make test fails for FIPS-capable OpenSSL build
Hi, I successfully built the FIPS 2.0 module (2010), its tests passed, and it was installed correctly in /usr/local/ssl/fips-2.0. I then build openssl 1.0.1 (2010): ./config fips shared make which all seems to go ok Then I do: make test and eventually get this error: ... Testing key generation with NIST Binary-Curve B-571 ok cat base64 aes-128-cbc 3086473868:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180: bad decrypt 3086592652:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180: 3086592652:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:535: ./p ./p.aes-128-cbc.clear differ: byte 1, line 1 make[1]: *** [test_enc] Error 1 It appears that EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag is not getting set, but I'm not familiar enough yet with the code to understand what I may be doing wrong. I have OPENSSL_FIPS set to 1 in my environment. I am building/running on CentOS 5.6. Thanks, Kevin
Lotus Domino server v8 fails mutual TLS handshake
Hi Steve, A Lotus Domino server v8 wants to connect to my postfix like several others do with client certificate authentication over TLS. Unfortunately, it fails early on with warning: TLS library problem: 25785:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1053:SSL alert number 0 In the mailing list archive, there is one mention of the problem that didn't really help me any further. (http://marc.info/?l=openssl-usersm=104885831305761w=2) Many thanks for any hints on that error message in advance! Ralf __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
hello!
I've just started using openssl, and have been having some problems with valgrind. Here's my distilled test program: #include openssl-1.0.0e/include/openssl/hmac.h #include openssl-1.0.0e/include/openssl/evp.h #include string.h char key[20] = { 0 }; int main() { HMAC_CTX * context; context = (HMAC_CTX *) malloc(sizeof(*context)); HMAC_CTX_init(context); HMAC_Init_ex(context, key, sizeof(key), EVP_sha1(), NULL); return 0; } I used ./config for setup on RedHat, and got linux-elf as my configuration. To compile the test program: g++ -o ot -ggdb -I/home/bertoni/src/ ot.c -L. -ltestcrypto -ldl after installing libcrypto.a as libtestcrypto.a When I run it under valgrind, I get errors: ==30797== Invalid write of size 1 ==30797==at 0x400655C: memset (mc_replace_strmem.c:479) ==30797==by 0x804959D: HMAC_Init_ex (hmac.c:100) ==30797== Address 0x40160E0 is 0 bytes after a block of size 184 alloc'd ==30797==at 0x40053C0: malloc (vg_replace_malloc.c:149) ==30797==by 0x80491F0: main (ot.c:12) and so on. The hmactest program run is clean, so I'm not sure what I'm doing incorrectly.. Any pointers would be appreciated. Jon Bertoni __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: hello!
#include openssl-1.0.0e/include/openssl/hmac.h #include openssl-1.0.0e/include/openssl/evp.h #include string.h char key[20] = { 0 }; int main() { HMAC_CTX * context; context = (HMAC_CTX *) malloc(sizeof(*context)); Do you need to malloc the context (a pointer) ? I don't think so. Remove the line? HMAC_CTX_init(context); HMAC_Init_ex(context, key, sizeof(key), EVP_sha1(), NULL); return 0; } I used ./config for setup on RedHat, and got linux-elf as my configuration. To compile the test program: g++ -o ot -ggdb -I/home/bertoni/src/ ot.c -L. -ltestcrypto -ldl after installing libcrypto.a as libtestcrypto.a When I run it under valgrind, I get errors: ==30797== Invalid write of size 1 ==30797==at 0x400655C: memset (mc_replace_strmem.c:479) ==30797==by 0x804959D: HMAC_Init_ex (hmac.c:100) ==30797== Address 0x40160E0 is 0 bytes after a block of size 184 alloc'd ==30797==at 0x40053C0: malloc (vg_replace_malloc.c:149) ==30797==by 0x80491F0: main (ot.c:12) and so on. The hmactest program run is clean, so I'm not sure what I'm doing incorrectly.. Any pointers would be appreciated. Jon Bertoni __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
SSL_Connect call gives SSL_ERROR_WANT_READ for non blocking sockets
Hi all, I am newbie to openssl any help is greatly appreciated. I have a requirement of fetching the Common name (domin name ) from the certificate that I request from any HTTPS websites. I followed the regular method of 1. establish a connection with the ip address using *connect() *system call. 2. Use *SSL_connect()* system call to perform handshake. 3. Use *SSL_get_peer_certificate()* to get the certificate. The problem I faced was that, the connect() call would at times return a errno 4 (EINTR) error . So i changed code from blocking to non-blocking sockets and used select() call to have a valid connection and return an appropriate file descriptor. Now the ssl_connect() call returns SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE error. I am unable to make my code work by adding a select() even on ssl_connect() call. If any one can please help as to how I need to use the ssl_connect() by polling that would be of great help. preferred language would be C/C++ thanks, ~Arjun
concatenate two CRL's
Hi all, on various sources on the internet I found that it is possible to concatenate two X509 CRL's together. cat file1.pem file2.pem combined.pem However, if I run openssl crl -in combined.pem -text -noout I see only the revoked certificates from file1.pem Is this not supported? Should I use a different command? Is this a bug? Thanks for your help, Olivier __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: concatenate two CRL's
The concatenation of two digitally signed CRLs is not a valid digitally signed CRL. Some applications may happen to have code to explicitly support this hack, but that ability could actually be a security hole as an enemy could concatenate an outdated and a current CRL, fooling such applications into thinking the revocations in the old CRL still apply (Which would be relevant if a CA temporarily revokes half-issued certificates as part of its procedures). On 11/15/2011 1:52 PM, Olivier Sessink wrote: Hi all, on various sources on the internet I found that it is possible to concatenate two X509 CRL's together. cat file1.pem file2.pem combined.pem However, if I run openssl crl -in combined.pem -text -noout I see only the revoked certificates from file1.pem Is this not supported? Should I use a different command? Is this a bug? Thanks for your help, Olivier __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
R: concatenate two CRL's
The combined crl means a certificate revocation list including all revoked certificate for the whole (and single) CA and the partitioned one is a more light crl limited to a known number of emitted certificate. CAs must publish a number of partitioned crls that covers all issued certificates and certificate cdp can point to the relative partitioned one or to the combined crl. Is not the scope of partitioned crls to be combined in a big one but only to make download faster also for CA with a large number of revoked certificate (a combined , classic crl can be larger than 10 MB). A valid alternative is OCSP. -Messaggio originale- Da: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] Per conto di Jakob Bohm Inviato: martedì 15 novembre 2011 14:07 A: openssl-users@openssl.org Oggetto: Re: concatenate two CRL's The concatenation of two digitally signed CRLs is not a valid digitally signed CRL. Some applications may happen to have code to explicitly support this hack, but that ability could actually be a security hole as an enemy could concatenate an outdated and a current CRL, fooling such applications into thinking the revocations in the old CRL still apply (Which would be relevant if a CA temporarily revokes half-issued certificates as part of its procedures). On 11/15/2011 1:52 PM, Olivier Sessink wrote: Hi all, on various sources on the internet I found that it is possible to concatenate two X509 CRL's together. cat file1.pem file2.pem combined.pem However, if I run openssl crl -in combined.pem -text -noout I see only the revoked certificates from file1.pem Is this not supported? Should I use a different command? Is this a bug? Thanks for your help, Olivier __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: R: concatenate two CRL's
You are getting the question completely wrong! This is not about CAs issuing partial, incremental and complete CRLs (something OpenSSL has silly problems with handling). This is about a user who though that concatenating CRL files as text would be a valid way to produce a complete/combined CRL from partial CRLs. A CA issuing both partial/incremental and complete/combined CRLs can/should/will trivially sign both forms with its private key, resulting in each released CRL being a single digitally signed DER structure of the proper form. (Sorry for the TOFU, but it fits the nature of this thread). On 11/15/2011 2:57 PM, Francesco Petruzzi wrote: The combined crl means a certificate revocation list including all revoked certificate for the whole (and single) CA and the partitioned one is a more light crl limited to a known number of emitted certificate. CAs must publish a number of partitioned crls that covers all issued certificates and certificate cdp can point to the relative partitioned one or to the combined crl. Is not the scope of partitioned crls to be combined in a big one but only to make download faster also for CA with a large number of revoked certificate (a combined , classic crl can be larger than 10 MB). A valid alternative is OCSP. -Messaggio originale- Da: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] Per conto di Jakob Bohm Inviato: martedì 15 novembre 2011 14:07 A: openssl-users@openssl.org Oggetto: Re: concatenate two CRL's The concatenation of two digitally signed CRLs is not a valid digitally signed CRL. Some applications may happen to have code to explicitly support this hack, but that ability could actually be a security hole as an enemy could concatenate an outdated and a current CRL, fooling such applications into thinking the revocations in the old CRL still apply (Which would be relevant if a CA temporarily revokes half-issued certificates as part of its procedures). On 11/15/2011 1:52 PM, Olivier Sessink wrote: Hi all, on various sources on the internet I found that it is possible to concatenate two X509 CRL's together. cat file1.pem file2.pem combined.pem However, if I run openssl crl -in combined.pem -text -noout I see only the revoked certificates from file1.pem Is this not supported? Should I use a different command? Is this a bug? Thanks for your help, Olivier __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: hello!
Jonas Schnelli jonas.schne...@include7.ch writes: #include openssl-1.0.0e/include/openssl/hmac.h #include openssl-1.0.0e/include/openssl/evp.h #include string.h char key[20] = { 0 }; int main() { HMAC_CTX * context; context = (HMAC_CTX *) malloc(sizeof(*context)); Do you need to malloc the context (a pointer) ? I don't think so. Remove the line? That won't work, but you can do HMAC_CTX context; and use context instead of context. HMAC_CTX_init(context); HMAC_Init_ex(context, key, sizeof(key), EVP_sha1(), NULL); return 0; } The program runs fine under valgrind on my Fedora 14. Have you built your openssl in a weird way (and why is it named libtestcrypto)? (I had to add HMAC_CTX_cleanup(context) and free(context) to avoid memory leak warnings from valgrind, though.) -- Henrik Grindal Bakken h...@ifi.uio.no PGP ID: 8D436E52 Fingerprint: 131D 9590 F0CF 47EF 7963 02AF 9236 D25A 8D43 6E52 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: hello!
On 11/15/2011 11:39 AM, Henrik Grindal Bakken wrote: Jonas Schnelli jonas.schne...@include7.ch writes: #includeopenssl-1.0.0e/include/openssl/hmac.h #includeopenssl-1.0.0e/include/openssl/evp.h #includestring.h char key[20] = { 0 }; int main() { HMAC_CTX * context; context = (HMAC_CTX *) malloc(sizeof(*context)); Do you need to malloc the context (a pointer) ? I don't think so. Remove the line? That won't work, but you can do HMAC_CTX context; and usecontext instead of context. Why would that be any different? When OpenSSL gets a HMAC_CTX*, it shouldn't care if it points to memory on the stack or the heap, as long as that memory is sizeof(HMAC_CTX) big and maybe appropriately initialized. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: make test fails for FIPS-capable OpenSSL build
On Mon, Nov 14, 2011, Kevin Fowler wrote: Hi, I successfully built the FIPS 2.0 module (2010), its tests passed, and it was installed correctly in /usr/local/ssl/fips-2.0. I then build openssl 1.0.1 (2010): ./config fips shared make which all seems to go ok Then I do: make test and eventually get this error: ... Testing key generation with NIST Binary-Curve B-571 ok cat base64 aes-128-cbc 3086473868:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180: bad decrypt 3086592652:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180: 3086592652:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:535: ./p ./p.aes-128-cbc.clear differ: byte 1, line 1 make[1]: *** [test_enc] Error 1 It appears that EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag is not getting set, but I'm not familiar enough yet with the code to understand what I may be doing wrong. I have OPENSSL_FIPS set to 1 in my environment. I am building/running on CentOS 5.6. Don't set OPENSSL_FIPS=1 before calling make test as not all the tests work in FIPS mode. The tests will swicth to FIPS mode themselves if this is being tested. Though currently only a TLS test does this. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: concatenate two CRL's
thank you. We'll probsbly switch to OCSP then. Olivier 2011/11/15 Jakob Bohm jb-open...@wisemo.com: The concatenation of two digitally signed CRLs is not a valid digitally signed CRL. Some applications may happen to have code to explicitly support this hack, but that ability could actually be a security hole as an enemy could concatenate an outdated and a current CRL, fooling such applications into thinking the revocations in the old CRL still apply (Which would be relevant if a CA temporarily revokes half-issued certificates as part of its procedures). On 11/15/2011 1:52 PM, Olivier Sessink wrote: Hi all, on various sources on the internet I found that it is possible to concatenate two X509 CRL's together. cat file1.pem file2.pem combined.pem However, if I run openssl crl -in combined.pem -text -noout I see only the revoked certificates from file1.pem Is this not supported? Should I use a different command? Is this a bug? Thanks for your help, Olivier __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
ssl3_get_client_certificate: no certificate returned
Hi, I'm indirectly using OpenSSL through Net::SSLeay¹, which I use through AnyEvent::TLS². AnyEvent::TLS provides the means to define a custom verification mechanism by setting verify_cb³. Here's an example (keys included): http://paste.scsys.co.uk/159837 If the custom verification callback decides a peer is bad, it shall return 0 and return 1 otherwise. If 0 is returned, this warning is produced: ssl3_get_client_certificate: no certificate returned It's only a warning which does not seem to impair functionality; no warning is printed if 1 is returned. I've already asked on the AnyEvent mailing list⁴, but the author of AnyEvent::TLS couldn't really nail it down either. Can you help me? Why is this warning printed and what could be done to eliminate the problem? TIA, Tobias ¹ http://search.cpan.org/~mikem/Net-SSLeay-1.42/lib/Net/SSLeay.pm ² http://search.cpan.org/~mlehmann/AnyEvent-6.1/lib/AnyEvent/TLS.pm which I use through AnyEvent::MPRPC, but that shouldn't matter :-) ³ http://search.cpan.org/~mlehmann/AnyEvent-6.1/lib/AnyEvent/TLS.pm#verify_cb ⁴ http://lists.schmorp.de/pipermail/anyevent/2011q4/000203.html signature.asc Description: PGP signature
Re: SSL_Connect call gives SSL_ERROR_WANT_READ for non blocking sockets
Hi, Arjun, For non-blocking case, you have to handle SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE In that case you need to redo *SSL_connect.* * * Huaqing On Tue, Nov 15, 2011 at 5:51 AM, Arjun SM arjun...@gmail.com wrote: Hi all, I am newbie to openssl any help is greatly appreciated. I have a requirement of fetching the Common name (domin name ) from the certificate that I request from any HTTPS websites. I followed the regular method of 1. establish a connection with the ip address using *connect() *system call. 2. Use *SSL_connect()* system call to perform handshake. 3. Use *SSL_get_peer_certificate()* to get the certificate. The problem I faced was that, the connect() call would at times return a errno 4 (EINTR) error . So i changed code from blocking to non-blocking sockets and used select() call to have a valid connection and return an appropriate file descriptor. Now the ssl_connect() call returns SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE error. I am unable to make my code work by adding a select() even on ssl_connect() call. If any one can please help as to how I need to use the ssl_connect() by polling that would be of great help. preferred language would be C/C++ thanks, ~Arjun -- Thank you. Best Regards, Michael(Huaqing) Wang
Re: make test fails for FIPS-capable OpenSSL build
Thank you - that was my problem On Tue, Nov 15, 2011 at 9:43 AM, Dr. Stephen Henson st...@openssl.org wrote: On Mon, Nov 14, 2011, Kevin Fowler wrote: Hi, I successfully built the FIPS 2.0 module (2010), its tests passed, and it was installed correctly in /usr/local/ssl/fips-2.0. I then build openssl 1.0.1 (2010): ./config fips shared make which all seems to go ok Then I do: make test and eventually get this error: ... Testing key generation with NIST Binary-Curve B-571 ok cat base64 aes-128-cbc 3086473868:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180: bad decrypt 3086592652:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180: 3086592652:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:535: ./p ./p.aes-128-cbc.clear differ: byte 1, line 1 make[1]: *** [test_enc] Error 1 It appears that EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag is not getting set, but I'm not familiar enough yet with the code to understand what I may be doing wrong. I have OPENSSL_FIPS set to 1 in my environment. I am building/running on CentOS 5.6. Don't set OPENSSL_FIPS=1 before calling make test as not all the tests work in FIPS mode. The tests will swicth to FIPS mode themselves if this is being tested. Though currently only a TLS test does this. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
PKCS12_parse
Hello, I am maintaining a piece of code that calls PKCS12_parse. It worked with an older version of openssl (0.9.8m), but it is not working with version 1.0.0 Here are some clips: X509 *cert = NULL; BIO*in = NULL; STACK_OF(X509) *ca_certs = NULL; PKCS12 *p12 = NULL; EVP_PKEY *pkey = NULL; charpass[PEM_BUFSIZE]; strcpy(pass, exportpw.c_str()); // I verified that the password is correct p12 = d2i_PKCS12_bio(in, NULL); if (!(PKCS12_parse(p12, pass, pkey, cert, ca_certs))) I created the pkcs12 file with: openssl req -new -x509 -days 365 -keyout new.pem -out new.pem openssl pkcs12 -export -in new.pem -out new.p12 -name My certificate I read in two places in the net that this code was fixed for version 1 and above. Does anyone have any information on this? Thank you, Dirce __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PKCS12_parse
On Tue, Nov 15, 2011, dricha...@globalcerts.net wrote: Hello, I am maintaining a piece of code that calls PKCS12_parse. It worked with an older version of openssl (0.9.8m), but it is not working with version 1.0.0 Here are some clips: X509 *cert = NULL; BIO*in = NULL; STACK_OF(X509) *ca_certs = NULL; PKCS12 *p12 = NULL; EVP_PKEY *pkey = NULL; charpass[PEM_BUFSIZE]; strcpy(pass, exportpw.c_str()); // I verified that the password is correct p12 = d2i_PKCS12_bio(in, NULL); if (!(PKCS12_parse(p12, pass, pkey, cert, ca_certs))) I created the pkcs12 file with: openssl req -new -x509 -days 365 -keyout new.pem -out new.pem openssl pkcs12 -export -in new.pem -out new.p12 -name My certificate I read in two places in the net that this code was fixed for version 1 and above. Does anyone have any information on this? What error message do you get: see FAQ. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ssl3_get_client_certificate: no certificate returned
On Tue, Nov 15, 2011, Tobias Nissen wrote: Hi, I'm indirectly using OpenSSL through Net::SSLeay¹, which I use through AnyEvent::TLS². AnyEvent::TLS provides the means to define a custom verification mechanism by setting verify_cb³. Here's an example (keys included): http://paste.scsys.co.uk/159837 If the custom verification callback decides a peer is bad, it shall return 0 and return 1 otherwise. If 0 is returned, this warning is produced: ssl3_get_client_certificate: no certificate returned It's only a warning which does not seem to impair functionality; no warning is printed if 1 is returned. I've already asked on the AnyEvent mailing list???, but the author of AnyEvent::TLS couldn't really nail it down either. Can you help me? Why is this warning printed and what could be done to eliminate the problem? The warning isn't printed by OpenSSL it is an error code. So perhaps the wrapper is printing the error? I don't know about that wrapper but you should set a verify return code using SSL_set_verify_result() and if you want it to fail if no certificate is returned you should also include the flag SSL_VERIFY_FAIL_IF_NO_PEER_CERT Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ssl3_get_client_certificate: no certificate returned
Dr. Stephen Henson wrote: On Tue, Nov 15, 2011, Tobias Nissen wrote: I'm indirectly using OpenSSL through Net::SSLeay¹, which I use through AnyEvent::TLS². AnyEvent::TLS provides the means to define a custom verification mechanism by setting verify_cb³. Here's an example (keys included): http://paste.scsys.co.uk/159837 If the custom verification callback decides a peer is bad, it shall return 0 and return 1 otherwise. If 0 is returned, this warning is produced: ssl3_get_client_certificate: no certificate returned It's only a warning which does not seem to impair functionality; no warning is printed if 1 is returned. I've already asked on the AnyEvent mailing list???, but the author of AnyEvent::TLS couldn't really nail it down either. Can you help me? Why is this warning printed and what could be done to eliminate the problem? The warning isn't printed by OpenSSL it is an error code. So perhaps the wrapper is printing the error? I didn't find it in either of the wrapper modules, but I did in OpenSSL: tobi@hal:~/src/openssl-1.0.0e$ rgrep no certificate returned * doc/ssleay.txt:Error because no certificate returned. ssl/ssl_err.c:{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),no certificate returned}, signature.asc Description: PGP signature
Re: ssl3_get_client_certificate: no certificate returned
On Tue, Nov 15, 2011, Tobias Nissen wrote: Dr. Stephen Henson wrote: On Tue, Nov 15, 2011, Tobias Nissen wrote: I'm indirectly using OpenSSL through Net::SSLeay¹, which I use through AnyEvent::TLS². AnyEvent::TLS provides the means to define a custom verification mechanism by setting verify_cb³. Here's an example (keys included): http://paste.scsys.co.uk/159837 If the custom verification callback decides a peer is bad, it shall return 0 and return 1 otherwise. If 0 is returned, this warning is produced: ssl3_get_client_certificate: no certificate returned It's only a warning which does not seem to impair functionality; no warning is printed if 1 is returned. I've already asked on the AnyEvent mailing list???, but the author of AnyEvent::TLS couldn't really nail it down either. Can you help me? Why is this warning printed and what could be done to eliminate the problem? The warning isn't printed by OpenSSL it is an error code. So perhaps the wrapper is printing the error? I didn't find it in either of the wrapper modules, but I did in OpenSSL: tobi@hal:~/src/openssl-1.0.0e$ rgrep no certificate returned * doc/ssleay.txt:Error because no certificate returned. ssl/ssl_err.c:{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),no certificate returned}, Yes but that's a textual version of the error. OpenSSL does not print it out: an application call is needed to do that. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: hello!
From: Jakob Bohm [mailto:jb-open...@wisemo.com] Sent: Tuesday, November 15, 2011 2:28 PM On 11/15/2011 11:39 AM, Henrik Grindal Bakken wrote: Jonas Schnelli jonas.schne...@include7.ch writes: #includeopenssl-1.0.0e/include/openssl/hmac.h #includeopenssl-1.0.0e/include/openssl/evp.h #includestring.h char key[20] = { 0 }; int main() { HMAC_CTX * context; context = (HMAC_CTX *) malloc(sizeof(*context)); Do you need to malloc the context (a pointer) ? I don't think so. Remove the line? That won't work, but you can do HMAC_CTX context; and usecontext instead of context. Why would that be any different? When OpenSSL gets a HMAC_CTX*, it shouldn't care if it points to memory on the stack or the heap, as long as that memory is sizeof(HMAC_CTX) big and maybe appropriately initialized. Err ... yes, that's the point. The original code used malloc to allocate memory for an HMAC_CTX, and did it right (apart from not checking that malloc succeeded). Henrik's version allocated memory for an HMAC_CTX structure automatically, and was equally right. Jonas's version didn't allocate memory for an HMAC_CTX at all, and passed an uninitialized pointer to subsequent function calls instead of a pointer to an HMAC_CTX. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PKCS12_parse
I made some progress. The call to PKCS12_parse succeeded, but the pkey returned was NULL. Please see below where I indicated how I created this .p12 file. I wonder why the PKCS12_parse command can't read its private key. I keep suspecting on permissions, but they seem ok - this app is running as cgi. Any suggestions are appreciated. Dirce Hello, I am maintaining a piece of code that calls PKCS12_parse. It worked with an older version of openssl (0.9.8m), but it is not working with version 1.0.0 Here are some clips: X509 *cert = NULL; BIO*in = NULL; STACK_OF(X509) *ca_certs = NULL; PKCS12 *p12 = NULL; EVP_PKEY *pkey = NULL; charpass[PEM_BUFSIZE]; strcpy(pass, exportpw.c_str()); // I verified that the password is correct p12 = d2i_PKCS12_bio(in, NULL); if (!(PKCS12_parse(p12, pass, pkey, cert, ca_certs))) I created the pkcs12 file with: openssl req -new -x509 -days 365 -keyout new.pem -out new.pem openssl pkcs12 -export -in new.pem -out new.p12 -name My certificate I read in two places in the net that this code was fixed for version 1 and above. Does anyone have any information on this? Thank you, Dirce __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PKCS12_parse
Sorry, but this is just getting more interesting: it seems that the call fails when I type the right password (within the app, not in my sample). It is when I typed the wrong password that the call succeeded, but returned the empty key... Will keep investigating... Dirce I made some progress. The call to PKCS12_parse succeeded, but the pkey returned was NULL. Please see below where I indicated how I created this .p12 file. I wonder why the PKCS12_parse command can't read its private key. I keep suspecting on permissions, but they seem ok - this app is running as cgi. Any suggestions are appreciated. Dirce Hello, I am maintaining a piece of code that calls PKCS12_parse. It worked with an older version of openssl (0.9.8m), but it is not working with version 1.0.0 Here are some clips: X509 *cert = NULL; BIO*in = NULL; STACK_OF(X509) *ca_certs = NULL; PKCS12 *p12 = NULL; EVP_PKEY *pkey = NULL; charpass[PEM_BUFSIZE]; strcpy(pass, exportpw.c_str()); // I verified that the password is correct p12 = d2i_PKCS12_bio(in, NULL); if (!(PKCS12_parse(p12, pass, pkey, cert, ca_certs))) I created the pkcs12 file with: openssl req -new -x509 -days 365 -keyout new.pem -out new.pem openssl pkcs12 -export -in new.pem -out new.p12 -name My certificate I read in two places in the net that this code was fixed for version 1 and above. Does anyone have any information on this? Thank you, Dirce __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
SSL_get_verify_result() behavior
During the test of my C code using OpenSSL, I noticed that even though CA certs were not loaded, SSL verification succeeded unexpectedly. Attached below is a simplified code that demonstrates what I have been seeing. I intentionally commented out the section where tries to load CA certs, but SSL_get_verify_results() returns X509_V_OK where I expects X509_V_ERR_CERT_UNTRUSTED to return. Looking at my log, the verifyCallback() detected the error, returning 0 to the caller but the return value from SSL_get_verify_result() did not seem to reflect the error detected in the verifyCallback(). Here's some tty logs: (1) When CA certs are not loaded: TCP connection successful verifyCallback() - in: preverify_ok=0 Verify error: unable to get local issuer certificate(20) - depth=1 - sub =/C=US/O=Google Inc/CN=Google Internet Authority verifyCallback() - out SSL handshake/verify successful PASS (2) When CA certs are loaded: TCP connection successful verifyCallback() - in: preverify_ok=1 verifyCallback() - out verifyCallback() - in: preverify_ok=1 verifyCallback() - out verifyCallback() - in: preverify_ok=1 verifyCallback() - out SSL handshake/verify successful PASS (3) When CA certs are NOT loaded, and returning 1 always from verifyCallback() TCP connection successful verifyCallback() - in: preverify_ok=0 Verify error: unable to get local issuer certificate(20) - depth=1 - sub =/C=US/O=Google Inc/CN=Google Internet Authority verifyCallback() - out verifyCallback() - in: preverify_ok=0 Verify error: certificate not trusted(27) - depth=1 - sub =/C=US/O=Google Inc/CN=Google Internet Authority verifyCallback() - out verifyCallback() - in: preverify_ok=1 verifyCallback() - out SSL verify failed: CERT_UNTRUSTED(27) FAIL As in (3), if 1 is always returned from verifyCallback(), SSL_get_verify_result() seems to return the expected error. So, my question is, in order to correctly detect 'CERT_UNTRUSTED' error in the code, what needs to be done in the implementation? There may be something I am doing right. Please let me know if you notice anything. Here's info of OpenSSL I am using: OpenSSL 0.9.8r 8 Feb 2011 compiler: -arch x86_64 -fmessage-length=0 -pipe -Wno-trigraphs -fpascal-strings -fasm-blocks -O3 -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DMD32_REG_T=int -DOPENSSL_NO_IDEA -DOPENSSL_PIC -DOPENSSL_THREADS -DZLIB -mmacosx-version-min=10.6 built on: Apr 22 2011 platform: darwin64-x86_64-llvm OPENSSLDIR: /System/Library/OpenSSL Any comments are appreciated!! - Yutaka /* ssltest.c */ #include sys/socket.h #include netinet/in.h #include unistd.h #include netdb.h #include stdio.h #include openssl/ssl.h #include openssl/x509.h #include openssl/err.h #define HOSTencrypted.google.com #define PORT(443) #define MAX_VERIFY_DEPTH(2) #define CA_CERT_PATH./ca-bundle.crt static char const* ssl_strerror(SSL* ssl, int ret); static char const* crt_strerror(int err); int verifyCallback(int preverify_ok, X509_STORE_CTX *ctx) { fprintf(stdout, verifyCallback() - in: preverify_ok=%d\n, preverify_ok); if(!preverify_ok) { char buf[256]; X509 *err_cert; int err, depth; SSL *ssl; err_cert = X509_STORE_CTX_get_current_cert(ctx); err = X509_STORE_CTX_get_error(ctx); depth = X509_STORE_CTX_get_error_depth(ctx); ssl = (SSL*)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); fprintf(stderr, Verify error: %s(%d)\n, X509_verify_cert_error_string(err), err); fprintf(stderr, - depth=%d\n, depth); fprintf(stderr, - sub =\%s\\n, buf); } fprintf(stdout, verifyCallback() - out\n); //return 1; return preverify_ok; } int connectTcp() { struct hostent *h; struct sockaddr_in sin; int fd = -1; int ret; memset(sin, 0, sizeof(sin)); sin.sin_family = AF_INET; sin.sin_port = htons(PORT); /* Resolve remote IP address */ h = gethostbyname(HOST); if(!h) { fprintf(stderr, Could not obtain IP address\n); return -1; } sin.sin_addr = *(struct in_addr*)(h-h_addr_list[0]); /* Create fd */ fd = socket(AF_INET, SOCK_STREAM, 0); if(fd 0) { return -1; } /* Connect to remote */ ret = connect(fd, (struct sockaddr*)sin, sizeof(sin)); if(ret 0) { close(fd); return -1; } return fd; /* connected */ } int test(void) { int ret = 0; SSL_CTX *ctx = 0; SSL *ssl = 0; int fd = -1; /* Create SSL_CTX */ ctx = SSL_CTX_new(SSLv3_client_method()); if(!ctx) { fprintf(stderr, SSL_CTX_new filed); ret = -1; goto bail; } #if 0 /* Intentionally commented out not to load CA certs. */ /* Load CA certs from file */ if(!SSL_CTX_load_verify_locations(ctx, CA_CERT_PATH, NULL)) {