Re: Request for comment on Anonymous, Encrypted SSL approach
On 09/17/2010 04:40 PM, Tom Cocagne wrote: Greetings, I've been searching for a way to set up an encrypted SSL connection that doesn't require the use of certificates. Ideally, I'd like to use SSL + SRP as specified in RFC 5054 but, as that isn't yet commonly available, I'd like to fall back to setting up an anonymous but encrypted SSL connection over which I'll manually use SRP for authentication. you may want to look at the openssl request tracker entry 1794 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to disable index and serial?
On 01/11/2011 05:50 PM, Dominique Lohez wrote: Fredrik Strömberg a écrit : Hello, I want to sign a certificate without using the index or serial files. Can someone tell me how to disable them? by using the command x509 and not ca for example. you can use a serial number based on a date seconds plus processid for example) to guarantee uniqueness. As said below: If you create the same serial number for different certs, the results may be unpredictable depending at least on whether a verifier has a cache of certificates. Some example scripts like this can be in the test directory of 'curl' obtainable at http://curl.haxx.se Not using -config makes openssl use the compiled default, and using my own while commenting out "database" and "serial" gives me the error "variable lookup failed for CA_default::database". If they can´t be disabled I would like to know if there´s a possibility to lock the files from openssl. Should that not work I need to implement my own filelocking. (For the curious: I don´t need serial because I only identify with CN, and I don´t need a database because I will never revoke any certificates.) In my understanding of your problem, the serial number of the certificate is always required because you can generate more than one certificate for a given user identified with a given DN( and not CN) This arise because you issue a certificate valid from January 1st to March 31th the next one valid from April 1st to June 30th etc for example etc The only way to distinguish these certificates is the serial number. I hope this helps Best regards Dominique LOHEZ Any thoughts? Kind regards, Fredrik Strömberg __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: IP address as subjectaltname works with firefox but not MS internet explorer
In addition to the adding the IP address to the cert with "subjectAltName=IP:10.0.0.1"; I added the IP address twice (probably didn't need to), using "subjectAltName=IP:10.0.0.1,DNS:10.0.0.1" You might want to add DNS:host.mydomain.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ASN.1 encoding a private structure
On 02/14/2011 01:11 PM, Eisenacher, Patrick wrote: I want to encode a private asn1 structure, say something like the following: SEQUENCE true_false BOOLEAN certificate Certificate I checked the asn1parse command and was able to specify my outer sequence and the inner boolean in the genconf file, but failed to specify my certificate. I had hoped to specify the certificate via DER: 01 02 03... like I would with a private extension in openssl's conf file, but this didn't work. I also tried decoding the certificate via asn1parse and then re-encoding the output, but that didn't work neither. Is there any way to achieve my goal without manually constructing the asn.1 coding? Yes, you can/might - transform the certificate into an octet string in hex, - remove the initial tag and length, probably 4 octets, - specify an universal 16 implicit octet string and the content octets. the asn1parse encoder detect that the universal 16 is actually a sequence and will put automagically the constructed bit. Thanks for your help, Patrick Eisenacher __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: convert x509 cert into string and store certs in cache
On 03/11/2011 11:57 AM, ikuzar wrote: Ok. In the doc, I think |i2d_X509() |is adequate to encode X509 *cert; The doc says : int i2d_X509(X509 *x, unsigned char **out); |i2d_X509()| encodes the structure pointed to by *x* into DER format. If *out* is not *NULL* is writes the DER encoded data to the buffer at **out*, and increments it to point after the data just written. If the return value is negative an error occurred, otherwise it returns the length of the encoded data. Now, the function which adds certificates into shared map is like this : int addCertIntoMap(const char* uri, const char* certificate, unsigned int clen, time_t duration); uri is the key, const char* certificate is the certificate to add into map. My question : DER format will be stored in an unsigned char **out. In addCertIntoMap, we add a const char* certificate. I do not know how to write the code. I want to write somthing like this : X509* peerCert = SSL_get_peer_certificate(ssl); unsigned char **DERcert; i2d_X509(peerCert, DERcert); addCertIntoMap(uri, DERcert, len, time); // but here DERcert is char** and not char* ... You might want to the example in http://www.openssl.org/docs/crypto/d2i_X509.html Allocate and encode the DER encoding of an X509 structure: int len; unsigned char *buf, *p; len = i2d_X509(x, NULL); buf = OPENSSL_malloc(len); if (buf == NULL) /* error */ p = buf; i2d_X509(x, &p); __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Quick eyeball requested - self generate openssl certs/CA
The problem with this scheme is that it doesn't deal well with parallel certificate signatures. You have one shared information that must be incremented in an atomic way. But for a "Junk CA" (that's how I call the set of scripts I use), that's not a problem. another approach is to take the value of 'time' (the current second) and append to it the current process number, and, in case of several machines, some number indicating the id of the machine. instead of the process number, any other method to ensure uniqueness within a second may be used. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Quick eyeball requested - self generate openssl certs/CA
On 05/19/2011 06:20 PM, Tim Watts wrote: On 19/05/11 16:46, Peter Sylvester wrote: The problem with this scheme is that it doesn't deal well with parallel certificate signatures. You have one shared information that must be incremented in an atomic way. But for a "Junk CA" (that's how I call the set of scripts I use), that's not a problem. another approach is to take the value of 'time' (the current second) and append to it the current process number, and, in case of several machines, some number indicating the id of the machine. instead of the process number, any other method to ensure uniqueness within a second may be used. Ah yes - that would guarantee a non repeating unpredictable sequence. well, I was reminded that the number of forks may be predictable, but one can add some random or do some random process generation, so that you would have a large unpredictable part. I was confuse initially as I did not realise the serial number could be so big (16 bytes was it?). 160 bits, let's say 159 you would take 39 for the date, and add a few bits of local uniqueness eg, a microsecond which is already difficult to predict, and then you still have about 100 possible random bits. Cheers Tim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: web site with many openssl examples
On 06/30/2011 07:29 PM, derleader mail wrote: Hi, I'm looking for complete examples of implementing OpenSSL code - server and client. Can you give a link? Best wishes Peter the source code of s_client and s_server or ssl_use.c of curl for a client part or mod_ssl of apache for a server or the source code for the tests in openssl that use bio pairs or ... __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: smime verify bug???
Many places including the DN comparision algorithm description of RFC3280. Sorry can you point me to the exact paragraph, I read 4.1.2.4 and 5.1.2.3 but the comparision seems to happen on the contents of the issuer field and not the order, thanks Nicola near the end of page 95 of rfc 5280: Two naming attributes match if the attribute types are the same and the values of the attributes are an exact match after processing with the string preparation algorithm. Two relative distinguished names RDN1 and RDN2 match if they have the same number of naming attributes and for each naming attribute in RDN1 there is a matching naming attribute in RDN2. Two distinguished names DN1 and DN2 match if they have the same number of RDNs, for each RDN in DN1 there is a matching RDN in DN2, and the matching RDNs appear in the same order in both DNs. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Becoming a CA for group of internal servers?
you might want to read the description of the -extfile parameter of the x509 command an excerpt from curl-7.21.6/tests/certs/scripts/genserv.sh available at curl.haxx.se $OPENSSL req -config $PREFIX-sv.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-sv.key -out $PREFIX-sv.csr $OPENSSL rsa -in $PREFIX-sv.key -out $PREFIX-sv.key $OPENSSL x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -out $PREFIX-sv.crt -text -nameopt multiline -sha1 with a $PREFIX-sv.prm like the following extensions = x509v3 [ x509v3 ] subjectAltName = DNS:localhost keyUsage= keyEncipherment extendedKeyUsage = serverAuth subjectKeyIdentifier = hash authorityKeyIdentifier = keyid basicConstraints = critical,CA:false [ req ] default_bits= 1024 distinguished_name = req_DN default_md= sha256 string_mask= utf8only [ req_DN ] countryName = "Country Name is Northern Nowhere" countryName_value= NN organizationName = "Organization Name" organizationName_value = Edel Curl Arctic Illudium Research Cloud commonName = "Common Name" commonName_value = localhost [something] # The key # the certficate # some dhparam __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to deal with new OIDs
On 09/07/2011 08:28 PM, Dr. Stephen Henson wrote: On Wed, Sep 07, 2011, Dominik Oepen wrote: Are these OIDs are by chance the ones described in ticket 1794? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to deal with new OIDs
On 09/08/2011 04:31 PM, Dominik Oepen wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 08.09.2011 11:49, schrieb Peter Sylvester: On 09/07/2011 08:28 PM, Dr. Stephen Henson wrote: On Wed, Sep 07, 2011, Dominik Oepen wrote: Are these OIDs are by chance the ones described in ticket 1794? Actually I meant 2239. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Error converting from .cer to .pem
On 09/19/2011 04:29 PM, ubuntuv wrote: Thanks Jacob. Output of #less evalRootCertificate.cer -BEGIN CERTIFICATE- MIICBDCC.MVWn1dH/IzvUWbQ== -END CERTIFICATE- I even tried removing the following file lines -BEGIN CERTIFICATE- -END CERTIFICATE- # openssl x509 -inform der -in evalRootCertificate.cer -out steel.pem unable to load certificate your file is already in pem form. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 example with SRP
On 10/25/2011 05:15 AM, Norm Green wrote: Hello Experts, I'm new to OpenSSL so please bear with me. I'm trying to construct a simple example that uses a recent OpenSSL 1.0.1 snapshot to create secure connection using SRP without using any certificates. I am aware 1.0.1 is not yet released, but I've been told this should be possible. try this first with s_client and s_server you need cipher SRP fo them what happens when you connect to your server with openssl s_client -srpuser -cipher SRP -connect server:port __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to create certificate store using DER and PKCS12 certificates
On 11/10/2011 12:47 PM, Rajib Karmakar wrote: Hi, I am using OpenSSL version 1.0.0e and want to create a certificate store using DER and PKCS12 formatted certificates. I have to read and convert DER and PKCS12 certificates into X509 object and add them into X509_STORE. But if PEM, DER and PKCS12 certificates are stored in same path I have to identify each certificate format. Is there any OpenSSL API that tells the certificate format? You try to decode them in all formats, only one of them will succeed.
Re: OpenSSL and apache2 wildcard self-signed certificate for nested subdomain
On 12/14/2011 01:33 PM, rey sebastien wrote: Hello users :) I have some problem with nested subdomain and wildcard openssl certificate.. perhaps this is because the subdomain type is : site1.parisgeo.cnrs.fr, or site2.parisgeo.cnrs.fr, or other subdomain like .parisgeo.cnrs.fr When i create the self signed certificate, i enter CN = *.parisgeo.cnrs.fr, but it's seems it's impossible to connect on this site for example partage.parisgeo.cnrs.fr with this configuration ! Arg. your connexion works fine up to the point of certificate verification. openssl s_client does not like self signed certs any browser needs user action to disable warnings. example curl -k https://www.parisgeo.cnrs.fr works because of -k
Re: Displaying Serial Number of Cert via s_client ?
On 01/07/2012 02:01 AM, Ken Adler wrote: I use echo GET | openssl s_client -connect www.google.com:443 -state to troubleshoot https handshakes. Is there a way to get it to return the Serial number (or thumbprint) of the server certificate? openssl s_client -connect www.google.com:443 2>&1|openssl x509 -noout -serial serial=4F9D96D966B0992B54C2957CB4157D4D __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SRP problem in OpenSSL 1.0.1 beta
On 01/10/2012 04:52 AM, Norm Green wrote: Hi, I am testing my application with the 1.0.1 beta and noticed the errors generated are not very friendly when SRP credentials are incorrect. The problem is that the error codes returned in no way indicate that the problem is incorrect credentials. Instead I see errors about "bad record mac" (see below). two things: - your server code may choose to react with a o "unknown_psk_identity" (115) - this alert MAY be sent by a server that receives an unknown user name. This alert is always fatal. SeeSection 2.5.1.3 <http://tools.ietf.org/html/rfc5054#section-2.5.1.3> for details. this can be done in the callback if one chooses so. - when a user provides a bad password, there is no common secret, there is only one possible error: "something was wrong during the handshake" Everything works just fine when the correct credentials are used. What I need a way to discern if incorrect credentials were supplied, or there is some other error. As it stands now, I would have to assume that the credentials are wrong whenever SSL_connect() or SSL_accept() fail, which seems like a poor assumption. You can only assume that either a wrong password is given or some network problem has occured. You cannot determine whether you are talking to the right partner without a successful handshake. I'm still fairly new to SSL and SRP and am grateful for any and all help. does that help? btw: if your server needs non blocking behaviour (even if no), and you need time to lookup a credential (a verifier) in a database, you can indicate in your callback to interrupt the accept call (in blocking and non blocking mode) and repeat the accept as soon as the data are there. Norm Green VMware, Inc. Peter Sylvester
Re: SRP problem in OpenSSL 1.0.1 beta
an excerpt from rfc 5054 paragraph 3.3 If an attacker learns a user's SRP verifier (e.g., by gaining access to a server's password file), the attacker can masquerade as the real server to that user, and can also attempt a dictionary attack to recover that user's password. An attacker could repeatedly contact an SRP server and try to guess a legitimate user's password. Servers SHOULD take steps to prevent this, such as limiting the rate of authentication attempts from a particular IP address or against a particular user name. ... If the client receives an "unknown_psk_identity" alert in response to a client hello, this alert may have been inserted by an attacker. The client should be careful about making any decisions, or forming any conclusions, based on receiving this alert __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Customer Enterprise X.509 Extension OID Assignment
On 02/06/2012 09:41 AM, Curt Sampson wrote: If I were to create a custom X.509 certificate extension for use within my enterprise and with others outside who wanted to write or modify their own software to interoperate with it, I'd need to assign an OID for this extension, right? And for that, would the standard way to do this be to assign an OID underneath the one assigned to us by the IANA in their Private Enterprise Number list[1], right? It is one possible way, you need to find someone that "owns" an OID (forever) and dedicates you a number. in france, every enterprise has an oid 1.3.2.officialenterprisenumber some institution sell such numbers. (I note that [1] claims to be the "SMI Network Management Private Enterprise Codes", but I gather that others use this for pretty much anything where they need a unique OID.) I'd prefer to say "non-ambiguous". besides that, I would also investigate your need for a custom extension, if you use it for 'identity', then use a subjectAltname for example if you use it for some kind of attribute based authorisation, well, you are maybe overloading the certificate. Peter __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Distinguishing a CA certificate from an end entity certificate Reg.
On 02/23/2012 10:49 AM, Ashok C wrote: Hi, What would be the most efficient and easiest way to distinguish a CA certificate from an actual server/client(end entity) certificate? We were thinking of identifying the CA with the "CA:TRUE" constraint from the text display, but again this check does not cover x509 v1 certificates where this extension is not present. Is there any command/openSSL API available which would serve this purpose? a v1 certificate (if you want) or v3 cert with both CA:true*and keyusage has certsign bit. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: 1.0.1beta1, incompatibility with gnutls?
On 03/08/2012 11:05 PM, David Holmes wrote: I'm trying to use openssl 1.0.1beta1 s_server with gnutls 2.4.1 (gnutls-cli). s_server is complaining of an unknown extension (see debug output below). Openssl 0.9.8h works just fine though. Is this a known issue? 127.0.0.1 is not a valid servername. I don't remember but you might want to play with the servername parameter of s_server. ./openssl s_server -key src/data/server.key -cert src/data/server.crt -tlsextdebug Using default temp DH parameters Using default temp ECDH parameters ACCEPT TLS client extension "unknown" (id=9), len=3 - 02 00 01 ... TLS client extension "server name" (id=0), len=14 - 00 0c 00 00 09 31 32 37-2e 30 2e 30 2e 31 .127.0.0.1 ERROR 4150167176:error:14094456:SSL routines:SSL3_READ_BYTES:tlsv1 unsupported extension:s3_pkt.c:1240:SSL alert number 110 shutting down SSL CONNECTION CLOSED ACCEPT David Holmes | Technical Marketing Manager - Security F5 Networks P 206.272. F 206.272.5556 www.f5.com D 206.272.6740 Follow @dholmesf5 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: 1.0.1beta1, incompatibility with gnutls?
On 03/08/2012 11:05 PM, David Holmes wrote: I'm trying to use openssl 1.0.1beta1 s_server with gnutls 2.4.1 (gnutls-cli). s_server is complaining of an unknown extension (see debug output below). Isn't it the client after the serverhello response? you might want to add -debug and -msg to see the s_server response to what s_server responds and why the client aborts. regarding my earlier hasty message today: the illegal hostname 17.0.0.1 is not a problem in s_server. (I still haven't passed all "ent" certification) :-) Openssl 0.9.8h works just fine though. Is this a known issue? ./openssl s_server -key src/data/server.key -cert src/data/server.crt -tlsextdebug Using default temp DH parameters Using default temp ECDH parameters ACCEPT TLS client extension "unknown" (id=9), len=3 - 02 00 01 ... TLS client extension "server name" (id=0), len=14 - 00 0c 00 00 09 31 32 37-2e 30 2e 30 2e 31 .127.0.0.1 ERROR 4150167176:error:14094456:SSL routines:SSL3_READ_BYTES:tlsv1 unsupported extension:s3_pkt.c:1240:SSL alert number 110 shutting down SSL CONNECTION CLOSED ACCEPT David Holmes | Technical Marketing Manager - Security F5 Networks P 206.272. F 206.272.5556 www.f5.com D 206.272.6740 Follow @dholmesf5 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: 1.0.1beta1, incompatibility with gnutls?
On 03/08/2012 11:05 PM, David Holmes wrote: I'm trying to use openssl 1.0.1beta1 s_server with gnutls 2.4.1 (gnutls-cli). s_server is complaining of an unknown extension (see debug output below). Openssl 0.9.8h works just fine though. Is this a known issue? try beta3, should work better. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SRP in OpenSSL 1.0.1
On 04/04/2012 11:01 AM, Christian Weber wrote: Dear users and developers, we just read through some of the code examples for SRP usage. Concerning the necessary callbacks we wonder why in s_server.c the verifier parametrization is being delayed. Within apps/s_server.c we can find the comment: "When the callback is called for a new connection we return with a negative value. This will provoke the accept etc to return with an LOOKUP_X509. The main logic of the reinvokes the suspended call (which would normally occur after a worker has finished) and we set the user parameters." There seems to be something missing between 'the' and 'reinvokes', so we cannot understand what's being meant. application: Imagine a server that has a large base of users. When the callback is invoked, it would start with some asynch ldap call or whaever else to read a verifier. The callback would return -1, and the SSL_accept fails with the return code ERROR_LOOKUP_X509 (well, I know, by this name was the only one available, borrowed by a reciprooque feature in the client. The application would do some select call on whatever filedescriptors. As soon as the verifier is available, the application stores this somewhere, and calls SSL_accept again, which in this case will cause the callback to return the verifier. Nothing about srp is documented so far. The code in apps/server.c is not doing any select loop, it just calls the SSL_accept twice. This is done to illustrate the possibilities of the callback. The callback 'pretends' that the data are not there. I do not really like to use the verifier file as it is done in the example, since one needs to restart a server after modifying a user. May it be a security impact to implement the lookup within the callback itself (as done in ssl/ssltest.c, based on user's password) or may there be other error conditions which are covered by relocating the lookup to init_ssl_connection in apps/s_cerver.c? As I wrote abone, the while loop to do SSL_accept is not exactly what you would want to do in a real application. The simulated logic flow is: i=SSL_accept(con); if ( i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP ) do whatever is necessary to get the verifier, in this case simulated by srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); since there is nothing async to do in the example. and then do another i=SSL_accept(con); I could have folded out the loop to get out the init_ssl_connection etc. Any opinions about possible security weakening against implementing the lookup within the callback? There may be many ways to store and create a verifier. One could for example on the fly generate a one time password, send it as an SMS, store the verifiers in an LDAP. Therefore the callback allows an application to choose whatever means it wants to implement, openssl is not charged to read files, make network requests or whatever. Peter TIA -- Christian Weber __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to get the Certificate Keyusage retire error ? (lCert->ex_kusage =0)
On 04/04/2012 02:51 PM, brajan wrote: I am using openssl 0.9.8g version . i convert the PEM certificate file to X509 format and try to read the key usage value . Keyuage =lCertificate->ex_kusage ; Some time the keyusage = 128 Some time Keyusage is 0 for the same certificate . why this problem occurs ... the flags are set by one of functions in crypo/v3_purp.c try callX509_check_ca(lCertificate) before accessing __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
policy checking in openssl
Hello, some recent changes in openssl (1.0.0) done by Stephen Henson are about an addition to have policy checking in path validation. I am trying to find out how to configure a small hierarchy with one root and one operational CA, i.e. one that issues certs to end entities, in the following way: The operational CA (by itself as a standalone CA) has two policies i.e. it may create end entities with a OID 1 and others with OID 2 as a certificatePolicy. The root CA is a trust anchor for some application, let's say a web server or some email signature validator. The root CA wants to issue a certificate that limits a valid path only for those end entity certs with, let's say OID 1, and for the others the path would not be valid. I think that 'openssl verify' in 1.0.0-beta2 should be usable as is for testing. TIA for any hint. Peter Sylvester __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: policy checking in openssl
Hi, Note that policy procesing has to be specifically enabled with the appropriate verification arguments, it isn't by default. Yes "openssl verify" is usable for testing. Steve. thanks for the answer. Works like a charme when using -explicit_policy -policy anyPolicy for example. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
certificate verify callback API question
Hello, In 1.0.0beta it seems that the interface between the certificate verify callback and the store context has slightly changed. The X509_STORE_CTX_get_current_cert may now return NULL which was not the case before the introduction of policy checking. Is it the responsibility of the callback not to assume a non-null pointer now, for example not to simply call X509_oneline to format the cert subject? At least the verify callbacks currently in use in apps check this (except for s_cb which is used by s_server, but which is not yet affected). The example in the openssl docs uses X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); but also: X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert) Thanks in advance for any information. Peter Sylvester __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: certificate verify callback API question
Somehow I missed the response. Good, that there are archives: > Those examples need updating. Use of X509_NAME_oneline() has been discouraged > for some time. Yes, seems so, Any other function that takes a NULL X509* may also have a problem. My question was simply to confirm that a NULL pointer *can* happen. > While this is true it wont happen unless you explicitly set policy checking > along with some additional flags. If an application does set the extra flags > it is expected to understand the implications in the callback. Yes. If they are documented :-) > One case is when you set a flag to require an explicit policy but there is > none in the chain. In that case the error isn't tied to one particular > certificate but the chain itself. > The other case is when you set a flag to notify that policy checking has > succeeded. Again this means the whole chain is OK and not indicating anything > right/wrong with a particular certificate. That is what I figured out. I am not asking for a change, here a kind of devil's advocate argument: Leaving the pointer unchanged (i.e. the end entity) would that hurt much? One could still interprete: "no policy related to the chain that ends with the cert ..." and "The chain for cert xxx is valid and we have policy yyy". At least in case of the missing explicit policy error, a callback may want to log something of the chain. > Steve. Anyway, thanks for the answer. /P __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Certificate with custom fields
Victor Duchovni wrote: On Fri, Jul 10, 2009 at 10:04:45PM +0200, Akos Vandra wrote: Hello! I need to issue a few certificates with custom fields, with the customers more thoroughly identified, including Full name, Address, Telephone number, blablabla, and even a picture of the poor guy. A certificate is not a database. Put a unique id in the certificate, and use a real database to retrieve the related data. X.509 allows to have all such identity attributes in the subject DN. (except a picture as far as I know). Can this be done with one of the standards which uses openssl, or would I have to make one of my own? For example, why don't any XML.-like certificates exist? Your design is flawed. I am not sure about that. xml certs exist somehow: just reencode with XER encoding rules __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Does OpenSSL support passive decryption?
see http://www.rtfm.com/ssldump/ Ivan Ristic wrote: I am investigating whether it is possible to use OpenSSL to passively decrypt an SSL conversation (with access to a server's private RSA key, of course). Does OpenSSL provide any support for this mode of operation? If there isn't explicit support, I am guessing some of the functionality could be reused (e.g. protocol parsing). I'd appreciate some guidance from someone in the know. Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Is Openssl vulnerable to Null-Prefix Attacks?
Roger No-Spam wrote: Recently there has been some discussion on the Internet regarding so called null-prefix attacks, see http://www.thoughtcrime.org/papers/null-prefix-attacks.pdf. Is openssl vulnerable to this attack?. The attack is not an attack against SSL/TLS, but against implementation of HTTPS (RFC 2818) , FTPS(RFC 4217) , ... Callers of the openssl library which were wrong can/were fixed without any change in openssl OTOH, openssl doesn't make life very easy for clients to compare a hostname against the content of a cert according to 2818. But there is a bug, try 'openssl x509 -text' with -BEGIN CERTIFICATE- MIIDQzCCAiugAwIBAgIGC106rLQUMA0GCSqGSIb3DQEBCwUAMGcxCzAJBgNVBAYT Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X DTA5MDgwNTIwMzM1MloXDTE3MTAyMjIwMzM1MlowVDELMAkGA1UEBhMCTk4xMTAv BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA rMkv3/hSj5nIM9FZJ0ou0nAL9RBAjKosq9DS7R9GKG0zR++hqrUjtIB304IYhbA2 wAajC6qMO2F+G9Sxvn3dlRCSVlmi/dbvwpJnBYmsXw0a0jlO5WlkNX6Gmo82BKJW utIWaB1X9iQmWDTBulhPqbYawEt8ofsZVlxMPUTS+x0CAwEAAaOBizCBiDAWBgNV HREEDzANggtsb2NhbGhvc3QAaDALBgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYB BQUHAwEwHQYDVR0OBBYEFDEAb4+NfTuIPD3/9tQHpeTMetx+MB8GA1UdIwQYMBaA FBJrJNJKaLehsBzNv9ZMzEBbf+BAMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEL BQADggEBAA3mVsQEaDLJKiJfDcLQONqVt9EPRGaRCm6RXIGHZ3mGlK3K99YSEeFc VIFuonJmr1agiXpNZuYjVqUNgXG86NPgvZtpWYLCUL4uvZ+QLLRSGeW+BGYY8U35 NE0hI4EsE9VN2FkIGm+xJ0C4VQ8dU3qu3vzgoJQxY2pwl+phzlEQiOaZ9SlNlIJ0 MFycxnAyoqgXMiNKTN0I7IfSGYoZKqSjmOhJpHGqqbZ2dvD9BiWyiROdYam3CqJg hHkVV5JifBsVATXUWPvgcS2N/Ec3hZ95ttwprut9xut7PD1IPE7twJgTEBY833d0 E4n20bhWVhXyil+F42/IqmRveucu6tc= -END CERTIFICATE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: add extension to an existing (signed) CA certificate
Second, I doubt your organisation is authoritative for the OID arc 1.1.1.1.1 - from what documentation I can find, the 1.1 arc is used for examples, and shouldn't be used in production. You should have your organisation register with IANA to be issued its own correct OID arc (or, I think the French Government maintains an arc under their country arc for organisations and companies in that country). Afnor maintains at least the arc under 1.2.250.1, registration required. I don't know whether 2.16.250 is actually in use. But there is a simpler arc: 1.3.2 followed by the 'siren' or 'siret' number, i.e. an identification of an organisation, no additional registration necessary. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: add extension to an existing (signed) CA certificate
OK, then how do I re-issue my root CA certificate with my already existing ca.key ? If I could have a sample commande line for openssl it would help me . something like OPENSSL x509 -set_serial $SERIAL -clrext -extfile CA-EXTENSION.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-ca.crt -out $PREFIX-ca.der -outform der -sha256 OK, I will coorect these extensions with an appropiate openssl.cnf , but I don't understand why there shouldn't be a certificatePolicy section in my master root_CA !? because it is ignored anyway in a trust anchor. A policy document specifies mainly what you may put into end entity certificates that are created under a PC (and maybe what a certifying CA for your CA may put into a CA cert) If you put it into intermediate CAs, they are filters indicating what that CA can create, whether this is actually tested is still another story. I though that it was "mandatory", meaning that it points to the place where our PKI policy is defined . Depending on what specification? You probably may want to put it into end entities. It does not hurt (much). Whether you want to put filters into CA certificates, is another story. For oid 1.1.1.1.1, years ago we did reserved a IANA oid number (1.3.6.1.4.1.7391 ) we used 7391.2 for ldap, 7391.1 for snmp, is there a recommandation for certificates or 7391.3 would be fine ? As long as "you" own 7391, you organise the name space as you like and there is no (technical) semantics related to such a hierarchie. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: add extension to an existing (signed) CA certificate
Jehan PROCACCIA wrote: Le 26/08/2009 12:17, Peter Sylvester a écrit : OK, then how do I re-issue my root CA certificate with my already existing ca.key ? If I could have a sample commande line for openssl it would help me . something like OPENSSL x509 -set_serial $SERIAL -clrext -extfile CA-EXTENSION.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-ca.crt -out $PREFIX-ca.der -outform der -sha256 thanks for the sample command line, howerver I don't get it clearly ... what are $CAPREFIX-ca.cacert and $PREFIX-ca.crt !? the -extfile CA-EXTENSION.prm could be a localy modified openssl.cnf ? then the -clrext isn't clear to me "delete extensions before signing and input certificate", in the 1st place , I do want to add extensions, why ask openssl to delete them !? All $things are "variables": $PREFIX is the cert that you want to modify (a copy or your root cert) $CAPREFIX the key (and cert) you want to sign with (cert is used to become issuer), agin your root cert and key. CA_EXTENSION.prm is a complete set of extension that you want to have with the initial section containing extensions=whateverlistofextensions. The original input cert contains extensions, they are "ignored" with the -clrext. Only the extensions from the config file are taken. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: add extension to an existing (signed) CA certificate
well, if one takes the standard configuration of openssl, it sets the authoritykey_identifier both the hash and issuer serial, no exception for the root. comment says that pkix recommends that. I do not see this recommandation in the rfcs. at least there is a length paragraph for roots to have an exception, and nowhere it is said you must have both link types. an AKI identifies the KEY, not the certificate btw I am not sure that the issuer/serial logic is correctly implementing this in all implementations. It doesn't mean that the verifying CA certificate must have this issuer/combination, any other CA certificate with the same subject DN and same key is also ok. S my 2centimes /P __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: TLS CA Certificate Loading in DER format
I think the desired function is X509_STORE_add_cert SSL_CTX_use_certificate is to select you own certificate. Francois Dupressoir wrote: Hello Ram, You may be interested in the d2i_X509_fp() function [http://openssl.org/docs/crypto/d2i_X509.html#] in conjunction with SSL_CTX_use_certificate() [http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html#]. Cheers, Francois ramaswamy.bm wrote: Hi, I am to use TLS for securing an application's data transfer. For development purposes I have been using a dummy set of certificates in PEM format. The currently used "SSL_CTX_load_verify_locations" API requires that the certificate be in PEM format. However, in real time scenario, the application being developed MUST make use of certificates in DER format as per the requirements. So I wanted to know whether there is a way to load CA certificates in DER format using any SSL APIs. My search till now for such an API has been unfruitful. Please let me know any if any OpenSSL API is available to load the DER formated certificates. Thanks & Best Regards , Ram __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Getting hostname with openssl library
A better question is to match a given hostname against a certificate and determine whether it obeys the https rules. There can be multiple hostnames and wild cards. The code implemented by "curl" is a complete way to do this. /PS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Getting hostname with openssl library
It does not support subjectAltName extensions. SubjectAltName extension is supported since an eternity, more than 5 years ??? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Subject Issuer Mismatch Bug!!
We have in apps/ in x509.c print_name(STDout, "issuer= ", X509_get_issuer_name(x), nmflag); in crl.c print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag); In order to make a fair change that will potentially hurt everyone, I propose to remove one space and add a blank before the = and change "issuer" to some parameter value but take it into account only when there is an eclipse of the moon visible from the South pole on Earth. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Apache client certificate authentication
Wasn't there a pb with a great number of CA names? There are 16K already? The pb was in apache ad some of my three neurons seem to agree. https://issues.apache.org/bugzilla/show_bug.cgi?id=46952 /PS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Server name indication
Sad Clouds wrote: Hi, is there any sort of documentation on how to use SNI with OpenSSL? As far as I know, only the source in s_client and s_server.c It depends on what side you are, and what do you want to test. As a client, if you want to start a session to a server, and if you somehow have determined that you use a dns name, then you just add the servername to an SSL object before starting the connection. if (servername != NULL) { if (!SSL_set_tlsext_host_name(con,servername)) { BIO_printf(bio_err,"Unable to set TLS servername extension.\n"); ERR_print_errors(bio_err); goto end; } } In s_client there is also a callback to detect whether the server has understood what you send in case you want to act for whatever reason, for tracing in the case of s_client. in curl you have for example the following code: #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) && #ifdef ENABLE_IPV6 (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) && #endif sni && !SSL_set_tlsext_host_name(connssl->handle, conn->host.name)) infof(data, "WARNING: failed to configure server name indication (SNI) " "TLS extension\n"); #endif For example, what functions to use and what steps to take. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: X509 Verify callback
On 05/10/2010 08:43 PM, Chris Bare wrote: Is there a way get have X509_verify_cert retry it's path building after it gets an X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT? My idea is to implement a verify callback that uses the AIA information to download the issuer cert and add it to the stack of untrusted certs. Is this possible, or would I have to let X509_verify_cert error out and call it again? Trying to do path building during path validation may end up in a never ending loop or almost. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to set CA:TRUE, in an existing cert
I'm trying to install a CA cert on my Android phone, to use my university WiFi account, via http://www.realmb.com/droidCert/ I would need to install the GTE CyberTrust Root cert, but it is getting registered as a client cert, not a CA one. If I try to install one with CA:TRUE, then it's working properly. Can you tell me how to add this CA:TRUE propery to a certificate? Make your own root, and then "cross-certify" the GTE public key and id adding the appropriate extensions. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: NameConstraints are not being applied (or I don't know how to enforce them?)
On 06/03/2010 06:11 PM, Dr. Stephen Henson wrote: On Thu, Jun 03, 2010, jeff wrote: I have an example, detailed below, that specifies permitted and excluded subtrees for a sub-CA. Later it uses the sub-CA cert to sign certificate requests adhering to and violating the name constraints both, even though the nameConstraints are marked as critical. Is this OpenSSL misbehaving or did I miss something when creating the sub-CA certificate or issuing the user certificate? thanks/jeff This would be much easier to test if you'd attached all the relevant certificates and how you are testing them. IMO I do not think that there is any code in openssl that checks during creation whether a new certificate would violate some naming constraints. This is an issue for the registration authority In principle, these are things to be verified by a relying party, and the relying party's trust set containg maybe cross certs with all kinds of restrictions cannot be knwn at that point. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SSL_CTX_set_verify issue
On 08/06/2010 10:54 AM, Manjunath1847 wrote: I am using SSL_CTX_set_verify() function to set my static C callback verify function. During HTTPS transaction, my callback is also getting called with first parameter 0 or 1 (depending upon of the certificate verification is success or failure). But even if my certification verification is failure I want to continue. So I have hard coded return value as 1 always from my callback function. But still I see the certification error and I don't get the page. Any suggestion please? You might want to try X509_STORE_CTX_set_error(ctx, X509_V_OK) ; __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verifying X509 Certificates Using The OpenSSL API
try rehash the certs I am loading the certificate stores from /etc/ssl/certs which contains the stores that mozilla, chrome, and the like all verify from, but no matter what I do I can't get a single certificate to verify.
Re: Subject alternative name
You can use environment variables in the config file like extensions = x509v3 [ x509v3 ] subjectAltName = @subjectAltName keyUsage= critical,keyEncipherment extendedKeyUsage = serverAuth crlDistributionPoints = $ENV::CRLDP subjectKeyIdentifier = hash authorityKeyIdentifier = keyid [ subjectAltName ] DNS = $ENV::DNSNAME On 08/24/2010 07:47 AM, Gerald Iakobinyi-Pich wrote: Hello, I have managed to create a certificate containing different values for the "subject alternative name". But now I would like to be able to set this value (this alternative names) from the command line, when I invoke OpenSSL. Is there any possibility to do that? My target here is to avoid to have to modify the config file each time I have to generate a certificate with other alternative names. Thanks, Gerald __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify X.509 certificate, openssl verify returns bad signature
The encoding is invalid BER. The openssl is tolerant but also destructive in copy. whenever you use openssl x509 -in -out ... you remove one leading 0 octet. IMHO openssl should reject the cert because of invalid encoding. On 08/29/2010 04:17 AM, Mounir IDRASSI wrote: Hi, The problem you are encountering is partly caused by the way OpenSSL handles integers whose DER encoded value starts with one or more zeros : in this case, OpenSSL removes the leading zero when creating the corresponding ASN1_INTEGER structure thus leading to the fact that computed DER of this structure and the original one will be different!! In your case, the certificate you are trying to verify has a DER encoded serial number "00 00 65". So, OpenSSL will create an ASN1_INTEGER with a value of "00 65". And in the course of the certificate signature verification, this structure will be encoded to DER which will lead to a encoded value of "00 65". Thus, the generated DER of the CertInfo will be different from the original one, which explains why the signature verification fails. After some digging, I found that part of the problem is caused by the functions c2i_ASN1_INTEGER and d2i_ASN1_UINTEGER in file crypto\asn1\a_int.c. At lines 244 and 314, there is an if block that removes any leading zeros. Commenting out these blocks solves the DER encoding mismatch but the verification still fails because the computed digest is different from the recovered one. I will continue my investigation to find all the culprits. Meanwhile, the question remains why in the first place the removal of the leading zero from the parsed DER encoding was added since this clearly have the side effect of making the computed DER different from the original one. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/28/2010 10:43 PM, Goran Rakic wrote: Hi all, I have two X.509 certificates MUPCAGradjani.crt and MUPCARoot.crt downloaded from http://ca.mup.gov.rs/sertifikati-lat.html Certificate path is MUPCARoot> MUPCAGradjani and I would like to validate MUPCAGradjani against the other. What I did is to convert both to PEM format and rename them by hash as efd6650d.0 (Gradjani) and fc5fe32d.0 (Root) using this script: #!/bin/bash hash=`openssl x509 -in $1 -inform DER -noout -hash` echo "Saving $1 as $hash.0" openssl x509 -in $1 -inform DER -out $hash.0 -outform PEM Now I run: $ openssl verify -CApath . efd6650d.0 error 7 at 0 depth lookup:certificate signature failure 16206:error:04077068:rsa routines:RSA_verify:bad signature:rsa_sign.c:255: 16206:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:173: Hm, that is not working. What am I doing wrong here? I am running OpenSSL 0.9.8k 25 Mar 2009 on Ubuntu 10.04 GNU/Linux. I also have my personal certificate issued by MUPCAGradjani that I would like to verify but it is failing with the same error (just one level down): $ openssl verify -CApath . qualified.pem qualified.pem: /CN=MUPCA Gradjani/O=MUP Republike Srbije/L=Beograd/C=Republika Srbija (RS) error 7 at 1 depth lookup:certificate signature failure 16258:error:04077068:rsa routines:RSA_verify:bad signature:rsa_sign.c:255: 16258:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:173: When I install downloaded certificates in Windows using Internet Explorer and doubleclick on my personal certificate (qualified.cer) it looks valid. I am not sure, but I believe it is doing certificate chain validation so the certificates and paths should be valid. After all they are issued by a trustful CA. Output of "openssl x509 -nameopt multiline,utf8,-esc_msb -noout -text -in $1" looks reasonable for both downloaded certificates and is the same before and after conversion to PEM (using -inform DER in the first case). My take on this is that I am not doing conversion properly or maybe the original certificates are in some other format requiring extra argument, but I can not find answer in the docs. How can I properly validate X.509 certificate from http://ca.mup.gov.rs/sertifikati-lat.html by certificate chain? Kind regards, Goran __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated Li
Re: Verify X.509 certificate, openssl verify returns bad signature
On 08/29/2010 01:20 PM, Mounir IDRASSI wrote: Hi Peter, Although the certificate's encoding of the serial number field breaks the BER specification about the minimal bytes representation, it is known that many CA's and libraries treat this field as a blob and usually encode it on a fixed length basis without caring about leading zeros. Specifically, Peter Gutmann in his X.509 Style Guide says this about this field : "If you're writing certificate-handling code, just treat the serial number as a blob which happens to be an encoded integer". You are citing out of context. There is a reference to negative integers which can happen 50%. A text written 10 years ago is not really an excuse for a certificate from this year. Moreover, major PKI libraries are tolerant vis-a-vis the encoding of the serial number field of a certificate and they verify successfully the certificate chain given by the original poster. So what. The certs are still wrong. For example, NSS, GnuTLS and CryptoAPI accept the given certificates and verify successfully their trust. hm, inserting the certs into Firefox says to me that the certs cannot be validated for unknown reasons. The decoders in NSS and GnuTLS accept all kinds of bad encodings, the BER/DER decoders being very tolerant. Supporting or not specific broken implementations have always been the subject of heated debates. X509 has been updated to decode and reencode a certificate, in this sense openssl's behaviour of silently dropping one octet is not very nice. But there are other potential minor deviations. Concerning the specific issue here, it's clear that OpenSSL is too restrictive compared to other major libraries since this is a minor deviation from the BER specs (i.e. minimal bytes representation) and thus hurts deployments of real-world certificates. Others are EXTREMLY permissive in decoding. This minor deviation results in ambiguous DER. Assumed two values 0001 or 01, are these the same serialnumber, or not? This is asking for real trouble. Even when taking as a blob, displaying will show 1 for both in "major" implementations. I'd rather see openssl be more restrictive and reject bad encodings (I am not talking about a negative number here). and what about version: 02060002 020601230002 some treat the second as a v3 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify X.509 certificate, openssl verify returns bad signature
On 08/29/2010 07:38 PM, Mounir IDRASSI wrote: Hi Peter, Thank you for your comments. As I said, this kind of debates can be very heated and going down this road don't lead usually to any results. The debate may be whether and how something should be done in openssl, I admit I had started that one. I am the first one to wish that the PKI world out there is ideal and everyone uses correctly validated modules. Unfortunately, we constantly have to balance between correctness and practicalness. Some programs are not strict in verification, so be it. But that has nothing to do with the fact that the certs in question are not correctly encoded and may create unexpected behaviour... Concerning Firefox check, I have managed to load the chain and to validate it correctly using Firefox 3.6.8 under Windows and Ubuntu 10.04. I'm attaching screenshots. Try edit the trustsetting. Or: Try load them without setting any trust during loading and to set some later through the certificate management. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify X.509 certificate, openssl verify returns bad signature
Nit: redundant leading 00 (or FF) in an INTEGER is VALID *B*ER but INVALID *D*ER. And signed things like certs are *D*ER for exactly this reason, so a reconstructed encoding is bit for bit identical and hashes and signatures etc. work. BER is already 'distinguished" concerning the content octets of an INTEGER. X.690: 8 Basic encoding rules ... 8.3 Encoding of an integer value 8.3.1 The encoding of an integer value shall be primitive. The contents octets shall consist of one or more octets. 8.3.2 If the contents octets of an integer value encoding consist of more than one octet, then the bits of the first octet and bit 8 of the second octet: a) shall not all be ones; and b) shall not all be zero. NOTE – These rules ensure that an integer value is always encoded in the smallest possible number of octets. 8.3.3 The contents octets shall be a two's complement binary number equal to the integer value, and consisting of bits 8 to 1 of the first octet, followed by bits 8 to 1 of the second octet, followed by bits 8 to 1 of each octet in turn up to and including the last octet of the contents octets. NOTE – The value of a two's complement binary number is derived by numbering the bits in the contents octets, starting with bit 1 of the last octet as bit zero and ending the numbering with bit 8 of the first octet. Each bit is assigned a numerical value of 2N,where N is its position in the above numbering sequence. The value of the two's complement binary number is obtained by summing the numerical values assigned to each bit for those bits which are set to one, excluding bit 8 of the first octet, and then reducing this value by the numerical value assigned to bit 8 of the first octet if that bit is set to one. Chapter 10 and 11 don't say anything about INTEGER. The length field in definite encoding may have redundant zeros though in BER DER: 10.1 Length forms The definite form of length encoding shall be used, encoded in the minimum number of octets. [Contrast with 8.1.3.2 b).] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Confusion about subject alternative names
Since webmail, imap, smtp(s) all operate on different ports, and you have different listeners, the correct way to me seems to use three certificates with the desired hostnames etc. Having the same IP address doesn't matter in this particular case. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: CA generation/certificate serial number
openssl is VERY tolerant concerning the encoding/decoding of an INTEGER value. Other decoders may not like such things as length 0 etc. When converting such a beast from DER to PEM or the other way, you might have a surprise. From X.690: 8.3 Encoding of an integer value 8.3.1 The encoding of an integer value shall be primitive. The contents octets shall consist of one or more octets. 8.3.2 If the contents octets of an integer value encoding consist of more than one octet, then the bits of the first octet and bit 8 of the second octet: a) shall not all be ones; and b) shall not all be zero. NOTE – These rules ensure that an integer value is always encoded in the smallest possible number of octets. 8.3.3 The contents octets shall be a two’s complement binary number equal to the integer value, and consisting of bits 8 to 1 of the first octet, followed by bits 8 to 1 of the second octet, followed by bits 8 to 1 of each octet in turn up to and including the last octet of the contents octets. NOTE – The value of a two’s complement binary number is derived by numbering the bits in the contents octets, starting with bit 1 of the last octet as bit zero and ending the numbering with bit 8 of the first octet. Each bit is assigned a numerical value of 2N, where N is its position in the above numbering sequence. The value of the two’s complement binary number is obtained by summing the numerical values assigned to each bit for those bits which are set to one, excluding bit 8 of the first octet, and then reducing this value by the numerical value assigned to bit 8 of the first octet if that bit is set to one.Giang Nguyen wrote: nils Frédéric Donnat wrote: Hi, Sorry for the mistake (nothing to deal with openssl.cnf file). I was just looking for ca.txt file. Is it normal behavior of openssl to be able to view a certificate without serial number using (without any error mentioned): openssl x509 -in some_cert_without_sn.pem -text But to be unable to verify it using: openssl verify -CAfile some_cert_without_sn.pem some_cert_without_sn.pem Sample: (attached self-sign cert name pipo-bad.pem) hmm, the attached certificate as has a serial number it's 0x0 actually the attachment http://www.mail-archive.com/openssl-users@openssl.org/msg41447/pipo-bad.pem does not have a serial number; that field is has lenght of zero: 0:d=0 hl=4 l= 546 cons: SEQUENCE 4:d=1 hl=4 l= 395 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 0 prim: INTEGER :00 15:d=2 hl=2 l= 13 cons: SEQUENCE 17:d=3 hl=2 l= 9 prim: OBJECT:md5WithRSAEncryption similar to the certificate i posted in the "signature failure when certificate contains no serial number (ie, not one that equals zero)?" thread: arch [apps]$ cat /tmp/no_serial.pem -BEGIN CERTIFICATE- MIIBCzCBtqADAgECAgAwDQYJKoZIhvcNAQEFBQAwDzENMAsGA1UEAxMEdGVzdDAe Fw0wNDA3MjIxNzU3MTlaFw0xMzAxMjMxNTIxMzVaMA8xDTALBgNVBAMTBHRlc3Qw XDANBgkqhkiG9w0BAQEFAANLADBIAkEAsUDN7wFJBTJC+/BtbDzomHvDA6xMAxpx zy4pDdkKBH0Key8yCxJ8dH1c8vNwaRfC5QgMZDxBY+o2n2DvrGrL+QIDAQABMA0G CSqGSIb3DQEBBQUAA0EAiWk2QM5lxijnjQE/D/tsoWf0LZvPIuPC7laTUFUrAIKr JbkAQ9rrf33pf+7JIhiJIgFxVVgOv2PXYKPWC7duUA== -END CERTIFICATE- 0:d=0 hl=4 l= 267 cons: SEQUENCE 4:d=1 hl=3 l= 182 cons: SEQUENCE 7:d=2 hl=2 l= 3 cons: cont [ 0 ] 9:d=3 hl=2 l= 1 prim: INTEGER :02 12:d=2 hl=2 l= 0 prim: INTEGER :00 14:d=2 hl=2 l= 13 cons: SEQUENCE 16:d=3 hl=2 l= 9 prim: OBJECT:sha1WithRSAEncryption [EMAIL PROTECTED] simple]$ LD_LIBRARY_PATH=/usr/local/ossl-0.9.8/lib /usr/local/ossl-0.9.8/bin/openssl verify -verbose -CAfile pipo-bad.pem pipo-bad.pem pipo-bad.pem: /C=UK/CN=OpenSSL Group error 7 at 0 depth lookup:certificate signature failure 18588:error:04077068:rsa routines:RSA_verify:bad signature:rsa_sign.c:218: 18588:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:168: well the signature really seems to be wrong. How did you create the certificate ? as to how i generated the certificate with no serial number, i simply commented out the code and ran "./openssl req" without specifying "-set_serial": arch [apps]$ diff -u req.c.BAK req.c --- req.c.BAK 2007-12-29 12:26:41.0 -0800 +++ req.c 2007-12-29 12:39:11.0 -0800 @@ -937,16 +937,18 @@ { if (!X509_set_serialNumber(x509ss, serial)) goto end; } - else - { - if (!rand_serial(NULL, - X509_get_serialNumber(x509ss))) - goto end; - } if (!X509_set_issuer_na
Re: any reference to different certificate versions
Kyle Hamilton wrote: X.509 refers to the certificate version. 0 == version 1, 1 == version 2, 2 == version 3. Version 1 certificates have no means for any extensions. Version 2 certificates are CRLs. CRLs use the asn1 type Version. CRLs with extensions have Version 2, but this has nothing to do with certificates. Version 2 may be used for certificates that have unique identifiers but no extensions. Since nobody seems really to use this, and there is no support in Openssl, and one still may indicate version 3 ... To be complete, these Version values also have nothing to do with the version number of the X509 standard. Version 3 certificates are the current norm, and most likely what you want. 'Current norm' means what? I'd say: Since you most likely add extensions, then version 3 is what you set. I seems unlikely to me that a future version of X509 will change the verision number of a certficate. This would be necessary if add some asn1 field after the extensions instead of defining an extension. IMO, a call to X509_set_version should not be necessary. openssl could ensure to set a good value depending on whether you have extensions of not unless the version has been set to explicitely. The best reference currently is RFC5280, and all of its references. -Kyle H On Tue, Aug 19, 2008 at 2:08 AM, Sanjith Chungath <[EMAIL PROTECTED]> wrote: Hi, I can set a certificate version using function X509_set_version(). Can some one give me a reference to different certificate versions that are available and the significance of each version number. -Thanks and Regards, -Sanjith. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: Decoding ASN.1 certificate content
IMO a good approach is also to simple read and understand apps/x509.c __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Decoding ASN.1 certificate content
Victor B. Wagner wrote: On 2009.05.20 at 18:28:42 +0200, Peter Sylvester wrote: IMO a good approach is also to simple read and understand apps/x509.c Unfortunately, it wouldn't help much. x509 utility does work only with certificates in files (or stdin), so it uses d2i_X509_bio. In this case certificate is stored in the memory buffer, so it seems to be an extra overhead first to create BIO_mem from this buffer and then decode it using d2i_X509_bio. Right, but I was unprecise, on needs 1 : how to initialise the openssl library, load error strings, etv 2 : decoding, yes not using d2i_X509_bio but d2i_X509 3 : extract, and print the content /P __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Question about x509
Selon Kyle Hamilton : > On Thu, May 21, 2009 at 11:55 PM, loody wrote: > > Hi: > > > > thanks for your help. > > By your explanation, in der form, the leading 00 seems like a padding byte. > > ( Is there spec which says it must put 00 here?) > > from my example, the number af:4f:8a:97:14:f7 is negative, since > > the high bit, 0xaf, is set. > > appreciate your kind help, > > miloody > > Yes, there is a specification which states that you must put 00 there. > It's called the "Distinguished Encoding Rules" of the "Abstract > Syntax Notation One" (ASN.1). The DER can be found in the ITU > document number X.690; the ASN.1 can be found in ITU document number > X.680. This is specified in BER, not in DER: X.690 8.3. 8.3 ENCODING OF AN INTEGER VALUE 8.3.1 The encoding of an integer value shall be primitive. The contents octets shall consist of one or more octets. 8.3.2 If the contents octets of an integer value encoding consist of more than one octet, then the bits of the first octet and bit 8 of the second octet a) shall not all be ones; and b) shall not all be zero. NOTE These rules ensure that an integer value is always encoded in the smallest possible number of octets. 8.3.3The contents octets shall be a twos complement binary number equal to the integer value, and consisting of bits 8 to 1 of the first octet, followed by bits 8 to 1 of the second octet, followed by bits 8 to 1 of each octet in turn up to and including the last octet of the contents octets. NOTE The value of a twos complement binary number is derived by numbering the bits in the contents octets, starting with bit 1 of the last octet as bit zero and ending the numbering with bit 8 of the first octet. Each bit is assigned a numerical value of 2N, where N is its position in the above numbering sequence. The value of the twos complement binary number is obtained by summing the numerical values assigned to each bit for those bits which are set to one, excluding bit 8 of the first octet, and then reducing this value by the numerical value assigned to bit 8 of the first octet if that bit is set to one. > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > :§I"Ï®ÞrØm¶ÿà (¥éì²Z+K+©¦í1¨¥xËh¥éì²[¬z»(¥éì²Z+¢fyÒâ²Ó¨®f£¢·h)z{,à
Re: Question about x509
what is the X series mean? guess where the X in X509 comes from. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Question about x509
There is also CER. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to trust a 'root' certificate
On 04/26/2012 03:58 PM, Tammany, Curtis wrote: I don't see this as an Apache issue. The site has required client certs for years now and Apache was configured to require client certificates. I have intermediate DOD certs on the server but OpenSSL sees my DoD Root certificate as un-trusted self-signed so the chain is broken. From http://www.openssl.org/support/faq.html: " 5. Why does fail with a certificate verify error? This problem is usually indicated by log messages saying something like "unable to get local issuer certificate" or "self signed certificate". When a certificate is verified its root CA must be "trusted" by OpenSSL this typically means that the CA certificate must be placed in a directory or file and the relevant program configured to read it. The OpenSSL program 'verify' behaves in a similar way and issues similar error messages: check the verify(1) program manual page for more information." How can I get OpenSSL to "trust" my DOD root certificate? In general all certificates that you have in the apache as client CAs are trusted but they need to chain up to some root which must be part of the set. If the certficates are in a directory, and you have changed the openssl version, you might want to rehash. The hash logic had been changed at some version. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to trust a 'root' certificate
On 04/26/2012 05:20 PM, Tammany, Curtis wrote: In my htaccess file I have the following: SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 5 SSLOptions +ExportCertData In my httpd.conf file, I have the following: SSLCACertificatePath conf/certs/ SSLCACertificateFile conf/certs/DOD_EMAILCerts.crt I am not sure which one takes precedence, but having both is probaly not ok with apache. Try : cd conf/certs/ c_rehash That's for linux. But for windows, the openssl logic is the same, it open the file. opensll doesn't know whether it is a link or a file. So DOD_EMAILCerts.crt contains the root cert plus many intermediates. The site has been working fine for the most part for years. We are tracking SSL_CLIENT_VERIFY in our log file and with some Windows 7 clients, they cannot connect and we are seeing " FAILED:unable to get local issuer certificate" in the log. As I said in an earlier email, used the openssl version -d command and it responded: "OPENSSLDIR: "c:/openssl-1.0.1/ssl" That folder does not exist. Running openssl verify DOD_EMAILCerts.crt (with the cert file in the bin folder) returns: DOD_EMAILCerts.crt: C = US, O = U.S. Government, OU = DoD, OU = PKI, CN = DoD Root CA 2 error 18 at 0 depth lookup:self signed certificate OK with that command you are verifying the first cert in that file, and since it it is probably self signed, you cannot do that. If, on the other hand you happen to have an intermediate as the beginning you get the other cannot find issuer message. From http://www.madboa.com/geek/openssl/ I read: " error 18 at 0 depth lookup:self signed certificate. Unless you make an exception, OpenSSL won’t verify a self-signed certificate." They also go on to say: " How do I get OpenSSL to recognize/verify a certificate? Put the file that contains the certificate you’d like to trust into the certs directory discussed above. Then create the hash-based symlink. Here’s a little script that’ll do just that. #!/bin/sh # # usage: certlink.sh filename [filename ...] for CERTFILE in $*; do # make sure file exists and is a valid cert test -f "$CERTFILE" || continue HASH=$(openssl x509 -noout -hash -in "$CERTFILE") test -n "$HASH" || continue # use lowest available iterator for symlink for ITER in 0 1 2 3 4 5 6 7 8 9; do test -f "${HASH}.${ITER}"&& continue ln -s "$CERTFILE" "${HASH}.${ITER}" test -L "${HASH}.${ITER}"&& break done done" That is for Linux. How do I get OpenSSL to recognize/verify a certificate on Windows XP/2003? (like step-by-step instructions). ... instead of ln -s you can create a copy ... for more detailed instruction, I'll can charge you 100EUR per line. :-) ... ... Just put all the CA certificates into one file and remove the SSLCACertificatePath and just keep the SSLCACertificateFile Thanks. Curtis -Original Message- From: Peter Sylvester [mailto:peter.sylves...@edelweb.fr] Sent: Thursday, April 26, 2012 10:40 To: openssl-users@openssl.org Cc: Tammany, Curtis; Bernhard Fröhlich Subject: Re: How to trust a 'root' certificate On 04/26/2012 03:58 PM, Tammany, Curtis wrote: I don't see this as an Apache issue. The site has required client certs for years now and Apache was configured to require client certificates. I have intermediate DOD certs on the server but OpenSSL sees my DoD Root certificate as un-trusted self-signed so the chain is broken. From http://www.openssl.org/support/faq.html: " 5. Why does fail with a certificate verify error? This problem is usually indicated by log messages saying something like "unable to get local issuer certificate" or "self signed certificate". When a certificate is verified its root CA must be "trusted" by OpenSSL this typically means that the CA certificate must be placed in a directory or file and the relevant program configured to read it. The OpenSSL program 'verify' behaves in a similar way and issues similar error messages: check the verify(1) program manual page for more information." How can I get OpenSSL to "trust" my DOD root certificate? In general all certificates that you have in the apache as client CAs are trusted but they need to chain up to some root which must be part of the set. If the certficates are in a directory, and you have changed the openssl version, you might want to rehash. The hash logic had been changed at some version. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PHP openssl_x509_parse extensions=>subjectAltName
Yes, it can probably be parsed by any ASN.1 parser. But the OID is private - only the organization knows how to interpret it (or what to do with it). private/public in this context refers to governance/ownership not to "visibility". if the organisation documents the any interested party can interpret it. 311 is one of microsoft's OID branches smart cad login with UPN is documented at least in http://support.microsoft.com/kb/281245 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Are those TLS-SRP cipher suites supported?
On 05/14/2012 02:59 PM, marek.marc...@malkom.pl wrote: Hello, $ openssl version OpenSSL 1.0.0 29 Mar 2010 $ openssl ciphers -V For SRP one should use the 1.0.1 version. openssl version OpenSSL 1.0.1 14 Mar 2012 openssl ciphers SRP SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Cert order in .pem format
On 05/18/2012 06:03 AM, kthiru...@inautix.co.in wrote: Team, Had a query in the certs that we load, The CA's provide our certs in .p12 format, which we need to convert to a .pem and load to SSL structure during initialization. On converting to .pem, it is in the following format, "Private Key, CA Certs and Domain Certificate". In our code, we use the below snippet to load keys in in SSL structure, 1. err = SSL_CTX_use_certificate_chain_file(ctx, KeyFile); 2. SSL_CTX_set_default_passwd_cb(ctx, passwd); 3. err = SSL_CTX_use_PrivateKey_file(ctx, KeyFile, SSL_FILETYPE_PEM); 4. SSL_CTX_check_private_key(ctx); When i use the same order in the key ( "Private Key, CA Certs and Domain Certificate" ), the above fails in step 3. So we have to rearrange this order to "Domain Certificate, Private Key and CA Certs" for the above snippet to work properly. We are trying to reduce the effort here, for someone to rearrange this cert order. Can you suggest some other way to convert the certs as expected by the code or change the order of our code. load the P12 file directly in your code
Re: variable response size of "openssl rand" on windows
some new line -> CRLF conversion may have hit. On 06/04/2012 04:29 PM, Ken Goldman wrote: A typical openssl user error is treating binary data as text. Random numbers are not text until you convert them with -hex. My guess is that Windows is treating some binary character specially, and this causes your version of wc to fail. Linux is handling the binary correctly. So I doubt it's an openssl bug - just a strange interaction with binary streams, Windows, and wc. On 6/3/2012 6:34 PM, alexis _ wrote: I tried to generate 100 bytes using openssl rand 100 But i observed on my Windows machine (openssl from cygwin) that sometimes the result is not always 100 bytes long, I experienced 101, 102... However, while using -hex switch, the variable size issue does not seem to reproduce. Observation does not reproduce at all on Ubuntu 12.04 btw (see version info below) Do you guys reproduce the behavior ? Am i missing something obvious ? is it related to my environment ? is it an openssl bug (i have not seen anything like this on http://rt.openssl.org/index.html?q=rand) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: self-generated, self-signed root CA and Client Auth Certs not working
On 06/05/2012 07:14 PM, DRings wrote: I've spent too much time trying to figure out something that is probably well know here. I have a restricted community application that seems a perfect fit for using openssl to self-generate our own CA, and self-sign it, and self-generate our own web client authentication certificate and self-sign them. All this so that we can validate the Distinguished Name presented when web browser connecting to our nginx web server. I assume you mean 'sign it by your CA' I have done all this many times but have not been able to get various web browsers to use the self-generated/self-signed client authentication certs. I have imported both the CA.crt and the client.crt into the OS certificate store. But after that the web browser does not seem to use the cert for authentication. I've tried to set the properties on the imported certificate to be used for "web client authentication". - it just does not work! Youalso need to configure your server to ask for client certificates of your CA. I just cannot keep spending time on this problem. If I cannot find help, I will urge the the requirement for client certs be dropped from the project. (personal lore) It seems that the web browsers fail because our self-generated/self-signed CA is not signed by some higher CA that is trusted. Is that true or false? They don't fail, they warn that your ca that has signed your server certificate is not installed by default as a trusted ca. If it is false, I need help to overcome the failure of the web browsers to correctly use our certs. Thanks David __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Client certificate verification
On 06/29/2012 09:29 PM, Sukalp Bhople wrote: Hello, I am trying to measure server performance for client certificate verification. However, there is no significant difference in the server performance when I send one certificate and condition when I send chain of 10 certificates. I am aware that certificate verification is a public key operation. But shouldn't it make some difference? is there any cashing mechanism or something else? cash or cache. cache is french. -- Regards, *Sukalp Bhople.*
Re: X.509 certificate subject format
On 07/02/2012 10:34 AM, Johannes Bauer wrote: Hi list, I have a rather simple question regarding X.509 subjects that is not entirely clear to me and for which I cannot find the appropriate reference (pointers greatly appreciated). The trouble starts when trying to compare two subjects of *different* certificates for equality and becomes worse when certain fields are appearing more than once. To clarify, by "equal" I mean 'should behave in exactly the same way by all well-behaved implementations. Let's start easy. Consider the following subjects: subject1= /C=SE/O=FooBar/OU=BarFoo/CN=moo.koo.com subject2= /C=SE/OU=BarFoo/CN=moo.koo.com/O=FooBar Are these to be considered equal or not? Not equal. beware, you are using a textual representation which is probably the one of openssl. So C=SE is the first in the DN sequence. Note that there is also the possibility to put several attribute into one RDN. I.e.: Does the order of elements matter? Yes. Does the order matter when fields are duplicate, i.e. are: subject1= /CN=foo/CN=bar subject2= /CN=bar/CN=foo equal? No. If they are not equal, does the first one have a special meaning? X.509 and RFC 5280 defines a hierachical order of the relative disdintiguised names that make up the sequence of the distinguished name. For example, assume a webserver with a duplicate common name field. Are both names valid as the server name then? No. I.e. could I access a webserver with the certificate subject as stated above by DNS "foo" *and* "bar" or only by one of them? This depends on the implemention of the client, and also whether you have a subjectAltName extension. If there is a sibjectAltName extension, the common name is (not supposed to be) used by a client. One reason to ask for equality is that there maybe is a certificate X: issuerX = /O=myCA/OU=greatCA/CN=not subjectX= /CN=foo/CN=bar and it has a valid signature by a CA with the following subject: issuerX = /OU=greatCA/O=myCA/CN=not Is the certificate signature then valid? The certificate signature may be cryptographically valid, but not the name chain in a path validation. At least it shouldn't, there had been errors in some toolkits in the past that treated the hierarchy as a heap of attributes. /P __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: TS verify: how to fix "Verify error:self signed certificate in certificate chain" ?
On 07/10/2012 02:38 AM, Dave Thompson wrote: From: owner-openssl-us...@openssl.org On Behalf Of Sandro Tosi Sent: Monday, 09 July, 2012 10:15 /usr/bin/openssl ts -verify -sha256 -untrusted -CAfile -data -in and the output we get is: 140119872083624:error:2F06D064:time stamp routines:TS_VERIFY_CERT:certificate verify error:ts_rsp_verify.c:246:Verify error:self signed certificate in certificate chain We're using a Debian system, so we copied the CA into /etc/ssl/certs/ but we still see that problem: how can we fix it? is there a way to get a more descripting trace of the problem? Can we run manually all the steps to verify the reply? Your problem is not verifying the message itself, but verifying the certificate that assures it. removing the CA root from the may help. at least I think that must not contain any self signed cert, this is what the error message seems to suggest __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: create certificate request programmatically using OpenSSL API
You can take the code in apps/req.c and extract the pieces you need. On 07/20/2012 10:17 AM, Abyss Lingvo wrote: Hi all! How to create certificate request programmatically via OpenSSL API? This is the solution for command line utility: openssl genrsa -out server_key.pem -passout pass:$passwd -des3 1024 openssl req -new -key server_key.pem -passin pass:$passwd \ -passout pass:$passwd -out server_req.pem -days 1095 \ -subj /C=US/ST=City/L=City/O=company/OU=SSLServers/CN=localhost/emailAddress=sslser...@company.com How to do the same but using OpenSSL API? Best Regards xidex
Re: Missing entries in index.txt database - Generating CRL
On 08/09/2012 12:57 PM, int0...@safe-mail.net wrote: Hi ... After that I generated a CRL (I own the CA) which then contained the certificate with the serial 0x06. My question now is, would that be a proper workaround or is there a better solution? Since the CRL only contains the serial numbers of the certificates, this seems to work although it is not a very good solution. It is a workaround if you consider the "ca" and "crl" commands as the only officially blessed way to manage certificats,. just because it looks convenient at first glance. You may consider not to use the "ca" command at all, generate certs using "x509" instead, manage their status in whatever database you like and, in order to create a crl using "crl", you just create a temporary file with the R entries, etc. You may even go further and not use "crl" at all but create an asn.1 input for "asn1parse", I leave this idea as an exercise .. in other words, once you have understood that you only need some file that has "R"s and numbers, ... your mind should be free to create them in any way you want. Thanks for your help, Martin __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: MIME types for PEM encoded CRLs
On 10/27/2012 02:51 PM, Graham Leggett wrote: Section 4.1 says: Encoding considerations: will be none for 8-bit transports and most likely Base64 for SMTP or other 7-bit transports What I'm after is how to interpret section 4.1 in the context of HTTP content negotiation. Regards, Graham -- Whatever you propose as encoding in your client, you will always end up with a der encoded file. You may try to gzip a crl as xxx.crl.gz and do something like the following in an apache .htaccess AddType "application/pkix-crl" .gz AddEncoding gzip .gz RewriteEngine on ReWriteCond %{HTTP:accept-encoding} gzip ReWriteCond %{REQUEST_FILENAME} !^.+\.gz$ RewriteCond %{REQUEST_FILENAME}.gz -f RewriteRule ^(.+) $1.gz [QSA,L] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Reference material on how to do certificate validation with OpenSSL
The way how common names are verified in The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software is not correct. It gives a false match when there is more than one common name ava __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Find the difference in (milli|micro)seconds between two ASN1_TIME values
On 11/07/2012 06:52 PM, Graham Leggett wrote: On 07 Nov 2012, at 4:50 PM, Ted Byers wrote: Why does it need to be something in openssl? Ideally because it needs to be as secure as openssl. I'm after an accurate time duration between two ASN1_TIME values, that is not dependent on local conditions, or any external libraries. try timegm in perl, or if it needs to be in C, just adopt the code which is just a binary search using the gmtime c function. i.e. you try to set bits to 1, convert to a textual representation untill you find your value. You do not need to know anything about leap years. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to over-ride SSL_CTX_use_PrivateKey_file() behavior with custom engine
On 12/07/2012 11:05 AM, LN wrote: > I have a feeling it does so because I tried to save that returned > EVP_PKEY to a PEM file with PEM_write_bio_PrivateKey and then to load it > back from the same file with PEM_read_bio_PrivateKey. > Saving worked, but loading failed (with some decoding error inside > openss). The length of the base64 string in the PEM file for the key was > very small in comparision with what is usually the length for private keys. > > Often, at least for other HSM, a private key returned does not contain the real p and q values but just some index to enumerate a key in the hsm. These are normally some small numbers and not big primes. you might see this if you do openssl rsa -text yourfile
Re: extensions in certifications
On 12/11/2012 09:45 PM, Michael Mueller wrote: Could I get a nudge. I'd like to get the SANs to show up in my certs. in my request: Requested Extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Alternative Name: DNS:ossvirt4, DNS:gws001 these are not dns names. you should review what your client hosts have as a default domain, etc. It is not obvious whether browsers will accept this regarding the hint (and solution) about copying the extension, you should check what you receive as a cert request, e.g. whether someone wants a CA cert for example. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to tell when no more progress can be made
On 01/17/2013 12:10 PM, A G wrote: Hi Here http://marc.info/?l=openssl-users&m=124386218929227 It states that "...This is why it is very important to understand that any possible forward progress on any port (and a write operation that returns WANT_READ may have made forward progress!) requires you to retry all pending operations on all ports" So am I correct in understanding that an SSL_read() that returned WANT_READ may have made forward progress (even if it did not return any data)? I have an event driven single threaded app that has 3 non blocking ssl sockets. When each socket completes its connection, I have the sockets read until I get a WANT_READ. My understanding is that a WANT_READ means I may now invoke select() and wait until the socket is ready for reading again. you may also receive WANT_WRITE or WANT_READ when you ssl_write. as long as you do not have interrupted ALL, you do not need to select, after a successful operation you can retry the others, or do a select to determine which are actually ready. a select call is only to avoid a cpu intensive loop on the ssl_read/write operations. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Is ordering of distinguished names for subject and issuer in OpenSSl 0.9.8 certificates important?
Ording is important. unfortunately the default order shown in the textual form is not the same as for ldap tools. using openssl asn1parse shows the encoding, country code should come first. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: possible Bug in OpenSSL - rfc 3161 - TSA service
On 03/11/2013 06:43 PM, kap...@mizera.cz wrote: Hello, ... As I know, the attr. certs are not very necessary => that is why I mean, that temporary solution would be to ignore them in verification process. At least in TS it would solve the problem. Just for info: converting te stuff to pkcs7 and verifying with smime works fine. --kapetr __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: possible Bug in OpenSSL - rfc 3161 - TSA service
the second ess certid says SEQUENCE { OCTET STRING 52 EE 29 A7 35 03 04 F8 94 21 48 72 76 9F 24 78 EB 6C D7 AC } by 3721926ea67e877df5f4e35dd3c87397eef33d4f is the hash of the der version of te intermediate cert. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: possible Bug in OpenSSL - rfc 3161 - TSA service
On 03/11/2013 08:01 PM, kap...@mizera.cz wrote: Of course YES. Timestamp reply is nothing else as CMS SignedData structure. not quite but ts -reply -tokenout converts it to such a thing __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: possible Bug in OpenSSL - rfc 3161 - TSA service
On 03/11/2013 10:31 PM, kap...@mizera.cz wrote: Dne 11.3.2013 21:42, Peter Sylvester napsal(a): the second ess certid says SEQUENCE { OCTET STRING 52 EE 29 A7 35 03 04 F8 94 21 48 72 76 9F 24 78 EB 6C D7 AC } by 3721926ea67e877df5f4e35dd3c87397eef33d4f is the hash of the der version of te intermediate cert. it is the sha1 hash itself and it is NOT hash of any cert in verification chain. openssl ts does not support attribute certs AFAIR __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: possible Bug in OpenSSL - rfc 3161 - TSA service
On 03/11/2013 11:17 PM, kap...@mizera.cz wrote: That is what we talk about here. Try to check previous posts in this thread. rfc 3126 tells This document mandates the presence of this attribute as a signed CMS attribute, and the sequence must not be empty. The certificate used to verify the signature must be identified in the sequence, the Signature Validation Policy may mandate other certificate references to be present, that may include all the certificates up to the point of trust. The encoding of the ESSCertID for this certificate must include the issuerSerial field. RFC 5035 says If more than one certificate is present, subsequent certificates limit the set of certificates that are used during validation. Certificates can be either attribute certificates (limiting authorizations) or public key certificates (limiting path validation). The issuerSerial field (in the ESSCertIDv2 structure) SHOULD be present for these certificates, unless the client who is validating the signature is expected to have easy access to all the certificates required for validation. If only the signing certificate is present in the sequence, there are no restrictions on the set of certificates used in validating the signature. The time stamp does not include issuerSerial in the second esscertid. There is no specification of any profile of time stamps that indicates that a client MUST support attribute certs. I do not think that the authors of 3161, 3126 has in mind any support of attribute certs. I don't recall any profile requiring this. if a timestamp ess would be ok with an attribute cert, what is the client supposed to do? It can verify the signatures of the attribute cert up to some trust anchor, but then? what authorisation is supposed to be checked? that the tsa is allowed to issue certs for a particular policy? (don't yes, maybe). if the TSKlient is able to do something non stadardized special verification, use that one. Peter __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: possible Bug in OpenSSL - rfc 3161 - TSA service
On 03/12/2013 09:30 AM, kap...@mizera.cz wrote: RFC 3161 is written badly. The whole text was a joke anyway. The requester SHALL verify that the TimeStampToken contains the correct certificate identifier of the TSA One may conclude that openssl should simply not validate anything else than the first certificate. And simply ignore the rest of the ESS sequence. Probably with an option. It must not be there, if the attribute cert is available. If the TSQ is with "-cert" => the TAC certificate is included in TSR. (I know - it is not in our example which is "nocert"). Is there anywhere in the policy of the TSA an indication about what a client is supposed to do with the atribute certificate, i.e. where is the documentation of the behaviour of their own client. There are two OID as attributes. . That is what about I "fight" with the Certification Authority. I was (I am) afraid if their timestamps are rfc 3161 compliant or not. They claim YES. What do you thing ? You can add critical extensions into the signing cert, whatever you want, you remain conformant but not interoperable. I'm not sure - on one side you are right: "authors of 3161, 3126 has in mind any support of attribute certs" but on the other side: rfc 3161 simply refers to RFC 2634 where are attr. certs mentioned => they may (can) be there and should not preclude verification process => the client MUST be able understand all what is in tree with 3161 as root. That's because the authors of RFC 3161 had probably overlooked the possibility of attribute certs. T he only reason for using ESSCert was to include a reference to the signing cert (and maybe its chain), but not to allow all options. Although the text says (last sentence): If the certReq field is present and set to true, the TSA's public key certificate that is referenced by the ESSCertID identifier inside a SigningCertificate attribute in the response MUST be provided by the TSA in the certificates field from the SignedData structure in that response. That field may also contain other certificates. I do not think that the last sentence means attribute certificates. In fact RFC 3161 doesn't tell what one has to verify, And, as said in the beginning, there is nothing in the text that says that a client has to verify anything beyong the TSA's signature cert. However, the actual identification of the entity that signed the response will always occur through the use of the certificate identifier (ESSCertID Attribute) inside a SigningCertificate attribute which is part of the signerInfo (See Section 5 of [ESS]). Here one talks about IDENTIFICATION, attribute certs are for something else. BTW: rfc 3126, 5035, ... are not referred by 3161 => in timestamps may be used only and only what is in tree with 3161 as root. => rfc 3126, 5035 are not valid for timestamps. if a timestamp ess would be ok with an attribute cert, what is the client supposed to do? It can verify the signatures of the attribute cert up to some trust anchor, but then? what authorisation is supposed to be checked? that the tsa is allowed to issue certs for a particular policy? (don't yes, maybe). if the TSKlient is able to do something non stadardized special verification, use that one. That is no solution - the Q is: are or are not these timestamps compliant with RFC 3161. Compliant is not the right word, conformant. And since there are no real conformance requirements, the question is almost useless. You may try to use the argument, that the TSA MUST include teh TSA cert into the ESScertid and add and nothing else but that won't word because this argument is French. ;-) The ESS cert that there SHOULD be a issuer and serial. That's not the case. If not, then they have no value. Remark: discussed CA (TSA) is official, one of main CA in our country - whole government things, law (electronic sigs, timestamps, ..), ... depends on such institution. So it is very important Q. The question is interoperability. As said, I think the openssl tests can simply be weakend to only validate the first ESS cert. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: possible Bug in OpenSSL - rfc 3161 - TSA service
for those who don't read openssl-dev Original Message Subject:[openssl.org #3016] openssl ts fix Date: Wed, 13 Mar 2013 16:13:31 +0100 From: Peter Sylvester via RT Reply-To: openssl-...@openssl.org CC: openssl-...@openssl.org Hi, I have "weakend" the Esscertid logic a bit. Only the signer certficate is checked and it must be in the first Esscertid. This resolves issues when TSAs add attribute certs etc. Since RFC 3161 does not require a client to check anything else than the presence of the signer cert (and even is is badly written), I think the verification of a "chain" in the ess was not appropriate logic. regards
Re: Verify callback and sending of the client certificate
On 08/09/2013 11:17 AM, Florian Weimer wrote: Qt installs a verification callback like this |// Register a custom callback to get all verification errors. |X509_STORE_set_verify_cb_func(ctx->cert_store, q_X509Callback); It is not recommended to access to members in the way above, but rather: X509_STORE_set_verify_cb_func(SSL_CTX_get_store(ctx), q_X509Callback); /P __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: CA hierarchy / pathlen:0
On 08/22/2013 01:29 PM, Peter1234 wrote: Hi Walter, I started with release 0.9.8h and just updated to release 1.0.1e (both on MS Windows). The update to release 1.0.1e didn't change anything unless that the new release does not redirect certificates converted from PEM format to text format into specified file: openssl x509 -in Root_Key_SCert.pem -out Root_Key_SCert.txt -text (text is displayed on screen but not redirected to file, worked with release 0.9.8h) Peter Verification of pathlen is for relying parties. If you own the key of a "CA" (the quotes are intended), you can sign whatever structure you want. Openssl just uses a ca certficate as a "helper" to avoid copying its name and some other things. You can use the raw asn1 encoder to create very funny things. No control, nothing, it works as intended. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Certificate extensions
On 09/18/2013 09:53 AM, Eisenacher, Patrick wrote: -Please also note that adding extensions to a certificate request usually doesn't make any sense, as those get added to the certificate solely by the certificate issuer's grace. hi, I seem to disagree, well, "usually" saves you :-) Setting your email address or a server name into the subjectaltname, how do you do this otherwise? setting commonname for the server, ok, setting an email attribute that will them be copied by the CA (and the email removed because it is depracated)? Setting ALL extensions makes a lot of sense, IMO a CA should not add and modify thngs, a CA should *validate* them. The requester indicates what should be in the cert. The current practice by some registrars to add example.org as another name when you have ordered www.example.com etc may be nice for some people, but annoying for others, at best a surprise when policy and practice documents do not even mention these behaviours. Peter Sylvester __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ASN.1 encoding error
Even with sound this would not be BER. i:-) Integers can have 9 or more leading zero bits in BERnot ISO/IEC 8825-1:2008 (E) ITU-T Rec. X.690 (11/2008) 7 8.3 Encoding of an integer value 8.3.1The encoding of an integer value shall be primitive. The contents octets shall consist of one or more octets. 8.3.2If the contents octets of an integer value encoding consist of more than one octet, then the bits of the first octet and bit 8 of the second octet: a) shall not all be ones; and b) shall not all be zero. NOTE – These rules ensure that an integer value is always encoded in the smallest possible number of octets. 8.3.3The contents octets shall be a two's complement binary number equal to the integer value, and consisting of bits 8 to 1 of the first octet, followed by bits 8 to 1 of the second octet, followed by bits 8 to 1 of each octet in turn up to and including the last octet of the contents octets. NOTE – The value of a two's complement binary number is derived by numbering the bits in the contents octets, starting with bit1 of the last octet as bit zero and ending the numbering with bit 8 of the first octet. Each bit is assigned a numerical value of 2N, where N is its position in the above numbering sequence. The value of the two's complement binary number is obtained by summing the numerical values assigned to each bit for those bits which are set to one, excluding bit 8 of the first octet, and then reducing this value by the numerical value assigned to bit 8 of the first octet if that bit is set to one. On 25/02/2021 18:28, Benjamin Kaduk via openssl-users wrote: That sounds like the certificate is encoded using ASN.1 BER rules, that openssl accepts, but the python library is insisting on DER encoding (per the spec). -Ben On Thu, Feb 25, 2021 at 05:19:32PM +, John Robson via openssl-users wrote: Hi all, I'm encountering an error connecting to a device which as far as I can see has a reasonable certificate... The error coming back (through twisted and python) is: twisted.python.failure.Failure OpenSSL.SSL.Error: [('asn1 encoding routines', 'c2i_ibuf', 'illegal padding'), ('asn1 encoding routines', 'asn1_template_noexp_d2i', 'nested asn1 error'), ('asn1 encoding routines', 'asn1_template_noexp_d2i', 'nested asn1 error'), ('SSL routines', 'tls_process_server_certificate', 'ASN1 lib')] However if I run the following: # openssl s_client -connect : /dev/null | openssl x509 | openssl asn1parse 0:d=0 hl=4 l= 733 cons: SEQUENCE 4:d=1 hl=4 l= 453 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 4 prim: INTEGER :00 19:d=2 hl=2 l= 13 cons: SEQUENCE 21:d=3 hl=2 l= 9 prim: OBJECT:sha256WithRSAEncryption ... (continues) ...then OpenSSL seems to handle the whole certificate without problem, the thing that looks "off" to me is the serial number being defined as "00", rather than "00" (which I see on the self signed certificates from other devices of this type). Is that likely to be causing the issue? It's ~20 years since I last had to deal with ASN.1 properly, so I can't remember if using unnecessarily long representations of integers is actually valid. The raw ASN.1 looks ok I *think* (although I note that it has four bytes specified) "02 04 00 00 00 00" I'm at the point where I might just try to get it to generate a new certificate and see if it does that with a single byte zero (as per the other similar device I've been looking at) Am I completely barking up the wrong tree, is there something else that I can use other than the asn1parse option to figure out where the error might be coming from? Cheers, John -- *John Robson*
Re: Why does OpenSSL report google's certificate is "self-signed"?
On 01/04/2021 16:21, Michael Wojcik wrote: Thanks to everyone who responded. You've confirmed my impression: - There doesn't appear to be any applicable standard which requires or forbids including the root, or even endorses or discourages it). rfc8446 page 65: The sender's certificate MUST come in the first CertificateEntry in the list. Each following certificate SHOULD directly certify the one immediately preceding it. Because certificate validation requires that trust anchors be distributed independently, a certificate that specifies a trust anchor MAY be omitted from the chain, provided that supported peers are known to possess any omitted certificates. Note: Prior to TLS 1.3, "certificate_list" ordering required each certificate to certify the one immediately preceding it; however, some implementations allowed some flexibility. Servers sometimes send both a current and deprecated intermediate for transitional purposes, and others are simply configured incorrectly, but these cases can nonetheless be validated properly. For maximum compatibility, all implementations SHOULD be prepared to handle potentially extraneous certificates and arbitrary orderings from any TLS version, with the exception of the end-entity certificate which MUST be first.
Re: parsing invalid DER
On 01/09/2022 18:15, Matt Caswell wrote: On 01/09/2022 13:21, Dave Coombs via openssl-users wrote: So! Is it possible to work around these, using ASN1_MACRO trickery or what-have-you? It's pretty clear I should end up with an empty bit- string and integer value 0x42, so is there a way to loosen the parser's pickiness and achieve this? Unfortunately, AFAIK, I don't think there is a way to do this. Matt Hi, I would try to patch two routines. I vaguely remember that openssl's integer decoder was eating a leading 0 octet in a positive integer decoding. but that seems to be fixed. code is in routine c2i_ibuf in crypto/asn1/a_int.c 0301xx look what ossl_c2i_ASN1_BIT_STRING in a_bitstr.c Don't test for bits when length is 1 Best Peter
Re: [SPAM?] Re : 2 Server certificates
https://www.openssl.org/docs/ssl/SSL_load_client_CA_file.html Load names of CAs from file and use it as a client CA list: SSL_CTX *ctx; STACK_OF(X509_NAME) *cert_names; ... cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); if (cert_names != NULL) SSL_CTX_set_client_CA_list(ctx, cert_names); else error_handling(); The PKI used for a server certificate is not the same as the one used for client certficates. - a server has a certificate (issued by whatever PKI) - a server can request that a client presents a certificate in order to do so, the protocol requires to send a list of issuers (of client certificats). There is no relation between client certs and the server cert. On 06/13/2014 12:15 PM, nicolas@free.fr wrote: Hi, the fact is a server can only send a single certificate, however this one can be signed by multiple CAs on the other side, a client have (in general) a list of trusted CAs, not a single one so there are two options : - either each client knows the two CAs, then the server can send a certificate signed by any of them - or each client knows only about its own CA, then the server must send a certificate signed by both CAs (note that this is symmetrical, the server verify client certificate the same way) I've never heard about a server with multiple certificates, at least not with SSL/TLS protocols... concerning the list of trusted CAs sent by the server to the client, it comes from the fact that a client can have multiple certificates, for different servers that can use their own CA so it allows a client to choose the good certificate to send to a specific server concerning the server, if it's in public access it uses a certificate issued by a "well-known" CA (for example one included in your browser) if it's "private", it can use its own CA or even a self-signed certificate, and the client has to recover the trusted certificates by itself (this happens the first time you connect to a SSH server for which you have no certificate, or on some websites) hope I made it clear good luck! - Mail d'origine - De: Hafedh TRIMECHE À: openssl-users@openssl.org Envoyé: Fri, 13 Jun 2014 10:22:46 +0200 (CEST) Objet: Re: Re : Re: Re : Re: 2 Server certificates Hi Nicolas, pit-ca issued another certificate to a client wanting to connect to the same server identified by secure.payerspot.com. I'm looking for a solution allowing two clients to connect to the same server using certificates issued by different CAs. In this case the client forces the server verification by requesting its certificate. So the two server certificates must be sent to each client . Cetificate chain1 (issued by CA1) 0 s: i: BEGIN CERTIFICATE- -END CERTIFICATE- Cetificate chain2 (issued by CA2) 0 s: i: BEGIN CERTIFICATE- -END CERTIFICATE- Can two certificates be presented to a client which will identify the chained certificate to be verified ? Regards. -- View this message in context: http://openssl.6102.n7.nabble.com/2-Server-certificates-tp50872p50937.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Cant seem to get prompt no to work
On 08/18/2017 07:16 PM, Dr. Stephen Henson wrote: > On Thu, Aug 17, 2017, Robert Moskowitz wrote: > >> In the [ ca ] section I have: >> >> prompt = no >> >> If I leave the = out I get an error, so I am assuming I got the >> format of this right. >> >> Then I have >> >> [ req ] >> distinguished_name = req_distinguished_name >> >> [ req_distinguished_name ] >> countryName = $ENV::countryName >> stateOrProvinceName = $ENV::stateOrProvinceName >> >> In a terminal window I run: >> >> export countryName=US >> export stateOrProvinceName=MI What about: [ req_distinguished_name ] countryName = "Country Nmae (e.g. FR)" countryName_value = $ENV::countryName stateOrProvinceName = "State or Province" stateOrProvinceName_value = $ENV::stateOrProvinceName -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: a simple ca question
Bernhard Froehlich wrote: Chong Peng wrote: guys: how to tell a root certificate from a non-root certificate? i sthere a field in x509 structure for us to tell? thanks. Root certificates are self signed, that is the issuer equals the subject in the certificate. AND the signature can be verified using the public key in that certificate. Hope it helps, Ted ;) -- To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch. smime.p7s Description: S/MIME Cryptographic Signature
Re: Compiler error ASN1
Daniel Diaz Sanchez wrote: Hello to everybody, I have a problem when implementing a simple structure using OpenSSL Asn1. This is the problem: When I try to implement this data structure: A ::= SEQUENCE { b CHOICE { b1 INTEGER, b2 INTEGER}, The previous is ambiguous. use for example b2 [0] INTEGER Also, the given syntax does not say whether you are in global environment of EXPLICIT or IMPLICIT tagging. It seems that you assume IMPLICIT a1 BOOLEAN, a2 INTEGER OPTIONAL, a3 [0] INTEGER OPTIONAL, a4 [1] INTEGER } I do it in the following way: /* .h */ typedef struct B_st { int type ; union { ASN1_INTEGER *b1; ASN1_INTEGER *b2; }value; }B; typedef struct A_st { B *b; ASN1_BOOLEAN *a1; ASN1_INTEGER *a2; ASN1_INTEGER *a3; ASN1_INTEGER *a4; }A; DECLARE_ASN1_ITEM(B) DECLARE_ASN1_ITEM(A) DECLARE_ASN1_FUNCTIONS(B) DECLARE_ASN1_FUNCTIONS(A) /* .c */ ASN1_CHOICE(B) = { ASN1_SIMPLE(B,value.b1,ASN1_INTEGER) missing , ASN1_SIMPLE(B,value.b2,ASN1_INTEGER) //(*1) missing } ASN1_IMP(A,value.b2,ASN1_INTEGER,0) }ASN1_CHOICE_END(B) //(*2) ASN1_SEQUENCE(A) = { ASN1_EXP(A,b,B) //choice , ASN1_SIMPLE(A,a1,ASN1_BOOLEAN) , ASN1_OPT(A,a2,ASN1_INTEGER) , ASN1_IMP_OPT(A,a3,ASN1_INTEGER,0) , ASN1_IMP(A,a4,ASN1_INTEGER,1) }ASN1_SEQUENCE_END(A) IMPLEMENT_ASN1_FUNCTION(A) But I obtain (using Visual Studio) error C2059: syntax error : '{' at line (*1) and error C2059: syntax error : '{' at line (*2) I'm doing it ok or there is something missing?. Thanks!, Regards, -- Daniel Diaz Sanchez Telecommunication Engineer Researcher / Teaching Assistant Dep. Ing. Telemática Universidad Carlos III de Madrid Av. Universidad, 30 28911 Leganés (Madrid/Spain) Tel: (+34) 91-624-8817, Fax: -8749 Web: www.it.uc3m.es/dds web: http://www.it.uc3m.es/pervasive A toolkit for attribute certificates: http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml Mail: dds[at].it.uc3m.es Skype: dds.it.uc3m.es __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch. smime.p7s Description: S/MIME Cryptographic Signature
Re: SSL_get_verify_result returns "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY" (20)
The load verify location has to be done before you make the connection. Christian Graf wrote: Hi all, I try to check a server's certificate on the client like this, using an operating system whose name contains an "o": GC_SSL_Error retVal = GC_SSL_NO_ERROR; X509* x509cert = SSL_get_peer_certificate(m_ssl_p); if (x509cert != NULL) { //load cert if(1 != SSL_CTX_load_verify_locations(m_ctx_p, "C:\\openssl\\certs\\thawteCp.pem", NULL)) retVal = GC_SSL_CERT_LOAD_ERROR; else { // check cert long certVerifyResult = SSL_get_verify_result(m_ssl_p); // the only successful return code is X509_V_OK = 0 if((certVerifyResult != X509_V_OK) && (GC_SSL_NO_ERROR == retVal)) retVal = GC_SSL_CERT_VALID_ERROR; } X509_free(x509cert); } else retVal = GC_SSL_NO_PEER_CERT; The problem is, that I receive always the retrun value "20" (X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY), when calling the function SSL_CTX_load_verify_locations. The certificate thawteCp.pem is located in the given path, the certificate itself has been delivered by the openssl installation. I really cannot imagine, what the problem is. Maybe anybody could give me a hint?. Thank you and bye Christian __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: How put issuerUniqueID into certificate?
Kyle Hamilton wrote: I have never heard of issuerUniqueID and subjectUniqueID. If you can point to where you're learning about it, it would be possible for me to figure it out. X.509, where else? smime.p7s Description: S/MIME Cryptographic Signature
Re: How put issuerUniqueID into certificate?
Kyle Hamilton wrote: The ITU X.509v1? The X.509v3? The Internet Public Key Infrastructure Certificate Profile? Perhaps the Attribute Certificate profile? Or the Proxy Certificate profile? Or some other profile? excerpt from the 2000 version. Since this is the one that I have online. issuerUniqueIdentifier is used to uniquely identify an issuer in case of name re-use. subjectUniqueIdentifier is used to uniquely identify a subject in case of name re-use. NOTE 3 – In situations where a distinguished name might be reassigned to a different user by the Naming Authority, CAs can use the unique identifier to distinguish between reused instances. However, if the same user is provided certificates by multiple CAs, it is recommended that the CAs coordinate on the assignment of unique identifiers as part of their user registration procedures. smime.p7s Description: S/MIME Cryptographic Signature