Re: Verify a certificate
Hello, just in case you want to check a webserver installation (which is not explicitly mentioned in Viktor's answer) I want to add this... In this case (IMHO) the s_client tool of openssl can do what you need. Try openssl s_client -connect yourhost.example.org:443 -CAfile SpecialCAFile.pem where "SpecialCAFile.pem" only contains the root certificate of your "Root X" CA. This gives quite a bit of text as output. Look for a line "Verification: OK" in this output (usually after the PEM-encoded server certificate), if you can find it the certificate chain should be OK. Otherwise you'll find something like "Verification error: unable to get local issuer certificate" Hope this helps, Ted ;) On 2021-01-05 13:43, Yassine Chaouche wrote: Dear list, I would like to learn how to use openssl tools to make sure a chained certificate is valid ? example : Let's say I got the Cert certificate signed by Intermdiate X, but by making the full chain certificate I inadvertly inserted Intermediate Y instead of X. The (broken) certificate chain inside Cert would be : Cert < Intermediate Y < Root X How do I detect this error with openssl tools ? are there tools that print issuer and subject of each certificate in a chain ? Thanks for your guidance.
Re: Verify a certificate
On Tue, Jan 05, 2021 at 01:43:12PM +0100, Yassine Chaouche wrote: > How do I detect this error with openssl tools ? are there > tools that print issuer and subject of each certificate in > a chain ? If, by chain, you mean a PEM file with one or more X509 certificates, then yes. Suppose the file is "certs.pem": $ openssl crl2pkcs7 -nocrl -certfile certs.pem | openssl pkcs7 -print_certs -noout -subject -issuer If you want to instead verify the chain, against some root CA in some file (perhaps the very same file, just use certs.pem instead of roots.pem): $ openssl verify -untrusted certs.pem -trusted roots.pem certs.pem You can also check for the expected hostname with $ openssl verify -untrusted certs.pem -trusted roots.pem \ -verify_hostname www.example.com certs.pem -- Viktor.
Verify a certificate
Dear list, I would like to learn how to use openssl tools to make sure a chained certificate is valid ? example : Let's say I got the Cert certificate signed by Intermdiate X, but by making the full chain certificate I inadvertly inserted Intermediate Y instead of X. The (broken) certificate chain inside Cert would be : Cert < Intermediate Y < Root X How do I detect this error with openssl tools ? are there tools that print issuer and subject of each certificate in a chain ? Thanks for your guidance.
Re: Verify that certificate does not change, in the verify_callback
The same question in much more specific terms: int VerifyCallback(X509_STORE_CTX *store_ctx, void *arg) Is the certificate stored in store_ctx the *new* one that the peer sends in case of *renegotiation*? Is the certificate stored in the SSL struct (obtained via SSL_get_peer_certificate()) the *old* one that was negotiated from the previous successful handshake? Is this one NULL the first time this callback is called? (i.e. initial handshake, *not* renegotiation) If so, I could just compare those two and return 0 if they are not equal. Thanks in advance, Dimitris On Wed, 21 May 2014, Dimitrios Apostolou wrote: Hello list, I'm using SSL_CTX_set_cert_verify_callback(empty_callback) to bypass all certificate chain walking and validation. I extract and validate the RSA key *after* handshake and verify only that. However I believe this callback can be called arbitrary times after initial handshake, in the case of renegotiation. In that case, I want to close the connection if the peer renegotiates the session using a different key than the initial one. So I need to not only get the current certificate from X509_STORE_CTX, but also the original certificate *from before renegotiation*. Is there an API call for that, or do I need to pass custom data pointers using ex_data? Thank you in advance, Dimitris __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify that certificate does not change, in the verify_callback
I don't specifically know the behavior of the code, so I have no means of answering your question directly. That said, it would certainly work if you stored a copy of the certificate during your VerifyCallback(), and compared with the version you copied out yourself. You might wish to balance this with other forms of memory security like certificate digests, key digests and the like -- though if an attacker can modify your process memory, it's all over anyway. Only you can determine what your security needs are, or how to meet them. -Kyle H On Fri, May 23, 2014 at 2:32 AM, Dimitrios Apostolou ji...@gmx.net wrote: The same question in much more specific terms: int VerifyCallback(X509_STORE_CTX *store_ctx, void *arg) Is the certificate stored in store_ctx the *new* one that the peer sends in case of *renegotiation*? Is the certificate stored in the SSL struct (obtained via SSL_get_peer_certificate()) the *old* one that was negotiated from the previous successful handshake? Is this one NULL the first time this callback is called? (i.e. initial handshake, *not* renegotiation) If so, I could just compare those two and return 0 if they are not equal. Thanks in advance, Dimitris On Wed, 21 May 2014, Dimitrios Apostolou wrote: Hello list, I'm using SSL_CTX_set_cert_verify_callback(empty_callback) to bypass all certificate chain walking and validation. I extract and validate the RSA key *after* handshake and verify only that. However I believe this callback can be called arbitrary times after initial handshake, in the case of renegotiation. In that case, I want to close the connection if the peer renegotiates the session using a different key than the initial one. So I need to not only get the current certificate from X509_STORE_CTX, but also the original certificate *from before renegotiation*. Is there an API call for that, or do I need to pass custom data pointers using ex_data? Thank you in advance, Dimitris __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Verify that certificate does not change, in the verify_callback
Hello list, I'm using SSL_CTX_set_cert_verify_callback(empty_callback) to bypass all certificate chain walking and validation. I extract and validate the RSA key *after* handshake and verify only that. However I believe this callback can be called arbitrary times after initial handshake, in the case of renegotiation. In that case, I want to close the connection if the peer renegotiates the session using a different key than the initial one. So I need to not only get the current certificate from X509_STORE_CTX, but also the original certificate *from before renegotiation*. Is there an API call for that, or do I need to pass custom data pointers using ex_data? Thank you in advance, Dimitris __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: X509_verify() failing to verify valid certificate in old OpenSSL versions
On Fri, 15 Nov 2013, Dr. Stephen Henson wrote: On Fri, Nov 15, 2013, Dimitrios Apostolou wrote: On Fri, 15 Nov 2013, Dr. Stephen Henson wrote: If the certificate contains no useful information then why check it at all other than to make sure it carries the correct public key? I was not sure if the TLS handshake assures that the certificate is not tampered so I decided to go the safe way. Specifically I assumed that a man in the middle can craft a certificate that contains the same public key (it's public after all), but he can not sign it since he is missing the private key. And since I'm overriding all of the default OpenSSL verification (see my call to SSL_CTX_set_cert_verify_callback) I'm the one that has to manually checked a valid signature, no? Depending on the ciphersuite either an RSA decryption operation or an RSA signature operation is performed by the server. So if the handshake completes successfully you can be sure that the same key is used as the one present in the certificate. Thank you Steve, this is very reassuring, I'll remove the X509_verify() call that checks the self-signed certificate. Cc'ing the list since I've been looking for such information all over the web. FWIW I've only enabled ciphers with RSA key exchange, no DH. The reason is that since the certificate is always generated by an existing RSA key pair I assumed this way I'm saving computational overhead related to DH and maybe EC operations. Do you think this is logical? Thanks, Dimitris __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
X509_verify() failing to verify valid certificate in old OpenSSL versions
Hello, some time now I'm having problems with X509_verify() from openssl-1.0.0-27.el6_4.2.i686 shipped with latest RHEL 6. The problem is that a self-signed certificate that I generate and verify on the server side, fails to verify on the client side after the TLS handshake. Since this works fine with latest OpenSSL I assumed it's a bug in OpenSSL and did a git-bisect. The commit that fixes it seems to be: commit 39239280f3576f3418dadbf751bc7a2bb3252d4e Author: Dr. Stephen Henson st...@openssl.org Date: Sun Oct 3 18:58:09 2010 + Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), this means that some implementations will be used automatically, e.g. aesni, we do this for cryptodev anyway. Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it. This commit contains the following description in CHANGES: + *) Don't reencode certificate when calculating signature: cache and use + the original encoding instead. This makes signature verification of + some broken encodings work correctly. Can you please explain me what a broken encoding is, and how I might be using it? How can I self-sign a certificate that can be verified in old versions as well? Thank you in advance, Dimitris __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: X509_verify() failing to verify valid certificate in old OpenSSL versions
On Thu, Nov 14, 2013, Dimitrios Apostolou wrote: some time now I'm having problems with X509_verify() from openssl-1.0.0-27.el6_4.2.i686 shipped with latest RHEL 6. The problem is that a self-signed certificate that I generate and verify on the server side, fails to verify on the client side after the TLS handshake. Since this works fine with latest OpenSSL I assumed it's a bug in OpenSSL and did a git-bisect. The commit that fixes it seems to be: commit 39239280f3576f3418dadbf751bc7a2bb3252d4e Author: Dr. Stephen Henson st...@openssl.org Date: Sun Oct 3 18:58:09 2010 + This commit contains the following description in CHANGES: + *) Don't reencode certificate when calculating signature: cache and use + the original encoding instead. This makes signature verification of + some broken encodings work correctly. Can you please explain me what a broken encoding is, and how I might be using it? How can I self-sign a certificate that can be verified in old versions as well? When a certificate is parsed various fields are decoded. Before this change when a signature was verified it was re-encoded. Any discrepancy between the original encoding and the re-encoded version would result in a signature failure. This can happen for all sorts of reasons, usually violation of DER. This change stores the original encoding and verifies signatures against that instead of re-encoding. It's not clear how you could create a certificate that violates DER using OpenSSL, though you're not using a standard version so some bug fixes might be missing. Can you send a sample certificate that fails signature verification in the way you describe? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: X509_verify() failing to verify valid certificate in old OpenSSL versions
On Thu, 14 Nov 2013, Dr. Stephen Henson wrote: On Thu, Nov 14, 2013, Dimitrios Apostolou wrote: + *) Don't reencode certificate when calculating signature: cache and use + the original encoding instead. This makes signature verification of + some broken encodings work correctly. Can you please explain me what a broken encoding is, and how I might be using it? How can I self-sign a certificate that can be verified in old versions as well? When a certificate is parsed various fields are decoded. Before this change when a signature was verified it was re-encoded. Any discrepancy between the original encoding and the re-encoded version would result in a signature failure. This can happen for all sorts of reasons, usually violation of DER. This change stores the original encoding and verifies signatures against that instead of re-encoding. It's not clear how you could create a certificate that violates DER using OpenSSL, though you're not using a standard version so some bug fixes might be missing. Can you send a sample certificate that fails signature verification in the way you describe? Thanks for explaining! It's quite possible I'm missusing OpenSSL API since I'm trying to work my way into veryfying self-signed certificates generated from RSA keys, which is not that common. I privately sent you a test program that replicates the problem, feel free to reply here. Thanks, Dimitris __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify intermediate certificate
Hi Johannes Bauer If I have a certificate chain Root - A - B - Leaf where Leaf is the certificate of a webserver (https) and Root is av self-signed certificate. If you donot mind would you please mention what are the Openssl commands you used to create this chain ? Please help me on this. Thanks in advance. Best Regards, S S Rout -- View this message in context: http://old.nabble.com/Verify-intermediate-certificate-tp33129488p33479981.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Re: Verify intermediate certificate
-Original Message- From: Steffen DETTMER * Johannes Bauer wrote on Fri, Jan 13, 2012 at 14:22 +0100: [...] Or, in other words: Let's assume I have a ultimate root (self-signed) Root and a branched CA X. I would like to trust X and all it's children, but not Root. Is this not possible? [yes, it is not possible by default] Thank you for your clarification. I also do not really see the point why the anchor of trust has to be self-signed. I also wondered about this time ago. I think when a user explicitely puts a sub-CA or even a non-CA certificate into the database of trusted certificates, chain verification could stop there without knowing the root-CA. If I remember correctly, there is work going on to enable such functionality in an upcoming release. Perhaps Steve can shed some light on its status. Patrick Eisenacher __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Re: Verify intermediate certificate
On Mon, Jan 16, 2012, Eisenacher, Patrick wrote: -Original Message- From: Steffen DETTMER * Johannes Bauer wrote on Fri, Jan 13, 2012 at 14:22 +0100: [...] Or, in other words: Let's assume I have a ultimate root (self-signed) Root and a branched CA X. I would like to trust X and all it's children, but not Root. Is this not possible? [yes, it is not possible by default] Thank you for your clarification. I also do not really see the point why the anchor of trust has to be self-signed. I also wondered about this time ago. I think when a user explicitely puts a sub-CA or even a non-CA certificate into the database of trusted certificates, chain verification could stop there without knowing the root-CA. If I remember correctly, there is work going on to enable such functionality in an upcoming release. Perhaps Steve can shed some light on its status. There is experimental support for this in HEAD only. You need to set an explicit trust option on the intermediate CA and it should verify OK even if the root is absent. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify intermediate certificate
On 2012-01-13 15:38 +0100 (Fri), Johannes Bauer wrote: Ah, good, then I explained it well enough :-) Do you have a solution for your scenario? Do you manually check certificates? Or is there some workaround? I described my situation in a little more detail in this message: http://www.mail-archive.com/openssl-users@openssl.org/msg65890.html My current plan, unless I get further advice otherwise, is to add some custom fields to the certs I use within this system and then to use custom validation functions to determine whether, for any particular cert, it is required to be signed by the master CA rather than a client CA. cjs -- Curt Sampson c...@cynic.net +81 90 7737 2974 http://www.starling-software.com/ I have always wished for my computer to be as easy to use as my telephone; my wish has come true because I can no longer figure out how to use my telephone. --Bjarne Stroustrup __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify intermediate certificate
On 12.01.2012 19:05, Kenneth Goldman wrote: I have a question regarding the verify method of OpenSSL: If I have a certificate chain Root - A - B - Leaf where Leaf is the certificate of a webserver (https) and Root is a self-signed certificate. In this scenario, is it valid for the webserver to provide only A/B/Leaf and omit Root during the SSL handshake? I'm seeing strange errors and noticed that a webserver of ours is configured in that manner (and it seems odd to me). It's more than valid. I think it's essential that the server omit the root. If the server supplied the entire chain, they could create the entire chain, and thus could claim to be anyone. Hmm - I disagree with that assessment. The client has to check that the root (that the server may provide or may omit) is inside the trusted certificate store of the client -- regardless of the client provides it or not. And clients (and probably therefore OpenSSL) do that, too: When I for testing purposes create and send a complete certificate path for a SSL webserver, Firefox still rejects it as it should, because no certificate is in the truststore. The root must be delivered out of band, trusted by other means. Correct. The question is just: can this root of trust be an intermediate certificate or must it be a self-signed certificate? Is this one of the checks that occurs within the OpenSSL client? To clarify what I mean, please consider the tiny picture at http://pastebin.ca/2102780 Let's say I have some ultimate root A which has issued a sub-CA B for me. I use B to create, for example, a certificate for my webserver D. Now I have clients which should only connect to webservers that have been issued by D. I configure the webserver to only send D certificate and have in my clients only one certificate in the certificate store: B. The clients cannot connect (cannot verify peer), because in the client's certificate store, A is missing (deliberately!). The reason why it is missing is the following: If I put A into the store of the clients, A might have issued a sub-CA certificate to my opponent C (which I do not have control over). C would sign a certificate for Eve which contains my server's DNS name as CN. Then when Eve would make a man-in-the-middle attack with it's fake webserver, my clients would still connect, since they can construct a path to the root A (E - C - A). I really hope I explained this well enough, it's kind of hard via mail, I'm afraid. Best regards, Joe __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify intermediate certificate
On 12.01.2012 19:23, Michael S. Zick wrote: On Thu January 12 2012, Johannes Bauer wrote: Hello group, I have a question regarding the verify method of OpenSSL: If I have a certificate chain Root - A - B - Leaf where Leaf is the certificate of a webserver (https) and Root is a self-signed certificate. In this scenario, is it valid for the webserver to provide only A/B/Leaf and omit Root during the SSL handshake? I'm seeing strange errors and noticed that a webserver of ours is configured in that manner (and it seems odd to me). It is a third party verification system that is used. How could you trust the server to tell you itself who it is? I can trust the webserver because the signature of it's certificate was verifiably created by the intermediate CA (which I trust and who's certificate the client has in its trust store). Thus, the need for obtaining the root certificate some way other than having it sent by the server in question. And yes, 'root' certificates are self-signed, signed by an 'independent' third party in the business of being trusted for that purpose. Well, the thing is: Having them self-signed is not necessary for security purposes. It apparently is what OpenSSL requires. Which in this post, the 'trusted third party' seems to be your own network admin (which may be yourself ;-) ) Well, I'm just part of the big picture ;-) Best regards, Joe __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify intermediate certificate
On 13.01.2012 01:02, Dave Thompson wrote: The verify fails. Why is that? The immediate signature is valid, does the verify command expect to always terminate at a self-signed certificate? Yes. Or rather the libcrypto routine X509_verify_cert, used by the 'verify' utility and also the SSL handshake logic and also other applications if they wish, insists on reaching a root. Ah, I figured I'd have to go there. The reason why I was hoping to get around this is that the OpenSSL code is properly reviewed and auditted -- I would rather not write code which could have serious sercurity implications if it's broken (especially since it's not properly reviewed). Or, in other words: Let's assume I have a ultimate root (self-signed) Root and a branched CA X. I would like to trust X and all it's children, but not Root. Is this not possible? Not in OpenSSL, unless you change the verify logic, or replace or override it with your own (which AFAICS could be done, with some effort, using the optional verify callback). It's not clear to me this is the best policy choice; IE (or I believe actually some Windows feature IE uses) and Firefox and Java (JSSE) all allow you to establish a non-root as a trust anchor. But it's what OpenSSL does, and has for a long time. Thank you for your clarification. I also do not really see the point why the anchor of trust has to be self-signed. In my scenario this restriction actually makes the whole system less secure (since it allows a superset of certificates to be valid instead of just a tiny subset). I'll have a look into the custom verify-peer-callback and see how difficult it is and how easily it can be used. Best regards, Joe __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify intermediate certificate
On 13.01.2012 10:15, Curt Sampson wrote: On 2012-01-13 09:54 +0100 (Fri), Johannes Bauer wrote: Let's say I have some ultimate root A which has issued a sub-CA B for me. I use B to create, for example, a certificate for my webserver D. Now I have clients which should only connect to webservers that have been issued by D. I configure the webserver to only send D I think you meant, B there. Ah, yes. I really hope I explained this well enough, it's kind of hard via mail, I'm afraid. I think understand exactly what you are doing and why you want to do it. (I have similar issues within a system in which I'm working.) Ah, good, then I explained it well enough :-) Do you have a solution for your scenario? Do you manually check certificates? Or is there some workaround? Best regards, Joe __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Re: Verify intermediate certificate
* Johannes Bauer wrote on Fri, Jan 13, 2012 at 14:22 +0100: [...] Or, in other words: Let's assume I have a ultimate root (self-signed) Root and a branched CA X. I would like to trust X and all it's children, but not Root. Is this not possible? [yes, it is not possible by default] Thank you for your clarification. I also do not really see the point why the anchor of trust has to be self-signed. I also wondered about this time ago. I think when a user explicitely puts a sub-CA or even a non-CA certificate into the database of trusted certificates, chain verification could stop there without knowing the root-CA. Only point to require root-CA is to check if it still is valid and require it in order to be able to check it's CRL for the sub-CA being included. Personally, I still wonder why I should be stopped from trusting a sub-CA even if the root-CA revoked it when I explicitely configure it to do so, but anyway usually OS or browser vendors seem to decide for the users whom to trust ;-) In my scenario this restriction actually makes the whole system less secure (since it allows a superset of certificates to be valid instead of just a tiny subset). Certify the identity to be authentic, that means that the name given in the certificate is authentic. This is like an ID card or passport. From this it cannot be concluded whether the authentic name owner is authorized for communication (or whatever). For this, some list of allowed names is needed. This is like a guest list. Unfortunately it seems to happen from time to time to meet some projects/installations that check only whether a peer is authentic but not it authorized (like: anyone with a valid password can use the VIP entry, because no guest list check is performed). For example, in a typical webbrowser I think you cannot configure NOT to communicate with authentic badguy.malware.com; if TLS makes it absolutely sure that you really communicate with `badguy', you will get a green security symbol :-) oki, Steffen -- End of message. My personal opinion only etc. About Ingenico: Ingenico is a leading provider of payment, transaction and business solutions, with over 15 million terminals deployed in more than 125 countries. Over 3,000 employees worldwide support merchants, banks and service providers to optimize and secure their electronic payments solutions, develop their offer of services and increase their point of sales revenue. http://www.ingenico.com/. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. P Please consider the environment before printing this e-mail __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Verify intermediate certificate
Hello group, I have a question regarding the verify method of OpenSSL: If I have a certificate chain Root - A - B - Leaf where Leaf is the certificate of a webserver (https) and Root is a self-signed certificate. In this scenario, is it valid for the webserver to provide only A/B/Leaf and omit Root during the SSL handshake? I'm seeing strange errors and noticed that a webserver of ours is configured in that manner (and it seems odd to me). Also, when I have certificates A + B and do: $ openssl verify -CApath /sys -CAfile certA.crt certB.crt certB.crt: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 error 2 at 1 depth lookup:unable to get issuer certificate (I'm only using /sys to make openssl not pull in /etc/ssl/certs) The verify fails. Why is that? The immediate signature is valid, does the verify command expect to always terminate at a self-signed certificate? Or, in other words: Let's assume I have a ultimate root (self-signed) Root and a branched CA X. I would like to trust X and all it's children, but not Root. Is this not possible? Best regards, Johannes __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify intermediate certificate
On Thu January 12 2012, Johannes Bauer wrote: Hello group, I have a question regarding the verify method of OpenSSL: If I have a certificate chain Root - A - B - Leaf where Leaf is the certificate of a webserver (https) and Root is a self-signed certificate. In this scenario, is it valid for the webserver to provide only A/B/Leaf and omit Root during the SSL handshake? I'm seeing strange errors and noticed that a webserver of ours is configured in that manner (and it seems odd to me). It is a third party verification system that is used. How could you trust the server to tell you itself who it is? Thus, the need for obtaining the root certificate some way other than having it sent by the server in question. And yes, 'root' certificates are self-signed, signed by an 'independent' third party in the business of being trusted for that purpose. Which in this post, the 'trusted third party' seems to be your own network admin (which may be yourself ;-) ) Mike Also, when I have certificates A + B and do: $ openssl verify -CApath /sys -CAfile certA.crt certB.crt certB.crt: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 error 2 at 1 depth lookup:unable to get issuer certificate (I'm only using /sys to make openssl not pull in /etc/ssl/certs) The verify fails. Why is that? The immediate signature is valid, does the verify command expect to always terminate at a self-signed certificate? Or, in other words: Let's assume I have a ultimate root (self-signed) Root and a branched CA X. I would like to trust X and all it's children, but not Root. Is this not possible? Best regards, Johannes __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Verify intermediate certificate
From: owner-openssl-us...@openssl.org On Behalf Of Michael S. Zick Sent: Thursday, 12 January, 2012 13:24 On Thu January 12 2012, Johannes Bauer wrote: Hello group, I have a question regarding the verify method of OpenSSL: If I have a certificate chain: Root - A - B - Leaf [...] is it valid for the webserver to provide only A/B/Leaf and omit Root during the SSL handshake? [...] It is a third party verification system that is used. How could you trust the server to tell you itself who it is? Thus, the need for obtaining the root certificate some way other than having it sent by the server in question. Exactly. Which in OpenSSL is usually 'CAfile' or 'CApath'. And yes, 'root' certificates are self-signed, signed by an 'independent' third party in the business of being trusted for that purpose. Nit: not necessarily in the 'business' of being trusted. Just some party which IS trusted. For example some part(s?) of the US DoD issue certs for employees and contractors. The DoD's 'business' is preparing to do and doing military actions directed by the elected government (which should do so in the interests of the country, but that's a different issue and offtopic here). Issuing certs is a minor sideline. Most(?) of the well-known public CAs were created solely to be CAs, but many(?) of them have been acquired by businesses which have other functions as well. Which in this post, the 'trusted third party' seems to be your own network admin (which may be yourself ;-) ) Exactly. This is similarly a sideline. Mike Also, when I have certificates A + B and do: $ openssl verify -CApath /sys -CAfile certA.crt certB.crt certB.crt: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 error 2 at 1 depth lookup:unable to get issuer certificate (I'm only using /sys to make openssl not pull in /etc/ssl/certs) The verify fails. Why is that? The immediate signature is valid, does the verify command expect to always terminate at a self-signed certificate? Yes. Or rather the libcrypto routine X509_verify_cert, used by the 'verify' utility and also the SSL handshake logic and also other applications if they wish, insists on reaching a root. Or, in other words: Let's assume I have a ultimate root (self-signed) Root and a branched CA X. I would like to trust X and all it's children, but not Root. Is this not possible? Not in OpenSSL, unless you change the verify logic, or replace or override it with your own (which AFAICS could be done, with some effort, using the optional verify callback). It's not clear to me this is the best policy choice; IE (or I believe actually some Windows feature IE uses) and Firefox and Java (JSSE) all allow you to establish a non-root as a trust anchor. But it's what OpenSSL does, and has for a long time. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Failing to verify the certificate of one specific site
On 10/22/2011 4:52 AM, Lucas Clemente Vella wrote: 2011/10/21 Jakob Bohmjb-open...@wisemo.com: According to the Digicert CPS http://www.digicert.com/docs/cps/DigiCert_EV-CPS.pdf, that DigiCert root is cross-certified by the Entrust root. Some trusted certificate bundles include only the Entrust root CA and will need the Entrust-signed cross intermediary certificate to validate, other trusted certificate bundles include the Digicert self-signed root for this key directly. It is expected from the standards and the behavior of other X.509 libraries that upon seeing the keyid of a known root, the library should stop following the chain and ignore any extra certificate provided by the entity being verified. So, the behavior I get with OpenSSL when using the Digicert root is non-conformant with X.509? The peer's certificate should have been verified when I provided the Digicert root? Just my unqualified opinion though. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Failing to verify the certificate of one specific site
According to the Digicert CPS http://www.digicert.com/docs/cps/DigiCert_EV-CPS.pdf, that DigiCert root is cross-certified by the Entrust root. Some trusted certificate bundles include only the Entrust root CA and will need the Entrust-signed cross intermediary certificate to validate, other trusted certificate bundles include the Digicert self-signed root for this key directly. It is expected from the standards and the behavior of other X.509 libraries that upon seeing the keyid of a known root, the library should stop following the chain and ignore any extra certificate provided by the entity being verified. On 10/21/2011 3:10 AM, Dave Thompson wrote: From: owner-openssl-us...@openssl.org On Behalf Of Lucas Clemente Vella Sent: Wednesday, 19 October, 2011 22:44 snip: connect to graph.facebook.com:443 using cafile=DigiCertHighAssuranceEVRootCA.crt gets rc=20 Then I found this directory in my system, /etc/ssl/certs, containing my installed CA roots, which I provided to OpenSSL, instead of the certificate file:and got rc=0 It seems to me that there is one certificate installed in /etc/ssl/certs, which is different from the on I was providing, that is being used to verify the host. If it is so, how can I know what certificate is being used? And why Firefox and Chrome both use the former certificate I provided, while OpenSSL is unable to use it for the same host? s_client shows that host is providing a chain which has at #2 Digicert High Assurance EV Root CA not actually a root but instead isssued by Entrust.net Secure Server Certification Authority. Such a cert with SHA1 99A6 9BE6 1AFE 886B 4D2B 8200 7CB8 54FC 317E 1539 found at www.entrust.net Download roots does verify the chain, and is in my Windows/IE(7) and FF3.6 and Java(6u24) truststores out of the box, so if your /etc/ssl/certs was put together with the usual suspects (a la Casablanca) very likely it's in there. The #2 from graph.facebook.com and the root from digicert.com have the same public key and keyid so either one can verify the children (which (both) have AKI.keyid). I don't know why both forms exist and I don't see anything obvious on the Digicert website about it. The dates are different: the #2 is 20061001 to 20140726 while the true root is 20061110 to 2030; possibly digicert initially got cross-signed by entrust and then established their own root(s). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Failing to verify the certificate of one specific site
2011/10/21 Jakob Bohm jb-open...@wisemo.com: According to the Digicert CPS http://www.digicert.com/docs/cps/DigiCert_EV-CPS.pdf, that DigiCert root is cross-certified by the Entrust root. Some trusted certificate bundles include only the Entrust root CA and will need the Entrust-signed cross intermediary certificate to validate, other trusted certificate bundles include the Digicert self-signed root for this key directly. It is expected from the standards and the behavior of other X.509 libraries that upon seeing the keyid of a known root, the library should stop following the chain and ignore any extra certificate provided by the entity being verified. So, the behavior I get with OpenSSL when using the Digicert root is non-conformant with X.509? The peer's certificate should have been verified when I provided the Digicert root? -- Lucas Clemente Vella lve...@gmail.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Auto Reply: Re: Failing to verify the certificate of one specific site
I am out of the office on vacation until Tuesday 25th October. For urgent issues please contact Markus Flierl or Steven De Tar. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Auto Reply: Auto Reply: Re: Failing to verify the certificate of one specific site
I am out of the office on vacation until Tuesday 25th October. For urgent issues please contact Markus Flierl or Steven De Tar. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Failing to verify the certificate of one specific site
From: owner-openssl-us...@openssl.org On Behalf Of Lucas Clemente Vella Sent: Wednesday, 19 October, 2011 22:44 snip: connect to graph.facebook.com:443 using cafile=DigiCertHighAssuranceEVRootCA.crt gets rc=20 Then I found this directory in my system, /etc/ssl/certs, containing my installed CA roots, which I provided to OpenSSL, instead of the certificate file: and got rc=0 It seems to me that there is one certificate installed in /etc/ssl/certs, which is different from the on I was providing, that is being used to verify the host. If it is so, how can I know what certificate is being used? And why Firefox and Chrome both use the former certificate I provided, while OpenSSL is unable to use it for the same host? s_client shows that host is providing a chain which has at #2 Digicert High Assurance EV Root CA not actually a root but instead isssued by Entrust.net Secure Server Certification Authority. Such a cert with SHA1 99A6 9BE6 1AFE 886B 4D2B 8200 7CB8 54FC 317E 1539 found at www.entrust.net Download roots does verify the chain, and is in my Windows/IE(7) and FF3.6 and Java(6u24) truststores out of the box, so if your /etc/ssl/certs was put together with the usual suspects (a la Casablanca) very likely it's in there. The #2 from graph.facebook.com and the root from digicert.com have the same public key and keyid so either one can verify the children (which (both) have AKI.keyid). I don't know why both forms exist and I don't see anything obvious on the Digicert website about it. The dates are different: the #2 is 20061001 to 20140726 while the true root is 20061110 to 2030; possibly digicert initially got cross-signed by entrust and then established their own root(s). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Failing to verify the certificate of one specific site
2011/10/9 Lucas Clemente Vella lve...@gmail.com: First of all, I am not a direct user of the OpenSSL library, but I am using it via Python 2.7 built-in module ssl, which in turn uses OpenSSL. Since my problem is SSL specific, I thought people here would be more apt to help me. Now I wrote the C code using directly OpenSSL, and I get the same problem: #include stdio.h #include openssl/bio.h #include openssl/ssl.h #include openssl/err.h int main() { long ret; BIO * bio; SSL_CTX * ctx; SSL * ssl; X509 * cert; SSL_library_init(); SSL_load_error_strings(); ERR_load_BIO_strings(); ctx = SSL_CTX_new(TLSv1_client_method()); SSL_CTX_load_verify_locations(ctx, DigiCertHighAssuranceEVRootCA.crt, NULL); bio = BIO_new_ssl_connect(ctx); BIO_get_ssl(bio, ssl); SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); BIO_set_conn_hostname(bio, graph.facebook.com:443); BIO_do_connect(bio); cert = SSL_get_peer_certificate(ssl); ret = SSL_get_verify_result(ssl); printf(Cert: %s\nRet %ld\n, cert-name, ret); X509_free(cert); BIO_free_all(bio); SSL_CTX_free(ctx); } By running it, I get: $ ssl_test Cert: /C=US/ST=California/L=Palo Alto/O=Facebook, Inc./CN=*.facebook.com Ret 20 which Ret 20 means, according to 'man verify', 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY where I would expect: 0 X509_V_OK Then I found this directory in my system, /etc/ssl/certs, containing my installed CA roots, which I provided to OpenSSL, instead of the certificate file: SSL_CTX_load_verify_locations(ctx, NULL, /etc/ssl/certs); By running again, I get Ret 0, meaning X509_V_OK and the host was verified. It seems to me that there is one certificate installed in /etc/ssl/certs, which is different from the on I was providing, that is being used to verify the host. If it is so, how can I know what certificate is being used? And why Firefox and Chrome both use the former certificate I provided, while OpenSSL is unable to use it for the same host? -- Lucas Clemente Vella lve...@gmail.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Failing to verify the certificate of one specific site
First of all, I am not a direct user of the OpenSSL library, but I am using it via Python 2.7 built-in module ssl, which in turn uses OpenSSL. Since my problem is SSL specific, I thought people here would be more apt to help me. I have an web server and I need to make a HTTPS request to the external server graph.facebook.com. It is plain in the Pyhton urllib2 module documentation that, while it will happily establish an HTTPS connection, it will not verify the server's certificate. So I was trying to use the ssl module to get the servers certificate verified. The problem is that the verification fails, and I have no clue of why. My browser is able to verify the server's certificate using the same root CA I provided to the ssl module, just type in https://graph.facebook.com/me;. This small code shows the problem: import socket, ssl s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ssl_sock = ssl.wrap_socket(s, ca_certs=DigiCertHighAssuranceEVRootCA.crt, cert_reqs=ssl.CERT_REQUIRED) ssl_sock.connect(('graph.facebook.com', 443)) Traceback (most recent call last): File ssl_test.py, line 4, in module ssl_sock.connect(('graph.facebook.com', 443)) File /usr/lib/python2.7/ssl.py, line 299, in connect self.do_handshake() File /usr/lib/python2.7/ssl.py, line 283, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [Errno 1] _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed If I try the same code against 'ev-root.digicert.com', which is the DigiCert test address for this certificate, it works and the host is correctly verified. So, do you have any clue on why the verification of this specific host fails even if I have the correct root CA? Any suggestions on how can I get more details on the problem? -- Lucas Clemente Vella lve...@gmail.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify a certificate
On 07/19/2011 08:20 AM, Mailing List SVR wrote: Hi, I need to verify the attached certificate (cert.bin) and read the asn1 info stored in it. I'm using the following commands: openssl smime -verify -in cert.pem -inform pem -CAfile signer.pem cert.data and then: openssl asn1parse -inform DER -in cert.data now if the signer give me signer.pem all is fine. Some signer put their public certificate inside the binary certificate (see cert.bin attached), in this cases I'm unable to verify the certificate. I get this error: Verification failure 10280:error:2107C080:PKCS7 routines:PKCS7_get0_signers:signer certificate not found:pk7_smime.c:378: Attached are: 1) cert.bin, the original binary certificate 2) cert.pem, obtained with the command: openssl pkcs7 -in cert.bin -out cert.pem -inform DER 3) as signer certificate (signer.pem) I'm using the certificate found at the end of cert.cer. cert.cer is obtained with the command: openssl pkcs7 -in cert.bin -inform DER -print_certs -text cert.cer any hints would be appreciated, If I understand what you mean, the behaviour is what you'd expect, as cert.bin is not immediately a X509 structure. Actually it is, but as content inside a SMIME and must be extracted first, just as you do with your command in point (2) -below. Now, what kind of advice do you need? If you must write a script that perfroms the operation when needed, just try one way (signer.pem is X509) and, if it fails, the other (first extracting the X509 from cert.bin and then converting it to PEM) just as you show in your commands... thanks Nicola __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify a certificate
Thanks my question was already answered my original certificate was not rfc compliant and so openssl fails to verify it, thanks anyway Nicola Il 25/07/2011 17:22, lists ha scritto: On 07/19/2011 08:20 AM, Mailing List SVR wrote: Hi, I need to verify the attached certificate (cert.bin) and read the asn1 info stored in it. I'm using the following commands: openssl smime -verify -in cert.pem -inform pem -CAfile signer.pem cert.data and then: openssl asn1parse -inform DER -in cert.data now if the signer give me signer.pem all is fine. Some signer put their public certificate inside the binary certificate (see cert.bin attached), in this cases I'm unable to verify the certificate. I get this error: Verification failure 10280:error:2107C080:PKCS7 routines:PKCS7_get0_signers:signer certificate not found:pk7_smime.c:378: Attached are: 1) cert.bin, the original binary certificate 2) cert.pem, obtained with the command: openssl pkcs7 -in cert.bin -out cert.pem -inform DER 3) as signer certificate (signer.pem) I'm using the certificate found at the end of cert.cer. cert.cer is obtained with the command: openssl pkcs7 -in cert.bin -inform DER -print_certs -text cert.cer any hints would be appreciated, If I understand what you mean, the behaviour is what you'd expect, as cert.bin is not immediately a X509 structure. Actually it is, but as content inside a SMIME and must be extracted first, just as you do with your command in point (2) -below. Now, what kind of advice do you need? If you must write a script that perfroms the operation when needed, just try one way (signer.pem is X509) and, if it fails, the other (first extracting the X509 from cert.bin and then converting it to PEM) just as you show in your commands... thanks Nicola __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Verify a certificate
Hi, I need to verify the attached certificate (cert.bin) and read the asn1 info stored in it. I'm using the following commands: openssl smime -verify -in cert.pem -inform pem -CAfile signer.pem cert.data and then: openssl asn1parse -inform DER -in cert.data now if the signer give me signer.pem all is fine. Some signer put their public certificate inside the binary certificate (see cert.bin attached), in this cases I'm unable to verify the certificate. I get this error: Verification failure 10280:error:2107C080:PKCS7 routines:PKCS7_get0_signers:signer certificate not found:pk7_smime.c:378: Attached are: 1) cert.bin, the original binary certificate 2) cert.pem, obtained with the command: openssl pkcs7 -in cert.bin -out cert.pem -inform DER 3) as signer certificate (signer.pem) I'm using the certificate found at the end of cert.cer. cert.cer is obtained with the command: openssl pkcs7 -in cert.bin -inform DER -print_certs -text cert.cer any hints would be appreciated, thanks Nicola certs.tar.gz Description: GNU Zip compressed data
Verify a certificate
Hi, I need to verify the attached certificate (cert.bin) and read the asn1 info stored in it. I'm using the following commands: openssl smime -verify -in cert.pem -inform pem -CAfile signer.pem cert.data and then: openssl asn1parse -inform DER -in cert.data now if the signer give me signer.pem all is fine. Some signer put their public certificate inside the binary certificate (see cert.bin attached), in this cases I'm unable to verify the certificate. I get this error: Verification failure 10280:error:2107C080:PKCS7 routines:PKCS7_get0_signers:signer certificate not found:pk7_smime.c:378: Attached are: 1) cert.bin, the original binary certificate 2) cert.pem, obtained with the command: openssl pkcs7 -in cert.bin -out cert.pem -inform DER 3) as signer certificate (signer.pem) I'm using the certificate found at the end of cert.cer. cert.cer is obtained with the command: openssl pkcs7 -in cert.bin -inform DER -print_certs -text cert.cer any hints would be appreciated, thanks Nicola cert.bin Description: Binary data cert.pem Description: application/x509-ca-cert cert.cer Description: application/pkix-cert
Re: verify client certificate at a later point
Thank You for your help! I understand now, that the client would not be able to offer a certificate unless it owns the corresponding private key. So it is enough to check that the certificate offered (or its fingerprint), matches the certificate (resp. finger print) send to the server on a secure channel. Thus I was able to finish implementing this part of the Phantom Protocol design. Thank you very much for your time, help and patience. :) Once I will have a first working prototype of the protocol, you will be able to check it our here: http://code.google.com/p/phantom/ (for now the code is in a private repository, as we are not sure yet, how much rights google takes for using their services to develop code) Michael On Fri, Sep 25, 2009 at 9:46 PM, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Fri, Sep 25, 2009 at 01:49:25PM +0200, Michael Prinzinger wrote: Dear Victor, thanks for your help. The problem is that I need to understand OpenSSL and its mechanisms and No you need to understand SSL/TLS in general, and how to make use of SSL in your protocol. The OpenSSL part will be easy, understanding SSL (especially SSL with direct trust sans trust anchors) is I think your main obstacle. However I think it would be more secure to be able to verify that the client is actually in posession of the private key belonging to this certificate, right? SSL ensures that the SSL client has the private key for the peer certificate that you find for the client at the end of the SSL session. It is then up to your application to decide whether this is the right peer to talk to, but the peer definitely knows how to solve the inverse problem for the public key in question, presumably by having access to the private key. Good luck. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: verify client certificate at a later point
On Sat, Sep 26, 2009 at 03:49:34PM +0200, Michael Prinzinger wrote: Once I will have a first working prototype of the protocol, you will be able to check it our here: http://code.google.com/p/phantom/ Thanks for the offer, but I try avoid using security software written by implementers new to the field. By all means, experiment and learn, but I think it is prudent to not encourage others to use security code designed and built while you are still learning. After a couple of years of reading books, articles, code, discussing your designs and collaborating with expers, ... you may be ready to publish trustworthy security software. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: verify client certificate at a later point
Dear Victor, thanks for your help. The problem is that I need to understand OpenSSL and its mechanisms and possibilities in order to find a way to implement the design of the protocol. It would be nice if you could help a little bit further still, but I will understand if you should choose not to. you compare the enclosed peer certificate (public key fingerprint) with the peer certificate (public key fingerprint) from the SSL session. I wrote a customized check certificate method, that simply compares the certificate the client offered during the connection build up, to the certificate we know it should be using. This works fine. However I think it would be more secure to be able to verify that the client is actually in posession of the private key belonging to this certificate, right? The protocol design, as I should implement it, however does not speak about signing a part of the payload with this private key; else it would be easy for me to do. That is why I hope to find some OpenSSL mechanism, that would allow me to do that independent of the payload. Thank you for your help and your time, and sorry for not yet understanding everything perfectly. Michael On Thu, Sep 24, 2009 at 8:20 PM, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Thu, Sep 24, 2009 at 08:03:49PM +0200, Michael Prinzinger wrote: Dear Victor, it is almost working. with the cerify_callback function returning 1, I can establish a connection. However when I call SSL_get_verify_result() it tells me the certificate is not in the trust store. You don't care. Don't bother with SSL_get_verify_result() it is of no consequence. You need to compare the certificate *directly* against what you expected to receive. Or your agreement that I understood your problem is in error. I think I need to stop here. You are still asking API questions, when you still don't have a design and are struggling with related security principles. You are not yet ready to write the code. First solve the problem on paper with a design, that is written in words, not computer code and relates the security steps taken to the security requirements of the protocol and application use-case. -- /\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAILMorgan Stanley confidentiality or privilege, and use is prohibited.
Re: verify client certificate at a later point
On Fri September 25 2009, Michael Prinzinger wrote: Dear Victor, thanks for your help. The problem is that I need to understand OpenSSL and its mechanisms and possibilities in order to find a way to implement the design of the protocol. It would be nice if you could help a little bit further still, but I will understand if you should choose not to. The openSSL project now supports consultants for hire - - One path to solving your problems: just send them money. Mike you compare the enclosed peer certificate (public key fingerprint) with the peer certificate (public key fingerprint) from the SSL session. I wrote a customized check certificate method, that simply compares the certificate the client offered during the connection build up, to the certificate we know it should be using. This works fine. However I think it would be more secure to be able to verify that the client is actually in posession of the private key belonging to this certificate, right? The protocol design, as I should implement it, however does not speak about signing a part of the payload with this private key; else it would be easy for me to do. That is why I hope to find some OpenSSL mechanism, that would allow me to do that independent of the payload. Thank you for your help and your time, and sorry for not yet understanding everything perfectly. Michael On Thu, Sep 24, 2009 at 8:20 PM, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Thu, Sep 24, 2009 at 08:03:49PM +0200, Michael Prinzinger wrote: Dear Victor, it is almost working. with the cerify_callback function returning 1, I can establish a connection. However when I call SSL_get_verify_result() it tells me the certificate is not in the trust store. You don't care. Don't bother with SSL_get_verify_result() it is of no consequence. You need to compare the certificate *directly* against what you expected to receive. Or your agreement that I understood your problem is in error. I think I need to stop here. You are still asking API questions, when you still don't have a design and are struggling with related security principles. You are not yet ready to write the code. First solve the problem on paper with a design, that is written in words, not computer code and relates the security steps taken to the security requirements of the protocol and application use-case. -- /\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAILMorgan Stanley confidentiality or privilege, and use is prohibited. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: verify client certificate at a later point
On Fri, Sep 25, 2009 at 01:49:25PM +0200, Michael Prinzinger wrote: Dear Victor, thanks for your help. The problem is that I need to understand OpenSSL and its mechanisms and No you need to understand SSL/TLS in general, and how to make use of SSL in your protocol. The OpenSSL part will be easy, understanding SSL (especially SSL with direct trust sans trust anchors) is I think your main obstacle. However I think it would be more secure to be able to verify that the client is actually in posession of the private key belonging to this certificate, right? SSL ensures that the SSL client has the private key for the peer certificate that you find for the client at the end of the SSL session. It is then up to your application to decide whether this is the right peer to talk to, but the peer definitely knows how to solve the inverse problem for the public key in question, presumably by having access to the private key. Good luck. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: verify client certificate at a later point
Michael Prinzinger: I wrote a customized check certificate method, that simply compares the certificate the client offered during the connection build up, to the certificate we know it should be using. This works fine. That works so long as you already know the certificate the client should be using. However I think it would be more secure to be able to verify that the client is actually in posession of the private key belonging to this certificate, right? You wouldn't be verifying the certificate unless the client has already authenticated with it. The protocol design, as I should implement it, however does not speak about signing a part of the payload with this private key; else it would be easy for me to do. That is why I hope to find some OpenSSL mechanism, that would allow me to do that independent of the payload. If you're verifying a client certificate's validity, it would only be because the client has already authenticated with that certificate. Authentication with a certificate requires the private key. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: verify client certificate at a later point
* Victor Duchovni wrote on Wed, Sep 23, 2009 at 16:18 -0400: On Wed, Sep 23, 2009 at 10:04:48PM +0200, Michael Prinzinger wrote: I have a somewhat curious setting (without CAs) about [...] //check certificate This only verifies the server's *trust chain*, but not its identity. When there is no CA, what would be the trust anchor? If, as in X.509, a hierachy with a trust anchor is used for authentication, why calling it `completely decentralized''? oki, Steffen About Ingenico: Ingenico is the world’s leading provider of payment solutions, with over 15 million terminals deployed across the globe. Delivering the very latest secure electronic payment technologies, transaction management and the widest range of value added services, Ingenico is shaping the future direction of the payment solutions market. Leveraging on its global presence and local expertise, Ingenico is reinforcing its leadership by taking banks and businesses beyond payment through offering comprehensive solutions, a true source of differentiation and new revenues streams. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. P Please consider the environment before printing this e-mail __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: verify client certificate at a later point
On Thu, Sep 24, 2009 at 12:00:05AM +0200, Michael Prinzinger wrote: Certificates are useless without corresponding signed messages. What messages are signed by the private key of the previous node, that the current node can forward to the next? I only want to verify that the previous node is the node it is supposed to be. After decrypting the setup package I have the certificate (and ip) od the correct previous node. You need to explain your terminology much more precisely. Are you saying that the accepting system expects X.509 client credentials from the connecting system, but that the payload (encrypted to the receiving node's public key) also contains the same certificate, and you want to check that the peer client matches the encrypted request? If so, trust chain verification is completely irrelevant here. You don't need to repeat the handshake, rather implement a verification callback that accepts untrusted certificates (X.509 trust anchors seem inapplicable in this context) and compares them (via the public key fingerprint) to the designated certificate in the message payload. If you want something else, you must explain it in a lot more detail. Note, your problem is understanding the crypto protocol design, not OpenSSL. You are using this list to get help with X.509 and cryptography, not really the OpenSSL API, so we are somewhat outside the list charter, but such questions are relatively common here... -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: verify client certificate at a later point
Thank You again Victor for your answer, You are right, I am not to firm with OpenSSL terminology. I tried to find some tutorials and introduction, but found relatively few, and thus tried to understand OpenSSL from looking at the man pages and the code, which makes it a little hard to get the big picture. Are you saying that the accepting system expects X.509 client credentials from the connecting system, but that the payload (encrypted to the receiving node's public key) also contains the same certificate, and you want to check that the peer client matches the encrypted request? yes. If so, trust chain verification is completely irrelevant here. You don't need to repeat the handshake, rather implement a verification callback that accepts untrusted certificates (X.509 trust anchors seem inapplicable in this context) and compares them (via the public key fingerprint) to the designated certificate in the message payload. yes, this would do what I want. I I would have to call BIO_do_handshake with a customized verification call back, that decrypts the payload, reads the certificate and compares them to the one offered by the client? Since there are no central trust authorities withtin the context of this protocol, I can only directly verify a certificate, resp. some message signed with the corresponding private key. If you want something else, you must explain it in a lot more detail. Note, your problem is understanding the crypto protocol design, not OpenSSL. You are using this list to get help with X.509 and cryptography, not really the OpenSSL API, so we are somewhat outside the list charter, but such questions are relatively common here... Thank you for helping anyways. If you know a good resource that explains X.509 infrastructure, I'd be glad to read it. Michael -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: verify client certificate at a later point
On Thu, Sep 24, 2009 at 04:23:03PM +0200, Michael Prinzinger wrote: Are you saying that the accepting system expects X.509 client credentials from the connecting system, but that the payload (encrypted to the receiving node's public key) also contains the same certificate, and you want to check that the peer client matches the encrypted request? Yes. If so, trust chain verification is completely irrelevant here. You don't need to repeat the handshake, rather implement a verification callback that accepts untrusted certificates (X.509 trust anchors seem inapplicable in this context) and compares them (via the public key fingerprint) to the designated certificate in the message payload. Yes, this would do what I want. I would have to call BIO_do_handshake with a customized verification call back, that decrypts the payload, reads the certificate and compares them to the one offered by the client? No, your verification callback just always succeeds, allowing invalid trust chains, expired certificates, ... to be used. After the handshake, when you receive and decrypt the payload, you compare the enclosed peer certificate (public key fingerprint) with the peer certificate (public key fingerprint) from the SSL session. Since there are no central trust authorities withtin the context of this protocol, I can only directly verify a certificate, resp. some message signed with the corresponding private key. Verify is the wrong term here. It suggests X.509 PKI hierarchies and all that jazz. You just want to validate the peer's client cert against the message routing data in the payload. If you want something else, you must explain it in a lot more detail. Note, your problem is understanding the crypto protocol design, not OpenSSL. You are using this list to get help with X.509 and cryptography, not really the OpenSSL API, so we are somewhat outside the list charter, but such questions are relatively common here... Thank you for helping anyways. If you know a good resource that explains X.509 infrastructure, I'd be glad to read it. Actively avoid reading anything about X.509 infrastructure. Reading a decent applied cryptography book + a decent book general about SSL/TLS would be better (skipping the parts that deal with X.509 infrastructure). -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: verify client certificate at a later point
Thank You very much Victor, I think I understand now how it can be done. If you could give me one last pointer, how to overwrite the verification callback function, that is called when executing BIO_do_handshake, I'd be very grateful. sorry for using misguiding vocanulary :) Michael On Thu, Sep 24, 2009 at 5:08 PM, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Thu, Sep 24, 2009 at 04:23:03PM +0200, Michael Prinzinger wrote: Are you saying that the accepting system expects X.509 client credentials from the connecting system, but that the payload (encrypted to the receiving node's public key) also contains the same certificate, and you want to check that the peer client matches the encrypted request? Yes. If so, trust chain verification is completely irrelevant here. You don't need to repeat the handshake, rather implement a verification callback that accepts untrusted certificates (X.509 trust anchors seem inapplicable in this context) and compares them (via the public key fingerprint) to the designated certificate in the message payload. Yes, this would do what I want. I would have to call BIO_do_handshake with a customized verification call back, that decrypts the payload, reads the certificate and compares them to the one offered by the client? No, your verification callback just always succeeds, allowing invalid trust chains, expired certificates, ... to be used. After the handshake, when you receive and decrypt the payload, you compare the enclosed peer certificate (public key fingerprint) with the peer certificate (public key fingerprint) from the SSL session. Since there are no central trust authorities withtin the context of this protocol, I can only directly verify a certificate, resp. some message signed with the corresponding private key. Verify is the wrong term here. It suggests X.509 PKI hierarchies and all that jazz. You just want to validate the peer's client cert against the message routing data in the payload. If you want something else, you must explain it in a lot more detail. Note, your problem is understanding the crypto protocol design, not OpenSSL. You are using this list to get help with X.509 and cryptography, not really the OpenSSL API, so we are somewhat outside the list charter, but such questions are relatively common here... Thank you for helping anyways. If you know a good resource that explains X.509 infrastructure, I'd be glad to read it. Actively avoid reading anything about X.509 infrastructure. Reading a decent applied cryptography book + a decent book general about SSL/TLS would be better (skipping the parts that deal with X.509 infrastructure). -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: verify client certificate at a later point
sorry! I mean BIO_do_connect() this function automatically checks the client verificate, so I need to overwrite the verifiction callback BIO_do_connect uses thx On Thu, Sep 24, 2009 at 5:13 PM, Michael Prinzinger tay...@gmail.comwrote: Thank You very much Victor, I think I understand now how it can be done. If you could give me one last pointer, how to overwrite the verification callback function, that is called when executing BIO_do_handshake, I'd be very grateful. sorry for using misguiding vocanulary :) Michael On Thu, Sep 24, 2009 at 5:08 PM, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Thu, Sep 24, 2009 at 04:23:03PM +0200, Michael Prinzinger wrote: Are you saying that the accepting system expects X.509 client credentials from the connecting system, but that the payload (encrypted to the receiving node's public key) also contains the same certificate, and you want to check that the peer client matches the encrypted request? Yes. If so, trust chain verification is completely irrelevant here. You don't need to repeat the handshake, rather implement a verification callback that accepts untrusted certificates (X.509 trust anchors seem inapplicable in this context) and compares them (via the public key fingerprint) to the designated certificate in the message payload. Yes, this would do what I want. I would have to call BIO_do_handshake with a customized verification call back, that decrypts the payload, reads the certificate and compares them to the one offered by the client? No, your verification callback just always succeeds, allowing invalid trust chains, expired certificates, ... to be used. After the handshake, when you receive and decrypt the payload, you compare the enclosed peer certificate (public key fingerprint) with the peer certificate (public key fingerprint) from the SSL session. Since there are no central trust authorities withtin the context of this protocol, I can only directly verify a certificate, resp. some message signed with the corresponding private key. Verify is the wrong term here. It suggests X.509 PKI hierarchies and all that jazz. You just want to validate the peer's client cert against the message routing data in the payload. If you want something else, you must explain it in a lot more detail. Note, your problem is understanding the crypto protocol design, not OpenSSL. You are using this list to get help with X.509 and cryptography, not really the OpenSSL API, so we are somewhat outside the list charter, but such questions are relatively common here... Thank you for helping anyways. If you know a good resource that explains X.509 infrastructure, I'd be glad to read it. Actively avoid reading anything about X.509 infrastructure. Reading a decent applied cryptography book + a decent book general about SSL/TLS would be better (skipping the parts that deal with X.509 infrastructure). -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
verify client certificate at a later point
Dear OpenSSL group, I have a somewhat curious setting (without CAs) about routing information along several nodes: [1] first an unkown client establishes a connection to a known server thus I set SSL_CTX_set_verify(this-ctx, SSL_VERIFY_NONE, NULL); and let the client verify the servers certificate, like this X509* x509 = SSL_get_peer_certificate(s); CHECK(x509 != NULL); //check certificate long certVerifyResults = SSL_get_verify_result(s); if(certVerifyResults != X509_V_OK) throw SSLException(Error! Certificate could not be verified.\n); //free x509 X509_free(x509); [2] now a secure connection is established on it the server receives data encrypted with the servers public key, so only it can read it in the data is information about the next node and the previous node now the server knows the ssl certificate of the previous node and thus wants to check it, since the verify mode is still set to server only, we set it a new SSL_CTX_set_verify(this-ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); [3] if the server now runs the code above X509* x509 = SSL_get_peer_certificate(s); CHECK(x509 != NULL); //check certificate long certVerifyResults = SSL_get_verify_result(s); if(certVerifyResults != X509_V_OK) throw SSLException(Error! Certificate could not be verified.\n); //free x509 X509_free(x509); x509 will be NULL. This is probably because the handshake has already taken place. So there simply is no client certificate. Now I am trying to find a way around this problem, but failed so far. It would be nice to either find a way that both certificates are exchanged during handshae, but only the server one is verified at first or to find a way to request a certificate from the client at a later point. Has anyone an idea, how this could be achieved with the OpenSSL API? Thank You Very Much! Michael
Re: verify client certificate at a later point
On Wed, Sep 23, 2009 at 10:04:48PM +0200, Michael Prinzinger wrote: and let the client verify the servers certificate, like this X509* x509 = SSL_get_peer_certificate(s); CHECK(x509 != NULL); //check certificate long certVerifyResults = SSL_get_verify_result(s); if(certVerifyResults != X509_V_OK) throw SSLException(Error! Certificate could not be verified.\n); //free x509 X509_free(x509); This only verifies the server's *trust chain*, but not its identity. To properly verify a server, you MUST examine the certificate subjectAltName extensions and if these are missing the CommonName in the subject DN. [2] now a secure connection is established No secure connection is exists unless the client verified the server certificate. on it the server receives data encrypted with the servers public key, so only it can read it in the data is information about the next node and the previous node now the server knows the ssl certificate of the previous node and thus wants to check it, since the verify mode is still set to server only, we set it a new SSL_CTX_set_verify(this-ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); Entirely pointless after the SSL handshake is done. [3] if the server now runs the code above X509* x509 = SSL_get_peer_certificate(s); CHECK(x509 != NULL); //check certificate long certVerifyResults = SSL_get_verify_result(s); if(certVerifyResults != X509_V_OK) throw SSLException(Error! Certificate could not be verified.\n); //free x509 X509_free(x509); Again this would just verify the trust chain, and say nothing about the client identity. Has anyone an idea, how this could be achieved with the OpenSSL API? You are solving the wrong problem. Forget OpenSSL APIs, ... what actual security goals are you trying to achieve and what is available on the client and server to get you there? -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: verify client certificate at a later point
I set the following for the global context which is used to create the connection: // Set the SSL certificate verify mode SSL_CTX_set_verify(_globalContext, SSL_VERIFY_PEER, NULL); Then the server requests the peer (i.e. the client) for a certificate during the handshake, which the client can either ignore, or provide. Then, right after SSL_accept() returns 0, i.e. now we are ready to check the certificate, I add the following code to see if the client provided a certificate and whether it is acceptable. Check that SSL_get_verify_result(_connContext) == X509_V_OK, // This checks for the validity of the certificate chain. // Did the client provide a certificate? cert = SSL_get_peer_certificate(_connContext); if (cert == NULL) { // Client provided no certificate. // mark it as not provided certificate during handshake and give it lower privileges. // Otherwise check the certificate for acceptability and if that check passes give it higher privileges. Hope that helps. The other option is to do a handshake without asking for a client certificate first, then do a re-handshake and ask the client for a certificate when required. Ashish __ Ashish V. Thapliyal, Security Architect, Citrix Online Division, 6500 Hollister Ave, Goleta, CA 93117. V: +1 (805) 690 2908. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Michael Prinzinger Sent: Wednesday, September 23, 2009 1:05 PM To: openssl-users@openssl.org Subject: verify client certificate at a later point Dear OpenSSL group, I have a somewhat curious setting (without CAs) about routing information along several nodes: [1] first an unkown client establishes a connection to a known server thus I set SSL_CTX_set_verify(this-ctx, SSL_VERIFY_NONE, NULL); and let the client verify the servers certificate, like this X509* x509 = SSL_get_peer_certificate(s); CHECK(x509 != NULL); //check certificate long certVerifyResults = SSL_get_verify_result(s); if(certVerifyResults != X509_V_OK) throw SSLException(Error! Certificate could not be verified.\n); //free x509 X509_free(x509); [2] now a secure connection is established on it the server receives data encrypted with the servers public key, so only it can read it in the data is information about the next node and the previous node now the server knows the ssl certificate of the previous node and thus wants to check it, since the verify mode is still set to server only, we set it a new SSL_CTX_set_verify(this-ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); [3] if the server now runs the code above X509* x509 = SSL_get_peer_certificate(s); CHECK(x509 != NULL); //check certificate long certVerifyResults = SSL_get_verify_result(s); if(certVerifyResults != X509_V_OK) throw SSLException(Error! Certificate could not be verified.\n); //free x509 X509_free(x509); x509 will be NULL. This is probably because the handshake has already taken place. So there simply is no client certificate. Now I am trying to find a way around this problem, but failed so far. It would be nice to either find a way that both certificates are exchanged during handshae, but only the server one is verified at first or to find a way to request a certificate from the client at a later point. Has anyone an idea, how this could be achieved with the OpenSSL API? Thank You Very Much! Michael
Re: verify client certificate at a later point
Thank you for your answer Victor, I am trying to establish a routing path for an anonymity protocol ( http://en.wikipedia.org/wiki/Phantom_Anonymity_Protocol). This is a one way procedure: the node that wants to be anonymized selects a couple of other nodes and sends an array with setup packages (encrypted with the node's public key) to the first node, it had selectd. Now every such node accepts an anonymous connection from a client, receives this array, decrypts the setup package meant for this node, and finds inside: IP and Certificate of the previous and next node (and some more information unrelated to openssl). When establishing a connection to the next node, the current node can thus verify the certificate of the next node. However, now that the current node also got to know the previous node's certificate in a secure way, it can also verify the previous node's certificate. However, the handshake was already made, and the previous node did not send a certificate. That is why I am looking for a way to get this certificate after the handshake was already made, so the current node can verify it. === also thanks for your remarks about how to actually verify a socket. I will extend my verification method by also checking the extensions. I would be grateful, if you could help! Michael On Wed, Sep 23, 2009 at 10:18 PM, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Wed, Sep 23, 2009 at 10:04:48PM +0200, Michael Prinzinger wrote: and let the client verify the servers certificate, like this X509* x509 = SSL_get_peer_certificate(s); CHECK(x509 != NULL); //check certificate long certVerifyResults = SSL_get_verify_result(s); if(certVerifyResults != X509_V_OK) throw SSLException(Error! Certificate could not be verified.\n); //free x509 X509_free(x509); This only verifies the server's *trust chain*, but not its identity. To properly verify a server, you MUST examine the certificate subjectAltName extensions and if these are missing the CommonName in the subject DN. [2] now a secure connection is established No secure connection is exists unless the client verified the server certificate. on it the server receives data encrypted with the servers public key, so only it can read it in the data is information about the next node and the previous node now the server knows the ssl certificate of the previous node and thus wants to check it, since the verify mode is still set to server only, we set it a new SSL_CTX_set_verify(this-ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); Entirely pointless after the SSL handshake is done. [3] if the server now runs the code above X509* x509 = SSL_get_peer_certificate(s); CHECK(x509 != NULL); //check certificate long certVerifyResults = SSL_get_verify_result(s); if(certVerifyResults != X509_V_OK) throw SSLException(Error! Certificate could not be verified.\n); //free x509 X509_free(x509); Again this would just verify the trust chain, and say nothing about the client identity. Has anyone an idea, how this could be achieved with the OpenSSL API? You are solving the wrong problem. Forget OpenSSL APIs, ... what actual security goals are you trying to achieve and what is available on the client and server to get you there? -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: verify client certificate at a later point
Thank You Ashish for your answer! On Wed, Sep 23, 2009 at 10:30 PM, Ashish Thapliyal ashish.thapli...@citrix.com wrote: I set the following for the global context which is used to create the connection: // Set the SSL certificate verify mode SSL_CTX_set_verify(_globalContext, SSL_VERIFY_PEER, NULL); Then the server requests the peer (i.e. the client) for a certificate during the handshake, which the client can either ignore, or provide. yes I want the client to provide a certificate. this also works, if I set the globalContext like above However at this point the server cannot yet verify the client's certificate. So calling BIO_do_connect(BIO* client_socket) returns -1, because the client certificate could not be verified. The other option is to do a handshake without asking for a client certificate first, then do a re-handshake and ask the client for a certificate when required. Yes this would work. Because later the server will get the client certificate in a secure fashion. So how can I redo the handshake? I do not want to close and open the connection a new, just ask the client again for its certificate. Do you know how to do that? Thank You! Michael Ashish __ Ashish V. Thapliyal, Security Architect, Citrix Online Division, 6500 Hollister Ave, Goleta, CA 93117. V: +1 (805) 690 2908. *From:* owner-openssl-us...@openssl.org [mailto: owner-openssl-us...@openssl.org] *On Behalf Of *Michael Prinzinger *Sent:* Wednesday, September 23, 2009 1:05 PM *To:* openssl-users@openssl.org *Subject:* verify client certificate at a later point Dear OpenSSL group, I have a somewhat curious setting (without CAs) about routing information along several nodes: [1] first an unkown client establishes a connection to a known server thus I set SSL_CTX_set_verify(this-ctx, SSL_VERIFY_NONE, NULL); and let the client verify the servers certificate, like this X509* x509 = SSL_get_peer_certificate(s); CHECK(x509 != NULL); //check certificate long certVerifyResults = SSL_get_verify_result(s); if(certVerifyResults != X509_V_OK) throw SSLException(Error! Certificate could not be verified.\n); //free x509 X509_free(x509); [2] now a secure connection is established on it the server receives data encrypted with the servers public key, so only it can read it in the data is information about the next node and the previous node now the server knows the ssl certificate of the previous node and thus wants to check it, since the verify mode is still set to server only, we set it a new SSL_CTX_set_verify(this-ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); [3] if the server now runs the code above X509* x509 = SSL_get_peer_certificate(s); CHECK(x509 != NULL); //check certificate long certVerifyResults = SSL_get_verify_result(s); if(certVerifyResults != X509_V_OK) throw SSLException(Error! Certificate could not be verified.\n); //free x509 X509_free(x509); x509 will be NULL. This is probably because the handshake has already taken place. So there simply is no client certificate. Now I am trying to find a way around this problem, but failed so far. It would be nice to either find a way that both certificates are exchanged during handshae, but only the server one is verified at first or to find a way to request a certificate from the client at a later point. Has anyone an idea, how this could be achieved with the OpenSSL API? Thank You Very Much! Michael
Re: verify client certificate at a later point
On Wed, Sep 23, 2009 at 10:43:11PM +0200, Michael Prinzinger wrote: I am trying to establish a routing path for an anonymity protocol ( http://en.wikipedia.org/wiki/Phantom_Anonymity_Protocol). This is a one way procedure: the node that wants to be anonymized selects a couple of other nodes and sends an array with setup packages (encrypted with the node's public key) to the first node, it had selectd. Now every such node accepts an anonymous connection from a client, receives this array, decrypts the setup package meant for this node, and finds inside: IP and Certificate of the previous and next node (and some more information unrelated to openssl). Certificates are useless without corresponding signed messages. What messages are signed by the private key of the previous node, that the current node can forward to the next? When establishing a connection to the next node, the current node can thus verify the certificate of the next node. Sure. However, now that the current node also got to know the previous node's certificate in a secure way, it can also verify the previous node's certificate. This makes no sense. What message associated with the previous node do you need to authenticate? Note, the SSL handshake involves the current client signing the SSL handshake, and the certificate binds the client's identity to that signature. Why do you need client identity in an anonymity protocol? What is the security role of the previous node certificate. You are very confused about the requirements. Forget APIs, and programming approaches for now, arrive a sensible protocol description. What is the multi-hop protocol and how/why do you plan to secure it with assymetric cryptography? -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: verify client certificate at a later point
Dear Victor, On Wed, Sep 23, 2009 at 11:33 PM, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Wed, Sep 23, 2009 at 10:43:11PM +0200, Michael Prinzinger wrote: Certificates are useless without corresponding signed messages. What messages are signed by the private key of the previous node, that the current node can forward to the next? I only want to verify that the previous node is the node it is supposed to be. After decrypting the setup package I have the certificate (and ip) od the correct previous node. This makes no sense. What message associated with the previous node do you need to authenticate? Note, the SSL handshake involves the current client signing the SSL handshake, and the certificate binds the client's identity to that signature. Thanks for explaining. The previous node is supposed to sign the handshake, so the current node can verify the previous node is indeed the node it should be. Since I can only do that after the initial handshake, I have to redo the handshake. Is there an easy way to redo the handshake? Why do you need client identity in an anonymity protocol? What is the security role of the previous node certificate. all routing nodes are chosen by the node that want to stay anonymnous. the whole process is completely decentralized. So there needs to be a lot of security mechanisms to make sure, the packages really traverese the path, the anonymized node has chosen. This includes a verification of the two nodes, such a routing node is connected to. And this verification means: verifying the ip of the previous node and the certificate of it (i.e. verifying that the previous node has the correct certificate private key, fitting the certificate the current node is holding) (i.e. the previous node needs to sign something with its private key (the handshake) so the current node can verify it) You are very confused about the requirements. Forget APIs, and programming approaches for now, arrive a sensible protocol description. What is the multi-hop protocol and how/why do you plan to secure it with assymetric cryptography? I am only implementing the design. The design of the protocol is already very well developed. You will find a link to the white paper on the Wikipedia page: http://en.wikipedia.org/wiki/Phantom_Anonymity_Protocol So yes it really makes sense this way :) (its unorthodox concerning OpenSSL, but still very secure) So I think all I need to do is find a way to redo the handshake, after the connection was already established. only this time the client should sign the handshake, and the server should verify it. Could you provide me some help, how to do this! Thank You Michael -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: verify client certificate at a later point
Hi Michael, I have not implemented a rehandshake but as I understand, it can be pretty complicated. Searching for OpenSSL rehandshake on google pointed me to this article (http://www.rtfm.com/openssl-examples/part2.pdf) by Eric Rescorla, describing the rehandshake in detail. Hope this helps. Ashish. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Michael Prinzinger Sent: Wednesday, September 23, 2009 2:02 PM To: openssl-users@openssl.org Subject: Re: verify client certificate at a later point Thank You Ashish for your answer! On Wed, Sep 23, 2009 at 10:30 PM, Ashish Thapliyal ashish.thapli...@citrix.commailto:ashish.thapli...@citrix.com wrote: I set the following for the global context which is used to create the connection: // Set the SSL certificate verify mode SSL_CTX_set_verify(_globalContext, SSL_VERIFY_PEER, NULL); Then the server requests the peer (i.e. the client) for a certificate during the handshake, which the client can either ignore, or provide. yes I want the client to provide a certificate. this also works, if I set the globalContext like above However at this point the server cannot yet verify the client's certificate. So calling BIO_do_connect(BIO* client_socket) returns -1, because the client certificate could not be verified. The other option is to do a handshake without asking for a client certificate first, then do a re-handshake and ask the client for a certificate when required. Yes this would work. Because later the server will get the client certificate in a secure fashion. So how can I redo the handshake? I do not want to close and open the connection a new, just ask the client again for its certificate. Do you know how to do that? Thank You! Michael Ashish __ Ashish V. Thapliyal, Security Architect, Citrix Online Division, 6500 Hollister Ave, Goleta, CA 93117. V: +1 (805) 690 2908. From: owner-openssl-us...@openssl.orgmailto:owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.orgmailto:owner-openssl-us...@openssl.org] On Behalf Of Michael Prinzinger Sent: Wednesday, September 23, 2009 1:05 PM To: openssl-users@openssl.orgmailto:openssl-users@openssl.org Subject: verify client certificate at a later point Dear OpenSSL group, I have a somewhat curious setting (without CAs) about routing information along several nodes: [1] first an unkown client establishes a connection to a known server thus I set SSL_CTX_set_verify(this-ctx, SSL_VERIFY_NONE, NULL); and let the client verify the servers certificate, like this X509* x509 = SSL_get_peer_certificate(s); CHECK(x509 != NULL); //check certificate long certVerifyResults = SSL_get_verify_result(s); if(certVerifyResults != X509_V_OK) throw SSLException(Error! Certificate could not be verified.\n); //free x509 X509_free(x509); [2] now a secure connection is established on it the server receives data encrypted with the servers public key, so only it can read it in the data is information about the next node and the previous node now the server knows the ssl certificate of the previous node and thus wants to check it, since the verify mode is still set to server only, we set it a new SSL_CTX_set_verify(this-ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); [3] if the server now runs the code above X509* x509 = SSL_get_peer_certificate(s); CHECK(x509 != NULL); //check certificate long certVerifyResults = SSL_get_verify_result(s); if(certVerifyResults != X509_V_OK) throw SSLException(Error! Certificate could not be verified.\n); //free x509 X509_free(x509); x509 will be NULL. This is probably because the handshake has already taken place. So there simply is no client certificate. Now I am trying to find a way around this problem, but failed so far. It would be nice to either find a way that both certificates are exchanged during handshae, but only the server one is verified at first or to find a way to request a certificate from the client at a later point. Has anyone an idea, how this could be achieved with the OpenSSL API? Thank You Very Much! Michael
How to verify peer certificate
Dear All; Thank you all of you for your support. When I called SSL_CTX_load_verify_locations() and SSL_CTX_set_verify() to verify the peer certificate but I got fetal error unkown certificate authority. Please let me know what is reason behind it. But I have CA certificate, client certificate and keys. I set properly.Please tell me how to debug it? What is reason behind it. Thank you. Regards, --Ajeet Kumar Singh image002.jpg
How to verify peer certificate using self signed root CA certificate.
Dear All, I have self signed root certificate I want to verify the peer certificate. Please tell me how to verifying. What API I need to call. Thank you. Regards, --Ajeet Kumar Singh
Re: Verify x509 certificate
it seems to work good because if I try to change a character in array containing the cert, the verification process fails. However next days I'll try to load an untrusted chain and verify better, now instead I'm preparing problems for the next post :-) thanks Flt Il giorno sab, 02/08/2008 alle 18.57 -0700, Sendroiu Eugen ha scritto: I'm not sure you solved that. This works just because your certificate chain will have only 1 certificate so no signature verification is done. kr, Eugen Sendroiu - Original Message From: .:: Francesco la Torre ::. [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Saturday, August 2, 2008 5:16:10 PM Subject: Re: Verify x509 certificate Solved ! I forgot to call SSLeay_add_all_algorithms(); ... a summer youthful folly :-) Flt Il giorno sab, 02/08/2008 alle 11.43 +0200, .:: Francesco la Torre ::. ha scritto: On sab, 2008-08-02 at 02:04 -0700, Kyle Hamilton wrote: The verify(1ssl) man page has descriptions of these error codes. 7 is X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure, which is described as: the signature of the certificate is invalid. I would presume that this is because the signature cannot be verified with the public key that it's said to be verifiable with -- i.e., the data in one of the certificates has been modified since it was signed (and thus, the signature has been invalidated). You're true, but I used the stange abjective because if I try to verify the certificate from command line openssl verify -CAfile /home/frank/test/test-CA/calist.pem cert.pem The output is : cert.pem: OK so both certificates are valid. Regards, Flt -Kyle H On Fri, Aug 1, 2008 at 5:15 PM, .:: Francesco la Torre ::. [EMAIL PROTECTED] wrote: On sab, 2008-08-02 at 00:21 +0200, .:: Francesco la Torre ::. wrote: One mistake is here even if there were not compilation error and also add this line to the main X509_STORE_set_verify_cb_func(ca_ctx,cb); the correct code block is : ... /* load CA cert store */ if (!(CAcerts = X509_STORE_new())) { printf (\nError1\n); } --- X509_STORE_set_verify_cb_func(CAcerts,cb); ... but the result is always the same : Not always the boring Verification error: certificate signature failure But a new strange error : /C=IT/ST=Italy/O=IIT-CNR/OU=lab18/CN=ubuntu-ser/[EMAIL PROTECTED] error 7 at 1 depth lookup:certificate signature failure Verification error: 0 I've tried to find any kind of reference for this kind of error but google returns not a very good help. In various forum/mailing list this is _classified_ as *quite strange* error ... is it possible ? Thanks in advance, Flt __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verify x509 certificate
The verify(1ssl) man page has descriptions of these error codes. 7 is X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure, which is described as: the signature of the certificate is invalid. I would presume that this is because the signature cannot be verified with the public key that it's said to be verifiable with -- i.e., the data in one of the certificates has been modified since it was signed (and thus, the signature has been invalidated). -Kyle H On Fri, Aug 1, 2008 at 5:15 PM, .:: Francesco la Torre ::. [EMAIL PROTECTED] wrote: On sab, 2008-08-02 at 00:21 +0200, .:: Francesco la Torre ::. wrote: One mistake is here even if there were not compilation error and also add this line to the main X509_STORE_set_verify_cb_func(ca_ctx,cb); the correct code block is : ... /* load CA cert store */ if (!(CAcerts = X509_STORE_new())) { printf (\nError1\n); } --- X509_STORE_set_verify_cb_func(CAcerts,cb); ... but the result is always the same : Not always the boring Verification error: certificate signature failure But a new strange error : /C=IT/ST=Italy/O=IIT-CNR/OU=lab18/CN=ubuntu-ser/[EMAIL PROTECTED] error 7 at 1 depth lookup:certificate signature failure Verification error: 0 I've tried to find any kind of reference for this kind of error but google returns not a very good help. In various forum/mailing list this is _classified_ as *quite strange* error ... is it possible ? Thanks in advance, Flt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verify x509 certificate
On sab, 2008-08-02 at 02:04 -0700, Kyle Hamilton wrote: The verify(1ssl) man page has descriptions of these error codes. 7 is X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure, which is described as: the signature of the certificate is invalid. I would presume that this is because the signature cannot be verified with the public key that it's said to be verifiable with -- i.e., the data in one of the certificates has been modified since it was signed (and thus, the signature has been invalidated). You're true, but I used the stange abjective because if I try to verify the certificate from command line openssl verify -CAfile /home/frank/test/test-CA/calist.pem cert.pem The output is : cert.pem: OK so both certificates are valid. Regards, Flt -Kyle H On Fri, Aug 1, 2008 at 5:15 PM, .:: Francesco la Torre ::. [EMAIL PROTECTED] wrote: On sab, 2008-08-02 at 00:21 +0200, .:: Francesco la Torre ::. wrote: One mistake is here even if there were not compilation error and also add this line to the main X509_STORE_set_verify_cb_func(ca_ctx,cb); the correct code block is : ... /* load CA cert store */ if (!(CAcerts = X509_STORE_new())) { printf (\nError1\n); } --- X509_STORE_set_verify_cb_func(CAcerts,cb); ... but the result is always the same : Not always the boring Verification error: certificate signature failure But a new strange error : /C=IT/ST=Italy/O=IIT-CNR/OU=lab18/CN=ubuntu-ser/[EMAIL PROTECTED] error 7 at 1 depth lookup:certificate signature failure Verification error: 0 I've tried to find any kind of reference for this kind of error but google returns not a very good help. In various forum/mailing list this is _classified_ as *quite strange* error ... is it possible ? Thanks in advance, Flt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verify x509 certificate
Solved ! I forgot to call SSLeay_add_all_algorithms(); ... a summer youthful folly :-) Flt Il giorno sab, 02/08/2008 alle 11.43 +0200, .:: Francesco la Torre ::. ha scritto: On sab, 2008-08-02 at 02:04 -0700, Kyle Hamilton wrote: The verify(1ssl) man page has descriptions of these error codes. 7 is X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure, which is described as: the signature of the certificate is invalid. I would presume that this is because the signature cannot be verified with the public key that it's said to be verifiable with -- i.e., the data in one of the certificates has been modified since it was signed (and thus, the signature has been invalidated). You're true, but I used the stange abjective because if I try to verify the certificate from command line openssl verify -CAfile /home/frank/test/test-CA/calist.pem cert.pem The output is : cert.pem: OK so both certificates are valid. Regards, Flt -Kyle H On Fri, Aug 1, 2008 at 5:15 PM, .:: Francesco la Torre ::. [EMAIL PROTECTED] wrote: On sab, 2008-08-02 at 00:21 +0200, .:: Francesco la Torre ::. wrote: One mistake is here even if there were not compilation error and also add this line to the main X509_STORE_set_verify_cb_func(ca_ctx,cb); the correct code block is : ... /* load CA cert store */ if (!(CAcerts = X509_STORE_new())) { printf (\nError1\n); } --- X509_STORE_set_verify_cb_func(CAcerts,cb); ... but the result is always the same : Not always the boring Verification error: certificate signature failure But a new strange error : /C=IT/ST=Italy/O=IIT-CNR/OU=lab18/CN=ubuntu-ser/[EMAIL PROTECTED] error 7 at 1 depth lookup:certificate signature failure Verification error: 0 I've tried to find any kind of reference for this kind of error but google returns not a very good help. In various forum/mailing list this is _classified_ as *quite strange* error ... is it possible ? Thanks in advance, Flt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verify x509 certificate
I'm not sure you solved that. This works just because your certificate chain will have only 1 certificate so no signature verification is done. kr, Eugen Sendroiu - Original Message From: .:: Francesco la Torre ::. [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Saturday, August 2, 2008 5:16:10 PM Subject: Re: Verify x509 certificate Solved ! I forgot to call SSLeay_add_all_algorithms(); ... a summer youthful folly :-) Flt Il giorno sab, 02/08/2008 alle 11.43 +0200, .:: Francesco la Torre ::. ha scritto: On sab, 2008-08-02 at 02:04 -0700, Kyle Hamilton wrote: The verify(1ssl) man page has descriptions of these error codes. 7 is X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure, which is described as: the signature of the certificate is invalid. I would presume that this is because the signature cannot be verified with the public key that it's said to be verifiable with -- i.e., the data in one of the certificates has been modified since it was signed (and thus, the signature has been invalidated). You're true, but I used the stange abjective because if I try to verify the certificate from command line openssl verify -CAfile /home/frank/test/test-CA/calist.pem cert.pem The output is : cert.pem: OK so both certificates are valid. Regards, Flt -Kyle H On Fri, Aug 1, 2008 at 5:15 PM, .:: Francesco la Torre ::. [EMAIL PROTECTED] wrote: On sab, 2008-08-02 at 00:21 +0200, .:: Francesco la Torre ::. wrote: One mistake is here even if there were not compilation error and also add this line to the main X509_STORE_set_verify_cb_func(ca_ctx,cb); the correct code block is : ... /* load CA cert store */ if (!(CAcerts = X509_STORE_new())) { printf (\nError1\n); } --- X509_STORE_set_verify_cb_func(CAcerts,cb); ... but the result is always the same : Not always the boring Verification error: certificate signature failure But a new strange error : /C=IT/ST=Italy/O=IIT-CNR/OU=lab18/CN=ubuntu-ser/[EMAIL PROTECTED] error 7 at 1 depth lookup:certificate signature failure Verification error: 0 I've tried to find any kind of reference for this kind of error but google returns not a very good help. In various forum/mailing list this is _classified_ as *quite strange* error ... is it possible ? Thanks in advance, Flt __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Verify x509 certificate
Dear all, I'm new in openssl api and I'm trying to write e simple application to verify an x509 certificate but I'm facing with some strange problem. Here there is a snapshot of my code to use to replicate my scenario : #includestdio.h #includestdlib.h #includestring.h #include openssl/pem.h #include openssl/err.h #include openssl/sha.h #include openssl/ssl.h const char root_cert_data[] = -BEGIN CERTIFICATE-\n\ MIIDQjCCAqugAwIBAg ... Rinw==\n\ -END CERTIFICATE-\n; int main(int argc, char **argv){ FILE *fp; X509 *root_cert; X509_STORE *CAcerts; X509 * cert; X509_STORE_CTX ca_ctx; char *strerr; BIO *bio; STACK_OF(X509) *trusted_chain; trusted_chain = sk_X509_new_null(); if (!(bio = BIO_new_mem_buf((void *) root_cert_data, -1))) { printf(BIO_new_mem_buf\n); exit(1); } BIO_set_close(bio, BIO_NOCLOSE); if (!(root_cert = PEM_read_bio_X509(bio, 0, 0, 0))) { printf(PEM_read_bio_X509 (root)\n); ERR_print_errors_fp(stdout); exit(1); } sk_X509_push(trusted_chain, root_cert); /* load CA cert store */ if (!(CAcerts = X509_STORE_new())) { printf (\nError1\n); } if (X509_STORE_load_locations(CAcerts, /home/frank/test/test-CA/calist.pem , NULL ) != 1) { printf (\nError2\n); } if (X509_STORE_set_default_paths(CAcerts) != 1) { printf (\nError3\n); } /* load X509 certificate */ if (!(fp = fopen (cert.pem, r))){ printf (\nError4\n); } if (!(cert = PEM_read_X509 (fp, NULL, NULL, NULL))){ printf (\nError5\n); } /* verify */ if (X509_STORE_CTX_init(ca_ctx, CAcerts, cert, trusted_chain) != 1) { printf (\nError6\n); } X509_STORE_CTX_trusted_stack(ca_ctx, trusted_chain); if (X509_verify_cert(ca_ctx) != 1) { strerr = (char *) X509_verify_cert_error_string(ca_ctx.error); printf(Verification error: %s, strerr); } X509_STORE_free(CAcerts); X509_free(cert); return 0; } obviously root_cert_data[] and cert.pem have to be replaced with your certs. Compilated as gcc -Wall x509.c -o x509 -lssl -lcrypto after execution I receive this error : Verification error: certificate signature failure Even if I try to verify my certificate by mean command line tool openssl verify -CAfile /home/frank/test/test-CA/calist.pem cert.pem The output is : cert.pem: OK Does anybody know where is the problem ? Thanks in advance, Francesco la Torre __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verify x509 certificate
Any help from someone ? :-) Flt Il giorno mer, 30/07/2008 alle 23.57 +0200, Francesco la Torre ha scritto: Dear all, I'm new in openssl api and I'm trying to write e simple application to verify an x509 certificate but I'm facing with some strange problem. Here there is a snapshot of my code to use to replicate my scenario : #includestdio.h #includestdlib.h #includestring.h #include openssl/pem.h #include openssl/err.h #include openssl/sha.h #include openssl/ssl.h const char root_cert_data[] = -BEGIN CERTIFICATE-\n\ MIIDQjCCAqugAwIBAg ... Rinw==\n\ -END CERTIFICATE-\n; int main(int argc, char **argv){ FILE *fp; X509 *root_cert; X509_STORE *CAcerts; X509 * cert; X509_STORE_CTX ca_ctx; char *strerr; BIO *bio; STACK_OF(X509) *trusted_chain; trusted_chain = sk_X509_new_null(); if (!(bio = BIO_new_mem_buf((void *) root_cert_data, -1))) { printf(BIO_new_mem_buf\n); exit(1); } BIO_set_close(bio, BIO_NOCLOSE); if (!(root_cert = PEM_read_bio_X509(bio, 0, 0, 0))) { printf(PEM_read_bio_X509 (root)\n); ERR_print_errors_fp(stdout); exit(1); } sk_X509_push(trusted_chain, root_cert); /* load CA cert store */ if (!(CAcerts = X509_STORE_new())) { printf (\nError1\n); } if (X509_STORE_load_locations(CAcerts, /home/frank/test/test-CA/calist.pem , NULL ) != 1) { printf (\nError2\n); } if (X509_STORE_set_default_paths(CAcerts) != 1) { printf (\nError3\n); } /* load X509 certificate */ if (!(fp = fopen (cert.pem, r))){ printf (\nError4\n); } if (!(cert = PEM_read_X509 (fp, NULL, NULL, NULL))){ printf (\nError5\n); } /* verify */ if (X509_STORE_CTX_init(ca_ctx, CAcerts, cert, trusted_chain) != 1) { printf (\nError6\n); } X509_STORE_CTX_trusted_stack(ca_ctx, trusted_chain); if (X509_verify_cert(ca_ctx) != 1) { strerr = (char *) X509_verify_cert_error_string(ca_ctx.error); printf(Verification error: %s, strerr); } X509_STORE_free(CAcerts); X509_free(cert); return 0; } obviously root_cert_data[] and cert.pem have to be replaced with your certs. Compilated as gcc -Wall x509.c -o x509 -lssl -lcrypto after execution I receive this error : Verification error: certificate signature failure Even if I try to verify my certificate by mean command line tool openssl verify -CAfile /home/frank/test/test-CA/calist.pem cert.pem The output is : cert.pem: OK Does anybody know where is the problem ? Thanks in advance, Francesco la Torre __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verify x509 certificate
It would be helpful if we could see the certificate. My guess is that either your cert is self signed, in which case you need to treat this case in your callback, or the certificate you are trying to verify is not signed by the trust anchor that you provide. Also you must be careful which text editor you are using because some may replace spaces with their owns ( eg CRLF - CR or LF ) in the root_cert_data declaration, and that might spoil the signature. Cheers. - Original Message From: .:: Francesco la Torre ::. [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, August 1, 2008 8:02:44 PM Subject: Re: Verify x509 certificate Any help from someone ? :-) Flt Il giorno mer, 30/07/2008 alle 23.57 +0200, Francesco la Torre ha scritto: Dear all, I'm new in openssl api and I'm trying to write e simple application to verify an x509 certificate but I'm facing with some strange problem. Here there is a snapshot of my code to use to replicate my scenario : #includestdio.h #includestdlib.h #includestring.h #include openssl/pem.h #include openssl/err.h #include openssl/sha.h #include openssl/ssl.h const char root_cert_data[] = -BEGIN CERTIFICATE-\n\ MIIDQjCCAqugAwIBAg ... Rinw==\n\ -END CERTIFICATE-\n; int main(int argc, char **argv){ FILE *fp; X509 *root_cert; X509_STORE *CAcerts; X509 * cert; X509_STORE_CTX ca_ctx; char *strerr; BIO *bio; STACK_OF(X509) *trusted_chain; trusted_chain = sk_X509_new_null(); if (!(bio = BIO_new_mem_buf((void *) root_cert_data, -1))) { printf(BIO_new_mem_buf\n); exit(1); } BIO_set_close(bio, BIO_NOCLOSE); if (!(root_cert = PEM_read_bio_X509(bio, 0, 0, 0))) { printf(PEM_read_bio_X509 (root)\n); ERR_print_errors_fp(stdout); exit(1); } sk_X509_push(trusted_chain, root_cert); /* load CA cert store */ if (!(CAcerts = X509_STORE_new())) { printf (\nError1\n); } if (X509_STORE_load_locations(CAcerts, /home/frank/test/test-CA/calist.pem , NULL ) != 1) { printf (\nError2\n); } if (X509_STORE_set_default_paths(CAcerts) != 1) { printf (\nError3\n); } /* load X509 certificate */ if (!(fp = fopen (cert.pem, r))){ printf (\nError4\n); } if (!(cert = PEM_read_X509 (fp, NULL, NULL, NULL))){ printf (\nError5\n); } /* verify */ if (X509_STORE_CTX_init(ca_ctx, CAcerts, cert, trusted_chain) != 1) { printf (\nError6\n); } X509_STORE_CTX_trusted_stack(ca_ctx, trusted_chain); if (X509_verify_cert(ca_ctx) != 1) { strerr = (char *) X509_verify_cert_error_string(ca_ctx.error); printf(Verification error: %s, strerr); } X509_STORE_free(CAcerts); X509_free(cert); return 0; } obviously root_cert_data[] and cert.pem have to be replaced with your certs. Compilated as gcc -Wall x509.c -o x509 -lssl -lcrypto after execution I receive this error : Verification error: certificate signature failure Even if I try to verify my certificate by mean command line tool openssl verify -CAfile /home/frank/test/test-CA/calist.pem cert.pem The output is : cert.pem: OK Does anybody know where is the problem ? Thanks in advance, Francesco la Torre __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verify x509 certificate
On ven, 2008-08-01 at 11:21 -0700, Sendroiu Eugen wrote: Hi Sendroiu, It would be helpful if we could see the certificate. I did not report all certificate to allow you to replicate my code with your how certificate/calist. My guess is that either your cert is self signed, Yes, it's self signed. in which case you need to treat this case in your callback, I have no idea how to do this. Have I to set any flag/field in the context ? or the certificate you are trying to verify is not signed by the trust anchor that you provide. Also you must be careful which text editor you are using because some may replace spaces with their owns ( eg CRLF - CR or LF ) in the root_cert_data declaration, and that might spoil the signature. I'll check also this :-) Cheers. Thank you very much ! Flt - Original Message From: .:: Francesco la Torre ::. [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, August 1, 2008 8:02:44 PM Subject: Re: Verify x509 certificate Any help from someone ? :-) Flt Il giorno mer, 30/07/2008 alle 23.57 +0200, Francesco la Torre ha scritto: Dear all, I'm new in openssl api and I'm trying to write e simple application to verify an x509 certificate but I'm facing with some strange problem. Here there is a snapshot of my code to use to replicate my scenario : #includestdio.h #includestdlib.h #includestring.h #include openssl/pem.h #include openssl/err.h #include openssl/sha.h #include openssl/ssl.h const char root_cert_data[] = -BEGIN CERTIFICATE-\n\ MIIDQjCCAqugAwIBAg ... Rinw==\n\ -END CERTIFICATE-\n; int main(int argc, char **argv){ FILE *fp; X509 *root_cert; X509_STORE *CAcerts; X509 * cert; X509_STORE_CTX ca_ctx; char *strerr; BIO *bio; STACK_OF(X509) *trusted_chain; trusted_chain = sk_X509_new_null(); if (!(bio = BIO_new_mem_buf((void *) root_cert_data, -1))) { printf(BIO_new_mem_buf\n); exit(1); } BIO_set_close(bio, BIO_NOCLOSE); if (!(root_cert = PEM_read_bio_X509(bio, 0, 0, 0))) { printf(PEM_read_bio_X509 (root)\n); ERR_print_errors_fp(stdout); exit(1); } sk_X509_push(trusted_chain, root_cert); /* load CA cert store */ if (!(CAcerts = X509_STORE_new())) { printf (\nError1\n); } if (X509_STORE_load_locations(CAcerts, /home/frank/test/test-CA/calist.pem , NULL ) != 1) { printf (\nError2\n); } if (X509_STORE_set_default_paths(CAcerts) != 1) { printf (\nError3\n); } /* load X509 certificate */ if (!(fp = fopen (cert.pem, r))){ printf (\nError4\n); } if (!(cert = PEM_read_X509 (fp, NULL, NULL, NULL))){ printf (\nError5\n); } /* verify */ if (X509_STORE_CTX_init(ca_ctx, CAcerts, cert, trusted_chain) != 1) { printf (\nError6\n); } X509_STORE_CTX_trusted_stack(ca_ctx, trusted_chain); if (X509_verify_cert(ca_ctx) != 1) { strerr = (char *) X509_verify_cert_error_string(ca_ctx.error); printf(Verification error: %s, strerr); } X509_STORE_free(CAcerts); X509_free(cert); return 0; } obviously root_cert_data[] and cert.pem have to be replaced with your certs. Compilated as gcc -Wall x509.c -o x509 -lssl -lcrypto after execution I receive this error : Verification error: certificate signature failure Even if I try to verify my certificate by mean command line tool openssl verify -CAfile /home/frank/test/test-CA/calist.pem cert.pem The output is : cert.pem: OK Does anybody know where is the problem ? Thanks in advance, Francesco la Torre __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verify x509 certificate
self reply :-) I've added a callback function like this static int cb(int ok, X509_STORE_CTX *ctx){ char buf[256]; X509_NAME_oneline( X509_get_subject_name(ctx-current_cert),buf,256); printf(%s\n,buf); printf(error %d at %d depth lookup:%s\n,ctx-error, ctx-error_depth, X509_verify_cert_error_string(ctx-error)); /* Continue even if self signed */ if (ctx-error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1; ERR_clear_error(); return(ok); } and also add this line to the main X509_STORE_set_verify_cb_func(ca_ctx,cb); but the result is always the same : Verification error: certificate signature failure where are my mistakes ? Thanks Flt On ven, 2008-08-01 at 23:58 +0200, .:: Francesco la Torre ::. wrote: On ven, 2008-08-01 at 11:21 -0700, Sendroiu Eugen wrote: Hi Sendroiu, It would be helpful if we could see the certificate. I did not report all certificate to allow you to replicate my code with your how certificate/calist. My guess is that either your cert is self signed, Yes, it's self signed. in which case you need to treat this case in your callback, I have no idea how to do this. Have I to set any flag/field in the context ? or the certificate you are trying to verify is not signed by the trust anchor that you provide. Also you must be careful which text editor you are using because some may replace spaces with their owns ( eg CRLF - CR or LF ) in the root_cert_data declaration, and that might spoil the signature. I'll check also this :-) Cheers. Thank you very much ! Flt - Original Message From: .:: Francesco la Torre ::. [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, August 1, 2008 8:02:44 PM Subject: Re: Verify x509 certificate Any help from someone ? :-) Flt Il giorno mer, 30/07/2008 alle 23.57 +0200, Francesco la Torre ha scritto: Dear all, I'm new in openssl api and I'm trying to write e simple application to verify an x509 certificate but I'm facing with some strange problem. Here there is a snapshot of my code to use to replicate my scenario : #includestdio.h #includestdlib.h #includestring.h #include openssl/pem.h #include openssl/err.h #include openssl/sha.h #include openssl/ssl.h const char root_cert_data[] = -BEGIN CERTIFICATE-\n\ MIIDQjCCAqugAwIBAg ... Rinw==\n\ -END CERTIFICATE-\n; int main(int argc, char **argv){ FILE *fp; X509 *root_cert; X509_STORE *CAcerts; X509 * cert; X509_STORE_CTX ca_ctx; char *strerr; BIO *bio; STACK_OF(X509) *trusted_chain; trusted_chain = sk_X509_new_null(); if (!(bio = BIO_new_mem_buf((void *) root_cert_data, -1))) { printf(BIO_new_mem_buf\n); exit(1); } BIO_set_close(bio, BIO_NOCLOSE); if (!(root_cert = PEM_read_bio_X509(bio, 0, 0, 0))) { printf(PEM_read_bio_X509 (root)\n); ERR_print_errors_fp(stdout); exit(1); } sk_X509_push(trusted_chain, root_cert); /* load CA cert store */ if (!(CAcerts = X509_STORE_new())) { printf (\nError1\n); } if (X509_STORE_load_locations(CAcerts, /home/frank/test/test-CA/calist.pem , NULL ) != 1) { printf (\nError2\n); } if (X509_STORE_set_default_paths(CAcerts) != 1) { printf (\nError3\n); } /* load X509 certificate */ if (!(fp = fopen (cert.pem, r))){ printf (\nError4\n); } if (!(cert = PEM_read_X509 (fp, NULL, NULL, NULL))){ printf (\nError5\n); } /* verify */ if (X509_STORE_CTX_init(ca_ctx, CAcerts, cert, trusted_chain) != 1) { printf (\nError6\n); } X509_STORE_CTX_trusted_stack(ca_ctx, trusted_chain); if (X509_verify_cert(ca_ctx) != 1) { strerr = (char *) X509_verify_cert_error_string(ca_ctx.error); printf(Verification error: %s, strerr); } X509_STORE_free(CAcerts); X509_free(cert); return 0; } obviously root_cert_data[] and cert.pem have to be replaced with your certs. Compilated as gcc -Wall x509.c -o x509 -lssl -lcrypto after execution I receive this error : Verification error: certificate signature failure Even if I try to verify my certificate by mean command line tool openssl verify -CAfile /home/frank/test/test-CA/calist.pem cert.pem The output is : cert.pem: OK Does anybody know where is the problem ? Thanks in advance, Francesco la Torre __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org
Re: Verify x509 certificate
On sab, 2008-08-02 at 00:21 +0200, .:: Francesco la Torre ::. wrote: self reply :-) I've added a callback function like this static int cb(int ok, X509_STORE_CTX *ctx){ char buf[256]; X509_NAME_oneline( X509_get_subject_name(ctx-current_cert),buf,256); printf(%s\n,buf); printf(error %d at %d depth lookup:%s\n,ctx-error, ctx-error_depth, X509_verify_cert_error_string(ctx-error)); /* Continue even if self signed */ if (ctx-error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1; ERR_clear_error(); return(ok); } One mistake is here even if there were not compilation error and also add this line to the main X509_STORE_set_verify_cb_func(ca_ctx,cb); the correct code block is : ... /* load CA cert store */ if (!(CAcerts = X509_STORE_new())) { printf (\nError1\n); } --- X509_STORE_set_verify_cb_func(CAcerts,cb); ... but the result is always the same : Not always the boring Verification error: certificate signature failure But a new strange error : /C=IT/ST=Italy/O=IIT-CNR/OU=lab18/CN=ubuntu-ser/[EMAIL PROTECTED] error 7 at 1 depth lookup:certificate signature failure Verification error: 0 I've tried to find any kind of reference for this kind of error but google returns not a very good help. In various forum/mailing list this is _classified_ as *quite strange* error ... is it possible ? Thanks in advance, Flt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to verify a certificate against several others
Hi Goetz, Thx again for your help, I finally found what was going wrong with my code. I was setting a flag to force CRL verification but I did not have a CRL stored for the CA. Now everything is running well. Thx again for your help. Regards ! -- Florian Manach NUMLOG [EMAIL PROTECTED] (+33)0130791616 Goetz Babin-Ebell a écrit : Hello Florian, --On Montag, Juli 09, 2007 09:25:01 +0200 Florian MANACH [EMAIL PROTECTED] wrote: I saw that it needs PEM format... but even if I convert the certs in PEM, links are created but my app still returns an error on verification. Hm. Try to store roots, intermediate certs and CRLs in the same directory, download the server cert and do a c_rehash ./allcerts openssl verify -CApath ./allcerts server.pem (optionally with -crl_check and -purpose ...) If that succeeds, your certs are correct and the bug must be in your code. (It may be possible that CA cert files and CRL files must be handled in the same lookup.) Bye Goetz __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to verify a certificate against several others
Hi Goetz, I saw that it needs PEM format... but even if I convert the certs in PEM, links are created but my app still returns an error on verification. Thx again for your help. -- Florian Manach NUMLOG [EMAIL PROTECTED] (+33)0130791616 Goetz Babin-Ebell a écrit : Hello Florian, --On Freitag, Juli 06, 2007 09:14:41 +0200 Florian MANACH [EMAIL PROTECTED] wrote: OK I see but It's always not working after c_rehash ./root c_rehash ./certs c_rehash ./crls Oups: --On Donnerstag, Juli 05, 2007 14:55:59 +0200 Florian MANACH [EMAIL PROTECTED] wrote: X509_LOOKUP_add_dir(lookup,./roots,X509_FILETYPE_ASN1) /* Certs in DER */ c_rehash requires certificates stored in PEM format... If you really need the certificates stored in DER, you must reimplement c_rehash for DER stored certificates. Bye Goetz __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to verify a certificate against several others
Hello Florian, --On Montag, Juli 09, 2007 09:25:01 +0200 Florian MANACH [EMAIL PROTECTED] wrote: I saw that it needs PEM format... but even if I convert the certs in PEM, links are created but my app still returns an error on verification. Hm. Try to store roots, intermediate certs and CRLs in the same directory, download the server cert and do a c_rehash ./allcerts openssl verify -CApath ./allcerts server.pem (optionally with -crl_check and -purpose ...) If that succeeds, your certs are correct and the bug must be in your code. (It may be possible that CA cert files and CRL files must be handled in the same lookup.) Bye Goetz -- DMCA: The greed of the few outweights the freedom of the many pgpgDXv4Qnwp7.pgp Description: PGP signature
Re: How to verify a certificate against several others
OK I see but It's always not working after c_rehash ./root c_rehash ./certs c_rehash ./crls -- Florian Manach NUMLOG [EMAIL PROTECTED] (+33)0130791616 Goetz Babin-Ebell a écrit : Hello Florian, --On Donnerstag, Juli 05, 2007 17:59:01 +0200 Florian MANACH [EMAIL PROTECTED] wrote: No, I didn't even know that function. What does it do ? It loads all certificate files (and CRL files) in the directory and generates a short 4 byte hash from the common name of the cert. Then it creates a link with the hash as file name pointing to the certificate file. The lookup hash_dir searches the issuer of a certificate by calculating the hash on the issuer name. Then it searchs for a file with this 4 byte hash as file name and loads the cert in it. There is some more black magic in it (to handle hash collisions) but basically that is it. So to find the issuer of a certificate, LOOKUP_hash_dir() *needs* the data generated by the c_rehash command on that directory. (adding and removing certificates require a new run of c_rehash) Bye Goetz __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to verify a certificate against several others
Hello Florian, --On Freitag, Juli 06, 2007 09:14:41 +0200 Florian MANACH [EMAIL PROTECTED] wrote: OK I see but It's always not working after c_rehash ./root c_rehash ./certs c_rehash ./crls Oups: --On Donnerstag, Juli 05, 2007 14:55:59 +0200 Florian MANACH [EMAIL PROTECTED] wrote: X509_LOOKUP_add_dir(lookup,./roots,X509_FILETYPE_ASN1) /* Certs in DER */ c_rehash requires certificates stored in PEM format... If you really need the certificates stored in DER, you must reimplement c_rehash for DER stored certificates. Bye Goetz -- DMCA: The greed of the few outweights the freedom of the many pgpCghImUogAF.pgp Description: PGP signature
How to verify a certificate against several others
Hi, I'm trying to devellop an app which should be able to verify if a certificate might be trusted. I have a directory where I store CA root certificates. I want my app to check if a certificate is signed by the mentioned CA on the ISSUER field. In order to do this, it might look on this directory and check if it can find the root certificate of the CA who signed the certificate. I use this code (I removed the error processing for the mail): lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir()) X509_LOOKUP_add_dir(lookup,./roots,X509_FILETYPE_ASN1) /* Certs in DER */ verify_ctx=X509_STORE_CTX_new() X509_STORE_CTX_init(verify_ctx,store,cert,NULL) X509_verify_cert(verify_ctx) It never returns 1. Does anybody have an idea ? Regards -- Florian Manach NUMLOG [EMAIL PROTECTED] (+33)0130791616 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to verify a certificate against several others
--On Donnerstag, Juli 05, 2007 14:55:59 +0200 Florian MANACH [EMAIL PROTECTED] wrote: I have a directory where I store CA root certificates. I want my app to check if a certificate is signed by the mentioned CA on the ISSUER field. In order to do this, it might look on this directory and check if it can find the root certificate of the CA who signed the certificate. I use this code (I removed the error processing for the mail): [...] It never returns 1. Does anybody have an idea ? did you run c_rehash on the directory ? Bye Goetz -- DMCA: The greed of the few outweights the freedom of the many pgpSVxlE6KZZz.pgp Description: PGP signature
Re: How to verify a certificate against several others
No, I didn't even know that function. What does it do ? -- Florian Manach NUMLOG [EMAIL PROTECTED] (+33)0130791616 Goetz Babin-Ebell a écrit : --On Donnerstag, Juli 05, 2007 14:55:59 +0200 Florian MANACH [EMAIL PROTECTED] wrote: I have a directory where I store CA root certificates. I want my app to check if a certificate is signed by the mentioned CA on the ISSUER field. In order to do this, it might look on this directory and check if it can find the root certificate of the CA who signed the certificate. I use this code (I removed the error processing for the mail): [...] It never returns 1. Does anybody have an idea ? did you run c_rehash on the directory ? Bye Goetz __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to verify a certificate against several others
Hello Florian, --On Donnerstag, Juli 05, 2007 17:59:01 +0200 Florian MANACH [EMAIL PROTECTED] wrote: No, I didn't even know that function. What does it do ? It loads all certificate files (and CRL files) in the directory and generates a short 4 byte hash from the common name of the cert. Then it creates a link with the hash as file name pointing to the certificate file. The lookup hash_dir searches the issuer of a certificate by calculating the hash on the issuer name. Then it searchs for a file with this 4 byte hash as file name and loads the cert in it. There is some more black magic in it (to handle hash collisions) but basically that is it. So to find the issuer of a certificate, LOOKUP_hash_dir() *needs* the data generated by the c_rehash command on that directory. (adding and removing certificates require a new run of c_rehash) Bye Goetz -- DMCA: The greed of the few outweights the freedom of the many pgpqUjQn8mnRf.pgp Description: PGP signature
howto verify a certificate
Hi all, I have a bit strange Q: i've created a self-signed certificate (first i created a CA (root certificate) then created another certificate from it like that [http://www.tc.umn.edu/~brams006/selfsign.html]). but i can't find how will i verify that if the second certificate made from the root certificate. I've read lots of docs saying i have to use CA's public key. But what will i do with CA's public key, how can i use it on second certificate..? Any suggestion will be perfect. With Love, Jm.
Re: howto verify a certificate
Try this: openssl x509 -in filename.pem -text -noout You should see an issuer: statement that talks about the CA. \\Greg Jamie F. wrote: Hi all, I have a bit strange Q: i've created a self-signed certificate (first i created a CA (root certificate) then created another certificate from it like that [ http://www.tc.umn.edu/~brams006/selfsign.html] http://www.tc.umn.edu/%7Ebrams006/selfsign.html%5D). but i can't find how will i verify that if the second certificate made from the root certificate. I've read lots of docs saying i have to use CA's public key. But what will i do with CA's public key, how can i use it on second certificate..? Any suggestion will be perfect. With Love, Jm. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: howto verify a certificate
On Sat, Mar 17, 2007 at 05:08:06PM -0400, Greg Martin wrote: Try this: openssl x509 -in filename.pem -text -noout You should see an issuer: statement that talks about the CA. Rather depends on what the OP meant by verify, and what context this is to be performed. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Verify a Certificate
Hello, I have a secure connection with a buffered BIO, and after the connection is established, I want to verify (on th eClient) the Servers certificate with a Root-CA. How can I do this with openssl? thanks in advance Markus __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verify a Certificate
Hello, I have a secure connection with a buffered BIO, and after the connection is established, I want to verify (on th eClient) the Servers certificate with a Root-CA. How can I do this with openssl? With functions like: cert = SSL_get_peer_certificate(ssl); X509_STORE_load_locations(CAcerts, file, NULL) X509_STORE_CTX_init(ca_ctx, CAcerts, cert, NULL); X509_verify_cert(ca_ctx); Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verify a Certificate
On Mon, Feb 12, 2007, Marek Marcola wrote: Hello, I have a secure connection with a buffered BIO, and after the connection is established, I want to verify (on th eClient) the Servers certificate with a Root-CA. How can I do this with openssl? With functions like: cert = SSL_get_peer_certificate(ssl); X509_STORE_load_locations(CAcerts, file, NULL) X509_STORE_CTX_init(ca_ctx, CAcerts, cert, NULL); X509_verify_cert(ca_ctx); You would additionally have to set an appropriate purpose (SSL server typically) and include the whole chain, not just the peer certificate. That is handled automatically if verification is enabled on the SSL context itself. The host name should also be verified against the certificate. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
How to verify a certificate chain?
Hi, how can I verify multiple single DER-encoded certificates which I recieve from a gateway and which represent a cert-chain alltogether. I think this should be done like this (PseudoCode): foreach (cert from chain) check, if it was signed by the CA of the previous cert Check if one of the certs is a trusted one (ideally this should be the Root-CA?) I would appreciate any hints, which functions I could use for this. Thanks in advance Andreas __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to verify a certificate chain?
Andreas Hoffmann wrote: Hi, how can I verify multiple single DER-encoded certificates which I recieve from a gateway and which represent a cert-chain alltogether. I think this should be done like this (PseudoCode): foreach (cert from chain) check, if it was signed by the CA of the previous cert Check if one of the certs is a trusted one (ideally this should be the Root-CA?) This is much too easy. Usually you do not know anything about the order in which the certificates are presented, so it is more something like: Find the certificate of the end-entity (server or client). Until (actual_certificate in set of trusted certificates) do issuer_certificate=find_issuer_certificate(actual_certificate) check_signature(actual_certificate, issuer_certificate) exit_on_failure actual_certificate=issuer_certificate done There is additional complexity in finding the issuer certificate, for example there may be multiple issuer certificates for the actual certificate to be checked (so all pathes have to be evaluated). This is essential to cope with cross-certificates. A more detailed description of the algorithm for checking of certificate chains is in RFC 3280, Section 6: Certificate Path Validation. This is the way to do it, I would say. Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Unable to verify self-certificate
HI all, Please find the files rsa512.txt, ca.txt and self.txt attached. rsa512.txt is the private key, ca.txt is a CA certifciate from Entrust (Demonstration CA certificate) self.txt is the self-certificate that Entrust has issued. When Iam trying to use x509_verify_cert() function to verify the self-certificate, it returns error code 20. I did not understand the meaning of the error code. I have added the ca certificate (self-signed) to the context. Any help is highly appreciated. Regards Suram _ Get head hunted by 5000 tech recruiters. http://www.naukri.com/tieups/tieups.php?othersrcp=534 Post your CV on Naukri.com. -BEGIN CERTIFICATE- MIIDRzCCArCgAwIBAgIENgvf5jANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJV UzEQMA4GA1UEChMHRW50cnVzdDEvMC0GA1UECxMmRW50cnVzdCBQS0kgRGVtb25z dHJhdGlvbiBDZXJ0aWZpY2F0ZXMwHhcNOTgwOTI1MTc1NDM5WhcNMTgwOTI1MTgy NDM5WjBQMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRW50cnVzdDEvMC0GA1UECxMm RW50cnVzdCBQS0kgRGVtb25zdHJhdGlvbiBDZXJ0aWZpY2F0ZXMwgZ0wDQYJKoZI hvcNAQEBBQADgYsAMIGHAoGBAL+pMQrRaFfDjuIxLqlAlMY79IDt5oLRnaVjo4c3 st+yPVQk5lrHhIiMbCppgxcT6AxQ3So7Q1hayBoKGX97TW41LF/VCicKyw8PyGyC UeAVRD5i+s0pWNzZGuTIobIfamIW9alT6QbxeN/Lm4niNtnnqCfNz3ir3Rku642m XNf9AgEDo4IBLjCCASowEQYJYIZIAYb4QgEBBAQDAgAHMHIGA1UdHwRrMGkwZ6Bl oGOkYTBfMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRW50cnVzdDEvMC0GA1UECxMm RW50cnVzdCBQS0kgRGVtb25zdHJhdGlvbiBDZXJ0aWZpY2F0ZXMxDTALBgNVBAMT BENSTDEwKwYDVR0QBCQwIoAPMTk5ODA5MjUxNzU0MzlagQ8yMDE4MDkyNTE3NTQz OVowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFKZnhNL76J+7fmbkm+soDBHoWo1i MB0GA1UdDgQWBBSmZ4TS++ifu35m5JvrKAwR6FqNYjAMBgNVHRMEBTADAQH/MBkG CSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4GBAD7TWK/C MZRsEP3U9hrBgU+5wkcBbyGG/BgL1Qonso+jjPVLUpyvsVLGzwo4GPnfcZsl53HD +NgAVzqirK9qqhBmKZv3F51o4d7ZwEHEb+ruJr8djqVlTdFtvf+A9zbOa6P+tsQh MbdJKIUNqr3s19Nr5bpLW76DRrcgUqiXLoPr -END CERTIFICATE- -BEGIN CERTIFICATE- MIIDeTCCAuKgAwIBAgIEO5ufaDANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJV UzEQMA4GA1UEChMHRW50cnVzdDEvMC0GA1UECxMmRW50cnVzdCBQS0kgRGVtb25z dHJhdGlvbiBDZXJ0aWZpY2F0ZXMwHhcNMDUwMTIzMDUxNTAxWhcNMDUwMzIzMDU0 NTAxWjCBxjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VudHJ1c3QxLzAtBgNVBAsT JkVudHJ1c3QgUEtJIERlbW9uc3RyYXRpb24gQ2VydGlmaWNhdGVzMUUwQwYDVQQL EzxObyBMaWFiaWxpdHkgYXMgcGVyIGh0dHA6Ly9mcmVlY2VydHMuZW50cnVzdC5j b20vbGljZW5zZS5odG0xHjAcBgNVBAsTFUVudHJ1c3QvVlBOIENvbm5lY3RvcjEN MAsGA1UEAxMEYXNkZjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQClLLSFxaQxQ4HG qzfKp+8VJn3tWyNUrXi4DPf/opL951o0zeMXvNtG0pKidKBgpBrL2w5vH8r/sBxt FNuUOXMDAgMBAAGjggErMIIBJzAPBgNVHREECDAGhwSsEAI1MAsGA1UdDwQEAwIA oDArBgNVHRAEJDAigA8yMDA1MDEyMzA1NDUwMVqBDzIwMDUwMzA1MTI0NTAxWjB0 BgNVHR8EbTBrMGmgZ6BlpGMwYTELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VudHJ1 c3QxLzAtBgNVBAsTJkVudHJ1c3QgUEtJIERlbW9uc3RyYXRpb24gQ2VydGlmaWNh dGVzMQ8wDQYDVQQDEwZDUkwxMjkwHwYDVR0jBBgwFoAUc1Ky8vw9NwyqF99owA46 lu1WJbowHQYDVR0OBBYEFMDPh3jLDf+AKVWAHfy15jeQ0KAyMAkGA1UdEwQCMAAw GQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBLAwDQYJKoZIhvcNAQEFBQADgYEAT9by pIglYLqwZYTjnJysdLZfbIl3ytUinOUwOlpTKnpW76gA3rspOy0yVt3tlhGGm0hc 8fMv6gH/FfLy7oAwaTJpFKtyWEFRhTel/FWmIQCC2StnkbgcDOXFQYeZJoI0IjHK q7fIhjo5ppOmzGVgEf5mZ5rlkl0anrjYwx8bG6w= -END CERTIFICATE- -BEGIN RSA PRIVATE KEY- MIIBOwIBAAJBAKUstIXFpDFDgcarN8qn7xUmfe1bI1SteLgM9/+ikv3nWjTN4xe8 20bSkqJ0oGCkGsvbDm8fyv+wHG0U25Q5cwMCAwEAAQJAAem1oYL7dtKYUyuydrdh LnaGqNQQYa+soT0NNjm0yBn8Dw71a+uVB/n9s52xG8saBdtlGh6RTG5MdXhF7Jv8 CQIhAM/R7BhI5r1oXr8b/ayuYH6SkLqPG5OwCAMAzdqUpAK3AiEAy3fJrtqj4KG7 xtdH0yc7PXXcYuEjx6uIxNef6hpClhUCIF7buOJU1E18SFL/GckqRw0/JSSikbnV zbJhOZUd58b9AiEAv7Uk9TgSUlNw7p/mj8AWJAmJ1iyVHsuzeOxFQzjs5iUCIQDO Mr29AsmnbYxt/+kmNlnbv47ayQOnTh7q3shy2/v9uw== -END RSA PRIVATE KEY-
how do i use a CRL file to verify a certificate against?
i can verify a certificate against a root certificate, with openssl verify -CAfile root.ca rsacert.pem but how do i know that the certificate i try to verify has not been revoked? JonB __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: how do i use a CRL file to verify a certificate against?
You can't tell if it has been revoked. That's why they are 'trusted roots'. If you think your root ca has been compromised, that is when you usually hit the big red panic button and shut down the shop. -Original Message- From: Jon Bendtsen [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 21, 2004 9:39 AM To: [EMAIL PROTECTED] Subject: how do i use a CRL file to verify a certificate against? i can verify a certificate against a root certificate, with openssl verify -CAfile root.ca rsacert.pem but how do i know that the certificate i try to verify has not been revoked? JonB __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: how do i use a CRL file to verify a certificate against?
Den 21. sep 2004, kl. 15:43, skrev Lee Baydush: You can't tell if it has been revoked. That's why they are 'trusted roots'. If you think your root ca has been compromised, that is when you usually hit the big red panic button and shut down the shop. no no, it's not the root ca that has been revoked, but a certificate that was signed by the root ca. I would like to know if the certificate has been revoked, and i would expect i could verify against a CRL JonB __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: how do i use a CRL file to verify a certificate against?
Jon Bendtsen wrote: i can verify a certificate against a root certificate, with openssl verify -CAfile root.ca rsacert.pem but how do i know that the certificate i try to verify has not been revoked? At the risk of seeming to oversimply a VERY complicated issue: 1. You have been downloading Certificate Revocation Lists (CRLs) from the CA that issed the certificate, so you have a current CRL, and the serial number of the certificate in question does NOT appear on that CRL (this is one reason serial numbers must be unique). -or- 2. You conduct an Online Certificate Status Protocol (OCSP) transaction with the verfication point listed in the certificate. I suspect consulting the appropriate Internet RFC documents might be informative, although googling for OCSP and/or Certificate Revocation Lists would also bring in much info... Note that this must be done by the verifying party, which in most cases on the Internet is a web browser like IE or Netscape, so we don't have access to the source code and we are at the mercy of the software vendors as to how and when this is done. My sense at this point is that there is not a whole lot of OCSP being done out there (comments?) nor do end-users really religiously download CRLs, so the issue of revocation is a bit of an embarrasment for the PKI community as a whole. Maybe this is one of the reasons why PKI is three years out, and has been for the past five years... For our part, we are issuing fairly short-lived (1 year) end user certificates, knowing that if worst comes to worst, our losses are limited to one year's exposure. We hope that is good enough for a medium security PKI. -- Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: how do i use a CRL file to verify a certificate against?
ok. You get the CDP from the certificate, load the CRL from the CDP, verify the CRL against the root cert. to verify that the signature matches, it has not expired, etc. , then see if the cert's number is in the CRL. Check out the book 'OpenSSL' by O'Reilly. It walks you through all that, or you can examine some of the samples that call routines like X509_verify_cert(). -Original Message- From: Jon Bendtsen [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 21, 2004 9:50 AM To: [EMAIL PROTECTED] Subject: Re: how do i use a CRL file to verify a certificate against? Den 21. sep 2004, kl. 15:43, skrev Lee Baydush: You can't tell if it has been revoked. That's why they are 'trusted roots'. If you think your root ca has been compromised, that is when you usually hit the big red panic button and shut down the shop. no no, it's not the root ca that has been revoked, but a certificate that was signed by the root ca. I would like to know if the certificate has been revoked, and i would expect i could verify against a CRL JonB __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
you mean Network Security with OpenSSL ? RE: how do i use a CRL file to verify a certificate against?
Do you mean the book Network Security with OpenSSL Cryptography for Secure Communications ByJohnViega, MattMessier, PravirChandra June 2002 ISBN: 0-596-00270-X or is there another SSL book by O'Reilly? Network Security with OpenSSL is NOT an optional read if you work with this stuff. You can get it by subscribing to safari.oreilly.com, which is a great investment. Lee Baydush [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 09/21/2004 11:40 AM Please respond to openssl-users To: [EMAIL PROTECTED] cc: Subject: RE: how do i use a CRL file to verify a certificate against? ok. You get the CDP from the certificate, load the CRL from the CDP, verify the CRL against the root cert. to verify that the signature matches, it has not expired, etc. , then see if the cert's number is in the CRL. Check out the book 'OpenSSL' by O'Reilly. It walks you through all that, or you can examine some of the samples that call routines like X509_verify_cert(). -Original Message- From: Jon Bendtsen [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 21, 2004 9:50 AM To: [EMAIL PROTECTED] Subject: Re: how do i use a CRL file to verify a certificate against? Den 21. sep 2004, kl. 15:43, skrev Lee Baydush: You can't tell if it has been revoked. That's why they are 'trusted roots'. If you think your root ca has been compromised, that is when you usually hit the big red panic button and shut down the shop. no no, it's not the root ca that has been revoked, but a certificate that was signed by the root ca. I would like to know if the certificate has been revoked, and i would expect i could verify against a CRL JonB __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Windows does not have enough information to verify this certificate
Probably. Go to tools-internet options-content-certificates-personal Click view then certificate path Mark Liu [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 03/14/03 09:24 PM Please respond to openssl-users To:[EMAIL PROTECTED] cc: Subject:Windows does not have enough information to verify this certificate When we view a certificate issued by some CA, windows may tell us this: Windows does not have enough information to verify this certificate. What does this mean? Does it mean that I have not installed the CA cert as a trusted root CA? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Windows does not have enough information to verify this certificate
When we view a certificate issued by some CA, windows may tell us this: Windows does not have enough information to verify this certificate. What does this mean? Does it mean that I have not installed the CA cert as a trusted root CA? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: help needed! error trying to verify a certificate
Yes that was it. I was literally mailed ascii text that had to be saved to the server.crt file so I thought it was in PEM format, but apparently it's not. I successfully verified my certificate which was all I needed to do. Thanks! -Original Message- From: Richard Levitte - VMS Whacker [mailto:levitte;stacken.kth.se] Sent: Thursday, November 14, 2002 3:20 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: help needed! error trying to verify a certificate In message [EMAIL PROTECTED] on Wed, 13 Nov 2002 16:10:07 -0600, Mitchel, Jennifer (Jem) [EMAIL PROTECTED] said: mitchelj I am typing the command: ./openssl x509 -noout -text -in server.crt mitchelj mitchelj and I am getting the error: mitchelj mitchelj unable to load certificate mitchelj 19713:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:663:Expecting: TRUSTED CERTIFICATE OpenSSL expects PEM (ASCII) format by default. server.crt is probably in raw DER form, so you need to use the following command: ./openssl x509 -noout -text -in server.crt -inform d -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: help needed! error trying to verify a certificate
Mitchel, Jennifer (Jem) wrote: I have generated my key pair. I have generated my certificate signing request sent it to my CA and gotten my certificate back... I named it server.crt I am trying to use ssl to verify the certificate. I have the key pair, csr server.crt all in install/bin so no other path is needed to the files. I am typing the command: ./openssl x509 -noout -text -in server.crt and I am getting the error: unable to load certificate 19713:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:663:Expecting: TRUSTED CERTIFICATE Can someone tell me what it is I'm missing. It might not be this simple, but could you check to see that the certificate file is readable and has the appropriate start line (which is what the code is complaining about)? A certificate in PEM format looks like this: -BEGIN CERTIFICATE- MIIDjjCCAvegAwIBAgIDAKqqMA0GCSqGSIb3DQEBBAUAMIGKMQswCQYDVQQGEwJV UzERMA8GA1UECBMITWFyeWxhbmQxGTAXBgNVBAoTEFVNQ1AvT0lUL1RTUy9FSVMx MDAuBgNVBAMTJ1VNQ1AvT0lUL1RTUy9FSVMgU2VsZlNpZ25lZCBDQSAoY2VydCBB KTEbMBkGCSqGSIb3DQEJARYMemJlbkB1bWQuZWR1MB4XDTAyMDIyMTE4MjYxM1oX DTA3MDIyMDE4MjYxM1owgYwxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFu ZDEZMBcGA1UEChMQVU1DUC9PSVQvVFNTL0VJUzEyMDAGA1UEAxMpVU1DUC9PSVQv VFNTL0VJUyBJbnRlcm1lZGlhdGUgQ0EgKGNlcnQgQikxGzAZBgkqhkiG9w0BCQEW DHpiZW5AdW1kLmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy1aSf+oR KjdW4GuofJrnuRDwcGRmJ66uEZLwlvngQJpKvKMtirooG9JwRgH/MiQYzNZytj2C yCfwNbUpVB+hkf3ow82xJAk+qotM6+GGfsa5o2GPF2CyzkCi81jA9p/P9Zlmjx/2 04c2J68s5MC5PvGUyzHZN9Cz4Wmw3HwVzakCAwEAAaOB/TCB+jAdBgNVHQ4EFgQU I8XlxJOCRIGw/kvMKhvOPqr6TRIwgbcGA1UdIwSBrzCBrIAUmi04P8/gAUxR7/Hc OTlGa2rXu0ehgZCkgY0wgYoxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFu ZDEZMBcGA1UEChMQVU1DUC9PSVQvVFNTL0VJUzEwMC4GA1UEAxMnVU1DUC9PSVQv VFNTL0VJUyBTZWxmU2lnbmVkIENBIChjZXJ0IEEpMRswGQYJKoZIhvcNAQkBFgx6 YmVuQHVtZC5lZHWCAQAwDAYDVR0TBAUwAwEB/zARBglghkgBhvhCAQEEBAMCAgQw DQYJKoZIhvcNAQEEBQADgYEAEipQP8YEZOZdWuZXhvleKlscEXrSbLs9qzdfxMTB 0uulvLBba+QwaTUyTmbeCgTD3Rjib12o0VX8jEJospiMnZmPaj/4fy3rULTFhvBY Kl309wj7a2lfbJF/6ip5xr1pHgPEGFAZbSGygOibuuHsIeb3HA0YWa6H3UJlFVuU n8A= -END CERTIFICATE- If the certificate is a jumble of binary data try adding -inform der in case the cert is in der format: ./openssl x509 -noout -text -inform der -in server.crt It is easy to translate between the two formats using much the same command: der to pem: ./openssl x509 -inform der -outform pem -in infile -out outfile pem to der: ./openssl x509 -inform pem -outform der -in infile -out outfile (actually pem is the default for inform and outform) This might be important later when you try to use the certificate, as the server software may demand a different form than you have... -- Charles B. (Ben) Cranston mailto:zben;umd.edu http://www.wam.umd.edu/~zben __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Verify Client Certificate Error
Title: Verify Client Certificate Error Hello all, I installed a apache+mod_ssl+openSSL server, but it can't verify my client certificate. The server log is [01/Aug/2002 15:29:21 27838] [trace] Certificate Verification: depth: 1, subject : /CN=ChinaPay Publish System, issuer: /C=CN/CN=Chinapay Root CA [01/Aug/2002 15:29:21 27838] [error] Certificate Verification: Error (24): inval id CA certificate [01/Aug/2002 15:29:21 27838] [trace] OpenSSL: Write: SSLv3 read client certifica te B [01/Aug/2002 15:29:21 27838] [trace] OpenSSL: Exit: error in SSLv3 read client c ertificate B Why? I can use following command to verify my client cert: [root@localhost ssl.crt]# openssl verify -verbose -CApath `pwd` cli.crt cli.crt: OK My certificate's CA level is Chinapay Root CA | ChinaPay Publish System | My Client Cert Thank you!
verify client certificate
When I use verifycallback lik this: int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) { char buf[256]; X509 *err_cert; int err,depth; err_cert=X509_STORE_CTX_get_current_cert(ctx); err=X509_STORE_CTX_get_error(ctx); depth= X509_STORE_CTX_get_error_depth(ctx); X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256); printf("depth=%d %s\n",depth,buf); if (!ok) { printf("verify error:num=%d:%s\n",err, X509_verify_cert_error_string(err)); if (verify_depth = depth) { ok=1; verify_error=X509_V_OK; } else { ok=0; verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG; } } switch (ctx-error) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: X509_NAME_oneline(X509_get_issuer_name(ctx-current_cert),buf,256); printf("issuer= %s\n",buf); break; case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: printf("notBefore="); // printf(X509_get_notBefore(ctx-current_cert)); // BIO_printf(bio_err,"\n"); break; case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: printf("notAfter="); // ASN1_TIME_print(bio_err,X509_get_notAfter(ctx-current_cert)); // BIO_printf(bio_err,"\n"); break; } printf("verify return:%d\n",ok); return(ok); } but I got these message: verify error:num=20:unable to get local issuer certificate verify error:num=27:certificate not trusted verify error:num=21:unable to verify the first certificate How can I verify the client certificate? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: verify client certificate
On Tue, Sep 05, 2000 at 02:35:05PM -0400, [EMAIL PROTECTED] wrote: but I got these message: verify error:num=20:unable to get local issuer certificate verify error:num=27:certificate not trusted verify error:num=21:unable to verify the first certificate How can I verify the client certificate? You don't verify it, openssl already does it for you :-) At the time the callback was called, openssl (the x509 verify code to be more precise) already performed the verify and it met 3 errors. With these 3 errors your callback was called and it had to decide what to do: return "1" to continue the connection, return "0" to immediately shut down. For a certificate to be ferified "X509_V_OK", no verify error must be found. In your case, the peer did not send the CA certificate together with its own certificate and the certificate itself is not in your list of "trusted" CAs (which wouldn't make too much sense for a self signed certificate anyway). To solve your problems: - Make sure the client sends the certificate of the CA that issued the client certificate together with the client certificate. For this to work either add the CA to the CAfile (see below) or use the SSL_CTX_use_certificate_chain_file() function. - Add the CA certifcate to your list of trusted CAs (check the -CAfile and -CApath options to s_server.c to see how this is done. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: verify client certificate
On Tue, Sep 05, 2000 at 04:28:26PM -0400, [EMAIL PROTECTED] wrote: thanks a lot. but how to sends the certificate of the CA that issued the client certificate together with the client certificate. and I allready used the SSL_CTX_use_certificate_chain_file(ctx,CERTF); I used the s_client to connect to my serevr like: OpenSSL s_client -connect myserver:port -key \bamboo.pem -cert \bamboo.pem s_client does not use the certificate_chain_file() function. The difference is: - ..._use_certificate_chain_file() will read the client certificate as first certificate, then the CA certificate(s) from the same "bamboo.pem". I remember vaguely that there is a problem when the key is in the same file, but it is too late to check out :-) - ..._use_certificate_file() will only read the client certificate. In this case you must add the CA certificate(s) to the cacert.pem and use -CAfile cacert.pem. s_client will then collect the necessary additional CA certificates automatically. (Of course, your filenames can vary.) [*] - In any case, the same CA certificates must be available at the server side. If you use s_server, you must also make them available via the -CAfile directive (or -CApath). [*] There is a significant difference in that a CA that is used via the ...chain_file() function does not become trusted, while adding it via the CA options it becomes trusted as a side effect. (Whether this hurts you or not depends on your application.) Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Failure to verify client certificate
I'm curious: the SSL server code (s3_srvr.c, line 1677) sets an error of "no certificate returned" when the client's certificate fails verification. Why use this (rather misleading) error message? The equivalent client code (s3_clnt.c, line 764) uses the more intuitive error of "certificate verify failed". Thanks in advance Ollie King Data Connection Ltd __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]