Guido Günther <a...@sigxcpu.org> writes: > It has a link: > > "I created a patch against openssl that allows to test this." -> > https://github.com/hannob/bignum-fuzz/blob/master/openssl-break-rsa-values.diff > > This allows to crash the matrix ssl server.
Ok, thanks. That looks like you can test it if you can setup a matrixssl server. Fair enough. I looked and found only one package in wheezy that uses matrixssl: (wheezy-amd64-default)root@prune:/home/brian# apt-cache rdepends libmatrixssl1.8 libmatrixssl1.8 Reverse Depends: libmatrixssl1.8-dev ipsvd So I installed ipvsd, and attempted to test using the provided sslio. I used 1024 bits just in case on the self signed certifcate, in the off chance this would improve compatability. === cut === (wheezy-amd64-default)root@prune:/home/brian# openssl req -x509 -newkey rsa:1024 -keyout key.pem -out cert.pem -nodes Generating a 1024 bit RSA private key ....................++++++ ....................................................................++++++ writing new private key to 'key.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:localhost Email Address []: (wheezy-amd64-default)root@prune:/home/brian# chmod 777 key.pem cert.pem (wheezy-amd64-default)root@prune:/home/brian# sslio -vvv -u brian -C cert.pem -K key.pem cat sslio[8259]: fatal: unable to read cert or key file: no error === cut === Any ideas why it isn't accepting my self signed certificate? Did I do something stupid? Some debugging information would be really nice. strace shows that it is reading both files. I imagine that once I get sslio working properly, I can run a SSL server with something like: tcpsvd localhost 8123 sslio -u brian -C cert.pem -K key.pem cat Currently this produces the same error as above. -- Brian May <b...@debian.org>
