where is PEM_read_bio_X509_AUX()

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

where is PEM_read_bio_X509_AUX()

CHOW Anthony

I am trying to do “openssl verify –CAfile server.pem” and the command hang.  When I debug, I see that after calling the function PEM_read_bio_X509_AUX in load_cert() it hangs.  

 

But I don’t seems to find this function in the OpenSSL tree. 

 

Any insight on this?  Thanks so much.

 

grep -rwn . -e "PEM_read_bio_X509_AUX"
Binary file ./libcrypto.a matches
./util/libeay.num:1541:PEM_read_bio_X509_AUX                   1959    EXIST::FUNCTION:
Binary file ./demos/easy_tls/test matches
Binary file ./libssl.a matches
./crypto/x509/by_file.c:143:            x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
Binary file ./crypto/x509/by_file.o matches
Binary file ./crypto/ts/ts_conf.o matches
./crypto/ts/ts_conf.c:102:    x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);
Binary file ./crypto/pem/pem_xaux.o matches
./ssl/ssl_rsa.c:705:    x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
Binary file ./ssl/ssl_rsa.o matches
./doc/crypto/pem.pod:20:PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX,
./doc/crypto/pem.pod:154: X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
Binary file ./test/rsa_test matches
Binary file ./test/ssltest matches
Binary file ./test/evp_extra_test matches
Binary file ./test/sha512t matches
Binary file ./test/ectest matches
Binary file ./test/randtest matches
Binary file ./test/ecdhtest matches
Binary file ./test/evp_test matches
Binary file ./test/enginetest matches
Binary file ./test/sha256t matches
Binary file ./test/dhtest matches
Binary file ./test/md4test matches
Binary file ./test/md5test matches
Binary file ./test/srptest matches
Binary file ./test/igetest matches
Binary file ./test/sha1test matches
Binary file ./test/shatest matches
Binary file ./test/rmdtest matches
Binary file ./test/mdc2test matches
Binary file ./test/verify_extra_test matches
Binary file ./test/ecdsatest matches
Binary file ./test/bntest matches
Binary file ./test/dsatest matches
Binary file ./test/exptest matches
Binary file ./test/v3nametest matches
Binary file ./test/hmactest matches
Binary file ./test/clienthellotest matches
Binary file ./apps/openssl matches
Binary file ./apps/apps.o matches
./apps/apps.c:896:        x = PEM_read_bio_X509_AUX(cert, NULL,


--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: where is PEM_read_bio_X509_AUX()

Wim Lewis-3

On Apr 18, 2016, at 6:11 PM, CHOW Anthony <[hidden email]> wrote:
> I am trying to do “openssl verify –CAfile server.pem” and the command hang.  When I debug, I see that after calling the function PEM_read_bio_X509_AUX in load_cert() it hangs.  
>  
> But I don’t seems to find this function in the OpenSSL tree.
>  
> Any insight on this?  Thanks so much.

The macros DECLARE_PEM_rw and IMPLEMENT_PEM_rw, which are defined in crypto/pem/pem.h, produce a bunch of functions for reading and writing structures in various ways (with a BIO, from a FILE *, from a string buffer, etc). In this case, I think the function you're looking at is produced by the macro invocation "IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)" in crypto/pem/pem_xaux.c.

Possibly it's hanging waiting to read something from stdin.



--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: where is PEM_read_bio_X509_AUX()

CHOW Anthony
thanks so much.  Let me look into .../crypto/pem/ directory.

-----Original Message-----
From: openssl-dev [mailto:[hidden email]] On Behalf Of Wim Lewis
Sent: Monday, April 18, 2016 7:05 PM
To: [hidden email]
Subject: Re: [openssl-dev] where is PEM_read_bio_X509_AUX()


On Apr 18, 2016, at 6:11 PM, CHOW Anthony <[hidden email]> wrote:
> I am trying to do “openssl verify –CAfile server.pem” and the command hang.  When I debug, I see that after calling the function PEM_read_bio_X509_AUX in load_cert() it hangs.  
>  
> But I don’t seems to find this function in the OpenSSL tree.
>  
> Any insight on this?  Thanks so much.

The macros DECLARE_PEM_rw and IMPLEMENT_PEM_rw, which are defined in crypto/pem/pem.h, produce a bunch of functions for reading and writing structures in various ways (with a BIO, from a FILE *, from a string buffer, etc). In this case, I think the function you're looking at is produced by the macro invocation "IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)" in crypto/pem/pem_xaux.c.

Possibly it's hanging waiting to read something from stdin.



--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: where is PEM_read_bio_X509_AUX()

Viktor Dukhovni
In reply to this post by CHOW Anthony
[ Redirecting to [hidden email] ]

On Tue, Apr 19, 2016 at 01:11:38AM +0000, CHOW Anthony wrote:

> I am trying to do “openssl verify –CAfile server.pem” and the command hang.

It is supposed to hang (reading standard input) when (incorrectly)
invoked this way.  You've left out the CAfile filename.  The correct
way to verify a certificate is:

    $ trusted=ta.pem
    $ untrusted=intermediate.pem
    $ subject=server.pem
    $ openssl verify -CAfile $trusted -untrusted $untrusted $subject

where

 * "ta.pem" contains your trust-anchor (root CA) certificates,
 * "intermediate.pem" contains any intermediate certificates needed to
    build a trust path from a root down to the server certificate,
 * "server.pem" contains the subject certificate to be verified.

Leave out the "-untrusted $untrusted" option if you're verifying
a certificate that is directly issued by a trust-anchor.

With a sufficiently recent version of OpenSSL replace "-CAfile
$trusted" with "-trusted $trusted" to make sure you're not
inadvertently using any of the default trust-anchors installed on
your system.

--
        Viktor.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: where is PEM_read_bio_X509_AUX()

CHOW Anthony
In reply to this post by CHOW Anthony

Actually, I did it wrong.  Now I get it.  I am able to use the openssl in /user/bin to verify a certificate.

 

However, if I compile and install another version in /opt/openssl-1.0.2g/bin/openssl, I am not able to get the issuer’s certificate.  I think some trusted certificate is store somewhere in Ubuntu 14.04.  How can I reference them from my version in /opt/openssl-1.0.2g/bin/openssl?

 

The error is from X509_verify_cert():  error 2 at 1 depth lookup: unable to get issuer certificate

 

Thanks for the information,

 

Anthony.

 

From: openssl-dev [mailto:[hidden email]] On Behalf Of CHOW Anthony
Sent: Monday, April 18, 2016 6:12 PM
To: [hidden email]
Subject: [openssl-dev] where is PEM_read_bio_X509_AUX()

 

I am trying to do “openssl verify –CAfile server.pem” and the command hang.  When I debug, I see that after calling the function PEM_read_bio_X509_AUX in load_cert() it hangs.  

 

But I don’t seems to find this function in the OpenSSL tree. 

 

Any insight on this?  Thanks so much.

 

grep -rwn . -e "PEM_read_bio_X509_AUX"
Binary file ./libcrypto.a matches
./util/libeay.num:1541:PEM_read_bio_X509_AUX                   1959    EXIST::FUNCTION:
Binary file ./demos/easy_tls/test matches
Binary file ./libssl.a matches
./crypto/x509/by_file.c:143:            x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
Binary file ./crypto/x509/by_file.o matches
Binary file ./crypto/ts/ts_conf.o matches
./crypto/ts/ts_conf.c:102:    x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);
Binary file ./crypto/pem/pem_xaux.o matches
./ssl/ssl_rsa.c:705:    x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
Binary file ./ssl/ssl_rsa.o matches
./doc/crypto/pem.pod:20:PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX,
./doc/crypto/pem.pod:154: X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
Binary file ./test/rsa_test matches
Binary file ./test/ssltest matches
Binary file ./test/evp_extra_test matches
Binary file ./test/sha512t matches
Binary file ./test/ectest matches
Binary file ./test/randtest matches
Binary file ./test/ecdhtest matches
Binary file ./test/evp_test matches
Binary file ./test/enginetest matches
Binary file ./test/sha256t matches
Binary file ./test/dhtest matches
Binary file ./test/md4test matches
Binary file ./test/md5test matches
Binary file ./test/srptest matches
Binary file ./test/igetest matches
Binary file ./test/sha1test matches
Binary file ./test/shatest matches
Binary file ./test/rmdtest matches
Binary file ./test/mdc2test matches
Binary file ./test/verify_extra_test matches
Binary file ./test/ecdsatest matches
Binary file ./test/bntest matches
Binary file ./test/dsatest matches
Binary file ./test/exptest matches
Binary file ./test/v3nametest matches
Binary file ./test/hmactest matches
Binary file ./test/clienthellotest matches
Binary file ./apps/openssl matches
Binary file ./apps/apps.o matches
./apps/apps.c:896:        x = PEM_read_bio_X509_AUX(cert, NULL,


--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: where is PEM_read_bio_X509_AUX()

CHOW Anthony

Got it after – “cp /usr/lib/ssl/certs/* /opt/openssl-1.0.1e/certs”

 

J

 

From: openssl-dev [mailto:[hidden email]] On Behalf Of CHOW Anthony
Sent: Monday, April 18, 2016 10:44 PM
To: [hidden email]
Subject: Re: [openssl-dev] where is PEM_read_bio_X509_AUX()

 

Actually, I did it wrong.  Now I get it.  I am able to use the openssl in /user/bin to verify a certificate.

 

However, if I compile and install another version in /opt/openssl-1.0.2g/bin/openssl, I am not able to get the issuer’s certificate.  I think some trusted certificate is store somewhere in Ubuntu 14.04.  How can I reference them from my version in /opt/openssl-1.0.2g/bin/openssl?

 

The error is from X509_verify_cert():  error 2 at 1 depth lookup: unable to get issuer certificate

 

Thanks for the information,

 

Anthony.

 

From: openssl-dev [[hidden email]] On Behalf Of CHOW Anthony
Sent: Monday, April 18, 2016 6:12 PM
To: [hidden email]
Subject: [openssl-dev] where is PEM_read_bio_X509_AUX()

 

I am trying to do “openssl verify –CAfile server.pem” and the command hang.  When I debug, I see that after calling the function PEM_read_bio_X509_AUX in load_cert() it hangs.  

 

But I don’t seems to find this function in the OpenSSL tree. 

 

Any insight on this?  Thanks so much.

 

grep -rwn . -e "PEM_read_bio_X509_AUX"
Binary file ./libcrypto.a matches
./util/libeay.num:1541:PEM_read_bio_X509_AUX                   1959    EXIST::FUNCTION:
Binary file ./demos/easy_tls/test matches
Binary file ./libssl.a matches
./crypto/x509/by_file.c:143:            x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
Binary file ./crypto/x509/by_file.o matches
Binary file ./crypto/ts/ts_conf.o matches
./crypto/ts/ts_conf.c:102:    x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);
Binary file ./crypto/pem/pem_xaux.o matches
./ssl/ssl_rsa.c:705:    x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
Binary file ./ssl/ssl_rsa.o matches
./doc/crypto/pem.pod:20:PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX,
./doc/crypto/pem.pod:154: X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
Binary file ./test/rsa_test matches
Binary file ./test/ssltest matches
Binary file ./test/evp_extra_test matches
Binary file ./test/sha512t matches
Binary file ./test/ectest matches
Binary file ./test/randtest matches
Binary file ./test/ecdhtest matches
Binary file ./test/evp_test matches
Binary file ./test/enginetest matches
Binary file ./test/sha256t matches
Binary file ./test/dhtest matches
Binary file ./test/md4test matches
Binary file ./test/md5test matches
Binary file ./test/srptest matches
Binary file ./test/igetest matches
Binary file ./test/sha1test matches
Binary file ./test/shatest matches
Binary file ./test/rmdtest matches
Binary file ./test/mdc2test matches
Binary file ./test/verify_extra_test matches
Binary file ./test/ecdsatest matches
Binary file ./test/bntest matches
Binary file ./test/dsatest matches
Binary file ./test/exptest matches
Binary file ./test/v3nametest matches
Binary file ./test/hmactest matches
Binary file ./test/clienthellotest matches
Binary file ./apps/openssl matches
Binary file ./apps/apps.o matches
./apps/apps.c:896:        x = PEM_read_bio_X509_AUX(cert, NULL,


--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev