FIPS 140-2 Security Policy

classic Classic list List threaded Threaded
20 messages Options
Reply | Threaded
Open this post in threaded view
|

FIPS 140-2 Security Policy

Mike McEwen
I have a question about storage of private keys outside of the FIPS
module and about CSPs in general -


In section 4.1, Rules of Operation, rule 10 is given as:

"Secret or private keys that are input or output from an application
must be input or output in encrypted form using a FIPS approved algorithm".

What are the implications or this?
If keys are input in an encrypted form how do you decrypt them?
Doesn't the key you use to decrypt them have to be input into the
application in an encrypted form too, how do you ever input an
unencrypted key into your application to decrypt your encrypted keys?!

Is this rule implying that for your application to be FIPS 14-2
compliant you have to passphrase protect all your keys? Does a
passphrase not count as a key when input into your application?


Also in section 4.4, Critical Security Parameters, OpenSSH is given as
an example and it says:

"The persistent per-user CSPs (public and private keys) are stored in
the ~/.ssh/ subdirectory and the application enforces the presence of
appropriate permissions (private key owned by the user account and not
world readable or group writable)"

This doesn't mention any kind of encryption for the keys (I believe
encrypting private keys is optional in OpenSSH?).


So basically, what kind of protection do you have to have for private
keys and CSPs to conform to the security policy?


 - Mike.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: FIPS 140-2 Security Policy

Kyle Hamilton
This is my understanding of the rules, and I will freely admit that I
am probably not qualified to give an appropriate discourse on this.

The secret key that is used to encrypt a private key is generated from
the passphrase, which itself is not the secret key.  It is a "Key
Generator".

In order for the application to be FIPS-compliant, the private key
must never be exported (or written to disk) without being encrypted by
some approved encryption algorithm of some form.

4.4 is apparently expounding on how to properly handle (even
encrypted) private key material, regardless of whether it mentions
encryption of that key material or not -- appropriate logical security
mechanisms.  (OpenSSH is not, itself, FIPS-certified.  A version of
OpenSSH that used the FIPS-certified OpenSSL would not export
passphraseless private keys, and would refuse to accept an unencrypted
private key, under rule 4.1.10.)

Note that a key can be accessible to the system via a mechanism such
as Windows 2000's syskey floppy disk, or a FIPS-approved storage
module.  [It could theoretically even be accessible from an SSL/TLS
server, using a client (machine or service principal) certificate for
authentication, as long as the SSL/TLS session used only FIPS-approved
or FIPS-allowed algorithms, and the master server used a FIPS-approved
security system, was appropriately physically controlled, and a
passphrase or key disk required to restart it in the event of
failure.]

How far off am I?  (I would really like to know, as I'm working on a
project that would definitely benefit from FIPS compliance.)

-Kyle H

On 2/1/06, Mike McEwen <[hidden email]> wrote:

> I have a question about storage of private keys outside of the FIPS
> module and about CSPs in general -
>
>
> In section 4.1, Rules of Operation, rule 10 is given as:
>
> "Secret or private keys that are input or output from an application
> must be input or output in encrypted form using a FIPS approved algorithm".
>
> What are the implications or this?
> If keys are input in an encrypted form how do you decrypt them?
> Doesn't the key you use to decrypt them have to be input into the
> application in an encrypted form too, how do you ever input an
> unencrypted key into your application to decrypt your encrypted keys?!
>
> Is this rule implying that for your application to be FIPS 14-2
> compliant you have to passphrase protect all your keys? Does a
> passphrase not count as a key when input into your application?
>
>
> Also in section 4.4, Critical Security Parameters, OpenSSH is given as
> an example and it says:
>
> "The persistent per-user CSPs (public and private keys) are stored in
> the ~/.ssh/ subdirectory and the application enforces the presence of
> appropriate permissions (private key owned by the user account and not
> world readable or group writable)"
>
> This doesn't mention any kind of encryption for the keys (I believe
> encrypting private keys is optional in OpenSSH?).
>
>
> So basically, what kind of protection do you have to have for private
> keys and CSPs to conform to the security policy?
>
>
>  - Mike.
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

accepting self signed certs

Samy Thiyagarajan

hi..
My test server has a list of trusted CAs. Now i also want to accept connections requested by clients with self signed certificates. Any simple way to accept the self signed certs ?

Thanks in advance.
Samy
Reply | Threaded
Open this post in threaded view
|

RE: accepting self signed certs

konark

 

Hi Samy,

 

1.       If server ready to accept any unanimous certificate (certificate  need not be verified by the any of the server trusted CA’s ) like your case self signed client certificate ,There is no point of  asking client authentication.  If server is requested for client authentication client should send certificate which must be issued by one of the server trusted CA’s.

 

2.       Generally servers wont ask client authentication for general connection, when ever  client request for some critical resources then trough renegotiation server

 

Can ask client authentication . In this case client authentication is must it cant accept the self signed OR unanimous certificate.

 

Regards,

Konark

09342513592

 

***************************************************************************************

            This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!

-----Original Message-----
From: owner-
[hidden email] [mailto:owner-[hidden email]] On Behalf Of Samy Thiyagarajan
Sent: Thursday, February 02, 2006 6:02 PM
To:
[hidden email]
Subject: accepting self signed certs

 


hi..
My test server has a list of trusted CAs. Now i also want to accept connections requested by clients with self signed certificates. Any simple way to accept the self signed certs ?

Thanks in advance.
Samy

Reply | Threaded
Open this post in threaded view
|

self signed cert - error : unknown CA

Samy Thiyagarajan

Thanks konark.

When  I initialize my ctx i call the following functions..
#  SSL_CTX_set_verify()  with option SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT
#  SSL_CTX-set_client_CA_list( ctx, cafile)

things are fine when the client request for a connection with a certificate signed by one of the listed CAs (in the cafile)

For some reasons I also wish to accept self signed certs( user needs to decide to accept or not ).
So when a client comes up with a self signed cert , the server reports ' unknown ca ' error. I understand that this is b'coz it is not signed by trusted CA. All i want to know is what needs to be done on server side to accept the self signed.

I really appreciate ay kind of assistance.

Thanks
Samy









Konark <[hidden email]>

Sent by:
[hidden email]

02.02.2006 14:12

Please respond to
[hidden email]

To
[hidden email]
cc
Subject
RE: accepting self signed certs
Classification





 
Hi Samy,
 
1.       If server ready to accept any unanimous certificate (certificate  need not be verified by the any of the server trusted CA’s ) like your case self signed client certificate ,There is no point of  asking client authentication.  If server is requested for client authentication client should send certificate which must be issued by one of the server trusted CA’s.
 
2.       Generally servers wont ask client authentication for general connection, when ever  client request for some critical resources then trough renegotiation server
 
Can ask client authentication . In this case client authentication is must it cant accept the self signed OR unanimous certificate.
 
Regards,
Konark
09342513592
 
***************************************************************************************
            This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!
-----Original Message-----
From:
[hidden email] [mailto:[hidden email]] On Behalf Of Samy Thiyagarajan
Sent:
Thursday, February 02, 2006 6:02 PM
To:
[hidden email]
Subject:
accepting self signed certs

 

hi..

My test server has a list of trusted CAs. Now i also want to accept connections requested by clients with self signed certificates. Any simple way to accept the self signed certs ?


Thanks in advance.

Samy

Reply | Threaded
Open this post in threaded view
|

Re: self signed cert - error : unknown CA

Alain Damiral
For which reasons do you want to accept self signed certificates ?... I
do not understand why deactivating client authentication as Konark
suggested wouldn't be good enough.



Samy Thiyagarajan wrote:

>
> Thanks konark.
>
> When  I initialize my ctx i call the following functions..
> #  SSL_CTX_set_verify()  with option SSL_VERIFY_PEER |
> SSL_VERIFY_FAIL_IF_NO_PEER_CERT
> #  SSL_CTX-set_client_CA_list( ctx, cafile)
>
> things are fine when the client request for a connection with a
> certificate signed by one of the listed CAs (in the cafile)
>
> For some reasons I also wish to accept self signed certs( user needs
> to decide to accept or not ).
> So when a client comes up with a self signed cert , the server reports
> ' unknown ca ' error. I understand that this is b'coz it is not signed
> by trusted CA. All i want to know is what needs to be done on server
> side to accept the self signed.
>
> I really appreciate ay kind of assistance.
>
> Thanks
> Samy
>
>


--
Alain Damiral

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: self signed cert - error : unknown CA

Kyle Hamilton
Self-signed certificates are good for one thing, at least: They ensure
that subsequent transactions are with the same entity (the same
keypair is used), even if no other piece of data in the certificate is
trustworthy.

There is a callback that you can set for the "trust verification"
function, as the third parameter to SSL_[CTX_]set_verify().  See the
man page for it for details.

-Kyle H

On 2/2/06, Alain Damiral <[hidden email]> wrote:

> For which reasons do you want to accept self signed certificates ?... I
> do not understand why deactivating client authentication as Konark
> suggested wouldn't be good enough.
>
>
>
> Samy Thiyagarajan wrote:
>
> >
> > Thanks konark.
> >
> > When  I initialize my ctx i call the following functions..
> > #  SSL_CTX_set_verify()  with option SSL_VERIFY_PEER |
> > SSL_VERIFY_FAIL_IF_NO_PEER_CERT
> > #  SSL_CTX-set_client_CA_list( ctx, cafile)
> >
> > things are fine when the client request for a connection with a
> > certificate signed by one of the listed CAs (in the cafile)
> >
> > For some reasons I also wish to accept self signed certs( user needs
> > to decide to accept or not ).
> > So when a client comes up with a self signed cert , the server reports
> > ' unknown ca ' error. I understand that this is b'coz it is not signed
> > by trusted CA. All i want to know is what needs to be done on server
> > side to accept the self signed.
> >
> > I really appreciate ay kind of assistance.
> >
> > Thanks
> > Samy
> >
> >
>
>
> --
> Alain Damiral
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: self signed cert - error : unknown CA

Alain Damiral
Kyle Hamilton wrote:

>Self-signed certificates are good for one thing, at least: They ensure
>that subsequent transactions are with the same entity (the same
>keypair is used), even if no other piece of data in the certificate is
>trustworthy.
>
Doesn't Diffie-Hellman key exchange ensure that this is true even with
no certificate authentication at all ? (Maybe not with a null cipher ?)

--
Alain Damiral

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: self signed cert - error : unknown CA

Peter Sylvester-3
In reply to this post by Alain Damiral

One needs to call a verify call back and set an appropriate
return code. The server might well accept things and give a temporary
and lmimitred access,
the self signed cert can be stored, an admin validates, etc. It can also
be that the server is
actually a person that accepts or not..


Alain Damiral wrote:

> For which reasons do you want to accept self signed certificates ?...
> I do not understand why deactivating client authentication as Konark
> suggested wouldn't be good enough.
>
>
>
> Samy Thiyagarajan wrote:
>
>>
>> Thanks konark.
>>
>> When  I initialize my ctx i call the following functions..
>> #  SSL_CTX_set_verify()  with option SSL_VERIFY_PEER |
>> SSL_VERIFY_FAIL_IF_NO_PEER_CERT
>> #  SSL_CTX-set_client_CA_list( ctx, cafile)
>>
>> things are fine when the client request for a connection with a
>> certificate signed by one of the listed CAs (in the cafile)
>>
>> For some reasons I also wish to accept self signed certs( user needs
>> to decide to accept or not ).
>> So when a client comes up with a self signed cert , the server
>> reports ' unknown ca ' error. I understand that this is b'coz it is
>> not signed by trusted CA. All i want to know is what needs to be done
>> on server side to accept the self signed.
>>
>> I really appreciate ay kind of assistance.
>>
>> Thanks
>> Samy
>>
>>
>
>

--
To verify the signature, see http://edelpki.edelweb.fr/ 
Cela vous permet de charger le certificat de l'autorité;
die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.


smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: self signed cert - error : unknown CA

Kyle Hamilton
In reply to this post by Alain Damiral
Diffie-Hellman key exchange is a means of creating a session key in a
manner that's not easily reversible by an eavesdropper, not a means of
authentication.  The public/private keypair is the only means of
authenticating an anonymous third party as being that specific
anonymous third party, and not some interloper.  (See the Freenet
project for an example of this.)

You could, theoretically, use it as a means of authentication IF and
ONLY IF the public key stayed the same.  Generally, though, it's a
random large number.  (This is why DH requires a certificate, where
EDH doesn't -- EDH is random, where DH uses a public key that requires
[in the context of SSL] an X.509 certification.)

On 2/2/06, Alain Damiral <[hidden email]> wrote:

> Kyle Hamilton wrote:
>
> >Self-signed certificates are good for one thing, at least: They ensure
> >that subsequent transactions are with the same entity (the same
> >keypair is used), even if no other piece of data in the certificate is
> >trustworthy.
> >
> Doesn't Diffie-Hellman key exchange ensure that this is true even with
> no certificate authentication at all ? (Maybe not with a null cipher ?)
>
> --
> Alain Damiral
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: self signed cert - error : unknown CA

Alain Damiral
OK I understand.

By subsequent transactions I originally thought you meant during the
same session.

I apologize for diverting from the problem of the original poster.

Maybe I can redeem myself by pointing to the example callback function:
http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html

and suggest trying to use
http://www.openssl.org/docs/ssl/SSL_get_verify_result.html

then test for return value 18 = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
to deal with self signed certificates. Hope this is useful :)



Kyle Hamilton wrote:

>Diffie-Hellman key exchange is a means of creating a session key in a
>manner that's not easily reversible by an eavesdropper, not a means of
>authentication.  The public/private keypair is the only means of
>authenticating an anonymous third party as being that specific
>anonymous third party, and not some interloper.  (See the Freenet
>project for an example of this.)
>
>You could, theoretically, use it as a means of authentication IF and
>ONLY IF the public key stayed the same.  Generally, though, it's a
>random large number.  (This is why DH requires a certificate, where
>EDH doesn't -- EDH is random, where DH uses a public key that requires
>[in the context of SSL] an X.509 certification.)
>
>On 2/2/06, Alain Damiral <[hidden email]> wrote:
>
>  
>
>>Doesn't Diffie-Hellman key exchange ensure that this is true even with
>>no certificate authentication at all ? (Maybe not with a null cipher ?)
>>
>>--
>>Alain Damiral
>>
>>    
>>
>
>  
>

--
Alain Damiral

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: self signed cert - error : unknown CA

Kyle Hamilton
On 2/2/06, Alain Damiral <[hidden email]> wrote:

> OK I understand.
>
> By subsequent transactions I originally thought you meant during the
> same session.
>
> I apologize for diverting from the problem of the original poster.
>
> Maybe I can redeem myself by pointing to the example callback function:
> http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html
>
> and suggest trying to use
> http://www.openssl.org/docs/ssl/SSL_get_verify_result.html
>
> then test for return value 18 = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
> to deal with self signed certificates. Hope this is useful :)

static int my_verify_routine(int preverify, X509_CTX *certcontext)
{
  assert(preverify == 1 || preverify == 0);  // sanity check to point
out bugs in openssl
  if (preverify == 1) {
    // If the certificate passes the verify checks, allow it
    return 1;
  }
  switch (X509_STORE_CTX_get_error(certcontext)) {
    case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
      return 1;
    default:
      return 0;
  }
  /*NOTREACHED*/
  return 0;
}

  [...]
  SSL_CTX_set_verify(sslcontext, SSL_VERIFY_PEER | SSL_FAIL_IF_NO_PEER_CERT,
    my_verify_routine);
  [...]

if I understand how this is properly overridden with no additional
data stored in the SSL structure?  (There's precious little
documentation on the X509_STORE_CTX functions -- this is partly
obtained from the sample code in SSL_CTX_set_verify(3) manpage.)

-Kyle H
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Question on SSL_connect

Ambarish Mitra
On SSL_connect, the openssl documentation mentions that: "initiate the
TLS/SSL handshake with an TLS/SSL server"

I have created the client cert and loaded into the context with
"SSL_CTX_use_certificate_file" and the corresponding private key with
"SSL_CTX_use_PrivateKey_file". This association works since the the call
"SSL_CTX_check_private_key" succeeded.

In SSL_connect, does the client program send out the client certificate to
the server as a part of handshake?


Now, my server is Java based, and I do not have much idea on JVM keystores.
It looks like the keystore holds the CA cert and also the server cert. This
CA is also the one who issued the client cert.

I am getting an error "SSL_ERROR_SSL" with SSL_connect() returning <=0.

Under what circumstances does SSL_connect return this error?

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: self signed cert - error : unknown CA

Samy Thiyagarajan
In reply to this post by Kyle Hamilton

Good to see that the message had triggered a nice discussion. Now things are clear.

Thanks for all.
Samy








Kyle Hamilton <[hidden email]>

Sent by:
[hidden email]

03.02.2006 03:27

Please respond to
[hidden email]

To
[hidden email]
cc
Subject
Re: self signed cert - error : unknown CA
Classification





On 2/2/06, Alain Damiral <[hidden email]> wrote:
> OK I understand.
>
> By subsequent transactions I originally thought you meant during the
> same session.
>
> I apologize for diverting from the problem of the original poster.
>
> Maybe I can redeem myself by pointing to the example callback function:
> http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html
>
> and suggest trying to use
> http://www.openssl.org/docs/ssl/SSL_get_verify_result.html
>
> then test for return value 18 = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
> to deal with self signed certificates. Hope this is useful :)

static int my_verify_routine(int preverify, X509_CTX *certcontext)
{
 assert(preverify == 1 || preverify == 0);  // sanity check to point
out bugs in openssl
 if (preverify == 1) {
   // If the certificate passes the verify checks, allow it
   return 1;
 }
 switch (X509_STORE_CTX_get_error(certcontext)) {
   case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
     return 1;
   default:
     return 0;
 }

 /*NOTREACHED*/
 return 0;
}

 [...]
 SSL_CTX_set_verify(sslcontext, SSL_VERIFY_PEER | SSL_FAIL_IF_NO_PEER_CERT,
   my_verify_routine);
 [...]

if I understand how this is properly overridden with no additional
data stored in the SSL structure?  (There's precious little
documentation on the X509_STORE_CTX functions -- this is partly
obtained from the sample code in SSL_CTX_set_verify(3) manpage.)

-Kyle H
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: Question on SSL_connect

Chong Peng
In reply to this post by Ambarish Mitra

have you tried to call "ERR_error_string" to find out what exactly is going on? could be that the server and client are using different version of ssl.

-----Original Message-----
From: Ambarish Mitra [mailto:[hidden email]]
Sent: Friday, February 03, 2006 1:27 AM
To: [hidden email]
Subject: Question on SSL_connect


On SSL_connect, the openssl documentation mentions that: "initiate the
TLS/SSL handshake with an TLS/SSL server"

I have created the client cert and loaded into the context with
"SSL_CTX_use_certificate_file" and the corresponding private key with
"SSL_CTX_use_PrivateKey_file". This association works since the the call
"SSL_CTX_check_private_key" succeeded.

In SSL_connect, does the client program send out the client certificate to
the server as a part of handshake?


Now, my server is Java based, and I do not have much idea on JVM keystores.
It looks like the keystore holds the CA cert and also the server cert. This
CA is also the one who issued the client cert.

I am getting an error "SSL_ERROR_SSL" with SSL_connect() returning <=0.

Under what circumstances does SSL_connect return this error?

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Question on SSL_connect

Kyle Hamilton
In reply to this post by Ambarish Mitra
SSL_connect on the client will only send the client certificate if the
server requests it and sends a list of authority names it will accept,
AND the certificate is signed by one of those authority names.

SSL_ERROR_SSL is an error stating that an SSL session couldn't be
established, either because of 'no common cipher', or 'SSL/TLS version
mismatch', or something else that goes wrong in the initial handshake.
 See the relevant RFCs for more detail on what can go wrong.

-Kyle H

On 2/3/06, Ambarish Mitra <[hidden email]> wrote:

> On SSL_connect, the openssl documentation mentions that: "initiate the
> TLS/SSL handshake with an TLS/SSL server"
>
> I have created the client cert and loaded into the context with
> "SSL_CTX_use_certificate_file" and the corresponding private key with
> "SSL_CTX_use_PrivateKey_file". This association works since the the call
> "SSL_CTX_check_private_key" succeeded.
>
> In SSL_connect, does the client program send out the client certificate to
> the server as a part of handshake?
>
>
> Now, my server is Java based, and I do not have much idea on JVM keystores.
> It looks like the keystore holds the CA cert and also the server cert. This
> CA is also the one who issued the client cert.
>
> I am getting an error "SSL_ERROR_SSL" with SSL_connect() returning <=0.
>
> Under what circumstances does SSL_connect return this error?
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Question on SSL_connect

Peter Sylvester-3
Kyle Hamilton wrote:
> SSL_connect on the client will only send the client certificate if the
> server requests it and sends a list of authority names it will accept,
> AND the certificate is signed by one of those authority names.
>  
Well, the "AND" isn't exactly what SSL_connect does as far as I
remember. It is
in fact the responsibility of the application to set the certificate
that will be send,
and there are at least three ways to do so, as far as I remember (and
read the code
in s3_clnt.c

- When an application has set the cert/key with SSL_use_certificat and
  SSL_use_Private_key, then this will be used independently of what the
server
  requires. It must at least require a certificate, though.

- There is a call back that can select a ley/cert depending on the list
received
  from the server.

- There is an error code generated by SSL_connect which can be tested by
  SSL_want_x509_lookup to select an set a cert (or not).

Even if no cert is available the handshake continues, and may even
succeed if
the server allows it.

The answer to the first question below is "yes", as indicated.

As far as I remember, in some java contexts, one needs to set two different
stores, one for the server, and one for the clients. For the client the
store
(in whatever form, JKS for example), holds all the CA certs for which
the server will accept and validate client certs.

> SSL_ERROR_SSL is an error stating that an SSL session couldn't be
> established, either because of 'no common cipher', or 'SSL/TLS version
> mismatch', or something else that goes wrong in the initial handshake.
>  See the relevant RFCs for more detail on what can go wrong.
>
> -Kyle H
>
> On 2/3/06, Ambarish Mitra <[hidden email]> wrote:
>  
>> On SSL_connect, the openssl documentation mentions that: "initiate the
>> TLS/SSL handshake with an TLS/SSL server"
>>
>> I have created the client cert and loaded into the context with
>> "SSL_CTX_use_certificate_file" and the corresponding private key with
>> "SSL_CTX_use_PrivateKey_file". This association works since the the call
>> "SSL_CTX_check_private_key" succeeded.
>>
>> In SSL_connect, does the client program send out the client certificate to
>> the server as a part of handshake?
>>
>>
>> Now, my server is Java based, and I do not have much idea on JVM keystores.
>> It looks like the keystore holds the CA cert and also the server cert. This
>> CA is also the one who issued the client cert.
>>
>> I am getting an error "SSL_ERROR_SSL" with SSL_connect() returning <=0.
>>
>> Under what circumstances does SSL_connect return this error?
>>
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> User Support Mailing List                    [hidden email]
>> Automated List Manager                           [hidden email]
>>
>>    
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
>
>
>  

--
To verify the signature, see http://edelpki.edelweb.fr/ 
Cela vous permet de charger le certificat de l'autorité;
die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.


smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Sample Code ssl: Java Server, C client

Ambarish Mitra
In reply to this post by Chong Peng
Hi,

I need a sample (and basic) SSL client server application code, where the
server is implemented as a Java program, and the client is implemented as a
C or C++ program using openssl libraries.

The Java program can use a keystore in JKS format, while the C program can
use the certs generated by openssl itself. The programs should exchange
certificates, and one program should display the certificate that the other
has. [For the time being, just a prelim certificate exchange will do,
verification will be not required now.]

If anyone can provide such a sample application, or provide pointers for
this, it will be very helpful.


Ambarish.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Question on SSL_connect

Ambarish Mitra
In reply to this post by Chong Peng
Chong,

With response to your e-mail, I used ERR_error_string and this is the
output:

Error: [error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
unknown]


This is how I used it -- the error was in SSL_connect.

  err = SSL_connect (ssl);
  if (err <=0)
  {
    unsigned long ErrCode = ERR_get_error();
        char ErrBuf[120];
        ERR_error_string(ErrCode, ErrBuf);
        fprintf(stderr, "Error: [%s]\n", ErrBuf);  // This prints the above
output.
   }

Can anybody help me out please?

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]]On Behalf Of Chong Peng
Sent: Friday, February 03, 2006 10:31 PM
To: [hidden email]
Subject: RE: Question on SSL_connect



have you tried to call "ERR_error_string" to find out what exactly is going
on? could be that the server and client are using different version of ssl.

-----Original Message-----
From: Ambarish Mitra [mailto:[hidden email]]
Sent: Friday, February 03, 2006 1:27 AM
To: [hidden email]
Subject: Question on SSL_connect


On SSL_connect, the openssl documentation mentions that: "initiate the
TLS/SSL handshake with an TLS/SSL server"

I have created the client cert and loaded into the context with
"SSL_CTX_use_certificate_file" and the corresponding private key with
"SSL_CTX_use_PrivateKey_file". This association works since the the call
"SSL_CTX_check_private_key" succeeded.

In SSL_connect, does the client program send out the client certificate to
the server as a part of handshake?


Now, my server is Java based, and I do not have much idea on JVM keystores.
It looks like the keystore holds the CA cert and also the server cert. This
CA is also the one who issued the client cert.

I am getting an error "SSL_ERROR_SSL" with SSL_connect() returning <=0.

Under what circumstances does SSL_connect return this error?

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Question on SSL_connect

Kyle Hamilton
sslv3 alert certificate unknown means that the server needs to trust
the CA for issuing client certificates.  (The server is authenticating
fine, but it's likely that the server isn't sending information on
what CA it will accept a client certificate from, so the other side
sends an alert.  Either that, or the other side tries to send the
certificate anyway, and the local side can't verify it, so it
generates the alert.)  I'm not sure how you would go about doing so in
your particular program; you may wish to ask on the appropriate list.

For reference, as far as I can tell, the proper function that needs to
be called is SSL_CTX_set_client_CA_list(3), or
SSL_set_client_CA_list(3) if you want to do it on a
connection-by-connection basis.

-Kyle H

On 2/8/06, Ambarish Mitra <[hidden email]> wrote:

> Chong,
>
> With response to your e-mail, I used ERR_error_string and this is the
> output:
>
> Error: [error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
> unknown]
>
>
> This is how I used it -- the error was in SSL_connect.
>
>   err = SSL_connect (ssl);
>   if (err <=0)
>   {
>         unsigned long ErrCode = ERR_get_error();
>         char ErrBuf[120];
>         ERR_error_string(ErrCode, ErrBuf);
>         fprintf(stderr, "Error: [%s]\n", ErrBuf);  // This prints the above
> output.
>    }
>
> Can anybody help me out please?
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]]On Behalf Of Chong Peng
> Sent: Friday, February 03, 2006 10:31 PM
> To: [hidden email]
> Subject: RE: Question on SSL_connect
>
>
>
> have you tried to call "ERR_error_string" to find out what exactly is going
> on? could be that the server and client are using different version of ssl.
>
> -----Original Message-----
> From: Ambarish Mitra [mailto:[hidden email]]
> Sent: Friday, February 03, 2006 1:27 AM
> To: [hidden email]
> Subject: Question on SSL_connect
>
>
> On SSL_connect, the openssl documentation mentions that: "initiate the
> TLS/SSL handshake with an TLS/SSL server"
>
> I have created the client cert and loaded into the context with
> "SSL_CTX_use_certificate_file" and the corresponding private key with
> "SSL_CTX_use_PrivateKey_file". This association works since the the call
> "SSL_CTX_check_private_key" succeeded.
>
> In SSL_connect, does the client program send out the client certificate to
> the server as a part of handshake?
>
>
> Now, my server is Java based, and I do not have much idea on JVM keystores.
> It looks like the keystore holds the CA cert and also the server cert. This
> CA is also the one who issued the client cert.
>
> I am getting an error "SSL_ERROR_SSL" with SSL_connect() returning <=0.
>
> Under what circumstances does SSL_connect return this error?
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]