Re: Strange SSL_shutdown() error return (SSL_ERROR_SYSCALL but errno == 0)
Antoine Pitrou wrote: These issues are tracked together at http://bugs.python.org/issue8108 , because they both appeared when someone tried OpenSSL 0.9.8m. I have read through the discussion first I'd like to confirm the scenario for the errno==0 situation through particular sequence of events. I have an SSL protocol test-case creator that can manipulate both ends OpenSSL API usage in a co-ordinated fashion, it should be straight forward to cause an abrupt socket closure around/during SSL_shutdown() usage. Ok, thanks for the clarification. We were a bit baffled by errno==0 (EPIPE, ECONNABORTED, EBADF... would have been much more helpful). I agree with this, it should return a more useful value. So, in any case, I can interpret an SSL_ERROR_SYSCALL return from SSL_shutdown() as the socket was closed more or less abruptly response? There are no other possible reasons for this error return? This is the intention of the error indication. The presumption by me at this time is to believe it, as no proof has been submitted otherwise. Further investigation may alter this statement. But to be a good well meaning TLS/SSL citizen both ends should continue their non-blocking event loops for a reasonable amount of time (in the order of 5 to TCP timeout seconds) even after the last SSL_write() has been made. He, well. The interesting thing here is that we are testing a blocking FTP TLS client with a non-blocking (event loop-based) server. The blocking client can't really sleep() for 5 seconds when closing the FTP session. At least I think users wouldn't like it :-) Also, the client doesn't try to shutdown the SSL layer when closing its connection. According to the client's author, this is contrary to the RFC. In his own words: This is in sympathy with my claim. To reiterate, it is upto an individual protocol/application to decide if it requires a secure cryptographic shutdown or not. It is also upto the individual protocol/application to decide the course of action to take when it doesn't happen. So if the protocol spec for FTP TLS makes a claim one way or the other, that is a matter for that specification. Since the FTP protocol has a clear QUIT command to mark the moment when the client has no further use of the control connection, then there is actually no need to perform a full SSL_shutdown() to make the system safe from attack. This doesn't mean you shouldn't attempt to do SSL_shutdown(). ftplib.FTP_TLS class already calls unwrap() but only when closing a secured *data* connection. This is never done for the *control* connection as the examples shown in RFC-4217 do that only when dealing with the CCC command which is intended to switch the control connection back to clear text. Since ftplib.py does not implement the CCC command I would avoid to override its close() method. You need to be clear in your own mind what statements from the FTP TLS specification are: * mandating and * what it is suggesting / recommending and * also matters it doesn't indicate any opinion on The fact that something ISN'T shown in an example should not be taken as any kind of statement, it is just that; that specific example didn't express that particular matter. Interpret only the rules that are written as rules, anything else is open to interpretation. You also need to go an read the original RFC first-hand and come to your own interpretation. Then compare your interpretation to that of the ftplib author's. (if you have an opinion on this specific point -- no implicit SSL shutdown when closing the FTP session --, I'd like to hear it. Although it isn't really part of the issue at hand). You'd need to educate me in the specific of FTP TLS protocol. I am very experienced with all the details of the classic FTP protocol. Does FTP TLS : * does it make use of 2 sockets like FTP ? * are both sockets encrypted with TLS (at all times before any transaction starts) ? * is the ftp-data socket opened/closed once for each file like FTP ? * is the payload data inside the ftp-data socket just the exact number of bytes in the single file being transfered ? So in interests of trying to convey better understanding of the TLS shutdown issue please read the following claims and attempt to understand the goals behind each claim rather than the specific detail (in respect of FTP TLS, since I do not fully understand every detail of FTP TLS at this time). Things to consider: * Any unencrypted channel falls outside the scope of TLS (and thus any points made right below). * If the encrypted command channel has a QUIT command and the specification (or defacto default implementation) requires that the channel after receving such a command write's back a single response and then stops processing any further commands. It can be said that you already have an in-band shutdown
SSL error: parse tlsext
Hi, I am using openssl from within neon, itself used from within Subversion. During an svnsync, I receive the following error message: svnsync: PROPFIND of '/svn/xxx': SSL negotiation failed: SSL error: parse tlsext (https://xxx.org) If I am right, this message comes from openssl. Is it really an error reported by openssl? If it is, is there anything I can do to either solve the problem or at least get more informations about the context of the error? I am ready to compile myself the source packages if needed (and actually I did to be sure the TLS extensions where enabled during the build process, but still getting this error). I am under Mac OS X Snow Leopard. Thanks in advance, regards, -- Florent Georges http://www.fgeorges.org/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
locate key for p12 certificate
hi, i have been trying to create a certificate for use on my webscarab proxy. essentially what i want to do is this: run a php curl script which redirects certain https traffic though the webscarab proxy so that i can see the output from the curl script (php curl doesnt provide visibility into the http post string and i need to see this). i have already got this working with regular http - but i need https. the certificate is on a server which is not under my control: https://partner.caltex.com.au/caltexau/default.asp . its in .crt format but webscarab needs .p12 format. i realise that i will need some kind of key to create the p12 file using this statement: openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt however i dont know where to find this key. i know the key must be somewhere on my computer otherwise the web browser wouldnt be able to view the web page. can someone please tell me where to get the key from? thanks! (and go easy on me - im a relative noob ;P) peter miller -- View this message in context: http://old.nabble.com/locate-key-for-p12-certificate-tp28175240p28175240.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: does bio_get_mem_data handle unicode?
On 4/7/2010 12:33 PM, Ryan Pfeifle wrote: While we are on the subject of Unicode, there are other areas of OpenSSL that need Unicode support added, in particular handling of paths and filenames on UTF16-based filesystems that require wchar_t* parameters. For instance, on Windows, OpenSSL cannot load certificate files/directories that have Unicode characters in them. On ‘nix, this is not a problem for systems that use UTF8-based filesystems, which can be passed via char** *parameters. The Indy library (http://www.indyproject.org) had to work around this issue recently by implementing its own versions of SSL_load_client_CA_file(), SSL_CTX_use_certificate_file (), SSL_CTX_use_PrivateKey_file(), and SSL_CTX_load_verify_locations() from scratch using a custom X509_LOOKUP_METHOD structure and support routines. That's one approach. Another is to use UTF-8 filenames as the local code page, this is the solution the APR library opted for. Either way, the OpenSSL API needs customization to pass wchar args for path names, etc. Starting as utf-8, or handled entirely by unicode. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: locate key for p12 certificate
Hello Peter: On 08/04/10 3:45 AM, peter23452345 wrote: hi, i have been trying to create a certificate for use on my webscarab proxy. essentially what i want to do is this: run a php curl script which redirects certain https traffic though the webscarab proxy so that i can see the output from the curl script (php curl doesnt provide visibility into the http post string and i need to see this). i have already got this working with regular http - but i need https. the certificate is on a server which is not under my control: https://partner.caltex.com.au/caltexau/default.asp . its in .crt format but webscarab needs .p12 format. i realise that i will need some kind of key to create the p12 file using this statement: openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt however i dont know where to find this key. i know the key must be somewhere on my computer otherwise the web browser wouldnt be able to view the web page. can someone please tell me where to get the key from? No, you don't need the server's private key to see that web page - you simply need the public key (the key that is contained in the certificate) - all the RSA keys are being used for is to authenticate the server to you. The encryption isn't done using the key, it is done at the TLS/SSL layer, using a symmetric key negotiated between the client and the server. If you are curious as to how this works, the RFC describing the TLS protocol is quite clear. In order for you to become an SSL Proxy and impersonate the server, you need to get the private key from that server. Since you say that the server is not under your control, this means that you are quite likely not authorised to impersonate this server by transparently proxying for it. It is for exactly this reason that people use TLS/SSL :) So, the short answer is - until you can convince the administrators of the server that you are proxying for to hand over their private keys, what you want to do is not possible. Have fun. Patrick. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: locate key for p12 certificate
On Thu, 2010-04-08 at 08:10 -0400, Patrick Patterson wrote: So, the short answer is - until you can convince the administrators of the server that you are proxying for to hand over their private keys, what you want to do is not possible. Well, what he wants to do is just see the traffic in the HTTP session -- he seemed to suggest that he only needs to see the POST string. Since the client is running on one of his own machines, that really shouldn't be hard to achieve. On Thu, 2010-04-08 at 00:45 -0700, peter23452345 wrote: (php curl doesnt provide visibility into the http post string and i need to see this) Fix this, and your problem is solved. -- David WoodhouseOpen Source Technology Centre david.woodho...@intel.com Intel Corporation __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Cipher suits
Greetings, I'm trying to develop a simple SSL module for a web server. I don't have much experience with cryptography and OpenSSL, so I am bit confused about various combinations of cipher suits when performing key exchange and authentication. 1. I assume RSA key exchange and authentication is the most widely used combination. I am I correct to assume that ephemeral RSA and Server Gated Cryptography are not deployed anymore, due to relaxation of the US export regulations? And nobody is using 512-bit keys. 2. If Diffie-Hellman key agreement and DSS authentication is used, ephemeral DH keys must be used. Do I need to do anything special in this case (i.e. loading parameters) or can OpenSSL handle all of this automatically? 3. What about Diffie-Hellman key agreement and RSA authentication. Is this normally handled with ephemeral keys? Is there any advantage of Diffie-Hellman over RSA key exchange? 4. Does anyone actually deploy Diffie-Hellman key agreement and DSS authentication these days? I would think that the majority people would use RSA (better performance). Is DSS simply for old software compatibility?? Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
CA cert installed/imported but they are not trusted
Hallo and one more thing, recently I started to set up a master/slave OpenLDAP system with tls/certs. (Red Hat 5.x, openssl-0.9.8e-12, openldap-2.3.43-3 ) For that pourpose I set up a CA, generated certs, requests and keys, installed tham on the corresponding servers and my OS X client and my ldapservers communicate nearly as I expected. So dose my local ldap client (Apache Directory Studio (ADS) on mac OS X 10.6.x ). Nearly, because the servers and the ADS client both alert me, that I use invalide certificates and the cerificate can't be validated. But I have e.g. on the Mac imported my ca cert in the Macs keychain (once for sytem resp. for login) and the use for everything (ssl, IPsec, X.509, ...) is set to trust. May be I did something wrong or what may I check and how? Thanks a lot and best regards, Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: CA cert installed/imported but they are not trusted
On Apr 8, 2010, at 6:55 AM, Götz Reinicke - IT Koordinator wrote: So dose my local ldap client (Apache Directory Studio (ADS) on mac OS X 10.6.x ). Nearly, because the servers and the ADS client both alert me, that I use invalide certificates and the cerificate can't be validated. But I have e.g. on the Mac imported my ca cert in the Macs keychain (once for sytem resp. for login) and the use for everything (ssl, IPsec, X.509, ...) is set to trust. I have never used Apache DS but since it runs on Eclipse, I would not be surprised if it did not use the Mac Keychain. Try adding the CA cert to the Java Keystore used by the JVM. S. -- san...@temme.net http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
problem with signing with DSA private keys using EVP_SignFina
Hi guys, I have a problem with signing with *DSA* private keys using *EVP_SignFina function.* ** There is some fragment of my code following: /* Do the signature */ EVP_MD_CTX_init(md_ctx); err = EVP_SignInit (md_ctx, EVP_sha1()); err = EVP_SignUpdate (md_ctx, data, strlen(data)); sig_len = sizeof(sig_buf); err = EVP_SignFinal(md_ctx, sig_buf, sig_len, pkey); As I looking for the doc, something was said: *When signing with DSA private keys the random number generator must be seeded or the operation will fail. The random number generator does not need to be seeded for RSA signatures.* So, how can I seed the random number generator? I'm a new hand here, thank you very much.
RE: does bio_get_mem_data handle unicode?
Ryan Pfeifle Sr. Programmer Voice Print International, Inc. Immediate Results. Unmatched Value. Tel: 1.805.389.5200 x5297 Fax: N/A Email: r...@vpi-corp.com Web: www.VPI-corp.com Experience the VPI Value Advantage at http://www.VPI-corp.com/Value The information transmitted in this message is intended only for the addressee and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete this material from any computer. -Original Message- From: William A. Rowe Jr. [mailto:wr...@rowe-clan.net] Sent: Thursday, April 08, 2010 5:01 AM To: openssl-users@openssl.org Cc: Ryan Pfeifle Subject: Re: does bio_get_mem_data handle unicode? That's one approach. Another is to use UTF-8 filenames as the local code page, this is the solution the APR library opted for. Unfortunately, that is not currently an option when passing filenames to OpenSSL on Windows. The entire OpenSSL API uses char* only, and internally uses C library Ansi functions for file I/O instead of Unicode functions. So there is no possibility to get a Unicode filename all the way down to the filesystem intact. Either way, the OpenSSL API needs customization to pass wchar args for path names, etc. Starting as utf-8, or handled entirely by unicode. Adding support for wchar parameters would not be needed, and thus no change to the existing API interfaces, if OpenSSL were to natively support UTF-8 values. It could then decode UTF-8 input values, and encode UTF-8 output values, to/from other charsets internally as needed on a per-platform basis.
openssl-0.9.8n and openssl-fips-1.2 ERR_peek_last_error failure
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Setup: Built openssl-fips-1.2 per the Security Policy. Built openssl-0.9.8n with the fips option Notes: Successfully built FIPS-ified version of wget, curl/libcurl, libssh2 and mod_ssl. Successfully means the work as advertised within the restrictions placed on the application by calling FIPS_mode_set(1). All applications are dynamically linked against libcrypto.so.0.9.8 libssl.so.0.9.8 using CC=fipsld FIPSLD_CC=gcc. Issue: I am seeing a failure of ERR_peek_last_error() which is a pass through call to get_error_values() when linking openvpn via fipsld. Specific case in point is OpenVPN-2.1.1. When called with a certificate file, OpenVPN calls SSL_CTX_use_certificate_chain_file() SSL_CTX_use_certificate_chain_file() builds the certificate chains via calls to PEM_read_bio_X509_AUX() which loads one cert in a file at a time on a file as called in a a loop. When called and no further certificates remain, then PEM_read_bio_X509_AUX() bails setting PEM_R_NO_START_LINE int he error stack. SSL_CTX_use_certificate_chain_file() then calls ERR_peek_last_error() to pop the error stack and so long as the error is the expected PEM_R_NO_START_LINE is set, returns clean to the calling application. For whatever reason in the case of openvpn, ERR_peek_last_error() returns 0 instead of PEM_R_NO_START_LINE (151441516 in my build read as an integer) causing SSL_CTX_use_certificate_chain_file() to return a 0 (failure). Now in the case of failure, within the openvpn code I can add a call to ERR_print_errors_fp(stderr); and see the errors that ERR_peek_last_error() failed to pop. Some debug output... The err set the return value of ERR_peek_last_error(). end called has the ret value Broke (debug output): wdy: SSL_CTX_use_certificate_chain_file checking errors wdy: SSL_CTX_use_certificate_chain_file err set (0) wdy: SSL_CTX_use_certificate_chain_file found real errors? (ret 1) wdy: SSL_CTX_use_certificate_chain_file end called (0) 8500:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:652:Expecting: CERTIFICATE Working (debug output): wdy: SSL_CTX_use_certificate_chain_file checking errors wdy: SSL_CTX_use_certificate_chain_file err set (151441516) wdy: SSL_CTX_use_certificate_chain_file clear error called wdy: SSL_CTX_use_certificate_chain_file end called (1) Now here is the 'real' humor. If I statically link in openvpn libssl.a and libcrypto.a then the function works. The failure only occurs when using/linkng shared objects. That function fails if fipsld is used to link the application even if I do *not* patch/alter the openvpn source code to call FIPS_mode_set(1) and fix a hard coded md5 call. Thoughts? I think I have all the relevant data present. Thanks, Woody - -- - --- Gatewood Green Sr. Software Engineer/Network Admin Email: wo...@nitrosecurity.com http://www.nitrosecurity.com/ NitroSecurity - --- Imagine, if you will, a world in which there are no hypothetical situations... -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org/ iEYEAREDAAYFAku+b5EACgkQHnsUla8nzK1NwwCfZo0nSh+isuoqwXuekx615Ttj IqkAoN6QynZ6DI6ADjq8HFB1XrNZgiHm =rieQ -END PGP SIGNATURE- This e-mail message and any attachments contain information that is confidential and may be privileged. If the reader of this e-mail is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to this message or by sending an email to postmas...@nitrosecurity.com, and destroy all copies of this message and any attachments without reading or disclosing them. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
ssh_key_verify problem with 0.9.8n + FIPS
Hello, Some background -- I've had good luck in the past creating a functional FIPs-enabled OpenSSL and OpenSSH using these components: fipscanister build from openssl-fips-1.2.tar.gz openssl 0.9.8l openssh (5.2p1 or 5.3p1) ssh patch for FIPS: http://cvs.fedoraproject.org/viewvc/devel/openssh/openssh-5.3p1-fips.patch?revision=1.2content-type=text%2Fplainview=co I've been able to rebuild using openssl 0.9.8n, but when running the ssh client connection setup fails during verification of the server's key. The key question is, I think, what has changed in 0.9.8m or 0.9.8n that would cause this? The only thing I've changed is the openssl version. The call to OpenSSL that ultimately fails is RSA_public_decrypt(). Has it somehow been tightened up such that in some situations it would function differently than before? Any help would be greatly appreciated. Here's part of the debug messages produced when trying to use `ssh`: [cow...@pkg8 /usr/home/cowens]$ ssh -vv 10.173.100.112 OpenSSH_5.2p1 FreeBSD-openssh-portable-overwrite-base-5.2.p1_2,1, OpenSSL 0.9.8n-fips 24 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to 10.173.100.112 [10.173.100.112] port 22. debug1: Connection established. ... debug1: kex: server-client aes128-cbc hmac-sha1 none debug2: mac_setup: found hmac-sha1 debug1: kex: client-server aes128-cbc hmac-sha1 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(102420488192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 152/320 debug2: bits set: 1058/2048 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '10.173.100.112' is known and matches the RSA host key. debug1: Found key in /home/cowens/.ssh/known_hosts:2 debug2: bits set: 1033/2048 bad decrypted len: 0 != 20 + 15 debug1: ssh_rsa_verify: signature incorrect key_verify failed for server_host_key Thank you, Charles -- Charles Owens __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
ssh_key_verify problem with 0.9.8n + FIPS
Hello, Some background -- I've had good luck in the past creating a functional FIPs-enabled OpenSSL and OpenSSH using these components: fipscanister build from openssl-fips-1.2.tar.gz openssl 0.9.8l openssh (5.2p1 or 5.3p1) ssh patch for FIPS: http://cvs.fedoraproject.org/viewvc/devel/openssh/openssh-5.3p1-fips.patch?revision=1.2content-type=text%2Fplainview=co I've been able to rebuild using openssl 0.9.8n, but when running the ssh client connection setup fails during verification of the servers key. The key question is, I think, what has changed in 0.9.8m or 0.9.8n that would cause this? The only thing I've changed is the openssl version. The call to OpenSSL that ultimately fails is RSA_public_decrypt(). Has it somehow been tightened up such that in some situations it would function differently that before? Any help would be greatly appreciated. Here's part of the debug messages produced when trying to use `ssh`: [cow...@pkg8 /usr/home/cowens]$ ssh -vv 10.173.100.112 OpenSSH_5.2p1 FreeBSD-openssh-portable-overwrite-base-5.2.p1_2,1, OpenSSL 0.9.8n-fips 24 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to 10.173.100.112 [10.173.100.112] port 22. debug1: Connection established. ... debug1: kex: server-client aes128-cbc hmac-sha1 none debug2: mac_setup: found hmac-sha1 debug1: kex: client-server aes128-cbc hmac-sha1 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(102420488192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 152/320 debug2: bits set: 1058/2048 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '10.173.100.112' is known and matches the RSA host key. debug1: Found key in /home/cowens/.ssh/known_hosts:2 debug2: bits set: 1033/2048 bad decrypted len: 0 != 20 + 15 debug1: ssh_rsa_verify: signature incorrect key_verify failed for server_host_key Thank you, Charles -- Charles Owens __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl-0.9.8n and openssl-fips-1.2 ERR_peek_last_error failure
On Thu, Apr 08, 2010, Gatewood (Woody) Green wrote: -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Setup: Built openssl-fips-1.2 per the Security Policy. Built openssl-0.9.8n with the fips option Notes: Successfully built FIPS-ified version of wget, curl/libcurl, libssh2 and mod_ssl. Successfully means the work as advertised within the restrictions placed on the application by calling FIPS_mode_set(1). All applications are dynamically linked against libcrypto.so.0.9.8 libssl.so.0.9.8 using CC=fipsld FIPSLD_CC=gcc. Issue: I am seeing a failure of ERR_peek_last_error() which is a pass through call to get_error_values() when linking openvpn via fipsld. Specific case in point is OpenVPN-2.1.1. When called with a certificate file, OpenVPN calls SSL_CTX_use_certificate_chain_file() SSL_CTX_use_certificate_chain_file() builds the certificate chains via calls to PEM_read_bio_X509_AUX() which loads one cert in a file at a time on a file as called in a a loop. When called and no further certificates remain, then PEM_read_bio_X509_AUX() bails setting PEM_R_NO_START_LINE int he error stack. SSL_CTX_use_certificate_chain_file() then calls ERR_peek_last_error() to pop the error stack and so long as the error is the expected PEM_R_NO_START_LINE is set, returns clean to the calling application. For whatever reason in the case of openvpn, ERR_peek_last_error() returns 0 instead of PEM_R_NO_START_LINE (151441516 in my build read as an integer) causing SSL_CTX_use_certificate_chain_file() to return a 0 (failure). Now in the case of failure, within the openvpn code I can add a call to ERR_print_errors_fp(stderr); and see the errors that ERR_peek_last_error() failed to pop. Some debug output... The err set the return value of ERR_peek_last_error(). end called has the ret value Broke (debug output): wdy: SSL_CTX_use_certificate_chain_file checking errors wdy: SSL_CTX_use_certificate_chain_file err set (0) wdy: SSL_CTX_use_certificate_chain_file found real errors? (ret 1) wdy: SSL_CTX_use_certificate_chain_file end called (0) 8500:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:652:Expecting: CERTIFICATE Working (debug output): wdy: SSL_CTX_use_certificate_chain_file checking errors wdy: SSL_CTX_use_certificate_chain_file err set (151441516) wdy: SSL_CTX_use_certificate_chain_file clear error called wdy: SSL_CTX_use_certificate_chain_file end called (1) Now here is the 'real' humor. If I statically link in openvpn libssl.a and libcrypto.a then the function works. The failure only occurs when using/linkng shared objects. That function fails if fipsld is used to link the application even if I do *not* patch/alter the openvpn source code to call FIPS_mode_set(1) and fix a hard coded md5 call. Thoughts? I think I have all the relevant data present. It could be related to the FIPS error code callbacks. Try adding a call to OPENSSL_init() in the application before anything else. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org