Could some one please tell me what I am doing wrong?

( Blocking IO )
1). Client sends shutdown

/* Client code to close SSL connection */
  if( (SSL *)NULL != sslSocket )
 {
   if( SSL_ST_OK == SSL_state( sslSocket ) )
 {
   status = SSL_shutdown( sslSocket );
   if( status == 0 )
   {
  status = SSL_shutdown( sslSocket );
   }
 }

 fd = SSL_get_fd( sslSocket );
 close( fd );
 SSL_free( sslSocket );
 sslSocket = (SSL *)NULL;
 }

2). Server checks for shutdown and sends shutdown if SSL_RECEIVED_SHUTDOWN
is returned.

/* Server code to close SSL connection */
if( (SSL *)NULL != sslSocket )
{
  if( SSL_RECEIVED_SHUTDOWN == SSL_get_shutdown( sslSocket ) )
  {
SSL_shutdown( sslSocket );
  }

  fd = SSL_get_fd( sslSocket );
  close( fd );
  SSL_free( sslSocket );
  sslSocket = (SSL *)NULL;
}


Thanks,
Perry


Gayathri Sundar wrote:

>Hi.,
>
>I think that depends on the mode of SSL meaning blocking/non blocking,
>If its the latter then you need to select again before calling the
>2nd ssl shutdown and check whether the close notify from the peer is
>received by checking the ssl_received_shutdown flag. If this flag is not
>set, then you should cleanup or select for a timeout.
>
>This code snippet is true for blocking sockets.
>
>Thanks
>--Gayathri
>
>
>
>I am confused.
>
>If SSL_shutdown returns 0 then I need to call SSL_shutdown again? So
>would I do something like this on the client side?
>
>/* Client code to close SSL connection */
>  if( (SSL *)NULL != *sslSocket )
> {
>   if( SSL_ST_OK == SSL_state( *sslSocket ) )
> {
>   status = SSL_shutdown( *sslSocket );
>   if( status == 0 )
>   {
>  status = SSL_shutdown( *sslSocket );
>   }
> }
> SSL_free( *sslSocket );
> *sslSocket = (SSL *)NULL;
> }
>
>--
>
>If this is the case what do I do on the server side do I need to uses
>SSL_state to check for some shutdown state?
>
>Thanks,
>Perry
>
>Victor Duchovni wrote:
>
>
>
>>On Mon, Dec 19, 2005 at 11:22:11AM -0500, Perry L. Jones wrote:
>>
>>
>>
>>
>>
>>>I have some questions about shutting down an SSL connection.
>>>
>>>
>>>
>>>
>>>
>>The correct use of SSL_shutdown() is described in the SSL_shutdown
>>manpage. Read the whole thing, and pay specific attention to:
>>
>>  When the application is the first party to send the "close notify"
>>  alert, SSL_shutdown() will only send the alert and the set the
>>  SSL_SENT_SHUTDOWN flag (so that the session is considered good and
>>
>>
>will
>
>
>>  be kept in cache). SSL_shutdown() will then return with 0. If a
>>
>>
>unidi-
>
>
>>  rectional shutdown is enough (the underlying connection shall be
>>
>>
>closed
>
>
>>  anyway), this first call to SSL_shutdown() is sufficient. In order to
>>  complete the bidirectional shutdown handshake, SSL_shutdown() must be
>>  called again. The second call will make SSL_shutdown() wait for the
>>  peer's "close notify" shutdown alert. On success, the second call to
>>  SSL_shutdown() will return with 1.
>>  If the peer already sent the "close notify" alert and it was already
>>  processed implicitly inside another function (SSL_read(3)), the
>>  SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() w

RE: How do I correctly handle SSL_shutdown?

[Gayathri Sundar]

AFAIK, if a close notify is not sent, the the ssl connection termination
is considered premature and the session cannot be reused. The
specification does not define it as a MUST, rather it is defined as a
SHOULD. If session reuse is not a necessary criteria (if your willing to
compromise performance) then server need not send the close notify.

Thanks
--Gayathri

Hi,

If I understand it correctly the close_notify alert is only there to
prevent a truncation attack.  If your higher level protocol can
check that all expected data is present then it is OK just to
close the socket.

To be safe it would be better to call SSL_shutdown() in the client
when it is complete.  In the server you can call SSL_get_shutdown()
when you expect the client may disconnect.  In the server it should
be fine to call SSL_shutdown() anyway.  I don't think the SSL
specification defines whether the server must send a close_notify.

I hope this helps,
Mark.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: BIO_read is continuously returning "-1"

[Gayathri Sundar]

Hi Pankaj.,

This difference in the HTTP response header is very critical.
It influences the way in which the Client is going to behave.

In case of 1, as the "Connection: Close" header is sent as part of the
response, the http server will initiate the tcp teardown and need not
bother sending the content length of the application payload.

In case of 2, the client is expected to keep the HTTP connection alive, so
that perhaps subsequent http requests can be pipelined, this is a feature
of HTTP1.1.

when a 302 is sent from the server, it means that either a "REDIRECT" req
needs to be sent by the client as the "http resource" is not available in
the requested path, so this redirect url will be as part of the "Redirect"
header of the HTTP response, also as the connection keep alive has been
set, the redirect request from the client will have to go on the same tcp
connection over which the 302 was got, which is not supported by your ssl
server?

Thanks
--Gayathri

When I tried to print the values returned by BIO_read it shows

 -1, 8, 12, 30, 24, 79, 407, 47, 10, 2, 61, 2, 3, 2, 80, 2, 2, -1, -1,
-1. , -1

I tried to catch the error using perror which shows the error message
"Error 0" till the return value 2, after that "Resource temporarily
unavailable" for all "-1" returned values.

If you want to see code then let me know.





On 12/28/05, Pankaj <[EMAIL PROTECTED]> wrote:
> I am quite new for the OpenSSL programming. I am using Perl client
> program and C client program for connecting to the same server.
>
> Perl script works fine with the get_https request. But in C, I am
> getting "-1" return value from the server while reading.
>
> C program implimentation is same as of sslcat method of SSLeay.pm module.
>
> I tried to differentiate between the reply header and found that there
> is only single difference between them as :
>
> Perl client script:
> CONNECTION: close
>
> C Script:
> HTTP/1.1 302 Found
> Proxy-Connection: Keep-Alive
> Connection: Keep-Alive
>
> i.e. 2 extra lines with difference in Connection header. Rest of the
> returned header content is same for both. I am not understanding that
> if server is getting connected for the Perl script (which uses
> Net::SSLeay::get_https() method), then what is the problem with the C
> code?
>
> While debugging I found that it getting connected, accepts request and
> replys back with the series of chunks (in BIO_read), but it seems that
> it is not ending (no "0" return). contineously it is giving "-1".
>
>
> I am using openssl-0.9.7g version. If you require code then I will
> provide in next email.
>
> Any help in this regard will greatly appreciated.
>
>
> --
> Best Regards,
> Pankaj Solanki
> [EMAIL PROTECTED]
>
>
> "The Price of Greatness is responsibility over each of your thoughts"
>


--
Best Regards,
Pankaj Solanki
[EMAIL PROTECTED]
Ph : 09810823740.

"The Price of Greatness is responsibility over each of your thoughts"
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: BIO_read is continuously returning "-1"

[Gayathri Sundar]

Forgot to mention that perhaps your client does not understand HTTP 1.1?
Check whether the redirect request came back to the server.


> Hi Pankaj.,
>
> This difference in the HTTP response header is very critical.
> It influences the way in which the Client is going to behave.
>
> In case of 1, as the "Connection: Close" header is sent as part of the
> response, the http server will initiate the tcp teardown and need not
> bother sending the content length of the application payload.
>
> In case of 2, the client is expected to keep the HTTP connection alive, so
> that perhaps subsequent http requests can be pipelined, this is a feature
> of HTTP1.1.
>
> when a 302 is sent from the server, it means that either a "REDIRECT" req
> needs to be sent by the client as the "http resource" is not available in
> the requested path, so this redirect url will be as part of the "Redirect"
> header of the HTTP response, also as the connection keep alive has been
> set, the redirect request from the client will have to go on the same tcp
> connection over which the 302 was got, which is not supported by your ssl
> server?
>
> Thanks
> --Gayathri
>
> When I tried to print the values returned by BIO_read it shows
>
>  -1, 8, 12, 30, 24, 79, 407, 47, 10, 2, 61, 2, 3, 2, 80, 2, 2, -1, -1,
> -1. , -1
>
> I tried to catch the error using perror which shows the error message
> "Error 0" till the return value 2, after that "Resource temporarily
> unavailable" for all "-1" returned values.
>
> If you want to see code then let me know.
>
>
>
>
>
> On 12/28/05, Pankaj <[EMAIL PROTECTED]> wrote:
>> I am quite new for the OpenSSL programming. I am using Perl client
>> program and C client program for connecting to the same server.
>>
>> Perl script works fine with the get_https request. But in C, I am
>> getting "-1" return value from the server while reading.
>>
>> C program implimentation is same as of sslcat method of SSLeay.pm
>> module.
>>
>> I tried to differentiate between the reply header and found that there
>> is only single difference between them as :
>>
>> Perl client script:
>> CONNECTION: close
>>
>> C Script:
>> HTTP/1.1 302 Found
>> Proxy-Connection: Keep-Alive
>> Connection: Keep-Alive
>>
>> i.e. 2 extra lines with difference in Connection header. Rest of the
>> returned header content is same for both. I am not understanding that
>> if server is getting connected for the Perl script (which uses
>> Net::SSLeay::get_https() method), then what is the problem with the C
>> code?
>>
>> While debugging I found that it getting connected, accepts request and
>> replys back with the series of chunks (in BIO_read), but it seems that
>> it is not ending (no "0" return). contineously it is giving "-1".
>>
>>
>> I am using openssl-0.9.7g version. If you require code then I will
>> provide in next email.
>>
>> Any help in this regard will greatly appreciated.
>>
>>
>> --
>> Best Regards,
>> Pankaj Solanki
>> [EMAIL PROTECTED]
>>
>>
>> "The Price of Greatness is responsibility over each of your thoughts"
>>
>
>
> --
> Best Regards,
> Pankaj Solanki
> [EMAIL PROTECTED]
> Ph : 09810823740.
>
> "The Price of Greatness is responsibility over each of your thoughts"
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   [EMAIL PROTECTED]
>
>


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

problems generating certificates

[Gayathri Sundar]

edit ur openssl.cnf to point to the correct ca certificate and its private
key..obviously the file is not the path that the cnf is looking at..


hi everybody, well finally get install openssl v0.9.8a, now when i try to
generate certificates to be used with freeradius (eap-tls or eap-peap) i use
these commands to CERTIFICATE AUTHORITY GENERATION:

#openssl req -new -x509 -keyout newreq.pem -out newreq.pem -passin
pass:clue1 -passout pass:clue1
#openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out
root.p12 -cacerts -passin pass:clue1 -passout pass:clue1
#openssl pkcs12 -in root.p12 -out root.pem -passin pass:clue1 -passout
pass:clue1

(i copied root.p12 from freeradius files)

#openssl x509 -inform PEM -outform DER -in root.pem -out root.der
#rm -rf newreq.pem

and these to SERVER CERTIFICATE GENERATION:

#openssl req -new -keyout newreq.pem -out newreq.pem -passin pass:whatever
-passout pass:clue1
#openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever
-key whatever -extensions xpserver_ext -extfile xpextensions -infiles
newreq.pem

right here, when using this command i get this error:

Error opening CA private key ./demoCA/private/cakey.pem
4161:error:02001002:system library:fopen:No such file or
directory:bss_file.c:349:fopen ('./demoCA/private/cakey.pem' ,'r')
4161:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:351:
unable to load CA private key

well i really don't understand what this mean but reviewed
./demoCA/private/cakey.pem and effectively it's there, so why openssl cann't
locate it?? why unable to load CA private key??

so, i tried this:

#openssl x509 -inform PEM -outform DER -in demoCA/cacert.pem -out
demoCA/cacert.der

but now get this:

4201:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE

excuse if this question is so trivial but i really don't understand it.
could any body help and tell me what is happening?? thanks for your patience
and help.
greetings

_
Charla con tus amigos en línea mediante MSN Messenger:
http://messenger.latam.msn.com/

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re:Re: BIO_read is continuously returning "-1"

[Gayathri Sundar]

 Original Message 
Subject: Re:Re: BIO_read is continuously returning "-1"
From:    "Gayathri Sundar" <[EMAIL PROTECTED]>
Date:Wed, December 28, 2005 4:59 am
To:  openssl-users@openssl.org
--

If the Client Http Request has Http Version as 1.0 in its GET request or
if the Connection: Close header is sent as part of the Client's GET request,
the Server has to come back with Connection: Close..if the server follows
RFC strictly..safest way is for the client to send HTTP 1.0 as its
protocol version.

The snipped is fine, can you give the code that sends the HTTP Request
once SSL handshake is thro?

Thanks
--Gayathri

Thanks Gayatri,
I dont have access to the server, so I wont be able to verify that. I
dont think that it is needed as both clients interacting with same
server. For one client it is working and for second it is not, so I
dont think that server has any problem.

Also how can I make a client to get "Connection: Close" header as part of the
response from server? I think there is some small mistake I am making,
but not able to figure it out.

Here is part of the code which creats connection object

  SSL_load_error_strings();
  OpenSSL_add_ssl_algorithms();

  ssl_ctx=SSL_CTX_new(SSLv23_client_method());
  SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); /* tried to reset to all
option again */

  ssl=SSL_new(ssl_ctx);
  SSL_set_connect_state(ssl);

  ssl_bio=BIO_new(BIO_f_ssl());
  BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE);

  sprintf(host, "%s:%i", host_name, port_num);

  out=BIO_new(BIO_s_connect());
  BIO_set_conn_hostname(out,host);

  BIO_set_nbio(out,1);
  out=BIO_push(ssl_bio,out);

You may be able to catch the problem.

Thanks,
Pankaj


On 12/28/05, Gayathri Sundar <[EMAIL PROTECTED]> wrote:
> Forgot to mention that perhaps your client does not understand HTTP 1.1?
> Check whether the redirect request came back to the server.
>
>
> > Hi Pankaj.,
> >
> > This difference in the HTTP response header is very critical.
> > It influences the way in which the Client is going to behave.
> >
> > In case of 1, as the "Connection: Close" header is sent as part of the
> > response, the http server will initiate the tcp teardown and need not
> > bother sending the content length of the application payload.
> >
> > In case of 2, the client is expected to keep the HTTP connection
alive, so
> > that perhaps subsequent http requests can be pipelined, this is a feature
> > of HTTP1.1.
> >
> > when a 302 is sent from the server, it means that either a "REDIRECT" req
> > needs to be sent by the client as the "http resource" is not available in
> > the requested path, so this redirect url will be as part of the
"Redirect"
> > header of the HTTP response, also as the connection keep alive has been
> > set, the redirect request from the client will have to go on the same tcp
> > connection over which the 302 was got, which is not supported by your ssl
> > server?
> >
> > Thanks
> > --Gayathri
> >
> > When I tried to print the values returned by BIO_read it shows
> >
> >  -1, 8, 12, 30, 24, 79, 407, 47, 10, 2, 61, 2, 3, 2, 80, 2, 2, -1, -1,
> > -1. , -1
> >
> > I tried to catch the error using perror which shows the error message
> > "Error 0" till the return value 2, after that "Resource temporarily
> > unavailable" for all "-1" returned values.
> >
> > If you want to see code then let me know.
> >
> >
> >
> >
> >
> > On 12/28/05, Pankaj <[EMAIL PROTECTED]> wrote:
> >> I am quite new for the OpenSSL programming. I am using Perl client
> >> program and C client program for connecting to the same server.
> >>
> >> Perl script works fine with the get_https request. But in C, I am
> >> getting "-1" return value from the server while reading.
> >>
> >> C program implimentation is same as of sslcat method of SSLeay.pm
> >> module.
> >>
> >> I tried to differentiate between the reply header and found that there
> >> is only single difference between them as :
> >>
> >> Perl client script:
> >> CONNECTION: close
> >>
> >> C Script:
> >> HTTP/1.1 302 Found
> >> Proxy-Connection: Keep-Alive
> >> Connection: Keep-Alive
> >>
> >> i.e. 2 extra lines with difference in Connection header. Rest of the
> >> returned header content is same for both. I am not understanding that
> >> if server is getting co

Re: regarding usage of SSL_CTX in server

[Gayathri Sundar]

Peter Sylvester wrote:
> It happened that I played with this a bit.
>
> It is not just that you have a list of servers in one context, all
> parameters of the server e;g. requirements for user certs etc can be
> different, so a separate SSL_CTX seems useful.
>
does this theoretically rule out usage of 1 SSL_CTX for multiple virtual
servers (the case where each one has a separate certificate)?

I think not..I this just a easier solution..one can achieve this with a
single SSL_CTX, but programatically tedious(well..thats relative)..before
the SSL_accept is called, we should know what certificate the server needs
to send out as part of the SSL Handshake based on some information such as
IP/Subnet or whatever..the application needs to maintain a stack of x509..
one can dynamically override the SSL_CTX cert by replacing the SSL_OBJ
cert..remember the latter only inherits the defaults of
SSL_CTX..programmer can replace the values inside SSL_OBJ..

Think interms of SSL_OBJ and not SSL_CTX..

What about the case where 1 server can have several certificates for
itself, each signed by a different root CA? Can this be done?

> Enclosed a patch for the snapshot of today (try s_server and s_client
> with -servername abc)
>
> There is an SSL_ctrl routine to switch to another SSL_CTX which has to
> fiddle a bit in
> with the SSL, since the cert is cached.
>

Thanks,
jimmy

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Query on IE's SSL Renegotiation

[Gayathri Sundar]

Hi there.,

Have some queries on the way IE is handling SSL Renegotiation.

1. Whenever IE receives a "Client Cert" req from the Server, say when it
is talking for the 1st time (IE gonna connect to this ssl server for the
very 1st time), it immediately closes the TCP connection abrubtly by
sending a FIN..now is this coz of some errors on the Server? The next
connection from IE to the server, works fine and the client cert is sent
out and renegotiation is completed on the same TCP connection..what I
further notice is this is happening everytime I switch the Server CTX from
"SSL_VERIFY_NONE" to "SSL_VERIFY_PEER" and vice versa..why is there is
extra TCP connection?

2. When there are no client certs configured on the IE, it seems to send
NULL Certificate..I mean I see the "certificate" message go out..but has
ZERO payload length!!!? Can Openssl validate this?

3. Once the ssl renegotiation is through, how can the application know
that the renegotiation succeeded and the client cert that was got is
correct?
By manipulating the SSL_OBJ i lose all the previous connection specific
data..

I really dont know why SSL Renegotiation is happening over 2 TCP
connections via IE..anyone experienced this before? Mozilla/Netscape are
working A-OK..

Thanks
--Gayathri

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Certificate chain question

[Gayathri Sundar]

I think you should load myside.com as well onto the browser..
as it is needed to verify part.myside.com.

Thanks
--G3

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Zaid
Sent: Sunday, February 12, 2006 5:33 AM
To: openssl-users@openssl.org
Subject: Certificate chain question


I have a root CA which is loaded on my browser, the
rootCA certify mysite.com which is also used to
certify part.mysite.com when user go directly to
part.mysite.com the browser complains because the
certifcate chain is not complete. Has anyone
experienced this problem or can perhaps explain why
this would happen?


Thanks,
Zaid

++++
If we don't believe in freedom of expression for people we despise, we don't
believe in it at all.
Chomsky, Noam

Zaid's Blog: http://drummergeek.blogspot.com

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: SSL_shutdown and SIGPIPE

[Gayathri Sundar]

Probably you can call the following

iRet = SSL_get_shutdown(pSSL);
if(iRet >= 0) SSL_shutdown(pSSL);

This is because, SSL_shutdown writes data on the wire,
i.e the closure alerts..and if a FIN was received meanwhile,
you will catch a SIGPIPE..this piece of code, actually
saves me from this..

Thanks
--G3

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Alberto Alonso
Sent: Sunday, February 12, 2006 2:08 PM
To: openssl-users@openssl.org
Subject: SSL_shutdown and SIGPIPE


I am getting SIGPIPE signals under Linux when calling
on SSL_shutdown and the remote is gone.

Basically, the remote end terminates the connection abruptly,
then the server finishes doing whatever is doing and issues
a SSL_shutdown on the ssl structure that used to handle the
connection. This generates a SIGPIPE on the server.

Is there anything I should be checking for before calling
SSL_shutdown to make sure the connection is still OK?


Thanks,

Alberto
-- 
Alberto AlonsoGlobal Gate Systems LLC.
(512) 351-7233http://www.ggsys.net
Hardware, consulting, sysadmin, monitoring and remote backups

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: SSL_shutdown and SIGPIPE

[Gayathri Sundar]

yeah, I have an unusual requirement dat, I cant ignore sigpipe..
meanwhile, SSL_get_shutdown will check the FD status, and if a FIN/RST
was received, the return value will reflect dat..so I will not
even attempt a write.

Thanks
--G3

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Kyle Hamilton
Sent: Monday, February 13, 2006 11:15 AM
To: openssl-users@openssl.org
Subject: Re: SSL_shutdown and SIGPIPE


Why are you trying to avoid SIGPIPE, anyway?  It's easy to ignore, and
a global state would make it possible to determine what socket you
were writing on (if you needed that).

-Kyle H

On 2/12/06, Gayathri Sundar <[EMAIL PROTECTED]> wrote:
> Probably you can call the following
>
> iRet = SSL_get_shutdown(pSSL);
> if(iRet >= 0) SSL_shutdown(pSSL);
>
> This is because, SSL_shutdown writes data on the wire,
> i.e the closure alerts..and if a FIN was received meanwhile,
> you will catch a SIGPIPE..this piece of code, actually
> saves me from this..
>
> Thanks
> --G3
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Alberto Alonso
> Sent: Sunday, February 12, 2006 2:08 PM
> To: openssl-users@openssl.org
> Subject: SSL_shutdown and SIGPIPE
>
>
> I am getting SIGPIPE signals under Linux when calling
> on SSL_shutdown and the remote is gone.
>
> Basically, the remote end terminates the connection abruptly,
> then the server finishes doing whatever is doing and issues
> a SSL_shutdown on the ssl structure that used to handle the
> connection. This generates a SIGPIPE on the server.
>
> Is there anything I should be checking for before calling
> SSL_shutdown to make sure the connection is still OK?
>
>
> Thanks,
>
> Alberto
> --
> Alberto AlonsoGlobal Gate Systems LLC.
> (512) 351-7233http://www.ggsys.net
> Hardware, consulting, sysadmin, monitoring and remote backups
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   [EMAIL PROTECTED]
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   [EMAIL PROTECTED]
>
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Testing private key - public key consistency

[Gayathri Sundar]

Probably you can try the openssl verify command?


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Julien ALLANOS
Sent: Monday, February 06, 2006 6:38 PM
To: openssl-users@openssl.org
Subject: Testing private key - public key consistency


Hello,

is there a quick way/function to verify that a private (EVP_PKEY) key 
matches a X509 certificate's public key?

thanks,
-- 
Julien ALLANOS
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Choice of CAs in SSL/TLS handshake

[Gayathri Sundar]

you can put CA2 as part of the revocation list?
if CA2 is part of the client's CRL, then it will automatically
be rejected..is this what you want?

Thanks
--G3

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Olaf Gellert
Sent: Tuesday, March 07, 2006 5:26 PM
To: openssl-users@openssl.org
Subject: Choice of CAs in SSL/TLS handshake


Hi,

I came across the following problem: I do have
two user CAs under the same root CA:

Root CA
   |->  User CA 1   ->  User Certificate 1
   |->  User CA 2   ->  User Certificate 2

I want to tell a webserver to accept certificates
from User CA 1 but not from User CA 2. But: In
openssl s_server AND in mod_ssl I can only specify
a list (as file or directory) of trusted CAs. These
are used for two purposes:

a) the server puts all of them in his certificate_request
   message during SSL connection establishment.
b) they have to contain the root certificate as trust
   anchor.

What I need is a way to specify the requested client
CAs WITHOUT the root certificate. Otherwise clients
(Mozilla/Firefox) think that both CAs are accepted
(because the root certificate is in the certificate
request message).

Any way to do this? Is this just a missing feature
or do I read the RFC wrong? This is what RFC 2246 says
about the request message (sec. 7.4.4):

  certificate_authorities
  A list of the distinguished names of acceptable certificate
  authorities. These distinguished names may specify a desired
  distinguished name for a root CA or for a subordinate CA;
  thus, this message can be used both to describe known roots
  and a desired authorization space.

So it should be possible to provide only the certificate
of User CA 1? (but then openssl s_server and mod_ssl do
not find a valid root certificate.)

Thanks for any help,

Olaf

-- 
Dipl.Inform. Olaf Gellert  PRESECURE (R)
Senior Researcher,   Consulting GmbH
Phone: (+49) 0700 / PRESECURE   [EMAIL PROTECTED]

A daily view on Internet Attacks
https://www.ecsirt.net/sensornet

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Choice of CAs in SSL/TLS handshake

[Gayathri Sundar]

I think verify depth of 1 will work only for self signed certificates,
in this case it wont work, you should override the default certificate
checking functions by registering ur own callback for this function
pointer in ssl_st.

int (*verify_callback)(int ok,X509_STORE_CTX *ctx)

as you already know CA2 issuername and common name, you can reject
that certificate if presented.

Hope this helps.

Thanks
--Gayathri

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Olaf Gellert
Sent: Tuesday, March 07, 2006 8:34 PM
To: openssl-users@openssl.org
Subject: Re: Choice of CAs in SSL/TLS handshake


Samy Thiyagarajan wrote:
>
> Hi,
> May be changing the verification of the depth level solve this issue. (
> I mean  check the chain only upto User CA 1 and not upto the Root CA )
> In this case it should not report about missing valid root.
>
> Im not sure. this is just an idea.

Good idea. But unfortunately it does not work out. I removed the
root-certificate from the SSLCACertificateFile. The Server now only
allows the user CA 1 (otherwise it still offers the root CA as
valid CA). And I shortened the verifyDepth to one. But the server
denies access saying:

[Tue Mar 07 15:56:34 2006] [error] Certificate Verification: Error (20):
unable
to get local issuer certificate

Seems that "verifyDepth" still requires a self-signed root
certificate (so the chain has to reach the toplevel in the
given number of steps).

Hm... Any other proposals? :-)

Cheers, Olaf

--
Dipl.Inform. Olaf Gellert  PRESECURE (R)
Senior Researcher,   Consulting GmbH
Phone: (+49) 0700 / PRESECURE   [EMAIL PROTECTED]

A daily view on Internet Attacks
https://www.ecsirt.net/sensornet

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: SSL_accept blocks forever

[Gayathri Sundar]

Have you set the 
the underlying FD to nonblocking (FIONBIO?)..I dont see why if the socket non 
blocking flag is set, you should have this problem..it doesnt make 
sense..
 
Thanks
--G3

  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On 
  Behalf Of Henry Yip (hyip)Sent: Friday, March 10, 2006 10:28 
  PMTo: openssl-users@openssl.orgCc: Henry Yip 
  (hyip)Subject: SSL_accept blocks forever
  Hi,
  I have a SSL server program that accepts SSL 
  connections. But after receiving around 150 connections confirmed with the 
  "netstat -a  | grep ESTAB" command and many SYN_RECV half opened 
  connections, the client is terminated. This forces the sockets to close.  The number of 
  ESTAB connections goes to zero.  The SYN_RECV half opened connection 
  still lingers. The SSL server continue to process these SYN_RECV half opened 
  connections and soon even though the client is terminated, some half opened 
  connection went int other ESTAB state.   At this point, the SSL 
  server can no longer accept any new connections.
  This happens on all Redhat 
  Linux platform that I tested with kernel 2.4.20, 2.4.18, and 
  2.6.x.   Solaris 2.8 does not have this problem.
  Below is the stack trace on where the code 
  is blocking in.
  [Switching to Thread -1210186048 (LWP 21173)]0x0012e7a2 in 
  _dl_sysinfo_int80 () from /lib/ld-linux.so.2(gdb) where#0  
  0x0012e7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2#1  
  0x00bd33fb in __read_nocancel () from /lib/tls/libpthread.so.0#2  
  0x00608d24 in BIO_sock_should_retry () from /lib/libcrypto.so.4#3  
  0x00606d8c in BIO_read () from /lib/libcrypto.so.4#4  0x007b21b0 in 
  ssl23_read_bytes () from /lib/libssl.so.4#5  0x007b0d31 in 
  ssl23_get_client_hello () from /lib/libssl.so.4#6  0x007b1309 in 
  ssl23_accept () from /lib/libssl.so.4#7  0x007b60ab in SSL_accept () 
  from /lib/libssl.so.4#8  0xb7e093bc in 
  ACE_SSL_SOCK_Acceptor::ssl_accept (this=0xb6f0,     [EMAIL PROTECTED], timeout=0x0) 
  at SSL_SOCK_Acceptor.cpp:74#9  0xb7e097d5 in 
  ACE_SSL_SOCK_Acceptor::accept (this=0xb6f0,     [EMAIL PROTECTED], 
  remote_addr=0x0, timeout=0x0, restart=1,     
  reset_new_handle=0) at SSL_SOCK_Acceptor.cpp:195#10 0x0804aace in main 
  ()
  Does anyone has any idea on what is going 
  on?
  Thanks in advance.
  -Henry

RE: Problem connecting using SSL_connect

[Gayathri Sundar]

The accept could have failed for any reason such as 
mismatch of ssl versions/ no matching ciphers/ untrusted certificate /
so check on the wire whats going on. From your code snipped,
am not sure what exactly setup_client_ctx() does or what ciphers
have been set on the server ctx..the SSL_METHOD used..
Am dead sure its just a minor handshake issue coz of misconfiguration..




-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Robert Stober
Sent: Thursday, April 06, 2006 7:47 AM
To: openssl-users@openssl.org
Subject: Problem connecting using SSL_connect


Hi,

My application is very simple, a client that connects to a server and
they verify each other's identity. Right now I'm just trying to get them
to connect. I'm using OpenSSL 0.9.7. I started with the example
application in the O'Reilly "Network Security with OpenSSL" book. I was
able to integrate the client portion of the code in my application (with
some mods). I tested it with the server they provided which demonstrated
that the client code worked.

When I integrated the server code into the application I had to make
some serious mods because my server need only handle one connection
(strange, but true). Anyway, it doesn't work and I can't figure out why.
Here's the relevant client code:


init_OpenSSL();
logInfo("Initialized OpenSSL library\n");

/* IMPORTANT!
* This must be properly seeded to ensure security.
* look in chapter 4 for details on how to this.
*/
seed_prng();

ctx = setup_client_ctx();
logInfo("Loaded private key(s) and passphrase\n");

conn = BIO_new_connect(SERVER ":" PORT);
if (!conn)
log_error("Error creating connection to BIO");

if (BIO_do_connect(conn) <= 0)
log_error("Error connecting to remote machine");

if (!(ssl = SSL_new(ctx)))
log_error("Error creating an SSL context");

SSL_set_bio(ssl, conn, conn);

/* wait for eauth -s to become ready to establish SSL handshake */
if (SSL_connect(ssl) <= 0) {
logInfo("Error connecting to SSL object\n");
}

And here's the relevant server code. I suspect that the problem is here
since the client used to work. The last thing I see in my logfile is
"step5":

 init_OpenSSL();
logInfo("Initialized OpenSSL library\n");

seed_prng();

ctx = setup_server_ctx();
logInfo("Loaded private key(s) and passphrase\n");

acc = BIO_new_accept(PORT);
logInfo("step1\n");

if (!acc)
log_error("Error creating server socket");

logInfo("step2\n");

if (BIO_do_accept(acc) <= 0)
log_error("Error binding server socket");

logInfo("step3\n");

if (!(ssl = SSL_new(ctx)))
log_error("Error creating SSL context");

logInfo("step4\n");

SSL_set_bio(ssl, acc, acc);

logInfo("step5\n");

if (SSL_accept(ssl) <= 0)
log_error("Error accepting SSL connection");
else
logInfo("SSL connection opened\n");

err = SSL_read(ssl, sslbuf, sizeof(sslbuf));


Can anyone see any problems here? Probably something obvious that I'm
missing?

One more thing - the client is invoked up to one second before the
server is invoked. Perhaps the client is attempting to connect before
the server is ready? I tried the following but it never connected:


if (SSL_connect(ssl) <= 0) {
logInfo("Error connecting to SSL object\n");
}

Is there any way to see --exactly-- what's going on? To log exactly
what's going on during the connection/handshake procedure?

Thank you very much,

Robert Stober
Senior Systems Engineer
Platform Computing, Inc.
209-986-9298
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: closing client connection problem

[Gayathri Sundar]

AFAIK, tcp read can return Zero, as numbytes read, and does not 
mean
than the fd is invalidated. I think you should use SSL_received_shutdown 
or something
which checks if any close has been initiated by the 
server..
 
Attempting write when a close was received will result in 
sigpipe..

  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On 
  Behalf Of michael DorrianSent: Thursday, April 06, 2006 8:52 
  AMTo: openssl-users@openssl.orgSubject: closing client 
  connection problemIf the server returns an error my 
  client does not shut down the connection. I think i have to use SSL_Read and 
  then if the return value is less than or equal to 0 then i just break. The 
  problem is that when i use SSL_Read then my SSL_write does not seem to 
  work...why is that.or is there a simpler way to check if the 
  server has closed the connection?.
  
  
  How low will we go? Check out Yahoo! Messenger’s low PC-to-Phone 
  call rates.

RE: errno=5 in SSL_read( )

[Gayathri Sundar]

I too faced similar problem when I pumped heavy data via smart 
bits..
this piece of code worked for me..btw the underlying bio in non 
blocking..
 
 
 do  {    
ERR_clear_error();    nbytesread = 
SSL_read(pSSLObject,pBuffer,BufSize);    if(nbytesread > 0 
)    {   totalbytesread 
+= nbytesread;   pBuffer = pBuffer + 
nbytesread;   BufSize -= 
nbytesread;    }    if(errno == EAGAIN || 
errno == EINTR || errno == ENOMEM)    
{  return 
(SSL_ERROR_NONE);    }    else 
if(!nbytesread)    {  return 
(-1 * SSL_ERROR_ZERO_RETURN);    }    
else    {  err = 
SSL_get_error(pSSLObject,nbytesread);  
break;    }  }while(SSL_pending(pSSLObject) 
&& (BufSize > 0));  

  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On 
  Behalf Of Haridharan NattamaiSent: Wednesday, April 19, 2006 
  6:59 PMTo: openssl-users@openssl.orgSubject: errno=5 in 
  SSL_read( )Hi,I'm using openssl v0.9.7i. When I 
  try to receive a huge amount of data sometimes I get 
  errno=5(SSL_ERROR_SYSCALL) and the exact response code is "EOF was observed 
  that violates the protocol". At some cases when this error occurs, I get TCP 
  ZeroWindowViolation in ethereal's trace log. I like to know what could be the 
  reason and how can I override this. Thanks in 
  advance.Haridharan 

RE: errno=5 in SSL_read( )

[Gayathri Sundar]

I think the issue is wrt to clearing the error queue. 
Whenever
you attempt to get the error number, we need to 
call  ERR_clear_error()
to clear it. Certain openssl API's call it internally, 
and some do not,
now am not clear as to why or on what basis. So, before 
calling SSL_read,
ensure you call the above mentioned function..this 
worked for me..I think
it doesnt matter if the underlying fd is 
b/nb..
 
--Gayathri

  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On 
  Behalf Of Haridharan NattamaiSent: Thursday, April 20, 2006 
  10:05 AMTo: openssl-users@openssl.orgSubject: Re: 
  errno=5 in SSL_read( )Gayathri,Thanks for your 
  message.I could see from your snippet you have used BIO in non blocking 
  mode. But my application must be in such a way that it must wait to read the 
  data. Do you have any idea on trying this for blocking mode. 
  thanks,Haridharan
  On 4/20/06, Gayathri 
  Sundar <[EMAIL PROTECTED]> 
  wrote:
  

I too faced similar 
problem when I pumped heavy data via smart bits..
this piece of code 
worked for me..btw the underlying bio in non blocking..
 
 
 do  
{    ERR_clear_error();    nbytesread 
= SSL_read(pSSLObject,pBuffer,BufSize);    if(nbytesread 
> 0 )    {   
totalbytesread += nbytesread;   
pBuffer = pBuffer + nbytesread;   
BufSize -= nbytesread;    }    
if(errno == EAGAIN || errno == EINTR || errno == 
ENOMEM)    {  return 
(SSL_ERROR_NONE);    }    else 
if(!nbytesread)    {  
return (-1 * SSL_ERROR_ZERO_RETURN);    
}    else    
{  err = 
SSL_get_error(pSSLObject,nbytesread);  
break;    }  }while(SSL_pending(pSSLObject) 
&& (BufSize > 0));  


  -Original 
  Message-From: [EMAIL PROTECTED] [mailto: 
  [EMAIL PROTECTED]]On Behalf Of Haridharan 
  NattamaiSent: Wednesday, April 19, 2006 6:59 PMTo: 
  openssl-users@openssl.orgSubject: errno=5 in 
  SSL_read( )Hi,I'm using openssl v0.9.7i. When 
  I try to receive a huge amount of data sometimes I get 
  errno=5(SSL_ERROR_SYSCALL) and the exact response code is "EOF was 
  observed that violates the protocol". At some cases when this error 
  occurs, I get TCP ZeroWindowViolation in ethereal's trace log. I like to 
  know what could be the reason and how can I override this. Thanks 
  in advance.Haridharan 

RE: Question on PEM_read_RSA_PUBKEY

[Gayathri Sundar]

what do you mean by "decrypt a signed message"? either u have to
decrypt the encrypted message, or rehash and check the msg digest i.e
the sha/md5 signature.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Ambarish Mitra
Sent: Thursday, April 27, 2006 5:16 PM
To: openssl-users@openssl.org
Subject: RE: Question on PEM_read_RSA_PUBKEY


David,

Thanks a lot. This worked. Next logical question is: using this public key,
how do I decrypt a signed message? This signed message was signed by the
corresponding private key, and naturally, my application does not have that.

My application has the cert, and this signed message. How to verify that the
signed message was signed by this pub key?

Best regards,
Ambarish.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of David Schwartz
Sent: Thursday, April 27, 2006 4:24 PM
To: openssl-users@openssl.org
Subject: RE: Question on PEM_read_RSA_PUBKEY



> Hi all,
>
> How to extract the public key from the certificate?

1) Read in the certificate.
2) Extract the public key.

> I have a question on the function: PEM_read_RSA_PUBKEY and
> PEM_read_bio_RSA_PUBKEY.
>
> The argument to these function is FILE *fp and BIO *bp respectively.
>
> Does this argument contain a X509 certificate? This I ask, since
> the public
> key is present in the certificate, and I want to extract the
> public key from
> the cert.

No, these functions read in a public key, which you don't have. You want
functions like 'PEM_read_bio_X509' followed by 'X509_get_pubkey'.

DS


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: [Resending] Export 1024 ciphers

[Gayathri Sundar]

did you try "man ciphers"?

EXP1024 has to work on 1024 bit key, which is why it is called so,
definitely they are stronger than "normal" EXP ciphers..once again EXP
ciphers are reduced in strength so that it can be exportable in US, and
I believe now there are no such restrictions..atleast thats what I got
from ICSA labs.


> Hi all,
>  Is it true that all EXP1024 ciphers will only work with 512
> bit
> key. I tried with 1024 bit key but I got a failure.If this is true why do
> we
> name these ciphers as EXP1024 ciphers they are as good as normal EXP
> ciphers.
>
>  May be I am missing something but if anyone can give me a link where I
> can
> read more about these ciphers ,that will be very useful
>
> Thanks and Regd's
> Ritesh
>
>
>
>


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: SSL_connect returns 0, with no error

[Gayathri Sundar]

-Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On 
Behalf Of Andrew DennisonSent: Friday, May 05, 2006 7:23 
PMTo: openssl-users@openssl.orgSubject: SSL_connect 
returns 0, with no error

  
  I 
  am currently experiencing an issue using SSL_connect() on a non-blocking 
  socket.
  
  I 
  have set SSL_MODE_AUTO_RETRY so that it would not return right away, and as a 
  backup measure have included handling for SSL_WANT_READ/SSL_WANT_WRITE such 
  that the entire connection process is handled in it's own thread that will 
  only exit once a connection has been made (or the main thread timeout for that 
  thread expires, but that is set for 5 minutes). 
  
  The issue arises on the second 
  connection attempt after having already established a successful 
  connection.  What I am attempting to do is to shutdown the SSL layer and 
  perform a full handshake to re-establish a new SSL connection without 
  affecting the underlying TCP socket (whose connection I hope to maintain 
  throughout this process). 
  
  The sequence of commands is more 
  or less this:
  
  SSL_connect()
  - 
    
  SSL_WANT_READ/SSL_WANT_WRITE
  -  
  SSL_state_string_long(): SSLv3 
  read server hello A 
  -  
  SSL_WANT_READ/SSL_WANT_WRITE 
  
  -  
  SSL_state_string_long(): SSLv3 
  read finished A 
  
  [connection established, all is 
  well]
  
  [time passes, data is 
  sent/received]
  
  Read and write threads are 
  suspended pending session re-establishment
  
  SSL_shutdown() – close-notify sent 
  (OK)
  SSL_shutdown() – host 
  close-notify received (OK) 
  
- 
  
connection 
shutdown
  
  SSL_clear() – prepare for next 
  connection (* - see notes below)
      
  - SSL_free is NOT issued in order to preserve session 
  information
  
  SSL_connect() issued – problem 
  occurrence!
  SSL_connect() 
  returned (0); failed with error: SSL_ERROR_SYSCALL 
   
    errno 
  : No error
  
WSAGetLastError: 
0 
    
  ERR_error_string - 0 - 
  error::lib(0):func(0):reason(0)
  
SSL_state_string_long(): SSLv3 
read server hello A
  
   
  An additional call to SSL_want() 
  at this time returns: SSL_READING
  At this point, I have tried both 
  to issue SSL_connect again, or to issue the requested SSL_read()** first 
  (which succeeds), and then to issue SSL_connect again. Both result in the 
  following: 
   SSL_connect() returned (-1); 
  failed with error: SSL_ERROR_SYSCALL 
      
  errno : No error
      
  WSAGetLastError: 10053 - WSAECONNABORTED
      
  ERR_error_string - 0 - 
  error::lib(0):func(0):reason(0)
  SSL_state_string_long(): SSLv3 
  read server hello A 
  
  And that's it.  I have no 
  recourse but to remake the whole connection (TCP layer 
  included).
  
  Notes:
  * Even If this SSL_clear is not 
  issued, the same thing happens.
  ** If two SSL_read()s 
  are issued in succession, the connection will return WSAECONNABORTED as 
  well.  
  
  My questions are 
  these:
  
  1) Is 
  what I am attempting even possible?  Is it possible to re-establish the 
  SSL layer without affecting the underlying connection?  
  AFAIK, once closure alerts are 
  sent, the TCP connection cannot be reused by another SSL connection. Am not 
  sure if SSL as such supports this scenerio of reusing a 
  TCP connection across multiple Client Hello Pkts. 
  Renegotiation can happen, but the TCP fd cannot be re-used..for a 
  new handshake. SSL_ERR_SYSCALL seems to happen coz the fd is invalidated 
  and you cant send/recv on that anymore. .
  
  2) If it 
  is possible to do this, where am I going wrong, how might I correct it, or 
  should it be done in some different way?
  I could be wrong, but this is not 
  possible. 
  
  3) I am aware of and 
  have also used SSL_renegotiate in a different situation.  The intent here 
  is for a full handshake to occur for security purposes.  Renegotiation 
  (via SSL_renegotiate) is used in this application in another circumstance, but 
  it is unclear whether this fully re-establishes the communications security 
  for this link.  Is it any less secure than the negotiations that occur 
  during connection? 
  I 
  think your asking abt the "hello request", which triggers a new handshake on 
  the same fd over which you had already a SSL connection established. Now the 
  thing is the SESSION is reused as such for subsequent connections between 
  peers, so that the handshake time is reduced, doing a complete negotiation of 
  security params on a per connection basis, is only a performance overhead, but 
  ofcourse more secure (debatable), but otherwise only the change cipher spec 
  messages are exchanged and the master secret is reused. Not sure if you really 
  want to negotiatie a new master secret for every TCP connect..but all depends 
  on your requirement.
  You 
  can disable SSL SESSION reuse, which will 

SSL_read/SSL_write from kernel

[Gayathri Sundar]

Hi.,

Does openssl as such provide support for packet processing
from kernel..i.e what do I have to do to invoke SSL_read/write
from kernel..has anyone attempted this before.

Thanks
--Gayathri



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

SSL_read/SSL_write from kernel

[Gayathri Sundar]

Title: intoto Stationery



Hi.,
 
Does openssl 
as such provide support for packet processing
from 
kernel..i.e what do I have to do to invoke SSL_read/write
from 
kernel..has anyone attempted this before.
 
Thanks
--Gayathri
 
 

RE: SSL_read/SSL_write from kernel

[Gayathri Sundar]

Title: intoto Stationery



Thanks, but let me rephrase my question.
 
There seems to be a requirement for us to process SSL app data from 
kernel,
wherein I would like to read the sk_buff and pass it to a crypto 
acclerator
(hardware/software), but we face a problem wherein for block ciphers, we 
need
to ensure the data segment within the sk_buff is a multiple of the block 
cipher
length, otherwise, we need to do a buffer copy and maintain the remaining 
data
in some kernel memory, prequeue it and append it to the next 
sk_buff..
 
If openssl does support SSL_read/SSL_write from kernel, then I could 
simply
call it otherwise, have to write my own SSL_read/SSL_write 
functions..
 
Please let me know if such support is available or someone has already 
attempted
this..
 
Thanks
--Gayathri

  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On 
  Behalf Of Vishnubhatla, Vijaya BhaskarSent: Wednesday, June 28, 
  2006 1:49 PMTo: openssl-users@openssl.orgSubject: RE: 
  SSL_read/SSL_write from kernel
  Hi,
  U need to write a separate kernel module using open-ssl 
  library. I don't think it is possible. Instead of that, u send your data to 
  user space and there u use the SSL_read and SSL_write 
  functions.
  Thanks,
  Bhaskar
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Gayathri 
  SundarSent: Wednesday, June 28, 2006 1:06 PMTo: 
  openssl-users@openssl.orgSubject: SSL_read/SSL_write from 
  kernel
  
  Hi.,
   
  Does 
  openssl as such provide support for packet processing
  from 
  kernel..i.e what do I have to do to invoke SSL_read/write
  from 
  kernel..has anyone attempted this before.
   
  Thanks
  --Gayathri
   
   

RE: SSL_read/SSL_write from kernel

[Gayathri Sundar]

Thanks Marek..yeah, its more to do with processing block ciphers
from kernel rather than SSL as such, my question to be exactly precise
is for me to find out how to feed exact multiples of block cipher length
from sk_buff,
when they are internally fragmented in physical/virtual memory within an
sk_buff
(scatter/gather io) and when the sk_buffs are chained. This now looks more
like a linux kernel question rather than SSL, but any help is appreciated.
Functions such as sock_read/sock_write in socket.c do a buffer copy into
another char buffer in the kernel from the sk_buff associated to the sock
fd,
now we want to avoid that and directly pass the sk_buff->data to the crypto
hardware if sk_buff->len = n * block_size otherwise do a memcpy..

Is there any function in linux which directly gives the sk_buff->data ptr
without any memcpy?

Thanks
--Gayathri

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Marek Marcola
Sent: Wednesday, June 28, 2006 8:06 PM
To: openssl-users@openssl.org
Subject: RE: SSL_read/SSL_write from kernel


Hello,
> Thanks, but let me rephrase my question.
>
> There seems to be a requirement for us to process SSL app data from
> kernel,
> wherein I would like to read the sk_buff and pass it to a crypto
> acclerator
> (hardware/software), but we face a problem wherein for block ciphers,
> we need
> to ensure the data segment within the sk_buff is a multiple of the
> block cipher
> length, otherwise, we need to do a buffer copy and maintain the
> remaining data
> in some kernel memory, prequeue it and append it to the next sk_buff..
>
> If openssl does support SSL_read/SSL_write from kernel, then I could
> simply
> call it otherwise, have to write my own SSL_read/SSL_write functions..
>
> Please let me know if such support is available or someone has already
> attempted
> this..
I'm not sure whether we talking of SSL or some_block_cipher_mode.
If you want get from some source stream of data encrypted by
block cipher (for example in CBC mode) and decrypt it you may
use OpenSSL EVP interface (which take care of block "remainders"
on any stage).
But if you want put this in kernel code - for me better solution
is to write yourself some cipher_mode then get some parts from OpenSSL.

Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Does Openssl cache App data

[Gayathri Sundar]

Title: intoto Stationery



 
Hi.,
 
Following 
is  the comments written on s3_pkt.c before the function 
ssl3_read_bytes
 
Return up to 'len' payload bytes received in 'type' records. * 
'type' is one of the following: * *   -  
SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) *   
-  SSL3_RT_APPLICATION_DATA (when ssl3_read calls 
us) *   -  0 (during a shutdown, no data has to be 
returned) * * If we don't have stored data to work 
from, read a SSL/TLS record first * (possibly multiple records 
if we still don't have anything to return). * * This function 
must handle any surprises the peer may have for us, such as * Alert 
records (e.g. close_notify), ChangeCipherSpec records (not really * a 
surprise, but handled as if it were), or renegotiation requests. * Also 
if record payloads contain fragments too small to process, we store * 
them until there is enough for the respective protocol (the record 
protocol * may use arbitrary fragmentation and even 
interleaving): * Change cipher spec 
protocol * 
just 1 byte needed, no need for keeping anything 
stored * Alert 
protocol * 
2 bytes needed (AlertLevel, AlertDescription) * 
Handshake 
protocol * 
4 bytes needed (HandshakeType, uint24 length) -- we just 
have * 
to detect unexpected Client Hello and Hello Request 
messages * 
here, anything else is handled by higher 
layers * Application data 
protocol * 
none of our business */
Can anyone explain what the highlighted line means? 
Does app data get cached
within the ssl read buffers and the app end getting 
some WANT errors?
For example 
if the given application buffer size to SSL_read happens to be 
less
than the 
next incoming SSL Record size, what will happen? how does 
SSL_read
handle this 
case, i.e if I pass a 16K buffer and I have 2 records on the 
receive
queue which 
are 10k and 8k, how much of the data will SSL_read return and 
will
the 
remaining 6k of the 2nd record get cached within ssl read 
buffers?
 
Also if I 
set the SO_RCVLOWAT option to 4bytes, can I avoid caching of
SSL 
Handshake messages?
 
My 
requirement is that I dont want SSL to cache any bytes 
whatsoever.
 
Kindly help 
me on this.
 
Thanks
--Gayathri
 
 
 
 
 

Does Openssl cache App data -- 2nd Try..

[Gayathri Sundar]

Title: intoto Stationery



 
Hi.,
 
Following 
is  the comments written on s3_pkt.c before the function 
ssl3_read_bytes
 
Return up to 'len' payload bytes received in 'type' records. * 
'type' is one of the following: * *   -  
SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) *   
-  SSL3_RT_APPLICATION_DATA (when ssl3_read calls 
us) *   -  0 (during a shutdown, no data has to be 
returned) * * If we don't have stored data to work 
from, read a SSL/TLS record first * (possibly multiple records 
if we still don't have anything to return). * * This function 
must handle any surprises the peer may have for us, such as * Alert 
records (e.g. close_notify), ChangeCipherSpec records (not really * a 
surprise, but handled as if it were), or renegotiation requests. * Also 
if record payloads contain fragments too small to process, we store * 
them until there is enough for the respective protocol (the record 
protocol * may use arbitrary fragmentation and even 
interleaving): * Change cipher spec 
protocol * 
just 1 byte needed, no need for keeping anything 
stored * Alert 
protocol * 
2 bytes needed (AlertLevel, AlertDescription) * 
Handshake 
protocol * 
4 bytes needed (HandshakeType, uint24 length) -- we just 
have * 
to detect unexpected Client Hello and Hello Request 
messages * 
here, anything else is handled by higher 
layers * Application data 
protocol * 
none of our business */
Can anyone explain what the highlighted line means? 
Does app data get cached
within the ssl read buffers and the app end getting 
some WANT errors?
For example 
if the given application buffer size to SSL_read happens to be 
less
than the 
next incoming SSL Record size, what will happen? how does 
SSL_read
handle this 
case, i.e if I pass a 16K buffer and I have 2 records on the 
receive
queue which 
are 10k and 8k, how much of the data will SSL_read return and 
will
the 
remaining 6k of the 2nd record get cached within ssl read 
buffers?
 
Also if I 
set the SO_RCVLOWAT option to 4bytes, can I avoid caching of
SSL 
Handshake messages?
 
My 
requirement is that I dont want SSL to cache any bytes 
whatsoever.
 
Kindly help 
me on this.
 
Thanks
--Gayathri
 
 
 
 
 

RE: Does Openssl cache App data -- 2nd Try..

[Gayathri Sundar]

Thanks david..let me add more clarity to my requirement...

Is there someway for the application to know before calling ssl_read,
that some app data buffer can be got for sure? Or can SSL_peek prevent me
from hitting the case you have mentioned? The reason is we are in a scenerio
wherein all ssl control pkts are gonna be processed from userspace using
openssl
and all app data pkts are gonne be processed from kernel using our own ssl
implementation. So when userspace openssl does manage to read app data, I
need
to ensure that whatever it has cached (add data bytes), has to be cleared
and
copied into our ssl library in kernel, so that it can wait for the remaining
bytes and do the decryption.

So in a crux, what can I do to ensure that openssl does not read app data
pkts
at all..


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of David Schwartz
Sent: Thursday, July 06, 2006 11:05 AM
To: openssl-users@openssl.org
Subject: RE: Does Openssl cache App data -- 2nd Try..



> My requirement is that I dont want SSL to cache any bytes whatsoever.
> Thanks
> --Gayathri

That sounds like a nonsensical requirement.

Suppose OpenSSL is called to read some data. It calls 'read' and gets 
part
of a record containing application-level data but too little data to return
any data to the application (less than one block, so it cannot decrypt).
What would you like OpenSSL to do if not cache the data until it can decrypt
it?

DS


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Does Openssl cache App data -- 2nd Try..

[Gayathri Sundar]

Thanks once again for the responses...I would like to add few more points
here..there seems to be a callback function (msg_callback) within the ssl_st
structure, which when registered by the application for a specific content
type,
SSL_read, seems to call that if a pkt of that content type is seen on the
wire.
I was thinking of making use of this, now my questions are

a. Does this msg_callback get executed after peek? or after read? if former,
I could
simply discard the buffer as peek does not dequeue the pkt, so the kernel
can read
it again. If its a "read", then I need to pass on that buffer to the kernel
module
which does the actual decryption.

b. I dont see this msg_callback getting called for content type "Application
data",
I see the code only for the other ssl record types..now am I missing
something here.

As you said, kernel has to do a lot of processing wherein it should read the
ssl record
header, and if not(application data) hand the fd control back to userspace.
We are going
to somehow poll from userspace as well as kernel for the same connection,
and do a fd transfer from userspace to kernel.

so what I have now learnt from the responses  is that I can expect that
openssl will
end up caching application data, as as the control pkts gets processed,
userspace could
endup reading app data..so if I do an SSL_peek before every SSL_read can I
prevent processing of application data?

Also there seems to be no low/high level api to access this read buffer
cache of ssl..
or is there? This read buffer anyhow is a pointer to the application read
buffer rite? or is there some bufcopy happening internally within openssl?
Coz if its just a pointer I am thinking if I could just
pass a minimal buffer size wherein it can read only handshake record size
pkts, then indirectly I could
end up controlling the read.

PS: If i am not making sense in more than 1 way(s) beg apoligies, am a
newbie..

Thanks
--Gayathri

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of David Schwartz
Sent: Friday, July 07, 2006 1:47 AM
To: openssl-users@openssl.org
Subject: RE: Does Openssl cache App data -- 2nd Try..



> Thanks david..let me add more clarity to my requirement...

> Is there someway for the application to know before calling ssl_read,
> that some app data buffer can be got for sure?

Only by putting that data in a buffer, which seems to be what you don't
want.

> Or can SSL_peek prevent me
> from hitting the case you have mentioned?

SSL_peek does precisely what you claim you don't want, which is to put 
the
data in a cache.

> The reason is we are in
> a scenerio
> wherein all ssl control pkts are gonna be processed from userspace using
> openssl
> and all app data pkts are gonne be processed from kernel using our own ssl
> implementation. So when userspace openssl does manage to read app data, I
> need
> to ensure that whatever it has cached (add data bytes), has to be cleared
> and
> copied into our ssl library in kernel, so that it can wait for
> the remaining
> bytes and do the decryption.

> So in a crux, what can I do to ensure that openssl does not read app data
> pkts
> at all..

You have to separate the data in the kernel. I would not recommend 
trying
to hack OpenSSL's high-level functions for this purpose but use the
low-level ones instead. Ignore SSL_read/SSL_peak/SSL_write and the like.

DS


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Does Openssl cache App data -- 2nd Try..

[Gayathri Sundar]

-Original Message-From: 
[EMAIL PROTECTED][mailto:[EMAIL PROTECTED]]On Behalf Of David SchwartzSent: Friday, July 07, 2006 
10:57 AMTo: openssl-users@openssl.orgSubject: RE: Does Openssl cache App 
data -- 2nd Try..> a. Does this msg_callback get executed 
after peek? or after read?> if former,> I could> simply 
discard the buffer as peek does not dequeue the pkt, so the kernel> can 
read> it again. If its a "read", then I need to pass on that buffer 
to> the kernel> module> which does the actual 
decryption.>    I can't quite 
follow you. The whole thing you are trying to avoid is>caching of 
application data, but this is SSL_peek's whole point. The main>difference 
between SSL_read and SSL_peek is that SSL_peek caches the>application 
data (so you can peek at it again or read it later) whereas>SSL_read 
discards it.
 
I was thinking SSL_peek does 
a buffer copy internally and gives that
to the application, and the 
actual bytes are still available in the
TCP receive queue..the idea 
is although I tried to peek, the data is still
available for a read by 
kernel, and so I neednt make use of the cache, inspite
of one being 
available.> As you said, kernel has to do a lot of 
processing wherein it> should read the> ssl record> header, 
and if not(application data) hand the fd control back to> 
userspace.> We are going> to somehow poll from userspace as well 
as kernel for the same connection,> and do a fd transfer from userspace 
to kernel.>    This seems like 
an overly-complex solution. The kernel should always own>the SSL 
connection. It should analyze received data to determine if it 
is>protocol or application. If application data, it should decrypt it 
and>return it as application data. If protocol data, it should pass it 
to>user-space for SSL protocol processing. This seems like a clean and 
simple>approach.
 
This is exactly what we want to do, but is not an 
FD required in the userspace
to POLL and read the SSL Control Packets? Once the 
KERNEL sees the 1st Control Pkt
on an FD, it will handover control back to the 
userspace module to continue processing
that FD, until an application data packet is received, 
wherein control will be
switched back to the KERNEL.
> so what I have now learnt from the responses  is that I 
can expect that> openssl will> end up caching application data, as 
as the control pkts gets processed,> userspace could> endup 
reading app data..so if I do an SSL_peek before every SSL_read can I> 
prevent processing of application 
data?>    I don't understand 
what SSL_peek and SSL_read are meant to be in the>context you are using 
them. These are user-space OpenSSL functions and you>are supposed to be 
doing SSL in kernel.
 
Yes, I wanted to call them from userspace openssl 
module only inorder to process
control packets, as SSL_read is the one which receives 
control packets as well
and internally triggers renegotiations and change 
cipher specs..so if I can peek
and check if its an application data packet, I can 
simply discard the buffer 
given by peek and give back control to KERNEL, which 
will READ the TCP receive queue
and get back the same DATA, hoping SSL_peek is same as 
TCP_PEEK!! This is the
clarification I require. From KERNEL openssl will never 
be invoked, we have our
own kernel library which can only encrypt/decrypt. 
SSL_accept is done from userspace.
 
You can think of this as an hardware accelerator 
working from kernel, except that
its still software routines..
> PS: If i am not making sense in more than 1 way(s) beg 
apoligies, am a> 
newbie..    I guess I can't seem 
to follow your main architecture. Again, I recommendthe 
following:>1) The kernel should always manage the SSL connection, it 
should probably>present the SSL connection to the SSL user-space code and 
to the application>using the connection as two separate objects.
 
    Userspace accepts the incoming SSL 
connection using openssl SSL_accept, until
the kernel has no work. Once accept is completed, 
userspace will transfer that
FD to a kernel thread, which will continue polling on 
that FD using sock_poll().
Userspace will continue polling on the accepted FD. 
Note here we now have an FD pair,
as we have transferred the userspace ssl accepted FD to 
a kernel thread using send_fd
(AF_UNIX socket).>2) For received 
data, the kernel should analyze it and determine if it's>application or 
protocol.
    Exactly, 
thats what will happen after sock_poll() returns.>3) Received 
application data should be decrypted in the kernel and returned>as normal 
data to the application using the SSL connection.
    Correct>4) 
Received protocol data should be passed to the user-space SSL 
protocol>engine application.
    Precisely, so now the sock_poll() 
will not be polling on this FD, the
userspace will start its poll. Call SSL_read() until 
openssl says that app data
is now on the wire so I cant process anymore. 

But I dont want SSL_read to read the app data meaning I 
prefer
to ge

Query On SSL Processing

[Gayathri Sundar]

Title: intoto Stationery



 What would happen if 
openssl is starved of application data records and is fed only control messages? 
Would it misbehave? 
 
Thanks
--Gayathri
 
 

RE: Query On SSL Processing

[Gayathri Sundar]

Thanks Marek, can you explain more on this "MAC" verification errors?
When I can ensure only control records are read by SSL_read, why should
I get such errors? Yeah, ur correct, I will discard appliation records ;)
(don't ask me how!!) but then openssl will work rite?

What I have to do next depends on YOUR answer or anyone on this
Mailing list :) 

Thanks
--G(3)

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Friday, July 21, 2006 3:04 PM
To: openssl-users@openssl.org
Subject: Re: Query On SSL Processing

Hello,
>  What would happen if openssl is starved of application data records 
> and is fed only control messages? Would it misbehave?
SSL application records are not mandatory (but usually very useful :-) So
you may establish SSL connection and do for example renegotiation after
renegotiation or something like that.
But you can not silently remove SSL application record because you will get
MAC verification errors.

Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Query On SSL Processing

[Gayathri Sundar]

Ok, what I meant is I will be removing the SSL record along with the app
data!!
So this should be fine right? 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard Salz
Sent: Friday, July 21, 2006 5:28 PM
To: openssl-users@openssl.org
Subject: RE: Query On SSL Processing

The SSL records include a message digest (MAC) of the application data
within the record.  If you remove the application data, the SSL record is no
longer valid.

If you think about it, this is obvious.  SSL guarantees the integrity of the
application data.  If someone modifies or removes the application data, then
the SSL layer should, of course, notice this.

/r$

--
SOA Appliances
Application Integration Middleware

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Query On SSL Processing

[Gayathri Sundar]

Thanks Richard..but I was thinking only SSL RECORDS with Record Type "APP
DATA"
Contain application data!!! If I can ensure that only complete SSL Records
of Type 
Handshake, Change cipher spec, and Alerts are given to OpenSSL, it can
process it rite? 
This way how can openssl know that app data records have been removed..?
Hope I am making sense here..

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard Salz
Sent: Friday, July 21, 2006 5:41 PM
To: openssl-users@openssl.org
Subject: RE: Query On SSL Processing

> Ok, what I meant is I will be removing the SSL record along with the 
> app data!!
> So this should be fine right? 

Then SSL will notice that records have been removed.  Since records can
contain application data, and SSL guarantees the integrity of the
application bytestream, *ANY* attempt by an intermediary to prevent the
recipient from getting all the original bytes that are sent will be noticed.
Any SSL implementation that does not do this is fundamentally flawed.
You'll have to hack the source.
/r$

--
SOA Appliances
Application Integration Middleware


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Query On SSL Processing

[Gayathri Sundar]

Hi Marek.,

Thanks once again for the detailed response..
Me now have a few more doubts..

Does  this read_mac_secret and write_mac_secret change with 
Every md5 hash verification?
I am not able to locate the code which actually updates this tcp
Seq numbers and so on..what does this hash_update function do?
Wht does it update?

Thanks
--Gayathri

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Friday, July 21, 2006 7:04 PM
To: openssl-users@openssl.org
Subject: RE: Query On SSL Processing

Hello,
> Thanks Marek, can you explain more on this "MAC" verification errors?
When SSL record is read from TCP socket first is decrypted (using
read_secret and CBC xor vector) and then MAC of decrypted packet is checked.
When calculating MAC of decrypted packet the following information is used:
- read_mac_secret
- implied read sequence number (packet number)
- packet type (handshake, data, alert ...)
- length of packet data
- packet data
if any of this information will be incorrect or out of order (like sequence
number) calculated MAC will be different from this received in packet and
connection will be dropped.

So silently removing some packets at (for example) TCP layer will break
sequence numbering and will lead to breaking connection.

Of course SSL_read() see only data from application records, not from
handshake, alert or change_cipher_spec because this data if part of internal
implementation of SSL protocol.
This is something like in SMTP, when you receive e-mail you will see only
headers and body but not SMTP conversation at SMTP server layer (MAIL FROM:,
RCPT TO: ...).

Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Query On SSL Processing

[Gayathri Sundar]

Marek, 

There seems to be no such function in openssl
(ssl3_record_sequence_update())!!
Can you pls tell where exactly this SSL sequence number is updated.

Thanks
--Gayathri

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Monday, July 24, 2006 2:01 PM
To: openssl-users@openssl.org
Subject: RE: Query On SSL Processing

Hello,
> 
> Does  this read_mac_secret and write_mac_secret change with Every md5 
> hash verification?
No, this values are calculated from pre_master_secret and until end or
renegotiation stays the same.

> I am not able to locate the code which actually updates this tcp Seq 
> numbers and so on..what does this hash_update function do?
> Wht does it update?
This implied SSL packet sequence has no connection with TCP sequence.
Every SSL packet read from socket or written has 8-byte counter which is
incremented on every read/write (not SSL_read/SSL_write but full SSL packet
read/write).

Location of this variables you may find in SSL object, in structure s3:
read_sequence, write_sequence Code witch updates this variables is located
in s3_enc.c as function ssl3_record_sequence_update()

On every renegotiation, or more precisely: on every send/recived
change_cipher_spec packet, right variable is cleared. 

Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Query On SSL Processing

[Gayathri Sundar]

Thanks Marek..appreciate ur help.. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Monday, July 24, 2006 4:04 PM
To: openssl-users@openssl.org
Subject: RE: Query On SSL Processing

Hello,
> There seems to be no such function in openssl 
> (ssl3_record_sequence_update())!!
> Can you pls tell where exactly this SSL sequence number is updated.
Well, yes, this function was introduced in 0.9.8.
In earlier versions there is code at the and of ssl3_mac() function in
s3_enc.c file which looks like:

for (i=7; i>=0; i--)
{
++seq[i];
if (seq[i] != 0) break; 
}

Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: openssl command

[Gayathri Sundar]

Wonder why you need a "pfd" format!!
Does "man openssl" mean anything to you?

Now how could anyone respond to ur query?? 
First of all let us know what you want to use it for
Coz openssl commands are plenty..

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kaushal Shriyan
Sent: Friday, July 28, 2006 12:52 PM
To: openssl-users@openssl.org
Subject: openssl command

Hi ALL

I wanted a PDF format of openssl command, Can any one explain me about
openssl command with examples I mean How do i use it

Thanks and Regards

Kaushal
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: What does "PEM" mean?

[Gayathri Sundar]

Wow, I was thinking its "Privacy Enhanced Mode!!" ?? No? 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mouse
Sent: Tuesday, August 01, 2006 6:47 AM
To: openssl-users@openssl.org
Subject: RE: What does "PEM" mean?

PEM = Privacy-Enhanced Mail. 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Bo Xie
> Sent: Monday, July 31, 2006 20:08
> To: openssl-users@openssl.org
> Subject: What does "PEM" mean?
> 
> I know openSSL supports .pem format. But what does "PEM" mean?
> Persoanl Encrypto Management?
> 
> Thanks!
> 
> Best Regards,
> Xie, Bo
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   
> [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: timeout vs. SSL_ERROR_WANT_XXXX

[Gayathri Sundar]

Hi,

What I think is as its the application's responsibility to retry
the "same" openssl operation whenever it receives a WANT_READ or
WANT_WRITE, why cant we simply overwrite the buffer that is passed
to say SSL_write with the next payload that needs to be sent when we hit
that error code, in this way we can automatically drop the earlier
payload that was attempted.
Hope this is correct.

Thanks
--Gayathri

===
HI,

You may want to consider using SSL_CTX_set_mode(...)
with SSL_MODE_AUTO_RETRY flag such that you would'nt recieve
SSL_ERROR_WANT_XXX messages.

Normally those messages come when the other side requests for re-negotiation.

-Lokesh.


On 5/31/05, opt <[EMAIL PROTECTED]> wrote:
> Hi everyone
>
> I want to use timeout with select and I wonder how to "cancel" operation
> (SSL_read or SSL_write non-blocking) that caused SSL_ERROR_WANT_READ (or
> *_WRITE). I've got messages queue to send (and one for received too). If
> I cannot send whole particular msg within some time (5 sec) I want to
> discard this message and start sending another one. The problem is, when
> not fully transmited (received) msg "locks" in state where I receive
> SSL_ERROR_WANT_XXX. From docs etc. I know, that when I've got
> SSL_ERROR_WANT_* I have to retry operation which caused this "error" but
> it require more time, which I haven't got becouse I want to send another
> message ! I can always close connection and open it again, but it is
> ugly solution. Is there any way, to do it in more "polite" way ?
>
> --
> Mariusz Kedzierawski
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   [EMAIL PROTECTED]
>
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

[Fwd: Re: SSL_renegotiation using non block sockets]

[Gayathri Sundar]

 Original Message 
Subject: Re: SSL_renegotiation using non block sockets
From:[EMAIL PROTECTED]
Date:Thu, June 2, 2005 8:41 pm
--

HI Lokesh.,

Thanks for the response. Actually yesterday I spent close to 3hrs
trying all sorts of things, and finally concluded myself that
renegotiation has to be only on blocking sockets. But I thought that was a
restriction on openssl 0.9.6. I am using 0.9.7. could someone pls clarify
on this?

The thing is once I call renegotiation/do_handshake encrypted
handshake messages are exchanged by the peers but then, checking the
SSL_renegotiate_pending api in a loop wherein I call that for
FD_WRITE_POLL noticed that pkts in the TCP RecvQ were just not getting
read. So
the Client never tried to establish the next new connection.
Could you pls let me more about the SSL_renegotiate_pending() api? I dont
think  it reads/writes data, simply returs with Non-Zero if the
renegotiation is still going on and a One for completion.

The main scenerio is for "authentication" wherein after a user has
established a valid SSL_Session, and tries to "Login" into our
application, we want to renegotiate with "client certificate" for extra
priviledges, what I now see is, the response "encrypted handshake msg" is
not read by SSL, its there in the TCP "RecvQ" and I dont know what api to
use so that the server can read that. Will this be solved if it were made
blocking?

Thanks
--Gayathri


HI,

SSL_accept/SSL_connect is something that we use to establish an
initial SSL connection and we use SSL-renegotiate/SSL_do_handshake based
on timers
we install for SSL for re-negotiating KEYs such that hacking the SSL
connection is robust.

Having said that.. I assume you already have an SSL connection established
and
want to implement re-negotiation in your application.

It should go like this
( OPENSSL says for re-negotiation we should make the underlying
transport BLOCKING)

If openssl version is  < 0.9.7
*
SSL *ssl;
int fd;

fd = SSL_get_fd(ssl);

set_blocking(fd);

SSL_renegotiate(ssl);

SSL_do_handshake(ssl);

while( ssl->state != SSL_ST_OK)
{
   /* you may want to implement timeout here, if you want to */

 ssl->state |= SSL_ST_ACCEPT;
 SSL_do_handshake(ssl);
}

set_nonblocking(fd);

return SUCCESS;


IF openssl version > 0.9.7
*
SSL *ssl;
int fd;

fd = SSL_get_fd(ssl);

set_blocking(fd);

SSL_renegotiate(ssl);

SSL_do_handshake(ssl);

while( SSL_renegotiate_pending(ssl))
{
   /* you may want to implement timeout here, if you want to */

SSL_do_handshake(ssl);
}

set_nonblocking(fd);

return SUCCESS;
***

set_blocking and set_nonblocking are functions that can be implemented
very easily using fcntl.

HTH,
Lokesh.


On 6/2/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Thanks pj, the code was real helpful.
>
> Just one minor clarification, once a call to SSL_renegotiate is made,
should I check the protocol status by calling SSL_accept (mine is
server) within the while loop you have? I have gone into an
"accept_pending" state and calling SSL_accept until it returns with a
1..is this correct?
>
> Thanks
> --Gayathri
>
> Hi I did the same thing yesterday myself but because I wanted to
implement a
> timeout solution as well as quick shutdown of my COM object via object
notification.  You might be able to hack my work ... this is what I came
up with... It takes a blocking socket, makes it un-blocking...
negotiates with timeout and signalling considerations and then passes
back normal error codes...
>
>
>
> // SSLConnectWithTimeout, connect to a remote server with timeout int
CHTTP::SSLConnectWithTimeout(DWORD timeout, SOCKET s, SSL *ssl) {
>//-
>// Set the socket I/O mode: In this case FIONBIO
>// enables or disables the blocking mode for the
>// socket based on the numerical value of iMode.
>// If iMode = 0, blocking is enabled;
>// If iMode != 0, non-blocking mode is enabled.
>int iMode = 1;
>
>LogInformation2("Running SSL non-blocking connection timeout = %ld",
> timeout);
>if (timeout) {
>// establish non- blocking mode to enable us to time out.
ioctlsocket(s, FIONBIO, (u_long FAR*) &iMode);
>}
>
>// make the connection attempt
>
>int nRet = SSL_connect(ssl);
>
>// if we are using a timeout then ...
>if (timeout) {
>// convert nRet to a real error if necessary
>if (nRet != 1)
>nRet = SSL_get_error(ssl, nRet);
>
>LogInformation2("connect run return value %d.", nRet);
LogInformation1("Starting SSL polling loop");
>   

[no subject]

[Gayathri Sundar]

Hi,

I am using Non Blocking sockets, and would like to
know the behaviour wrt SSL_renegotiation.
Once I make a call to do_handshake, as the FD is non
blocking it will return immediately with a success,
but from the application's point of view how will it come
to know that the renegotiation in thro' so that it can
call SSL_write/SSL_read? Should the application poll on that
do_handshake flag within the ssl control block? 

Any suggestion/help appreciated a lot.

Thanks
--Gayathri
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

[Fwd: RE:I am having a hard time getting SSL_Accept to work with a non blocking socket]

[Gayathri Sundar]

 Original Message 
Subject: RE:I am having a hard time getting SSL_Accept to work with a 
non blocking socket From:"Gayathri Sundar" <[EMAIL PROTECTED]>
Date:Sun, June 5, 2005 11:33 pm
To:  openssl-users@openssl.org
--

Hi,

while (((rc = SSL_accept(ssl)) <= 0) &&
  ((SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ) ||
   (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_WRITE)))
   {
  /* as on wait application can do something else */
  do_other_stuff();
}

hope you have called
SSLBio = BIO_new_socket(ulFd, BIO_NOCLOSE);
* Sets the BIO associated with Socket FD to Non Blocking Mode */
BIO_socket_ioctl(ulFd,FIONBIO,&Switch)
SSL_set_bio(SSLObj,SSLBio,SSLBio)


int ssl_accept()
{
  /* Do the handshake */
  iRetVal = SSL_accept(SSLObj);
  if(iRetVal == 1)
  {
return 1;
  }
  else
  {
 iRetVal = SSL_get_error(SSLObj, iRetVal);
 switch(iRetVal)
 {
case SSL_WANT_READ:
case SSL_WANT_ACCEPT:
  /* This means that the SSL_accept is blocked and should be
retried when the fd is available for reading. So, add to the
 poll table to look for READ event */
 /* application should poll for READ */
 return(SSL_WANT_READ);
case SSL_WANT_WRITE:
case SSL_WANT_CONNECT:
  /* This means that the SSL_accept is blocked and should be
 retried when the fd is available for writing. So, add to the
poll table to look for WRITE event */
 /* application should poll for WRITE */
 return(SSL_WANT_WRITE);
default:
 /* Abort the accept as its a permanent error */
return 0;
 }
  }
}


===
Hi there, I am pulling my hair out trying to get SSL_accept to work with a
non blocking socket. When I make a call to SSL_accept and then perform an
SSL_get_error. I get the error SSL_ERROR_WANT_READ. At this point what
should I do. Currently I am doing the following:

 while (((rc = SSL_accept(ssl)) <= 0) &&
  ((SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ) ||
   (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_WRITE)))
   {}

but I never get out of this loop.

I am also using select to obtain read events for this socket. In the case
mentioned above do I need to check select for a read event prior to
calling retrying SSL_accept.


HELP MUCH APPRECIATED!
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE:I am having a hard time getting SSL_Accept to work with a non blocking socket

[Gayathri Sundar]

Hi,

while (((rc = SSL_accept(ssl)) <= 0) &&
  ((SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ) ||
   (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_WRITE)))
   {
  /* as on wait application can do something else */
  do_other_stuff();
}

hope you have called
SSLBio = BIO_new_socket(ulFd, BIO_NOCLOSE);
* Sets the BIO associated with Socket FD to Non Blocking Mode */
BIO_socket_ioctl(ulFd,FIONBIO,&Switch)
SSL_set_bio(SSLObj,SSLBio,SSLBio)


int ssl_accept()
{
  /* Do the handshake */
  iRetVal = SSL_accept(SSLObj);
  if(iRetVal == 1)
  {
return 1;
  }
  else
  {
 iRetVal = SSL_get_error(SSLObj, iRetVal);
 switch(iRetVal)
 {
case SSL_WANT_READ:
case SSL_WANT_ACCEPT:
  /* This means that the SSL_accept is blocked and should be
retried when the fd is available for reading. So, add to the
 poll table to look for READ event */
 /* application should poll for READ */
 return(SSL_WANT_READ);
case SSL_WANT_WRITE:
case SSL_WANT_CONNECT:
  /* This means that the SSL_accept is blocked and should be
 retried when the fd is available for writing. So, add to the
 poll table to look for WRITE event */
 /* application should poll for WRITE */
 return(SSL_WANT_WRITE);
default:
 /* Abort the accept as its a permanent error */
return 0;
 }
  }
}


===
Hi there, I am pulling my hair out trying to get SSL_accept to work with
a non blocking socket. When I make a call to SSL_accept and then perform
an SSL_get_error. I get the error SSL_ERROR_WANT_READ. At this point
what should I do. Currently I am doing the following:

 while (((rc = SSL_accept(ssl)) <= 0) &&
  ((SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ) ||
   (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_WRITE)))
   {}

but I never get out of this loop.

I am also using select to obtain read events for this socket. In the
case mentioned above do I need to check select for a read event prior to
calling retrying SSL_accept.


HELP MUCH APPRECIATED!
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]