Re: [openssl-users] Cant seem to get prompt no to work

2017-08-19 Thread Peter Sylvester
On 08/18/2017 07:16 PM, Dr. Stephen Henson wrote:
> On Thu, Aug 17, 2017, Robert Moskowitz wrote:
>
>> In the [ ca ] section I have:
>>
>> prompt   = no
>>
>> If I leave the = out I get an error, so I am assuming I got the
>> format of this right.
>>
>> Then I have
>>
>> [ req ]
>> distinguished_name  = req_distinguished_name
>>
>> [ req_distinguished_name ]
>> countryName = $ENV::countryName
>> stateOrProvinceName = $ENV::stateOrProvinceName
>>
>> In a terminal window I run:
>>
>> export countryName=US
>> export stateOrProvinceName=MI
What about:

[ req_distinguished_name ]
countryName = "Country Nmae (e.g. FR)"
countryName_value = $ENV::countryName
stateOrProvinceName = "State or Province"
stateOrProvinceName_value = $ENV::stateOrProvinceName

 

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] French Declaration

2016-12-01 Thread Peter Sylvester Edelweb
Two points:

- you use function xyz of openssl (is the implementation safe?)
- the purpose of using this in your application is "saving peanuts". what are 
peanuts?

/P



On 12/01/2016 08:29 PM, Brian Jost wrote:
Ok thanks, so there isn't a generic declaration that applications using openssl 
standard encryption like GCM can use? Each application will have to get self 
declared?

On Thu, Dec 1, 2016 at 12:12 PM, Peter Sylvester Edelweb 
<peter.sylves...@edelweb.fr<mailto:peter.sylves...@edelweb.fr>> wrote:
Hi

There are news since about a year.

https://www.ssi.gouv.fr/administration/reglementation/controle-reglementaire-sur-la-cryptographie/
There is a downloadable editable PDF to prepare the declaration.

Anyway, you normally do not declare all functionality of the openssl library if 
you use it in a product.

It may be as simple as "to hash passwords we use the SHAnnn functions as 
implemented by openssl".

I used to make such declarations about 15 years ago.


Peter








-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] French Declaration

2016-12-01 Thread Peter Sylvester Edelweb
Hi

There are news since about a year.

https://www.ssi.gouv.fr/administration/reglementation/controle-reglementaire-sur-la-cryptographie/
There is a downloadable editable PDF to prepare the declaration.

Anyway, you normally do not declare all functionality of the openssl library if 
you use it in a product.

It may be as simple as "to hash passwords we use the SHAnnn functions as 
implemented by openssl".

I used to make such declarations about 15 years ago.


Peter






-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [SPAM?] Re : 2 Server certificates

2014-06-13 Thread Peter Sylvester



https://www.openssl.org/docs/ssl/SSL_load_client_CA_file.html

Load names of CAs from file and use it as a client CA list:

 SSL_CTX *ctx;
 STACK_OF(X509_NAME) *cert_names;

 ...
 cert_names = SSL_load_client_CA_file(/path/to/CAfile.pem);
 if (cert_names != NULL)
   SSL_CTX_set_client_CA_list(ctx, cert_names);
 else
   error_handling();


The PKI used for a server certificate is not the same as the one used for 
client certficates.

- a server has a certificate (issued by whatever PKI)
- a server can request that a client presents a certificate
  in order to do so, the protocol requires to send a list
  of issuers (of client certificats). There is no relation
  between  client certs and the server cert.



On 06/13/2014 12:15 PM, nicolas@free.fr wrote:

Hi,

the fact is a server can only send a single certificate, however this one can 
be signed by multiple CAs
on the other side, a client have (in general) a list of trusted CAs, not a 
single one

so there are two options :
- either each client knows the two CAs, then the server can send a certificate 
signed by any of them
- or each client knows only about its own CA, then the server must send a 
certificate signed by both CAs
(note that this is symmetrical, the server verify client certificate the same 
way)

I've never heard about a server with multiple certificates, at least not with 
SSL/TLS protocols...


concerning the list of trusted CAs sent by the server to the client, it comes 
from the fact that a client can have multiple certificates, for different 
servers that can use their own CA
so it allows a client to choose the good certificate to send to a specific 
server

concerning the server, if it's in public access it uses a certificate issued by a 
well-known CA (for example one included in your browser)
if it's private, it can use its own CA or even a self-signed certificate, and 
the client has to recover the trusted certificates by itself (this happens the first time 
you connect to a SSH server for which you have no certificate, or on some websites)


hope I made it clear
good luck!


- Mail d'origine -
De: Hafedh TRIMECHE hafedh.trime...@gmail.com
À: openssl-users@openssl.org
Envoyé: Fri, 13 Jun 2014 10:22:46 +0200 (CEST)
Objet: Re: Re : Re: Re : Re: 2 Server certificates

Hi Nicolas,

pit-ca issued another certificate to a client wanting to connect to the same
server identified by secure.payerspot.com.

I'm looking for a solution allowing two clients to connect to the same
server using certificates issued by different CAs.

In this case the client forces the server verification by requesting its
certificate.

So the two server certificates must be sent to each client .

Cetificate chain1 (issued by CA1)
0 s:
i:
BEGIN CERTIFICATE-
-END CERTIFICATE-

Cetificate chain2 (issued by CA2)
0 s:
i:
BEGIN CERTIFICATE-
-END CERTIFICATE-

Can two certificates be presented to a client which will identify the
chained certificate to be verified ?

Regards.




--
View this message in context: 
http://openssl.6102.n7.nabble.com/2-Server-certificates-tp50872p50937.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Certificate extensions

2013-09-18 Thread Peter Sylvester

On 09/18/2013 09:53 AM, Eisenacher, Patrick wrote:

-Please also note that adding extensions to a certificate request usually 
doesn't make any sense, as those get added to the certificate solely by the 
certificate issuer's grace.



hi,

I seem to disagree, well, usually saves you :-)

Setting your email address or a server name into the subjectaltname, how do you 
do this otherwise?
setting commonname for the server, ok, setting an email attribute that will them
be copied by the CA (and the email removed because it is depracated)?

Setting ALL extensions makes a lot of sense, IMO a CA should not add and modify 
thngs, a CA
should *validate* them. The requester indicates what should be in the cert.

The current practice by some registrars to add example.org as another name when
you have ordered www.example.com etc may be nice for some people, but annoying
for others, at best a surprise when policy and practice documents do not even 
mention
these behaviours.

Peter Sylvester
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: CA hierarchy / pathlen:0

2013-08-22 Thread Peter Sylvester

On 08/22/2013 01:29 PM, Peter1234 wrote:

Hi Walter,

I started with release 0.9.8h and just updated to release 1.0.1e (both on MS
Windows). The update to release 1.0.1e didn't change anything unless that
the new release does not redirect certificates converted from PEM format to
text format into specified file:

openssl x509 -in Root_Key_SCert.pem -out Root_Key_SCert.txt -text (text is

displayed on screen but not redirected to file, worked with release 0.9.8h)

Peter



Verification of pathlen is for relying parties.

If you own the key of a CA (the quotes are intended), you can
sign whatever structure you want. Openssl just uses a ca certficate
as a helper to avoid copying its name and some other things.

You can use the raw asn1 encoder to create very funny things.
No control, nothing, it works as intended.




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Verify callback and sending of the client certificate

2013-08-09 Thread Peter Sylvester

On 08/09/2013 11:17 AM, Florian Weimer wrote:

Qt installs a verification callback like this

|// Register a custom callback to get all verification errors.
|X509_STORE_set_verify_cb_func(ctx-cert_store, q_X509Callback);

It is not recommended to access to members in the way above, but rather:

X509_STORE_set_verify_cb_func(SSL_CTX_get_store(ctx), q_X509Callback);

/P
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: possible Bug in OpenSSL - rfc 3161 - TSA service

2013-03-15 Thread Peter Sylvester

for those who don't read openssl-dev


 Original Message 
Subject:[openssl.org #3016] openssl ts fix
Date:   Wed, 13 Mar 2013 16:13:31 +0100
From:   Peter Sylvester via RT r...@openssl.org
Reply-To:   openssl-...@openssl.org
CC: openssl-...@openssl.org



Hi,

I have weakend the Esscertid logic a bit. Only the signer certficate is
checked and it must be in the first Esscertid.

This resolves issues when TSAs add attribute certs etc.
Since RFC 3161 does not require a client to check anything
else than the presence of the signer cert (and even is is badly written),
I think the verification of a chain in the ess was not appropriate
logic.

regards







Re: possible Bug in OpenSSL - rfc 3161 - TSA service

2013-03-12 Thread Peter Sylvester

On 03/11/2013 11:17 PM, kap...@mizera.cz wrote:

That is what we talk about here.
Try to check previous posts in this thread.


rfc 3126 tells

 This document mandates the presence of this attribute as a signed CMS
   attribute, and the sequence must not be empty.  The certificate used
   to verify the signature must be identified in the sequence, the
   Signature Validation Policy may mandate other certificate references
   to be present, that may include all the certificates up to the point
   of trust.  The encoding of the ESSCertID for this certificate must
   include the issuerSerial field.

RFC 5035 says

  If more than one certificate is present, subsequent certificates
  limit the set of certificates that are used during validation.
  Certificates can be either attribute certificates (limiting
  authorizations) or public key certificates (limiting path
  validation).  The issuerSerial field (in the ESSCertIDv2
  structure) SHOULD be present for these certificates, unless the
  client who is validating the signature is expected to have easy
  access to all the certificates required for validation.  If only
  the signing certificate is present in the sequence, there are no
  restrictions on the set of certificates used in validating the
  signature.

The time stamp does not include issuerSerial in the second esscertid.

There is no specification of any profile of time stamps that
indicates that a client MUST support attribute certs.

I do not think that the authors of 3161, 3126 has in mind any
support of attribute certs. I don't recall any profile requiring
this.

if a timestamp ess would be ok with an attribute cert, what is
the client supposed to do? It can verify the signatures of
the attribute cert up to some trust anchor, but then?
what authorisation is supposed to be checked? that the
tsa is allowed to issue certs for a particular policy? (don't
yes, maybe).

if the TSKlient is able to do something non stadardized special
verification, use that one.

Peter






__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: possible Bug in OpenSSL - rfc 3161 - TSA service

2013-03-12 Thread Peter Sylvester

On 03/12/2013 09:30 AM, kap...@mizera.cz wrote:





RFC 3161 is written badly.  The whole text was a joke anyway.

   The requester SHALL verify that the
   TimeStampToken contains the correct certificate identifier of the TSA

One may conclude that openssl should simply not validate anything else than
the first certificate. And simply ignore the rest of the ESS sequence.
Probably with an option.
 



It must not be there, if the attribute cert is available. If the TSQ is with -cert = the TAC 
certificate is included in TSR. (I know - it is not in our example which is nocert).

Is there anywhere in the policy of the TSA an indication about what a
client is supposed to do with the atribute certificate, i.e. where
is the documentation of the behaviour of their own client.
There are two OID as attributes. .


That is what about I fight with the Certification Authority.
I was (I am) afraid if their timestamps are rfc 3161 compliant or not.
They claim YES.

What do you thing ?

You can add critical extensions into the signing cert, whatever you want,
you remain conformant but not interoperable.


I'm not sure - on one side you are right: authors of 3161, 3126 has in mind any  support of 
attribute certs


but on the other side: rfc 3161 simply refers to RFC 2634 where are attr. certs mentioned = they 
may (can) be there and should not preclude verification process = the client MUST be able 
understand all what is in tree with 3161 as root.

That's because the authors of RFC 3161 had probably overlooked the
possibility of attribute certs. T
he only reason for using ESSCert was to include a reference
to the signing cert (and maybe its chain), but not to allow all options.

Although the text says (last sentence):

If the certReq field is present and set to true, the TSA's public key
   certificate that is referenced by the ESSCertID identifier inside a
   SigningCertificate attribute in the response MUST be provided by the
   TSA in the certificates field from the SignedData structure in that
   response.  That field may also contain other certificates.

I do not think that the last sentence means attribute certificates.
In fact RFC 3161 doesn't tell what one has to verify, And, as said
in the beginning, there is nothing in the text that says that
a client has to verify anything beyong the TSA's signature cert.

   However, the actual identification of the entity
   that signed the response will always occur through the use of the
   certificate identifier (ESSCertID Attribute) inside a
   SigningCertificate attribute which is part of the signerInfo (See
   Section 5 of [ESS]).

Here one talks about IDENTIFICATION, attribute certs are for something else.


BTW: rfc 3126, 5035, ... are not referred by 3161 = in timestamps may be used only and only what 
is in tree with 3161 as root.

= rfc 3126, 5035 are not valid for timestamps.



if a timestamp ess would be ok with an attribute cert, what is
the client supposed to do? It can verify the signatures of
the attribute cert up to some trust anchor, but then?
what authorisation is supposed to be checked? that the
tsa is allowed to issue certs for a particular policy? (don't
yes, maybe).

if the TSKlient is able to do something non stadardized special
verification, use that one.


That is no solution - the Q is: are or are not these timestamps compliant with 
RFC 3161.

Compliant is not the right word, conformant. And since there
are no real conformance requirements, the question is almost
useless. You may try to use the argument, that the TSA MUST
include teh TSA cert into the ESScertid and add and nothing else
but that won't word because this argument is French. ;-)

The ESS cert that there SHOULD be a issuer and serial. That's not the
case.



If not, then they have no value.




Remark: discussed CA (TSA) is official, one of main CA in our country - whole government things, 
law (electronic sigs, timestamps, ..), ... depends on such institution. So it is very important Q.

The question is interoperability.

As said, I think the openssl tests can simply be weakend to only validate the
first ESS cert.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: possible Bug in OpenSSL - rfc 3161 - TSA service

2013-03-11 Thread Peter Sylvester

On 03/11/2013 06:43 PM, kap...@mizera.cz wrote:

Hello,



...


As I know, the attr. certs are not very necessary = that is why I mean, that temporary solution 
would be to ignore them in verification process. At least in TS it would solve the problem.


Just for info:  converting te stuff to pkcs7 and verifying with smime works 
fine.




--kapetr


__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: possible Bug in OpenSSL - rfc 3161 - TSA service

2013-03-11 Thread Peter Sylvester

the second ess certid says

SEQUENCE {
   OCTET STRING
52 EE 29 A7 35 03 04 F8 94 21 48 72 76 9F 24 78
   EB 6C D7 AC
}

by 3721926ea67e877df5f4e35dd3c87397eef33d4f
is the hash of the der version of te intermediate cert.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: possible Bug in OpenSSL - rfc 3161 - TSA service

2013-03-11 Thread Peter Sylvester

On 03/11/2013 08:01 PM, kap...@mizera.cz wrote:

Of course YES.
Timestamp reply is nothing else as CMS SignedData structure.


not quite but ts -reply -tokenout converts it to such a thing

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: possible Bug in OpenSSL - rfc 3161 - TSA service

2013-03-11 Thread Peter Sylvester

On 03/11/2013 10:31 PM, kap...@mizera.cz wrote:


Dne 11.3.2013 21:42, Peter Sylvester napsal(a):

the second ess certid says

SEQUENCE {
OCTET STRING
 52 EE 29 A7 35 03 04 F8 94 21 48 72 76 9F 24 78
EB 6C D7 AC
 }

by 3721926ea67e877df5f4e35dd3c87397eef33d4f
is the hash of the der version of te intermediate cert.



it is the sha1 hash itself and it is NOT hash of any cert in verification chain.

openssl ts does not support attribute certs AFAIR


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: [openssl-users] Is ordering of distinguished names for subject and issuer in OpenSSl 0.9.8 certificates important?

2013-02-08 Thread Peter Sylvester

Ording is important. unfortunately the default order shown in the textual
form is not the same as for ldap tools. using openssl asn1parse shows
the encoding, country code should come first.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: How to tell when no more progress can be made

2013-01-17 Thread Peter Sylvester

On 01/17/2013 12:10 PM, A G wrote:

Hi
Here
http://marc.info/?l=openssl-usersm=124386218929227
It states that

...This is why it is very important to understand that any possible forward 
progress on any port (and a write operation that returns WANT_READ may have made forward 
progress!) requires you to retry all pending operations on all ports

So am I correct in understanding that an SSL_read() that returned WANT_READ may 
have made forward progress (even if it did not return any data)?

I have an event driven single threaded app that has 3 non blocking ssl sockets. 
When each socket completes its connection, I have the sockets read until I get 
a WANT_READ. My understanding is that a WANT_READ means I may now invoke 
select() and wait until the socket is ready for reading again.

you may also receive WANT_WRITE or WANT_READ when you ssl_write.

as long as you do not have interrupted ALL, you do not need to select,
after a successful operation you can retry the others, or do
a select to determine which are actually ready.

a select call is only to avoid a cpu intensive loop on the ssl_read/write 
operations.




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: extensions in certifications

2012-12-12 Thread Peter Sylvester

On 12/11/2012 09:45 PM, Michael Mueller wrote:

Could I get a nudge. I'd like to get the SANs to show up in my certs.

in my request:

Requested Extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Alternative Name:
DNS:ossvirt4, DNS:gws001

these are not dns names. you should review what your client
hosts have as a default domain, etc. It is not obvious whether
browsers will accept this

regarding the hint (and solution) about copying the extension,
you should check what you receive as a cert request, e.g.
whether someone wants a CA cert for example.



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: How to over-ride SSL_CTX_use_PrivateKey_file() behavior with custom engine

2012-12-07 Thread Peter Sylvester

On 12/07/2012 11:05 AM, LN wrote:


 I have a feeling it does so because I tried to save that  returned
 EVP_PKEY to a PEM file with PEM_write_bio_PrivateKey and then to load it
 back from the same file with PEM_read_bio_PrivateKey.
 Saving worked, but loading failed (with some decoding error inside
 openss). The length of the base64 string in the PEM file for the key was
 very small in comparision with what is usually the length for private keys.





Often, at least for other HSM, a private key returned does not contain the real 
p and q
values but just some index to enumerate a key in the hsm. These are normally 
some
small numbers and not big primes.

you might see this if you do openssl rsa -text yourfile




Re: Find the difference in (milli|micro)seconds between two ASN1_TIME values

2012-11-07 Thread Peter Sylvester

On 11/07/2012 06:52 PM, Graham Leggett wrote:

On 07 Nov 2012, at 4:50 PM, Ted Byers r.ted.by...@gmail.com wrote:


Why does it need to be something in openssl?

Ideally because it needs to be as secure as openssl.

I'm after an accurate time duration between two ASN1_TIME values, that is not 
dependent on local conditions, or any external libraries.




try timegm in perl, or if it needs to be in C, just adopt the code
which is just a binary search using the gmtime c function.
i.e. you try to set bits to 1, convert to a textual representation
untill you find your value. You do not need to know anything
about leap years.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: MIME types for PEM encoded CRLs

2012-10-27 Thread Peter Sylvester

On 10/27/2012 02:51 PM, Graham Leggett wrote:


Section 4.1 says:

Encoding considerations: will be none for 8-bit transports and most
likely Base64 for SMTP or other 7-bit transports

What I'm after is how to interpret section 4.1 in the context of HTTP content 
negotiation.

Regards,
Graham
--


Whatever you propose as encoding in your client, you will always end up
with a der encoded file. You may try to gzip a crl as  xxx.crl.gz and do
something like the following in an apache .htaccess

files *.crl.gz
AddType application/pkix-crl .gz
AddEncoding gzip .gz
/files
RewriteEngine on
ReWriteCond %{HTTP:accept-encoding} gzip
ReWriteCond %{REQUEST_FILENAME} !^.+\.gz$
RewriteCond %{REQUEST_FILENAME}.gz -f
RewriteRule ^(.+) $1.gz [QSA,L]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Reference material on how to do certificate validation with OpenSSL

2012-10-27 Thread Peter Sylvester


The way how common names are verified in

The Most Dangerous Code in the World:
Validating SSL Certificates in Non-Browser Software

is not correct.
It gives a false match when there is more than one common name ava
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Missing entries in index.txt database - Generating CRL

2012-08-09 Thread Peter Sylvester

On 08/09/2012 12:57 PM, int0...@safe-mail.net wrote:

Hi

...


After that I generated a CRL (I own the CA) which then contained the 
certificate with the serial 0x06.

My question now is, would that be a proper workaround or is there a better 
solution? Since the CRL
only contains the serial numbers of the certificates, this seems to work 
although it is not a very good
solution.

It is a workaround if you consider the ca and crl commands as
the only officially blessed way to manage certificats,. just because it
looks convenient at first glance.

You may consider not to use the ca command at all, generate certs
using x509 instead, manage their status in whatever database you like
and, in order to create a crl using crl, you just create a temporary
file with the R entries, etc.
You may even go further and not use crl at all but create an asn.1
input for asn1parse, I leave this idea as an exercise ..

in other words, once you have understood that you only need some
file that has Rs and numbers, ... your mind should be
free to create them in any way you want.




Thanks for your help,
Martin
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: create certificate request programmatically using OpenSSL API

2012-07-20 Thread Peter Sylvester

You can take the code in apps/req.c and extract the pieces you need.



On 07/20/2012 10:17 AM, Abyss Lingvo wrote:

Hi all!

How to create certificate request programmatically via OpenSSL API?

This is the solution for command line utility:
openssl genrsa -out server_key.pem -passout pass:$passwd -des3 1024

openssl req -new -key server_key.pem -passin pass:$passwd \
-passout pass:$passwd -out server_req.pem -days 1095 \
-subj 
/C=US/ST=City/L=City/O=company/OU=SSLServers/CN=localhost/emailAddress=sslser...@company.com


How to do the same but using OpenSSL API?
Best Regards
xidex





Re: TS verify: how to fix Verify error:self signed certificate in certificate chain ?

2012-07-10 Thread Peter Sylvester

On 07/10/2012 02:38 AM, Dave Thompson wrote:

From: owner-openssl-us...@openssl.org On Behalf Of Sandro Tosi
Sent: Monday, 09 July, 2012 10:15
/usr/bin/openssl ts -verify -sha256 -untrusted CERT -CAfile
CA -data  FILE TO MARK -in TSA REPLY

and the output we get is:

140119872083624:error:2F06D064:time stamp
routines:TS_VERIFY_CERT:certificate verify
error:ts_rsp_verify.c:246:Verify error:self signed certificate in
certificate chain

We're using a Debian system, so we copied the CA into /etc/ssl/certs/
but we still see that problem: how can we fix it? is there a
way to get
a more descripting trace of the problem? Can we run manually all the
steps to verify the reply?


Your problem is not verifying the message itself, but verifying
the certificate that assures it.

removing the CA root from the CERT may help.
at least I think that CERT must not contain any self signed
cert, this is what the error message seems to suggest


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: X.509 certificate subject format

2012-07-02 Thread Peter Sylvester

On 07/02/2012 10:34 AM, Johannes Bauer wrote:

Hi list,

I have a rather simple question regarding X.509 subjects that is not
entirely clear to me and for which I cannot find the appropriate
reference (pointers greatly appreciated). The trouble starts when trying
to compare two subjects of *different* certificates for equality and
becomes worse when certain fields are appearing more than once. To
clarify, by equal I mean 'should behave in exactly the same way by all
well-behaved implementations.

Let's start easy. Consider the following subjects:

subject1= /C=SE/O=FooBar/OU=BarFoo/CN=moo.koo.com
subject2= /C=SE/OU=BarFoo/CN=moo.koo.com/O=FooBar

Are these to be considered equal or not?

Not equal. beware, you are using a textual representation which is
probably the one of openssl. So C=SE is the first in the DN sequence.
Note that there is also the possibility to put several attribute into 
one RDN.

I.e.: Does the order of
elements matter?

Yes.

  Does the order matter when fields are duplicate, i.e. are:

subject1= /CN=foo/CN=bar
subject2= /CN=bar/CN=foo

equal?

No.


If they are not equal, does the first one have a special meaning?

X.509 and RFC 5280 defines a hierachical order of the relative
disdintiguised names that make up the sequence of the distinguished name.

For
example, assume a webserver with a duplicate common name field. Are both
names valid as the server name then?

No.

  I.e. could I access a webserver
with the certificate subject as stated above by DNS foo *and* bar or
only by one of them?

This depends on the implemention of the client, and also whether
you have a subjectAltName extension. If there is a sibjectAltName
extension, the common name is (not supposed to be) used by a client.


One reason to ask for equality is that there maybe is a certificate X:

issuerX = /O=myCA/OU=greatCA/CN=not
subjectX= /CN=foo/CN=bar

and it has a valid signature by a CA with the following subject:

issuerX = /OU=greatCA/O=myCA/CN=not

Is the certificate signature then valid?

The certificate signature may be cryptographically valid,
but not the name chain in a path validation.

At least it shouldn't, there had been errors in some toolkits
in the past that treated the hierarchy as a heap of attributes.

/P



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Client certificate verification

2012-06-29 Thread Peter Sylvester

On 06/29/2012 09:29 PM, Sukalp Bhople wrote:

Hello,

I am trying to measure server performance for client certificate verification.

However, there is no significant difference in the server performance when I send one certificate 
and condition when I send chain of 10 certificates.


I am aware that certificate verification is a public key operation. But shouldn't it make some 
difference? is there any cashing mechanism or something else?



cash or cache.  cache is french.


--
Regards,
*Sukalp Bhople.*






Re: self-generated, self-signed root CA and Client Auth Certs not working

2012-06-06 Thread Peter Sylvester

On 06/05/2012 07:14 PM, DRings wrote:

I've spent too much time trying to figure out something that is probably well
know here.

I have a restricted community application that seems a perfect fit for using
openssl to self-generate our own CA, and self-sign it, and self-generate our
own web client authentication certificate and self-sign them. All this so
that we can validate the Distinguished Name presented when web browser
connecting to our nginx web server.


I assume you mean 'sign it by your CA'


I have done all this many times but have not been able to get various web
browsers to use the self-generated/self-signed client authentication certs.

I have imported both the CA.crt and the client.crt into the OS certificate
store. But after that the web browser does not seem to use the cert for
authentication.

I've tried to set the properties on the imported certificate to be used for
web client authentication. - it just does not work!

Youalso  need to configure your server to ask for client certificates of your 
CA.



I just cannot keep spending time on this problem. If I cannot find help, I
will urge the the requirement for client certs be dropped from the project.

(personal lore) It seems that the web browsers fail because our
self-generated/self-signed CA is not signed by some higher CA that is
trusted. Is that true or false?

They don't fail, they warn that your ca that has signed
your server certificate is not installed by default as a trusted ca.




If it is false, I need help to overcome the failure of the web browsers to
correctly use our certs.

Thanks
David


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: variable response size of openssl rand on windows

2012-06-04 Thread Peter Sylvester

some new line - CRLF conversion may have hit.

On 06/04/2012 04:29 PM, Ken Goldman wrote:
A typical openssl user error is treating binary data as text.  Random 
numbers are not text until you convert them with -hex.


My guess is that Windows is treating some binary character specially, 
and this causes your version of wc to fail.  Linux is handling the 
binary correctly.  So I doubt it's an openssl bug - just a strange 
interaction with binary streams, Windows, and wc.


On 6/3/2012 6:34 PM, alexis _ wrote:


I tried to generate 100 bytes using openssl rand 100 But i observed
on my Windows machine (openssl from cygwin) that sometimes the result
is not always 100 bytes long, I experienced 101, 102... However,
while using -hex switch, the variable size issue does not seem to
reproduce. Observation does not reproduce at all on Ubuntu 12.04 btw
(see version info below)

Do you guys reproduce the behavior ? Am i missing something obvious ?
is it related to my environment ? is it an openssl bug (i have not
seen anything like this on http://rt.openssl.org/index.html?q=rand)



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Cert order in .pem format

2012-05-18 Thread Peter Sylvester

On 05/18/2012 06:03 AM, kthiru...@inautix.co.in wrote:

Team,

Had a query in the certs that we load,

The CA's provide our certs in .p12 format, which we need to convert to a .pem and load to SSL 
structure during initialization.

On converting to .pem, it is in the following format, Private Key, CA Certs and 
Domain Certificate.

In our code, we use the below snippet to load keys in in SSL structure,

1. err =  SSL_CTX_use_certificate_chain_file(ctx, KeyFile);
2. SSL_CTX_set_default_passwd_cb(ctx, passwd);
3. err = SSL_CTX_use_PrivateKey_file(ctx, KeyFile, SSL_FILETYPE_PEM);
4. SSL_CTX_check_private_key(ctx);

When i use the same order in the key ( Private Key, CA Certs and Domain Certificate ), the above 
fails in step 3.
So we have to rearrange this order to Domain Certificate, Private Key and CA Certs for the above 
snippet to work properly.


We are trying to reduce the effort here, for someone to rearrange this cert 
order.
Can you suggest some other way to convert the certs as expected by the code or change the order of 
our code.

load the P12 file directly in your code



Re: Are those TLS-SRP cipher suites supported?

2012-05-14 Thread Peter Sylvester

On 05/14/2012 02:59 PM, marek.marc...@malkom.pl wrote:

Hello,

$ openssl version
OpenSSL 1.0.0 29 Mar 2010
$ openssl ciphers -V

For SRP one should use the 1.0.1 version.

openssl version
OpenSSL 1.0.1 14 Mar 2012

openssl ciphers SRP
SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: PHP openssl_x509_parse extensions=subjectAltName

2012-05-13 Thread Peter Sylvester



Yes, it can probably be parsed by any ASN.1 parser. But the OID is
private - only the organization knows how to interpret it (or what to
do with it).

private/public in this context refers to governance/ownership
not to visibility. if the organisation documents the any interested
party can interpret it.  311 is one of microsoft's OID branches

smart cad login with UPN is documented at least in

http://support.microsoft.com/kb/281245
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: How to trust a 'root' certificate

2012-04-26 Thread Peter Sylvester

On 04/26/2012 03:58 PM, Tammany, Curtis wrote:

I don't see this as an Apache issue. The site has required client certs for 
years now and Apache was configured to require client certificates.

I have intermediate DOD certs on the server but OpenSSL sees my DoD Root 
certificate as un-trusted self-signed so the chain is broken. From 
http://www.openssl.org/support/faq.html:




 5. Why doesSSL program  fail with a certificate verify error?
This problem is usually indicated by log messages saying something like unable to get local issuer 
certificate or self signed certificate. When a certificate is verified its root CA must be 
trusted by OpenSSL this typically means that the CA certificate must be placed in a directory or file 
and the relevant program configured to read it. The OpenSSL program 'verify' behaves in a similar way and issues 
similar error messages: check the verify(1) program manual page for more information.

How can I get OpenSSL to trust my DOD root certificate?


In general all certificates that you have in the apache as client CAs 
are trusted but they need

to chain up to some root which must be part of the set.

If the certficates are in a directory, and you have changed the openssl 
version, you

might want to rehash. The hash logic had been changed at some version.



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: How to trust a 'root' certificate

2012-04-26 Thread Peter Sylvester

On 04/26/2012 05:20 PM, Tammany, Curtis wrote:

In my htaccess file I have the following:
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +ExportCertData

In my httpd.conf file, I have the following:
SSLCACertificatePath conf/certs/
SSLCACertificateFile conf/certs/DOD_EMAILCerts.crt

I am not sure which one takes precedence, but having
both is probaly not ok with apache.  Try :

   cd conf/certs/
   c_rehash

That's for linux. But for windows, the openssl logic is
the same, it open the file. opensll doesn't know whether
it is a link or a file.

So 



DOD_EMAILCerts.crt contains the root cert plus many intermediates.

The site has been working fine for the most part for years. We are tracking 
SSL_CLIENT_VERIFY in our log file and with some Windows 7 clients, they cannot connect 
and we are seeing  FAILED:unable to get local issuer certificate in the log.

As I said in an earlier email, used the openssl version -d command and it responded: 
OPENSSLDIR: c:/openssl-1.0.1/ssl That folder does not exist.
Running openssl verify DOD_EMAILCerts.crt (with the cert file in the bin 
folder) returns:
DOD_EMAILCerts.crt: C = US, O = U.S. Government, OU = DoD, OU = PKI, CN = DoD 
Root CA 2
error 18 at 0 depth lookup:self signed certificate
OK
with that command you are verifying the first cert in that file, and 
since it

it is probably self signed, you cannot do that.

If, on the other hand you happen to have an intermediate as the
beginning you get the other cannot find issuer message.




 From http://www.madboa.com/geek/openssl/ I read:
 error 18 at 0 depth lookup:self signed certificate. Unless you make an exception, 
OpenSSL won’t verify a self-signed certificate.

They also go on to say:
 How do I get OpenSSL to recognize/verify a certificate?
Put the file that contains the certificate you’d like to trust into the certs 
directory discussed above. Then create the hash-based symlink. Here’s a little 
script that’ll do just that.

#!/bin/sh
#
# usage: certlink.sh filename [filename ...]

for CERTFILE in $*; do
   # make sure file exists and is a valid cert
   test -f $CERTFILE || continue
   HASH=$(openssl x509 -noout -hash -in $CERTFILE)
   test -n $HASH || continue

   # use lowest available iterator for symlink
   for ITER in 0 1 2 3 4 5 6 7 8 9; do
 test -f ${HASH}.${ITER}  continue
 ln -s $CERTFILE ${HASH}.${ITER}
 test -L ${HASH}.${ITER}  break
   done
done

That is for Linux.
How do I get OpenSSL to recognize/verify a certificate on Windows XP/2003? 
(like step-by-step instructions).

... instead of ln -s you can create a copy ...
for more detailed instruction, I'll can charge you 100EUR per line. :-)
...


... Just put all the CA certificates into one file and remove the

SSLCACertificatePath

and just keep the

SSLCACertificateFile



Thanks.

Curtis


-Original Message-
From: Peter Sylvester [mailto:peter.sylves...@edelweb.fr]
Sent: Thursday, April 26, 2012 10:40
To: openssl-users@openssl.org
Cc: Tammany, Curtis; Bernhard Fröhlich
Subject: Re: How to trust a 'root' certificate

On 04/26/2012 03:58 PM, Tammany, Curtis wrote:

I don't see this as an Apache issue. The site has required client certs for 
years now and Apache was configured to require client certificates.

I have intermediate DOD certs on the server but OpenSSL sees my DoD Root 
certificate as un-trusted self-signed so the chain is broken. From 
http://www.openssl.org/support/faq.html:
 5. Why doesSSL program   fail with a certificate verify error?
This problem is usually indicated by log messages saying something like unable to get local issuer 
certificate or self signed certificate. When a certificate is verified its root CA must be 
trusted by OpenSSL this typically means that the CA certificate must be placed in a directory or file 
and the relevant program configured to read it. The OpenSSL program 'verify' behaves in a similar way and issues 
similar error messages: check the verify(1) program manual page for more information.

How can I get OpenSSL to trust my DOD root certificate?



In general all certificates that you have in the apache as client CAs
are trusted but they need
to chain up to some root which must be part of the set.

If the certficates are in a directory, and you have changed the openssl
version, you
might want to rehash. The hash logic had been changed at some version.





__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: SRP in OpenSSL 1.0.1

2012-04-04 Thread Peter Sylvester

On 04/04/2012 11:01 AM, Christian Weber wrote:

Dear users and developers,

we just read through some of the code examples for SRP usage.

Concerning the necessary callbacks we wonder why in
s_server.c the verifier parametrization is being delayed.

Within apps/s_server.c we can find the comment:

 When the callback is called for a new connection we return
  with a negative value. This will provoke the accept etc to return with
  an LOOKUP_X509. The main logic of the reinvokes the suspended call
  (which would normally occur after a worker has finished) and we
  set the user parameters.

There seems to be something missing between 'the' and 'reinvokes',
so we cannot understand what's being meant.


application:

Imagine a server that has a large base of users. When the callback is
invoked, it would start with some asynch ldap call or whaever else
to read a verifier. The callback would return -1, and the SSL_accept
fails with the return code ERROR_LOOKUP_X509 (well, I know, by this
name was the only one available, borrowed by a reciprooque feature
in the client. The application would do some select call on whatever
filedescriptors. As soon as the verifier is available, the application
stores this somewhere, and calls SSL_accept again, which in this
case will cause the callback to return the verifier.

Nothing about srp is documented so far.

The code in apps/server.c is not doing any select loop, it just
calls the SSL_accept twice. This is done to illustrate the
possibilities of the callback. The callback 'pretends' that
the data are not there.

I do not really like to use the verifier file as it is done in the example,
since one needs to restart a server after modifying a user.



May it be a security impact to implement the lookup within the
callback itself (as done in ssl/ssltest.c, based on user's password)
or may there be other error conditions which are covered by
relocating the lookup to init_ssl_connection in apps/s_cerver.c?

As I wrote abone, the while loop to do SSL_accept is not exactly
what you would want to do in a real application.

The simulated logic flow  is:

i=SSL_accept(con);

  if (  i = 0   SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP )

do whatever is necessary to get the verifier, in this case simulated by

   srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, 
srp_callback_parm.login);

   since there is nothing async to do in the example.

  and then do another

   i=SSL_accept(con);

I could have folded out the loop to get out the init_ssl_connection etc.




Any opinions about possible security weakening against implementing
the lookup within the callback?


There may be many ways to store and create a verifier.
One could for example on the fly generate a one time password,
send it as an SMS, store the verifiers in an LDAP.

Therefore the callback allows an application to choose whatever means
it wants to implement, openssl is not charged to read files, make network
requests or whatever.


Peter


TIA
-- Christian Weber
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: How to get the Certificate Keyusage retire error ? (lCert-ex_kusage =0)

2012-04-04 Thread Peter Sylvester

On 04/04/2012 02:51 PM, brajan wrote:

I am using openssl 0.9.8g version .

i convert the PEM certificate file to X509 format and try to read the key
usage value .
Keyuage =lCertificate-ex_kusage ;

Some time the keyusage = 128
Some time Keyusage is 0 for the same certificate . why this problem occurs
...

the flags are set by one of functions in crypo/v3_purp.c


try callX509_check_ca(lCertificate)   before accessing


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: 1.0.1beta1, incompatibility with gnutls?

2012-03-09 Thread Peter Sylvester

On 03/08/2012 11:05 PM, David Holmes wrote:

I'm trying to use openssl 1.0.1beta1 s_server with gnutls 2.4.1 (gnutls-cli).

s_server is complaining of an unknown extension (see debug output below).

Isn't it the client after the serverhello response?

you might want to add  -debug and -msg to see the s_server response
to what s_server responds and why the client aborts.


regarding my earlier hasty message today:
the illegal hostname 17.0.0.1 is not a problem in s_server.
(I still haven't passed all ent certification) :-)



Openssl 0.9.8h works just fine though.

Is this a known issue?


./openssl s_server -key src/data/server.key -cert src/data/server.crt 
-tlsextdebug
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
TLS client extension unknown (id=9), len=3
 - 02 00 01  ...
TLS client extension server name (id=0), len=14
 - 00 0c 00 00 09 31 32 37-2e 30 2e 30 2e 31 .127.0.0.1
ERROR
4150167176:error:14094456:SSL routines:SSL3_READ_BYTES:tlsv1 unsupported 
extension:s3_pkt.c:1240:SSL alert number 110
shutting down SSL
CONNECTION CLOSED
ACCEPT

David Holmes  |  Technical Marketing Manager - Security
F5 Networks 
   P 206.272. 
F 206.272.5556
www.f5.com 
   D 206.272.6740 
Follow @dholmesf5 
  



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: 1.0.1beta1, incompatibility with gnutls?

2012-03-09 Thread Peter Sylvester

On 03/08/2012 11:05 PM, David Holmes wrote:

I'm trying to use openssl 1.0.1beta1 s_server with gnutls 2.4.1 (gnutls-cli).

s_server is complaining of an unknown extension (see debug output below).

Openssl 0.9.8h works just fine though.

Is this a known issue?

try beta3, should work better.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: 1.0.1beta1, incompatibility with gnutls?

2012-03-08 Thread Peter Sylvester

On 03/08/2012 11:05 PM, David Holmes wrote:

I'm trying to use openssl 1.0.1beta1 s_server with gnutls 2.4.1 (gnutls-cli).

s_server is complaining of an unknown extension (see debug output below).

Openssl 0.9.8h works just fine though.

Is this a known issue?


127.0.0.1  is not a valid servername.

I don't remember but you might want to play
with the servername parameter of s_server.





./openssl s_server -key src/data/server.key -cert src/data/server.crt 
-tlsextdebug
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
TLS client extension unknown (id=9), len=3
 - 02 00 01  ...
TLS client extension server name (id=0), len=14
 - 00 0c 00 00 09 31 32 37-2e 30 2e 30 2e 31 .127.0.0.1
ERROR
4150167176:error:14094456:SSL routines:SSL3_READ_BYTES:tlsv1 unsupported 
extension:s3_pkt.c:1240:SSL alert number 110
shutting down SSL
CONNECTION CLOSED
ACCEPT

David Holmes  |  Technical Marketing Manager - Security
F5 Networks 
   P 206.272. 
F 206.272.5556
www.f5.com 
   D 206.272.6740 
Follow @dholmesf5 
  



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Distinguishing a CA certificate from an end entity certificate Reg.

2012-02-23 Thread Peter Sylvester

On 02/23/2012 10:49 AM, Ashok C wrote:

Hi,

What would be the most efficient and easiest way to distinguish a CA certificate from an actual 
server/client(end entity) certificate?
We were thinking of identifying the CA with the CA:TRUE constraint from the text display, but 
again this check does not cover x509 v1 certificates where this extension is not present.

Is there any command/openSSL API available which would serve this purpose?


a v1 certificate (if you want)
or v3 cert with both CA:true*and keyusage has certsign bit.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Customer Enterprise X.509 Extension OID Assignment

2012-02-06 Thread Peter Sylvester

On 02/06/2012 09:41 AM, Curt Sampson wrote:


If I were to create a custom X.509 certificate extension for use within
my enterprise and with others outside who wanted to write or modify
their own software to interoperate with it, I'd need to assign an OID
for this extension, right? And for that, would the standard way to do
this be to assign an OID underneath the one assigned to us by the IANA
in their Private Enterprise Number list[1], right?

It is one possible way, you need to find someone that
owns an OID (forever) and dedicates you a number.

in france, every enterprise has an oid 1.3.2.officialenterprisenumber

some institution sell such numbers.



(I note that [1] claims to be the SMI Network Management Private
Enterprise Codes, but I gather that others use this for pretty much
anything where they need a unique OID.)

I'd prefer to say non-ambiguous.

besides that, I would also investigate your need for a custom extension,
if you use it for 'identity', then use a subjectAltname for example
if you use it for some kind  of attribute based authorisation, well,
you are maybe overloading the certificate.

Peter

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: SRP problem in OpenSSL 1.0.1 beta

2012-01-10 Thread Peter Sylvester

On 01/10/2012 04:52 AM, Norm Green wrote:

Hi,

I am testing my application with the 1.0.1 beta and noticed the errors generated are not 
very friendly when SRP credentials are incorrect.  The problem is that the error codes 
returned in no way indicate that the problem is incorrect credentials.  Instead I see 
errors about bad record mac (see below).

two things:

- your server code may choose to react with a

  o  unknown_psk_identity (115) - this alert MAY be sent by a server
  that receives an unknown user name.  This alert is always fatal.
  SeeSection 2.5.1.3  http://tools.ietf.org/html/rfc5054#section-2.5.1.3  
for details.

  this can be done in the callback if one chooses so.

- when a user provides a bad password, there is no common secret,
  there is only one possible error:
something was wrong during the handshake



Everything works just fine when the correct credentials are used.  What I need 
a way to discern if incorrect credentials were supplied, or there is some other 
error.  As it stands now, I would have to assume that the credentials are wrong 
whenever SSL_connect() or SSL_accept() fail, which seems like a poor assumption.

You can only assume that either a wrong password is given or
some network problem has occured.

You cannot determine whether you are talking to the right partner
without a successful handshake.




I'm still fairly new to SSL and SRP and am grateful for any and all help.

does that help?

btw: if your server needs non blocking behaviour (even if no),
and you need time to lookup a credential (a verifier) in a database,
you can indicate in your callback to interrupt the accept call
(in blocking and non blocking mode) and repeat the accept as
soon as the data are there.



Norm Green
VMware, Inc.




Peter Sylvester




Re: SRP problem in OpenSSL 1.0.1 beta

2012-01-10 Thread Peter Sylvester

an excerpt from rfc 5054 paragraph 3.3


   If an attacker learns a user's SRP verifier (e.g., by gaining access
   to a server's password file), the attacker can masquerade as the real
   server to that user, and can also attempt a dictionary attack to
   recover that user's password.

   An attacker could repeatedly contact an SRP server and try to guess a
   legitimate user's password.  Servers SHOULD take steps to prevent
   this, such as limiting the rate of authentication attempts from a
   particular IP address or against a particular user name.

...

   If the client receives an unknown_psk_identity alert in response to
   a client hello, this alert may have been inserted by an attacker.
   The client should be careful about making any decisions, or forming
   any conclusions, based on receiving this alert

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Displaying Serial Number of Cert via s_client ?

2012-01-07 Thread Peter Sylvester

On 01/07/2012 02:01 AM, Ken Adler wrote:

I use  echo GET | openssl s_client -connect www.google.com:443 -state to 
troubleshoot https handshakes.

Is there a way to get it to return the Serial number (or thumbprint) of the 
server certificate?



openssl s_client -connect www.google.com:443 21|openssl x509 -noout -serial

serial=4F9D96D966B0992B54C2957CB4157D4D

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: OpenSSL and apache2 wildcard self-signed certificate for nested subdomain

2011-12-14 Thread Peter Sylvester

On 12/14/2011 01:33 PM, rey sebastien wrote:


Hello users :)

I have some problem with nested subdomain and wildcard openssl certificate.. perhaps this is 
because the subdomain type is : site1.parisgeo.cnrs.fr, or site2.parisgeo.cnrs.fr, or other 
subdomain like .parisgeo.cnrs.fr


When i create the self signed certificate, i enter CN = *.parisgeo.cnrs.fr, but it's seems it's 
impossible to connect on this site for example partage.parisgeo.cnrs.fr with this configuration ! Arg.



your connexion works fine up to the point of certificate verification.

openssl s_client does not like self signed certs
any browser needs user action to disable warnings.

example  curl -k https://www.parisgeo.cnrs.fr  works because of -k






Re: How to create certificate store using DER and PKCS12 certificates

2011-11-10 Thread Peter Sylvester

On 11/10/2011 12:47 PM, Rajib Karmakar wrote:


Hi,

I am using OpenSSL version 1.0.0e and want to create a certificate 
store using DER and PKCS12 formatted certificates.



I have to read and convert DER and PKCS12 certificates into X509 
object and add them into X509_STORE.
But if PEM, DER and PKCS12 certificates are stored in same path I have 
to identify each certificate format.


Is there any OpenSSL API that tells the certificate format?


You try to decode them in all formats, only one of them will succeed.


Re: OpenSSL 1.0.1 example with SRP

2011-10-25 Thread Peter Sylvester

On 10/25/2011 05:15 AM, Norm Green wrote:

Hello Experts,

I'm new to OpenSSL so please bear with me.

I'm trying to construct a simple example that uses a recent OpenSSL 1.0.1 
snapshot to create secure connection using SRP without using any certificates.  
I am aware 1.0.1 is not yet released, but I've been told this should be 
possible.

try this first with s_client and s_server   you need cipher SRP fo them

what happens when you connect to your server with

  openssl s_client -srpuser USER -cipher SRP -connect server:port



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Error converting from .cer to .pem

2011-09-19 Thread Peter Sylvester

On 09/19/2011 04:29 PM, ubuntuv wrote:

Thanks Jacob.

Output of
#less evalRootCertificate.cer

-BEGIN CERTIFICATE-
MIICBDCC.MVWn1dH/IzvUWbQ==
-END CERTIFICATE-

I even tried removing the following file lines

-BEGIN CERTIFICATE-
-END CERTIFICATE-

# openssl x509 -inform der -in evalRootCertificate.cer -out steel.pem
unable to load certificate

your file is already in pem form.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: How to deal with new OIDs

2011-09-08 Thread Peter Sylvester

On 09/07/2011 08:28 PM, Dr. Stephen Henson wrote:

On Wed, Sep 07, 2011, Dominik Oepen wrote:



Are these OIDs are by chance the ones described in ticket 1794?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: How to deal with new OIDs

2011-09-08 Thread Peter Sylvester

On 09/08/2011 04:31 PM, Dominik Oepen wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Am 08.09.2011 11:49, schrieb Peter Sylvester:

On 09/07/2011 08:28 PM, Dr. Stephen Henson wrote:

On Wed, Sep 07, 2011, Dominik Oepen wrote:


Are these OIDs are by chance the ones described in ticket 1794?


Actually I meant 2239.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Becoming a CA for group of internal servers?

2011-09-01 Thread Peter Sylvester


you might want to read the description of the -extfile parameter of the x509 
command

an excerpt from   curl-7.21.6/tests/certs/scripts/genserv.sh  available at  
curl.haxx.se

$OPENSSL req -config $PREFIX-sv.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-sv.key 
-out $PREFIX-sv.csr
$OPENSSL rsa -in $PREFIX-sv.key -out $PREFIX-sv.key
$OPENSSL x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION  -CA $CAPREFIX-ca.cacert 
-CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -out $PREFIX-sv.crt -text -nameopt multiline -sha1


with a $PREFIX-sv.prm like the following

extensions = x509v3
[ x509v3 ]
subjectAltName = DNS:localhost
keyUsage= keyEncipherment
extendedKeyUsage = serverAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid
basicConstraints = critical,CA:false
[ req ]
default_bits= 1024
distinguished_name  = req_DN
default_md= sha256
string_mask= utf8only
[ req_DN ]
countryName = Country Name is Northern Nowhere
countryName_value= NN
organizationName  = Organization Name
organizationName_value = Edel Curl Arctic Illudium Research Cloud
commonName  = Common Name
commonName_value  = localhost

[something]
# The key
# the certficate
# some dhparam

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: smime verify bug???

2011-07-21 Thread Peter Sylvester





Many places including the DN comparision algorithm description of RFC3280.


Sorry can you point me to the exact paragraph, I read 4.1.2.4 and 5.1.2.3 but the comparision 
seems to happen on the contents of the issuer field and not the order,


thanks
Nicola


near the end of page 95 of rfc 5280:

   Two naming attributes match if the attribute types are the same and
   the values of the attributes are an exact match after processing with
   the string preparation algorithm.  Two relative distinguished names
   RDN1 and RDN2 match if they have the same number of naming attributes
   and for each naming attribute in RDN1 there is a matching naming
   attribute in RDN2.  Two distinguished names DN1 and DN2 match if they
   have the same number of RDNs, for each RDN in DN1 there is a matching
   RDN in DN2, and the matching RDNs appear in the same order in both
   DNs.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: web site with many openssl examples

2011-06-30 Thread Peter Sylvester

On 06/30/2011 07:29 PM, derleader mail wrote:

 Hi,
I'm looking for complete examples of implementing OpenSSL code - server and client. Can you 
give a link?


Best wishes
Peter

the source code of s_client  and s_server
or  ssl_use.c of curl for a client part or mod_ssl of apache for a server
or the source code for the tests in openssl that use bio pairs
or ...


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: [openssl-users] Quick eyeball requested - self generate openssl certs/CA

2011-05-19 Thread Peter Sylvester




The problem with this scheme is that it doesn't deal well with
parallel certificate signatures. You have one shared information that
must be incremented in an atomic way. But for a Junk CA (that's how
I call the set of scripts I use), that's not a problem.

another approach is to take the value of 'time' (the current second)
and append to it the current process number, and, in case of
several machines, some number indicating the id of the machine.

instead of the process number, any other method to ensure uniqueness
within a second may be used.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: [openssl-users] Quick eyeball requested - self generate openssl certs/CA

2011-05-19 Thread Peter Sylvester

On 05/19/2011 06:20 PM, Tim Watts wrote:

On 19/05/11 16:46, Peter Sylvester wrote:




The problem with this scheme is that it doesn't deal well with
parallel certificate signatures. You have one shared information that
must be incremented in an atomic way. But for a Junk CA (that's how
I call the set of scripts I use), that's not a problem.

another approach is to take the value of 'time' (the current second)
and append to it the current process number, and, in case of
several machines, some number indicating the id of the machine.

instead of the process number, any other method to ensure uniqueness
within a second may be used.


Ah yes - that would guarantee a non repeating unpredictable sequence.

well, I was reminded that the number of forks may be predictable, but
one can add some random or do some random process generation, so that
you would have a large unpredictable part.


I was confuse initially as I did not realise the serial number could be so big 
(16 bytes was it?).

160 bits, let's say 159 you would take 39 for the date, and add a few bits of 
local
uniqueness eg, a microsecond which is already difficult to predict,
and then you still have about 100 possible random bits.



Cheers

Tim
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: convert x509 cert into string and store certs in cache

2011-03-11 Thread Peter Sylvester

On 03/11/2011 11:57 AM, ikuzar wrote:

Ok.
In the doc, I think |i2d_X509() |is adequate to encode X509 *cert; The doc says 
:

int i2d_X509(X509 *x, unsigned char **out);

|i2d_X509()| encodes the structure pointed to by *x* into DER format. If *out* 
is not *NULL* is writes the DER encoded data to the buffer at **out*, and 
increments it to point after the data just written. If the return value is 
negative an error occurred, otherwise it returns the length of the encoded data.

Now, the function which adds certificates into shared map is like this :
int addCertIntoMap(const char* uri, const char* certificate,  unsigned int 
clen, time_t duration);
uri is the key, const char* certificate is the certificate to add into map.

My question :
DER format will be stored in an unsigned char **out. In addCertIntoMap, we add 
a const char* certificate. I do not know how to write the code. I want to write 
somthing like this :

X509* peerCert = SSL_get_peer_certificate(ssl);
unsigned char **DERcert;
i2d_X509(peerCert, DERcert);
addCertIntoMap(uri, DERcert, len, time); // but here DERcert is char** and not 
char* ...




You might want to the example in 
http://www.openssl.org/docs/crypto/d2i_X509.html

Allocate and encode the DER encoding of an X509 structure:

 int len;
 unsigned char *buf, *p;

 len = i2d_X509(x, NULL);

 buf = OPENSSL_malloc(len);

 if (buf == NULL)
/* error */

 p = buf;

 i2d_X509(x, p);
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: ASN.1 encoding a private structure

2011-02-15 Thread Peter Sylvester

On 02/14/2011 01:11 PM, Eisenacher, Patrick wrote:

I want to encode a private asn1 structure, say something like the following:

SEQUENCE
   true_false  BOOLEAN
   certificate Certificate

I checked the asn1parse command and was able to specify my outer sequence and 
the inner boolean in the genconf file, but failed to specify my certificate. I 
had hoped to specify the certificate via DER: 01 02 03... like I would with a 
private extension in openssl's conf file, but this didn't work.

I also tried decoding the certificate via asn1parse and then re-encoding the 
output, but that didn't work neither.

Is there any way to achieve my goal without manually constructing the asn.1 
coding?


Yes, you can/might

- transform the certificate into an octet string in hex,
- remove the initial tag and length, probably 4 octets,
- specify an universal 16 implicit octet string
  and the content octets.
the asn1parse encoder detect that the universal 16 is actually
a sequence and will put automagically the constructed bit.






Thanks for your help,
Patrick Eisenacher
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: IP address as subjectaltname works with firefox but not MS internet explorer

2011-01-20 Thread Peter Sylvester




In addition to the adding the IP address to the cert with
subjectAltName=IP:10.0.0.1; I added the IP address twice (probably didn't
need to), using subjectAltName=IP:10.0.0.1,DNS:10.0.0.1


You might want to add DNS:host.mydomain.com

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: How to disable index and serial?

2011-01-11 Thread Peter Sylvester

On 01/11/2011 05:50 PM, Dominique Lohez wrote:

Fredrik Strömberg a écrit :

Hello,

I want to sign a certificate without using the index or serial files.
Can someone tell me how to disable them?


by using the command x509 and not ca for example.
you can use a serial number based on a date
seconds plus processid for example) to guarantee
uniqueness.

As said below: If you create the same serial number
for different certs, the results may be
unpredictable depending at least on whether
a verifier has a cache of certificates.

Some example scripts like this can be in the test
directory of 'curl' obtainable at  http://curl.haxx.se



Not using -config makes openssl use the compiled default, and using my
own while commenting out database and serial gives me the error
variable lookup failed for CA_default::database. If they can´t be
disabled I would like to know if there´s a possibility to lock the
files from openssl. Should that not work I need to implement my own
filelocking.

(For the curious: I don´t need serial because I only identify with CN,
and I don´t need a database because I will never revoke any
certificates.)


In my understanding of your problem, the serial number of the certificate is 
always required because
you can generate more than one certificate for a given user identified with a 
given DN( and not CN)
This arise because you issue a certificate valid from January 1st to March 31th
the next one valid from April 1st to June 30th etc for example
etc
The only way to distinguish these certificates is the serial number.

I hope this helps
Best regards

Dominique LOHEZ

Any thoughts?

Kind regards,
Fredrik Strömberg
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org









__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Request for comment on Anonymous, Encrypted SSL approach

2010-09-17 Thread Peter Sylvester

On 09/17/2010 04:40 PM, Tom Cocagne wrote:

Greetings,

I've been searching for a way to set up an encrypted SSL connection
that doesn't require the use of certificates. Ideally, I'd like to use
SSL + SRP as specified in RFC 5054 but, as that isn't yet commonly
available, I'd like to fall back to setting up an anonymous but
encrypted SSL connection over which I'll manually use SRP for
authentication.
   

you may want to look at the openssl request tracker entry 1794
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Confusion about subject alternative names

2010-09-02 Thread Peter Sylvester

Since webmail, imap, smtp(s) all operate on different ports, and
you have different listeners, the correct way to me seems to
use three certificates with the desired hostnames etc.

Having the same IP address doesn't matter in this particular case.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Verify X.509 certificate, openssl verify returns bad signature

2010-08-30 Thread Peter Sylvester



Nit: redundant leading 00 (or FF) in an INTEGER is VALID *B*ER
but INVALID *D*ER. And signed things like certs are *D*ER
for exactly this reason, so a reconstructed encoding is
bit for bit identical and hashes and signatures etc. work.
   

BER is already 'distinguished concerning the content octets of an
INTEGER.

X.690:

8 Basic encoding rules

...

8.3 Encoding of an integer value
8.3.1 The encoding of an integer value shall be primitive. The contents 
octets shall consist of one or more octets.
8.3.2 If the contents octets of an integer value encoding consist of 
more than one octet, then the bits of the first octet

and bit 8 of the second octet:
a) shall not all be ones; and
b) shall not all be zero.
NOTE – These rules ensure that an integer value is always encoded in the 
smallest possible number of octets.
8.3.3 The contents octets shall be a two's complement binary number 
equal to the integer value, and consisting of
bits 8 to 1 of the first octet, followed by bits 8 to 1 of the second 
octet, followed by bits 8 to 1 of each octet in turn up to

and including the last octet of the contents octets.
NOTE – The value of a two's complement binary number is derived by 
numbering the bits in the contents octets, starting with bit 1 of the 
last octet as bit zero and ending the numbering with bit 8 of the first 
octet. Each bit is assigned a numerical value of 2N,where N is its 
position in the above numbering sequence. The value of the two's 
complement binary number is obtained by summing the numerical values 
assigned to each bit for those bits which are set to one, excluding bit 
8 of the first octet, and then reducing this value by the numerical 
value assigned to bit 8 of the first octet if that bit is set to one.


Chapter 10 and 11 don't say anything about INTEGER.

The length field in definite encoding may have redundant zeros though in BER

DER:
10.1 Length forms
The definite form of length encoding shall be used, encoded in the 
minimum number of octets. [Contrast

with 8.1.3.2 b).]





__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
   



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Verify X.509 certificate, openssl verify returns bad signature

2010-08-29 Thread Peter Sylvester

The encoding is invalid BER.
The openssl is tolerant but also destructive in copy.

whenever  you use openssl x509 -in -out ... you remove one leading 0 octet.

IMHO openssl should reject the cert because of invalid encoding.


On 08/29/2010 04:17 AM, Mounir IDRASSI wrote:

 Hi,

The problem you are encountering is partly caused by the way OpenSSL 
handles integers whose DER encoded value starts with one or more zeros 
: in this case, OpenSSL removes the leading zero when creating the 
corresponding ASN1_INTEGER structure thus leading to the fact that 
computed DER of this structure and the original one will be different!!


In your case, the certificate you are trying to verify has a DER 
encoded serial number 00 00 65. So, OpenSSL will create an 
ASN1_INTEGER with a value of 00 65. And in the course of the 
certificate signature verification, this structure will be encoded to 
DER which will lead to a encoded value of 00 65. Thus, the generated 
DER of the CertInfo will be different from the original one, which 
explains why the signature verification fails.


After some digging, I found that part of the problem is caused by the 
functions c2i_ASN1_INTEGER and d2i_ASN1_UINTEGER in file 
crypto\asn1\a_int.c. At lines 244 and 314, there is an if block that 
removes any leading zeros. Commenting out these blocks solves the DER 
encoding mismatch but the verification still fails because the 
computed digest is different from the recovered one.


I will continue my investigation to find all the culprits.
Meanwhile, the question remains why in the first place the removal of 
the leading zero from the parsed DER encoding was added since this 
clearly have the side effect of making the computed DER different from 
the original one.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 8/28/2010 10:43 PM, Goran Rakic wrote:

Hi all,

I have two X.509 certificates MUPCAGradjani.crt and MUPCARoot.crt
downloaded from http://ca.mup.gov.rs/sertifikati-lat.html

Certificate path is MUPCARoot  MUPCAGradjani and I would like to
validate MUPCAGradjani against the other. What I did is to convert both
to PEM format and rename them by hash as efd6650d.0 (Gradjani) and
fc5fe32d.0 (Root) using this script:

 #!/bin/bash
 hash=`openssl x509 -in $1 -inform DER -noout -hash`
 echo Saving $1 as $hash.0
 openssl x509 -in $1 -inform DER -out $hash.0 -outform PEM

Now I run:

 $ openssl verify -CApath . efd6650d.0
 error 7 at 0 depth lookup:certificate signature failure
 16206:error:04077068:rsa routines:RSA_verify:bad 
signature:rsa_sign.c:255:
 16206:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP 
lib:a_verify.c:173:/pre


Hm, that is not working. What am I doing wrong here?

I am running OpenSSL 0.9.8k 25 Mar 2009 on Ubuntu 10.04 GNU/Linux. I
also have my personal certificate issued by MUPCAGradjani that I would
like to verify but it is failing with the same error (just one level
down):

 $ openssl verify -CApath . qualified.pem
 qualified.pem: /CN=MUPCA Gradjani/O=MUP Republike 
Srbije/L=Beograd/C=Republika Srbija (RS)

 error 7 at 1 depth lookup:certificate signature failure
 16258:error:04077068:rsa routines:RSA_verify:bad 
signature:rsa_sign.c:255:
 16258:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP 
lib:a_verify.c:173:/pre


When I install downloaded certificates in Windows using Internet
Explorer and doubleclick on my personal certificate (qualified.cer) it
looks valid. I am not sure, but I believe it is doing certificate chain
validation so the certificates and paths should be valid. After all they
are issued by a trustful CA.

Output of openssl x509 -nameopt multiline,utf8,-esc_msb -noout -text
-in $1 looks reasonable for both downloaded certificates and is the
same before and after conversion to PEM (using -inform DER in the first
case). My take on this is that I am not doing conversion properly or
maybe the original certificates are in some other format requiring extra
argument, but I can not find answer in the docs.

How can I properly validate X.509 certificate from
http://ca.mup.gov.rs/sertifikati-lat.html by certificate chain?

Kind regards,
Goran


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-...@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List 

Re: Verify X.509 certificate, openssl verify returns bad signature

2010-08-29 Thread Peter Sylvester

On 08/29/2010 01:20 PM, Mounir IDRASSI wrote:

Hi Peter,

Although the certificate's encoding of the serial number field breaks the
BER specification about the minimal bytes representation, it is known that
many CA's and libraries treat this field as a blob and usually encode it
on a fixed length basis without caring about leading zeros.
Specifically, Peter Gutmann in his X.509 Style Guide says this about this
field : If you're writing certificate-handling code, just treat the
serial number as a blob which happens to be an encoded integer.
   

You are citing out of context.
There is a reference to negative integers which can happen 50%.

A text written 10 years ago is not really an excuse for a certificate
from this year.


Moreover, major PKI libraries are tolerant vis-a-vis the encoding of the
serial number field of a certificate and they verify successfully the
certificate chain given by the original poster.
   

So what. The certs are still wrong.

For example, NSS, GnuTLS and CryptoAPI accept the given certificates and
verify successfully their trust.
   


hm, inserting the certs into Firefox says to me that the
certs cannot be validated for unknown reasons.

The decoders in NSS and GnuTLS accept all kinds of
bad encodings, the BER/DER decoders being very
tolerant.

Supporting or not specific broken implementations have always been the
subject of heated debates.

X509 has been updated to decode and reencode a certificate,
in this sense openssl's behaviour of silently dropping one
octet is not very nice. But there are other potential minor
deviations.


Concerning the specific issue here, it's clear
that OpenSSL is too restrictive compared to other major libraries since
this is a minor deviation from the BER specs (i.e. minimal bytes
representation) and thus hurts deployments of real-world certificates.
   

Others are EXTREMLY permissive in decoding.

This minor deviation results in ambiguous DER. Assumed two
values  0001 or 01, are these the same serialnumber, or not?
This is asking for real trouble. Even when taking as a blob,
displaying will show 1 for both in major implementations.

I'd rather see openssl be more restrictive and reject bad encodings
(I am not talking about a negative number here).

and what about version:

02060002
020601230002

some treat the second as a v3




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Verify X.509 certificate, openssl verify returns bad signature

2010-08-29 Thread Peter Sylvester

On 08/29/2010 07:38 PM, Mounir IDRASSI wrote:

 Hi Peter,

Thank you for your comments.
As I said, this kind of debates can be very heated and going down this 
road don't lead usually to any results.

The debate may be whether and how something should be
done in openssl, I admit I had started that one.
I am the first one to wish that the PKI world out there is ideal and 
everyone uses correctly validated modules. Unfortunately, we 
constantly have to balance between correctness and practicalness.

Some programs are not strict in verification, so be it.
But that has nothing to do with the fact that the certs in question are
not correctly encoded and may create unexpected behaviour...



Concerning Firefox check, I have managed to load the chain and to 
validate it correctly  using Firefox 3.6.8 under Windows and Ubuntu 
10.04. I'm attaching screenshots.

Try edit the trustsetting.

Or: Try load them without setting any trust during loading
and to set some later through the certificate management.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Subject alternative name

2010-08-24 Thread Peter Sylvester

You can use environment variables in the config file like

extensions = x509v3
[ x509v3 ]
subjectAltName   = @subjectAltName
keyUsage= critical,keyEncipherment
extendedKeyUsage = serverAuth
crlDistributionPoints = $ENV::CRLDP
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid
[ subjectAltName ]
DNS = $ENV::DNSNAME


On 08/24/2010 07:47 AM, Gerald Iakobinyi-Pich wrote:

Hello,

I have managed to create a certificate containing different values for
the subject alternative name. But now I would like to be able to set
this value (this alternative names) from the command line, when I
invoke OpenSSL. Is there any possibility to do that? My target here is
to avoid to have to modify the config file each time I have to
generate a certificate with other alternative names.

Thanks,
Gerald
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
   


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Verifying X509 Certificates Using The OpenSSL API

2010-08-08 Thread Peter Sylvester

try rehash the certs
I am loading the certificate stores from /etc/ssl/certs which 
contains the stores that mozilla, chrome, and the like all verify 
from, but no matter what I do I can't get a single certificate to verify.




Re: SSL_CTX_set_verify issue

2010-08-06 Thread Peter Sylvester

On 08/06/2010 10:54 AM, Manjunath1847 wrote:

I am using SSL_CTX_set_verify() function to set my static C callback verify
function. During HTTPS transaction, my callback is also getting called with
first parameter 0 or 1 (depending upon of the certificate verification is
success or failure). But even if my certification verification is failure I
want to continue. So I have hard coded  return value as 1 always from my
callback function. But still I see the certification error and I don't get
the page. Any suggestion please?
   

You might want to try

X509_STORE_CTX_set_error(ctx, X509_V_OK) ;
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: NameConstraints are not being applied (or I don't know how to enforce them?)

2010-06-04 Thread Peter Sylvester

On 06/03/2010 06:11 PM, Dr. Stephen Henson wrote:

On Thu, Jun 03, 2010, jeff wrote:

   

I have an example, detailed below, that specifies permitted and excluded
subtrees for a sub-CA. Later it uses the sub-CA cert to sign certificate
requests adhering to and violating the name constraints both, even
though the nameConstraints are marked as critical.
Is this OpenSSL misbehaving or did I miss something when creating the
sub-CA certificate or issuing the user certificate?
thanks/jeff
 

This would be much easier to test if you'd attached all the relevant
certificates and how you are testing them. IMO
   

I do not think that there is any code in openssl that
checks during creation whether a new certificate would violate
some naming constraints.

This is an issue for the registration authority

In principle, these are things to be verified by a relying party, and the
relying party's  trust set containg maybe cross certs with
all kinds of restrictions cannot be knwn at that point.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: How to set CA:TRUE, in an existing cert

2010-05-12 Thread Peter Sylvester



I'm trying to install a CA cert on my Android phone, to use my
university WiFi account, via http://www.realmb.com/droidCert/ I would
need to install the GTE CyberTrust Root cert, but it is getting
registered as a client cert, not a CA one. If I try to install one
with CA:TRUE, then it's working properly.

Can you tell me how to add this CA:TRUE propery to a certificate?
   

Make your own root, and then cross-certify
the GTE public key and id adding the appropriate
extensions.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: X509 Verify callback

2010-05-10 Thread Peter Sylvester

On 05/10/2010 08:43 PM, Chris Bare wrote:

Is there a way get have X509_verify_cert retry it's path building after it
gets an X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT?
My idea is to implement a verify callback that uses the AIA information to
download the issuer cert and add it to the stack of untrusted certs.
Is this possible, or would I have to let X509_verify_cert error out and call
it again?
   


Trying to do path building during path validation
may end up in a never ending loop or almost.




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Server name indication

2010-04-09 Thread Peter Sylvester

Sad Clouds wrote:

Hi, is there any sort of documentation on how to use SNI with OpenSSL?
  

As far as I know, only the source in s_client and s_server.c

It depends on what side you are, and what do you want to test.

As a client, if you want to start a session to a server, and
if you somehow have determined that you use a dns name,
then you just add the servername to an SSL object 
before starting the connection.


   if (servername != NULL)
   {
   if (!SSL_set_tlsext_host_name(con,servername))
   {
   BIO_printf(bio_err,Unable to set TLS servername extension.\n);
   ERR_print_errors(bio_err);
   goto end;
   }
   }

In s_client there is also a callback to detect whether the server
has understood what you send in case you want to act for
whatever reason, for tracing in the case of s_client.

in curl you have for example the following code:

#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 if ((0 == Curl_inet_pton(AF_INET, conn-host.name, addr)) 
#ifdef ENABLE_IPV6
 (0 == Curl_inet_pton(AF_INET6, conn-host.name, addr)) 
#endif
 sni 
 !SSL_set_tlsext_host_name(connssl-handle, conn-host.name))
   infof(data, WARNING: failed to configure server name indication (SNI) 
 TLS extension\n);
#endif





For example, what functions to use and what steps to take.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
  


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Apache client certificate authentication

2010-03-20 Thread Peter Sylvester


Wasn't there a pb with a great number of CA names? There are 16K already?
The pb was in apache  ad some of  my three neurons seem to agree.

https://issues.apache.org/bugzilla/show_bug.cgi?id=46952

/PS
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Subject Issuer Mismatch Bug!!

2009-10-30 Thread Peter Sylvester

We have in apps/

in x509.c

   print_name(STDout, issuer= ,
   X509_get_issuer_name(x), nmflag);

in crl.c

   print_name(bio_out, issuer=, X509_CRL_get_issuer(x), 
nmflag);


In order to make a fair change that will potentially hurt everyone, I 
propose

to remove one space and add a blank before the =  and change issuer
to some parameter value but take it into account only when there
is an eclipse of the moon visible from the South pole on Earth.

 




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Getting hostname with openssl library

2009-10-20 Thread Peter Sylvester


A better question is to match a given hostname
against a certificate and determine whether it
obeys the https rules.
There can be multiple hostnames and wild cards.

The code implemented by curl is a complete way to do this.

/PS


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Getting hostname with openssl library

2009-10-20 Thread Peter Sylvester




It does not support subjectAltName extensions.

SubjectAltName extension is supported since an eternity,
more than 5 years ???



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: TLS CA Certificate Loading in DER format

2009-09-14 Thread Peter Sylvester

I think the desired function is  X509_STORE_add_cert

SSL_CTX_use_certificate is to select you own certificate.




Francois Dupressoir wrote:

Hello Ram,

You may be interested in the d2i_X509_fp() function 
[http://openssl.org/docs/crypto/d2i_X509.html#] in conjunction with 
SSL_CTX_use_certificate() 
[http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html#].


Cheers,
Francois

ramaswamy.bm wrote:

Hi,
I am to use TLS for securing an application's data transfer. For 
development purposes I have been using a

dummy set of certificates in PEM format.

The currently used  SSL_CTX_load_verify_locations API requires 
that the certificate be in PEM format.


However, in real time scenario, the application being developed 
MUST make use of certificates in DER format

as per the requirements.

So I wanted to know whether there is a way to load CA 
certificates in DER format using any SSL APIs.

My search till now for such an API has been unfruitful.

Please let me know any if any OpenSSL API is available to load the 
DER formated certificates.


Thanks  Best Regards ,
Ram
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
  

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: add extension to an existing (signed) CA certificate

2009-09-01 Thread Peter Sylvester

well, if one takes the standard configuration of openssl,
it sets the authoritykey_identifier both the hash and
issuer serial, no exception for the root. comment says
that pkix recommends that.

I do not see this recommandation in the rfcs.
at least there is a length paragraph for roots
to have an exception, and nowhere it is said you
must have both link types.

an AKI identifies the KEY, not the certificate btw
I am not sure that the issuer/serial logic is
correctly implementing this in all implementations.
It doesn't mean that the verifying CA certificate
must have this issuer/combination, any other
CA certificate with the same subject DN and same key
is also ok. S

my 2centimes
/P


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: add extension to an existing (signed) CA certificate

2009-08-26 Thread Peter Sylvester


OK, then how do I re-issue my root CA certificate with my already 
existing ca.key ?

If I could have a sample commande line for openssl it would help me .

something like

OPENSSL x509 -set_serial $SERIAL -clrext -extfile CA-EXTENSION.prm -days 
$DURATION  -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in 
$PREFIX-ca.crt -out $PREFIX-ca.der -outform der -sha256


 

OK, I will coorect these extensions with  an appropiate openssl.cnf ,
but I don't understand why there shouldn't be a certificatePolicy 
section in my master root_CA !?

because it is ignored anyway in a trust anchor. A policy document specifies
mainly what you may put into end entity certificates that are created 
under a PC

(and maybe what a certifying CA for your CA may put into a CA cert)
If you put it into intermediate CAs, they are filters indicating what that
CA can create, whether this is actually tested is still another story.

I though that it was mandatory, meaning that it points to the place 
where our PKI policy is defined .
Depending on what specification? You probably may want to put it into 
end entities.
It does not hurt (much). Whether you want to put filters into CA 
certificates, is another

story.


For oid 1.1.1.1.1, years ago we did reserved a IANA oid number  
(1.3.6.1.4.1.7391 )
we used 7391.2 for ldap, 7391.1 for snmp, is there a recommandation 
for certificates or 7391.3 would be fine ?
As long as you own 7391, you organise the name space as you like and 
there is no

(technical) semantics related to such a hierarchie.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: add extension to an existing (signed) CA certificate

2009-08-26 Thread Peter Sylvester

Jehan PROCACCIA wrote:

Le 26/08/2009 12:17, Peter Sylvester a écrit :


OK, then how do I re-issue my root CA certificate with my already 
existing ca.key ?

If I could have a sample commande line for openssl it would help me .

something like

OPENSSL x509 -set_serial $SERIAL -clrext -extfile CA-EXTENSION.prm 
-days $DURATION  -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in 
$PREFIX-ca.crt -out $PREFIX-ca.der -outform der -sha256



thanks for the sample command line, howerver I don't get it clearly ...
what are $CAPREFIX-ca.cacert and $PREFIX-ca.crt !?
the -extfile CA-EXTENSION.prm could be a localy modified openssl.cnf ?
then the -clrext isn't clear to me delete extensions before signing 
and input certificate, in the 1st place , I do want to add 
extensions, why ask openssl to delete them !?


All $things are variables:
$PREFIX is the cert that you want to modify  (a copy or your root cert)
$CAPREFIX the key (and cert) you want to sign with (cert is used to 
become issuer), agin your root cert and key.


CA_EXTENSION.prm is a complete set of extension that you want to have 
with the initial

section containing extensions=whateverlistofextensions.

The original input cert contains extensions, they are ignored with the 
-clrext.

Only the extensions from the config file are taken.





__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: add extension to an existing (signed) CA certificate

2009-08-25 Thread Peter Sylvester


 Second, I doubt your organisation is 
authoritative for the OID arc 1.1.1.1.1 - from what documentation I can find, 
the 1.1 arc is used for examples, and shouldn't be used in production. You 
should have your organisation register with IANA to be issued its own correct 
OID arc (or, I think the French Government maintains an arc under their 
country arc for organisations and companies in that country). 


Afnor maintains at least the arc under 1.2.250.1, registration
required.

I don't know whether 2.16.250 is actually in use.

But there is a simpler arc:
1.3.2 followed by the 'siren' or 'siret' number, i.e.
an identification of an organisation,
no additional registration necessary. 
__

OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Is Openssl vulnerable to Null-Prefix Attacks?

2009-08-11 Thread Peter Sylvester

Roger No-Spam wrote:
Recently there has been some discussion on the Internet regarding so 
called null-prefix attacks, see 
http://www.thoughtcrime.org/papers/null-prefix-attacks.pdf. Is openssl 
vulnerable to this attack?.

The attack is not an attack against SSL/TLS, but against
implementation of HTTPS (RFC 2818) , FTPS(RFC 4217) , ...

Callers of the openssl library which were wrong
can/were fixed without any change in openssl

OTOH, openssl doesn't make life very easy for clients to
compare a hostname against the content of a cert
according to 2818.

But there is a bug, try 'openssl x509 -text' with

-BEGIN CERTIFICATE-
MIIDQzCCAiugAwIBAgIGC106rLQUMA0GCSqGSIb3DQEBCwUAMGcxCzAJBgNVBAYT
Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X
DTA5MDgwNTIwMzM1MloXDTE3MTAyMjIwMzM1MlowVDELMAkGA1UEBhMCTk4xMTAv
BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx
EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
rMkv3/hSj5nIM9FZJ0ou0nAL9RBAjKosq9DS7R9GKG0zR++hqrUjtIB304IYhbA2
wAajC6qMO2F+G9Sxvn3dlRCSVlmi/dbvwpJnBYmsXw0a0jlO5WlkNX6Gmo82BKJW
utIWaB1X9iQmWDTBulhPqbYawEt8ofsZVlxMPUTS+x0CAwEAAaOBizCBiDAWBgNV
HREEDzANggtsb2NhbGhvc3QAaDALBgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYB
BQUHAwEwHQYDVR0OBBYEFDEAb4+NfTuIPD3/9tQHpeTMetx+MB8GA1UdIwQYMBaA
FBJrJNJKaLehsBzNv9ZMzEBbf+BAMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEL
BQADggEBAA3mVsQEaDLJKiJfDcLQONqVt9EPRGaRCm6RXIGHZ3mGlK3K99YSEeFc
VIFuonJmr1agiXpNZuYjVqUNgXG86NPgvZtpWYLCUL4uvZ+QLLRSGeW+BGYY8U35
NE0hI4EsE9VN2FkIGm+xJ0C4VQ8dU3qu3vzgoJQxY2pwl+phzlEQiOaZ9SlNlIJ0
MFycxnAyoqgXMiNKTN0I7IfSGYoZKqSjmOhJpHGqqbZ2dvD9BiWyiROdYam3CqJg
hHkVV5JifBsVATXUWPvgcS2N/Ec3hZ95ttwprut9xut7PD1IPE7twJgTEBY833d0
E4n20bhWVhXyil+F42/IqmRveucu6tc=
-END CERTIFICATE-


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Does OpenSSL support passive decryption?

2009-07-30 Thread Peter Sylvester

see http://www.rtfm.com/ssldump/

Ivan Ristic wrote:

I am investigating whether it is possible to use OpenSSL to passively
decrypt an SSL conversation (with access to a server's private RSA
key, of course).

Does OpenSSL provide any support for this mode of operation?

If there isn't explicit support, I am guessing some of the
functionality could be reused (e.g. protocol parsing). I'd appreciate
some guidance from someone in the know.

Thanks.

  


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Certificate with custom fields

2009-07-10 Thread Peter Sylvester

Victor Duchovni wrote:

On Fri, Jul 10, 2009 at 10:04:45PM +0200, Akos Vandra wrote:

  

Hello!

I need to issue a few certificates with custom fields, with the
customers more thoroughly identified, including Full name, Address,
Telephone number, blablabla, and even a picture of the poor guy.



A certificate is not a database. Put a unique id in the certificate,
and use a real database to retrieve the related data.
  

X.509 allows to have all such identity attributes in the subject DN.
(except a picture as far as I know).
  

Can this be done with one of the standards which uses openssl, or
would I have to make one of my own? For example, why don't any
XML.-like certificates exist?



Your design is flawed.
  

I am not sure about that.

xml certs exist somehow: just reencode with XER encoding rules







__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Question about x509

2009-05-23 Thread Peter Sylvester

There is also CER.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Question about x509

2009-05-22 Thread Peter SYLVESTER
Selon Kyle Hamilton aerow...@gmail.com:

 On Thu, May 21, 2009 at 11:55 PM, loody milo...@gmail.com wrote:
  Hi:
 
  thanks for your help.
  By your explanation, in der form, the leading 00 seems like a padding byte.
  ( Is there spec which says it must put 00 here?)
  from my example, the number af:4f:8a:97:14:f7 is negative, since
  the high bit, 0xaf, is set.
  appreciate your kind help,
  miloody

 Yes, there is a specification which states that you must put 00 there.
  It's called the Distinguished Encoding Rules of the Abstract
 Syntax Notation One (ASN.1).  The DER can be found in the ITU
 document number X.690; the ASN.1 can be found in ITU document number
 X.680.

This is specified in BER, not in DER: X.690 8.3.

8.3 ENCODING OF AN INTEGER VALUE
8.3.1 The encoding of an integer value shall be primitive. The contents octets
shall consist of one or more octets.
8.3.2 If the contents octets of an integer value encoding consist of more than
one octet, then the bits of the first octet
and bit 8 of the second octet
a) shall not all be ones; and
b) shall not all be zero.
NOTE – These rules ensure that an integer value is always encoded in the
smallest possible number of octets.
8.3.3The contents octets shall be a two’s complement binary number equal to the
integer value, and consisting of
bits 8 to 1 of the first octet, followed by bits 8 to 1 of the second octet,
followed by bits 8 to 1 of each octet in turn up to
and including the last octet of the contents octets.
NOTE – The value of a two’s complement binary number is derived by numbering the
bits in the contents octets, starting
with bit 1 of the last octet as bit zero and ending the numbering with bit 8 of
the first octet. Each bit is assigned a numerical value
of 2N, where N is its position in the above numbering sequence. The value of the
two’s complement binary number is obtained by
summing the numerical values assigned to each bit for those bits which are set
to one, excluding bit 8 of the first octet, and then
reducing this value by the numerical value assigned to bit 8 of the first octet
if that bit is set to one.


 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org



:—§IÏ®ˆÞrØm¶ŸÿÃ
(¥éì²Z+K­+©¦Ší1¨¥ŠxŠËh¥éì²[¬z»(¥éì²Z+€­¢f­yÒâ²Ó¨®f£¢·hšŠ)z{,–Šà

Re: Question about x509

2009-05-22 Thread Peter Sylvester



what is the X series mean?
  

guess where the X in X509 comes from.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Decoding ASN.1 certificate content

2009-05-21 Thread Peter Sylvester

Victor B. Wagner wrote:

On 2009.05.20 at 18:28:42 +0200, Peter Sylvester wrote:

  

IMO a good approach is also to simple read and understand apps/x509.c



Unfortunately, it wouldn't help much. x509 utility does work only with
certificates in files (or stdin), so it uses d2i_X509_bio.

In this case certificate is stored in the memory buffer, so it seems to
be an extra overhead first to create BIO_mem from this buffer and then
decode it using d2i_X509_bio. 
  

Right, but I was unprecise, on needs

1 : how to initialise the openssl library, load error strings, etv
2 : decoding, yes  not using d2i_X509_bio but d2i_X509
3 : extract, and print the content

/P


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
  


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: Decoding ASN.1 certificate content

2009-05-20 Thread Peter Sylvester

IMO a good approach is also to simple read and understand apps/x509.c
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: any reference to different certificate versions

2008-08-24 Thread Peter Sylvester

Kyle Hamilton wrote:

X.509 refers to the certificate version.  0 == version 1, 1 == version
2, 2 == version 3.

Version 1 certificates have no means for any extensions.
Version 2 certificates are CRLs.
  

CRLs use the asn1 type Version. CRLs with extensions have  Version 2,
but this has nothing to do with certificates.

Version 2 may be used for certificates that have  unique identifiers  but no
extensions. Since nobody seems really to use this, and there is no
support in Openssl, and one still may indicate version 3 ...

To be complete, these Version values also have nothing to do with
the version number of the X509 standard.

Version 3 certificates are the current norm, and most likely what you want.
  

'Current norm' means what?
I'd say: Since you most likely add extensions, then version 3 is what 
you set.
I seems unlikely to me that a future version of X509 will change the 
verision

number  of a certficate. This would be necessary if add
some asn1 field after the extensions instead of defining an extension.

IMO, a call to

X509_set_version

should not be necessary. openssl could ensure to set a good value depending
on whether you have extensions of not unless the version has been set to
explicitely.

The best reference currently is RFC5280, and all of its references.

-Kyle H

On Tue, Aug 19, 2008 at 2:08 AM, Sanjith Chungath [EMAIL PROTECTED] wrote:
  

Hi,
   I can set a certificate version using function X509_set_version().
Can some one give me a reference to different certificate versions that are
available and the significance of each version number.

-Thanks and Regards,
-Sanjith.



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

  





smime.p7s
Description: S/MIME Cryptographic Signature


Re: CA generation/certificate serial number

2008-04-03 Thread Peter Sylvester
openssl is VERY tolerant concerning the encoding/decoding of an INTEGER 
value.

Other decoders may not like such things as length 0 etc.

When converting such a beast from DER to PEM or the other way, you might
have a surprise.


From X.690:


8.3 Encoding of an integer value
8.3.1 The encoding of an integer value shall be primitive. The contents 
octets shall consist of one or more octets.
8.3.2 If the contents octets of an integer value encoding consist of 
more than one octet, then the bits of the first octet and bit 8 of the 
second octet:

a) shall not all be ones; and
b) shall not all be zero.
NOTE – These rules ensure that an integer value is always encoded in the 
smallest possible number of octets.
8.3.3 The contents octets shall be a two’s complement binary number 
equal to the integer value, and consisting of bits 8 to 1 of the first 
octet, followed by bits 8 to 1 of the second octet, followed by bits 8 
to 1 of each octet in turn up to and including the last octet of the 
contents octets.
NOTE – The value of a two’s complement binary number is derived by 
numbering the bits in the contents octets, starting with bit 1 of the 
last octet as bit zero and ending the numbering with bit 8 of the first 
octet. Each bit is assigned a numerical value of 2N, where N is its 
position in the above numbering sequence. The value of the two’s 
complement binary number is obtained by summing the numerical values 
assigned to each bit for those bits which are set to one, excluding bit 
8 of the first octet, and then reducing this value by the numerical 
value assigned to bit 8 of the first octet if that bit is set to 
one.Giang Nguyen wrote:

nils

  

Frédéric Donnat wrote:

  Hi,

  Sorry for the mistake (nothing to deal with openssl.cnf file). I was just 
  looking for ca.txt file.


  Is it normal behavior of openssl to be able to view a certificate without 
  serial number using (without any error mentioned):

  openssl x509 -in some_cert_without_sn.pem -text
  But to be unable to verify it using:
  openssl verify -CAfile some_cert_without_sn.pem some_cert_without_sn.pem


  Sample: (attached self-sign cert name pipo-bad.pem)

hmm, the attached certificate as has a serial number it's 0x0



actually the attachment 
http://www.mail-archive.com/openssl-users@openssl.org/msg41447/pipo-bad.pem 
does not have a serial number; that field is has lenght of zero:

0:d=0  hl=4 l= 546 cons: SEQUENCE
4:d=1  hl=4 l= 395 cons: SEQUENCE
8:d=2  hl=2 l=   3 cons: cont [ 0 ]
   10:d=3  hl=2 l=   1 prim: INTEGER   :02
   13:d=2  hl=2 l=   0 prim: INTEGER   :00
   15:d=2  hl=2 l=  13 cons: SEQUENCE
   17:d=3  hl=2 l=   9 prim: OBJECT:md5WithRSAEncryption


similar to the certificate i posted in the signature failure when certificate 
contains no serial number (ie, not one that equals zero)? thread:

arch [apps]$ cat /tmp/no_serial.pem
-BEGIN CERTIFICATE-
MIIBCzCBtqADAgECAgAwDQYJKoZIhvcNAQEFBQAwDzENMAsGA1UEAxMEdGVzdDAe
Fw0wNDA3MjIxNzU3MTlaFw0xMzAxMjMxNTIxMzVaMA8xDTALBgNVBAMTBHRlc3Qw
XDANBgkqhkiG9w0BAQEFAANLADBIAkEAsUDN7wFJBTJC+/BtbDzomHvDA6xMAxpx
zy4pDdkKBH0Key8yCxJ8dH1c8vNwaRfC5QgMZDxBY+o2n2DvrGrL+QIDAQABMA0G
CSqGSIb3DQEBBQUAA0EAiWk2QM5lxijnjQE/D/tsoWf0LZvPIuPC7laTUFUrAIKr
JbkAQ9rrf33pf+7JIhiJIgFxVVgOv2PXYKPWC7duUA==
-END CERTIFICATE-


0:d=0  hl=4 l= 267 cons: SEQUENCE
4:d=1  hl=3 l= 182 cons: SEQUENCE
7:d=2  hl=2 l=   3 cons: cont [ 0 ]
9:d=3  hl=2 l=   1 prim: INTEGER   :02
   12:d=2  hl=2 l=   0 prim: INTEGER   :00
   14:d=2  hl=2 l=  13 cons: SEQUENCE
   16:d=3  hl=2 l=   9 prim: OBJECT:sha1WithRSAEncryption


  
   [EMAIL PROTECTED] simple]$ LD_LIBRARY_PATH=/usr/local/ossl-0.9.8/lib 
   /usr/local/ossl-0.9.8/bin/openssl verify -verbose -CAfile pipo-bad.pem 
   pipo-bad.pem

   pipo-bad.pem: /C=UK/CN=OpenSSL Group
   error 7 at 0 depth lookup:certificate signature failure
   18588:error:04077068:rsa routines:RSA_verify:bad signature:rsa_sign.c:218:
   18588:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP 
   lib:a_verify.c:168:


well the signature really seems to be wrong. How did you create
the certificate ?




as to how i generated the certificate with no serial number, i simply commented out the code and 
ran ./openssl req without specifying -set_serial:

arch [apps]$ diff -u req.c.BAK req.c
--- req.c.BAK   2007-12-29 12:26:41.0 -0800
+++ req.c   2007-12-29 12:39:11.0 -0800
@@ -937,16 +937,18 @@
{
if (!X509_set_serialNumber(x509ss, serial)) 
goto end;
}
-   else
-   {
-   if (!rand_serial(NULL,
-   X509_get_serialNumber(x509ss)))
-   goto end;
-   }

if 

Re: Certificates, users and machines

2007-05-16 Thread Peter Sylvester




I hope this information helps.

-Kyle H




Thank you for your response and information about the proxies.
I now have a feeling that to write a verification callback function, I will
need to
 retrieve the information stored in the certificate that the peer has sent
to me.

  

If you want to make HTTPS connection, take a look a libcurl, at least
you can get inspried by the code tat validates a server certficate. It 
is not

a callback, it does it after the handshake.


So now, the follow-up questions are:
1) If my server has not received any certificate so far, how can it request
for it?
  

It depends on the CA, it depends on whether you have hardware keys etc.

2) Once the certificate is available to my program, how can I retrieve the
information
in the certificate?
I believe , given that the certificate is in a particular format (x509 ?),
the
information can be retrieved as a C structure (or something alike), which
then
can be used to test each individual piece of information.

Could you point me to APIs that will allow me to achieve this?
  

See above (libcurl) in ssluse.c

Thanks,
~ Urjit


DISCLAIMER
==
This e-mail may contain privileged and confidential information which is the 
property of Persistent Systems Pvt. Ltd. It is intended only for the use of the 
individual or entity to which it is addressed. If you are not the intended 
recipient, you are not authorized to read, retain, copy, print, distribute or 
use this message. If you have received this communication in error, please 
notify the sender and delete all copies of this message. Persistent Systems 
Pvt. Ltd. does not accept any liability for virus infected mails.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

  




smime.p7s
Description: S/MIME Cryptographic Signature


Re: How put issuerUniqueID into certificate?

2007-05-09 Thread Peter Sylvester

Kyle Hamilton wrote:
The ITU X.509v1? The X.509v3? The Internet Public Key Infrastructure 
Certificate Profile? Perhaps the Attribute Certificate profile? Or the 
Proxy Certificate profile? Or some other profile?



excerpt from the 2000 version. Since this is the one that I have online.

issuerUniqueIdentifier is used to uniquely identify an issuer in case of 
name re-use.
subjectUniqueIdentifier is used to uniquely identify a subject in case 
of name re-use.
NOTE 3 – In situations where a distinguished name might be reassigned to 
a different user by the Naming Authority, CAs can use the unique 
identifier to distinguish between reused instances. However, if the same 
user is provided certificates by multiple CAs, it is recommended that 
the CAs coordinate on the assignment of unique identifiers as part of 
their user registration procedures.









smime.p7s
Description: S/MIME Cryptographic Signature


Re: How put issuerUniqueID into certificate?

2007-05-07 Thread Peter Sylvester

Kyle Hamilton wrote:

I have never heard of issuerUniqueID and subjectUniqueID.  If you can
point to where you're learning about it, it would be possible for me
to figure it out.



X.509, where else?


smime.p7s
Description: S/MIME Cryptographic Signature


Re: SSL_get_verify_result returns X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY (20)

2007-05-04 Thread Peter Sylvester


The load verify location has to be done before you make the connection.


Christian Graf wrote:

Hi all,

I try to check a server's certificate on the client like this, using an
operating system whose name contains an o:

  GC_SSL_Error retVal = GC_SSL_NO_ERROR;

  X509* x509cert = SSL_get_peer_certificate(m_ssl_p);

  if (x509cert != NULL)
  {
  //load cert
if(1 != SSL_CTX_load_verify_locations(m_ctx_p,
C:\\openssl\\certs\\thawteCp.pem, NULL)) retVal =  
GC_SSL_CERT_LOAD_ERROR;

else {
  // check cert
  long certVerifyResult = SSL_get_verify_result(m_ssl_p);
  // the only successful return code is X509_V_OK = 0
  if((certVerifyResult != X509_V_OK)  (GC_SSL_NO_ERROR ==
retVal)) retVal = GC_SSL_CERT_VALID_ERROR;
}

X509_free(x509cert);
  }
  else retVal = GC_SSL_NO_PEER_CERT;


The problem is, that I receive always the retrun value 20
(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY), when calling the
function SSL_CTX_load_verify_locations.
The certificate thawteCp.pem is located in the given path, the
certificate itself has been delivered by the openssl installation.

I really cannot imagine, what the problem is. Maybe anybody could give
me a hint?.

Thank you and bye

Christian
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]





smime.p7s
Description: S/MIME Cryptographic Signature


Re: Compiler error ASN1

2006-10-17 Thread Peter Sylvester

Daniel Diaz Sanchez wrote:

Hello to everybody,
I have a problem when implementing a simple structure using OpenSSL
Asn1. This is the problem:

When I try to implement this data structure:

A ::= SEQUENCE {
			b 
			CHOICE {	

b1 INTEGER,
b2 INTEGER},
  

The previous is ambiguous. use for example b2 [0] INTEGER
Also, the given syntax does not say whether you are in global
environment of EXPLICIT or IMPLICIT tagging. It seems
that you assume IMPLICIT



a1 BOOLEAN,
a2 INTEGER OPTIONAL,
a3 [0] INTEGER OPTIONAL,
a4 [1] INTEGER
}
  
	I do it in the following way:


/* .h */
typedef struct B_st
{
int type ;
union {
ASN1_INTEGER *b1;
ASN1_INTEGER *b2;
}value;
}B;

typedef struct A_st
{
B *b;
ASN1_BOOLEAN *a1;
ASN1_INTEGER *a2;
ASN1_INTEGER *a3;
ASN1_INTEGER *a4;
}A;

DECLARE_ASN1_ITEM(B)
DECLARE_ASN1_ITEM(A)
DECLARE_ASN1_FUNCTIONS(B)
DECLARE_ASN1_FUNCTIONS(A)

/* .c */

ASN1_CHOICE(B) = {
ASN1_SIMPLE(B,value.b1,ASN1_INTEGER)
  

missing ,

ASN1_SIMPLE(B,value.b2,ASN1_INTEGER) //(*1)
  

missing }

ASN1_IMP(A,value.b2,ASN1_INTEGER,0)



}ASN1_CHOICE_END(B) //(*2)

ASN1_SEQUENCE(A) = {
ASN1_EXP(A,b,B) //choice
  

,

ASN1_SIMPLE(A,a1,ASN1_BOOLEAN)
  

,

ASN1_OPT(A,a2,ASN1_INTEGER)
  

,

ASN1_IMP_OPT(A,a3,ASN1_INTEGER,0)
  

,

ASN1_IMP(A,a4,ASN1_INTEGER,1)
}ASN1_SEQUENCE_END(A)

IMPLEMENT_ASN1_FUNCTION(A)

But I obtain (using Visual Studio)

	error C2059: syntax error : '{' at line (*1) and 
	error C2059: syntax error : '{' at line (*2)


I'm doing it ok or there is something missing?.

Thanks!,

Regards,

--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
 
Dep. Ing. Telemática

Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-8817, Fax: -8749

Web: www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive
A toolkit for attribute certificates:
http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml

Mail: dds[at].it.uc3m.es
Skype: dds.it.uc3m.es



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]



  



--
To verify the signature, see http://edelpki.edelweb.fr/ 
Cela vous permet de charger le certificat de l'autorité; 
die Liste mit zurückgerufenen Zertifikaten finden Sie da auch. 



smime.p7s
Description: S/MIME Cryptographic Signature


Re: a simple ca question

2006-10-15 Thread Peter Sylvester

Bernhard Froehlich wrote:

Chong Peng wrote:

guys:

how to tell a root certificate from a non-root certificate? i sthere 
a field in x509 structure for us to tell? thanks.
  
Root certificates are self signed, that is the issuer equals the 
subject in the certificate.

AND the signature can be verified using the public key in that certificate.


Hope it helps,
Ted
;)




--
To verify the signature, see http://edelpki.edelweb.fr/ 
Cela vous permet de charger le certificat de l'autorité; 
die Liste mit zurückgerufenen Zertifikaten finden Sie da auch. 



smime.p7s
Description: S/MIME Cryptographic Signature


Re: WG: [Openca-Users] After 100000 certificate issued...

2006-09-19 Thread Peter Sylvester

[EMAIL PROTECTED] wrote:

I found this in the OpenCA-Users mailinglist.

Any ideas or suggestions?

  
use the 'openssl ca' command with an empty index.txt file for each new 
certificate.
and then manages the files differently, i.e. copy the content into a 
database.
Or don't use the ca at all and use x509 and for revocation, just create 
an index.txt

with the revoked certs.


--
To verify the signature, see http://edelpki.edelweb.fr/ 
Cela vous permet de charger le certificat de l'autorité; 
die Liste mit zurückgerufenen Zertifikaten finden Sie da auch. 



smime.p7s
Description: S/MIME Cryptographic Signature


Re: regarding usage of SSL_CTX in server

2006-06-21 Thread Peter Sylvester

jimmy wrote:

Hi,

I am trying to write an http server which supports virtual servers  
ssl sessions. If I were to support the TLS 1.0 server name extension 
(which says different virtual servers cud send different 
certificates), then would I be able to use the same SSL_CTX across the 
different virtual servers or do I need to have different SSL_CTX for 
each virtual server?




You may take a look a the patch that I made for server name apache 2.2
and the current snapshots of openssl which support the servername extension.
near the end in

   http://www.edelweb.fr/EdelKey

Apache uses a different SSl_CTX for each server, since you can specify
all kinds of different parameters. The current code in openssl also assumes
that a server is represented by an SSL_CTX. What the apache server name
callback does is to switch the SSL_CTX pointer of the SSL object to the
other SSL_CTX.

It is possible just to change the certificate in the SSL
since it has been cached, but there you start intefering with some of the
slightly obscure openssl internals.


Is the

struct cert_st /* CERT */ *cert;

field the one which stores the certificate of the server in SSL_CTX? 
AFAICS this stores only 6 certificates (one for each key type)? So 
wouldn't that restrict me to having one certificate (of each key type) 
for my server?



Thanks in advance,
jimmy
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]





--
To verify the signature, see http://edelpki.edelweb.fr/ 
Cela vous permet de charger le certificat de l'autorité; 
die Liste mit zurückgerufenen Zertifikaten finden Sie da auch. 



smime.p7s
Description: S/MIME Cryptographic Signature


Re: Problem with accents in certificate...

2006-06-13 Thread Peter Sylvester

If your shell is using utf8 you can use -nameopt utf8

Victor Duchovni wrote:

On Tue, Jun 13, 2006 at 05:03:16PM +0200, Bastien Gauthier wrote:

  

I use OpenSSL to retrieve informations from a certificate, but when an
accent is present (? ? ?, ? ? ?, ...) the ? openssl x509 -text ? return
the accent in a bad encoding ?

St?phan become St\xC3\xA9phan...
 
Is there a way to avoid this ?



No, it is correctly stored as utf8. How would a receiving application
know whether your name is iso-8859-1 (Latin) or iso-8859-6 (Arabic)?

If you want to view the data as iso-8859-1 you have to decode from utf8.

  



--
To verify the signature, see http://edelpki.edelweb.fr/ 
Cela vous permet de charger le certificat de l'autorité; 
die Liste mit zurückgerufenen Zertifikaten finden Sie da auch. 



smime.p7s
Description: S/MIME Cryptographic Signature


perl under cygwin

2006-06-04 Thread Peter Sylvester

when generating the ms makefile and defs under a cygwin environment,
backslashes are not correctly detected.  Enclosed find a patch for 0.9.8b

This resolves my recent messages in rt.


--
To verify the signature, see http://edelpki.edelweb.fr/ 
Cela vous permet de charger le certificat de l'autorité; 
die Liste mit zurückgerufenen Zertifikaten finden Sie da auch. 

diff -purN openssl-0.9.8b/util/mkdef.pl openssl-0.9.8b+S/util/mkdef.pl
--- openssl-0.9.8b/util/mkdef.pl	2006-01-02 15:08:22.0 +0100
+++ openssl-0.9.8b+S/util/mkdef.pl	2006-06-04 15:23:22.451088000 +0200
@@ -445,9 +445,9 @@ sub do_defs
 $line = '';
 			}
 
-			if (/\\$/) {
-chomp; # remove eol
-chop; # remove ending backslash
+			if (s/\\\s*$//) {
+#chomp; # remove eol
+#chop; # remove ending backslash
 $line = $_;
 next;
 			}
diff -purN openssl-0.9.8b/util/mkfiles.pl openssl-0.9.8b+S/util/mkfiles.pl
--- openssl-0.9.8b/util/mkfiles.pl	2005-04-27 18:27:14.0 +0200
+++ openssl-0.9.8b+S/util/mkfiles.pl	2006-06-04 15:19:19.251316000 +0200
@@ -88,9 +88,9 @@ while (IN)
 		($s,$b)=($1,$2);
 		for (;;)
 			{
-			if ($b =~ /\\$/)
+			if ($b =~ s/\\\s*$//)
 {
-chop($b);
+#chop($b);
 $o.=$b. ;
 $b=IN;
 chop($b);


smime.p7s
Description: S/MIME Cryptographic Signature


  1   2   >