Did you do an "nmake clean" after switching to the correct compiler? You need
to get rid of those 32-bit objects, or you'll continue to have a machine-type
mismatch.
--
Michael Wojcik
Rocket Software
Rocket Software, Inc. and subsidiaries ■ 7
ly only looking at the current LTS release.
IBM i would be big-endian POWER too, but I don't know off the top of my head if
OpenSSL 3 even has a configuration stanza for i.
--
Michael Wojcik
Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Waltham MA 02
s on
this platform than are required by the ISA or enforced by other languages and
compilers, and some members of the GCC team are a bit notorious for their ...
enthusiasm ... in justifying this position.
We have not yet attempted to raise this as a GCC bug, because, well, I've read
those discussions in the GCC forums.
--
Michael Wojcik
ure to install updates to the OS or major software
packages such as Microsoft Office long after those updates are released, but
that's a less-common vector.
HTTPS compromise is statistically insignificant. In the vast majority of cases,
the dangers with HTTPS are what people use it for -- online shopping at sites
with poor security, for example, or downloading malicious software -- not with
the channel itself.
--
Michael Wojcik
hazard hodgepodge of accumulating software of uncertain provenance and
little trustworthiness into enormous systems with unpredictable behavior and
failure modes. I'm not sure OpenSSL versions should be particularly high on
anyone's priority list.
What are you actually trying to accomplish? What's your task? Your threat model?
--
Michael Wojcik
> From: openssl-users On Behalf Of raf via
> openssl-users
> Sent: Friday, 4 November, 2022 18:54
>
> On Wed, Nov 02, 2022 at 06:29:45PM +, Michael Wojcik via openssl-users
> wrote:
>
> >
> > I'm inclined to agree. While there's an argum
ow his environment configures it.
GCC often appears to have adopted "too clever by half" as a design goal.
--
Michael Wojcik
omplete message in bounded time (FPL Theorem
applies). SHUT_RD does not signal the peer, so the peer can still get a RST if
it continues to send. Perhaps I'm missing something, but I don't see what
failure mode is being avoided by using SHUT_RD.
--
Michael Wojcik
in particular cancel requests by closing (or, unfortunately, aborting)
the connection all the time.
> I would guess that many don’t and just don’t see the
> RST thing frequently enough to worry about it. Regardless, the documentation
> is already pretty voluminous, so if this doesn’t bite many folks, then hey.
Yes, but wiki articles are always appreciated.
--
Michael Wojcik
rinciple. So most applications try to be
accommodating. There's even an OpenSSL flag to ignore the case where a peer
closes without sending a close-notify, in case you run into one of those and
want to suppress the error.
--
Michael Wojcik
ntext of a threat model. I don't
see a plausible threat model where these should matter to a client-side end
user.
--
Michael Wojcik
of SSL was "just be a duplex bytestream service for the
application", i.e. be socket-like; but that abstraction proved to be rather
leaky. Much as sockets themselves are a leaky abstraction once you try to do
anything non-trivial.
--
Michael Wojcik
nearly a quarter of a century ago. OpenSSL 1.x is younger
than C99. It doesn't seem like an unreasonable requirement.
But as Tomas wrote, anyone who thinks it is can submit a pull request.
--
Michael Wojcik
u'd expect. Note that on
UNIXy systems this means you should have set the disposition of SIGPIPE to
SIG_IGN to avoid being signaled, but all well-written UNIX programs should do
that anyway. (SIGPIPE, as Dennis Ritchie noted many years ago, was always
intended as a failsafe for poorly-written programs that fail to check for
errors when writing.)
--
Michael Wojcik
. Building OpenSSL
is often not trivial, so particularly if you run into problems, the thing to do
is actually read those files and understand the build process. Or find someone
else who's done it for the the platform you're working with, and ask them.
--
Michael Wojcik
g to be a bit tough to
determine on Windows. ProcMon, maybe? And it's curious that the OpenSSL error
stack is empty, but without being able to debug you probably couldn't track
that down, short of instrumenting a bunch of the OpenSSL code.
--
Michael Wojcik
> From: David Harris
> Sent: Friday, 21 October, 2022 01:42
>
> On 20 Oct 2022 at 20:04, Michael Wojcik wrote:
>
> > I think more plausible causes of this failure are things like OpenSSL
> > configuration and interference from other software such as an endpoint
> &g
*really* looks like
network-stack-level interference, from a firewall or similar mechanism.
Personally, if I ran into this, I'd just build OpenSSL for debug and debug into
it. But I know that's not everyone's cup of tea.
--
Michael Wojcik
accomplish whatever your goal is. OpenSSL
may not even be a particularly good solution for you. You haven't given us
enough information to go on.
--
Michael Wojcik
Windows...": find + xargs
+ grep would be the usual choice to find the definition, but as I already noted
that's in WinNT.h. If that's not what you mean, then your question is unclear.
--
Michael Wojcik
wberry Perl. It's free, and trying it would not take long.
--
Michael Wojcik
ive letters and backslashes, rather
than (sensible) POSIX-style ones.
--
Michael Wojcik
cro defined when including the various
Windows SDK headers.
--
Michael Wojcik
ation files are tied to *operations*, not to *entities*. You use the
configuration file appropriate for the operation, where an operation is
something like "requesting a CSR for a subordinate CA" or "signing a
certificate for a subordinate CA" or "signing a certificate for a non-CA
entity".
--
Michael Wojcik
cation.
(I didn't have the original application to go back to, in my case, and the
person I was working with is in another timezone and had left for the day.)
--
Michael Wojcik
Distinguished Engineer, Application Modernization and Connectivity
> From: openssl-users On Behalf Of Michael
> Ströder via openssl-users
> Sent: Sunday, 18 September, 2022 04:27
>
> On 9/18/22 06:09, Philip Prindeville wrote:
> >> On Sep 15, 2022, at 4:27 PM, Michael Wojcik via openssl-users us...@openssl.org> wrote:
> >&
a "best practice" (and, for that matter, the extent to which file permissions
constitute evidence of such a violation), much less whether an application
should fail in some manner when it's detected, is certainly debatable.
--
Michael Wojcik
xic under your threat model.
It's entirely possible I'm missing something here, but my initial impression is
that these checks are of little value anyway. Can you explain what problem
you're trying to solve?
--
Michael Wojcik
the appropriate chain based on the cipher-suite list in the
ClientHello. That is, it will use the ECC certificate (probably ECDSA, though
EdDSA is becoming more common) if the client's cipher-suite list indicates it
supports the necessary algorithms.
--
Michael Wojcik
nce the PA-RISC days at least, quite possibly since the
68K/FOCUS days) - not just Itanium experience, that is, but some working
knowledge of the as program on that platform. I've battled through a bit of
Itanium assembly now and then myself. So I may be able to find someone who can
figure out where it's gone wrong.
--
Michael Wojcik
set too?
(Someone at HP clearly didn't get the memo about emitting useful error
messages. It's really not hard to wrap your message output to have a default
string when the catalog lookup fails. Right up there in the list of Why
Software Sucks, to use Platt's phrase.)
--
Michael Wojcik
me?
I've never had a problem just using a web search engine (DDG, in my case) to
search for past discussions on the list. It's not impossible that someone has a
searchable archive of it somewhere. (I also save messages that seem like they
might be particularly useful, but to be honest I rarely refer to my own
collection because a web search generally finds what I need.)
--
Michael Wojcik
> From: Michael Wojcik
> Sent: Friday, 1 April, 2022 15:41
> >
> > View results: https://github.com/openssl/openssl/actions/runs/2073285321
>
> I'll take a look when I get a chance to see if anything jumps out. I
> haven't had to deal with IPv6 raw or UDP pro
a look when I get a chance to see if anything jumps out. I haven't
had to deal with IPv6 raw or UDP programming in Windows yet, but I do a fair
bit with Windows networking development in general.
--
Michael Wojcik
> From: Michael Richardson
> Sent: Friday, 1 April, 2022 07:40
>
> Michael Wojcik wrote:
> > Actually, in the context of #if expressions, unrecognized tokens
> expand to 0 anyway:
>
> > After all replacements due to macro expansion and the defined un
> From: Michael Richardson
> Sent: Thursday, 31 March, 2022 14:18
>
> Michael Wojcik wrote:
> > #if defined OPENSSL_SYS_WINDOWS
> > # include
> > #else
> > # include
> > #endif
>
> But, don't all the OPENSSL_* macros
;
> Smells to me like someone has restricted network sockets in order to avoid
> being used as an attack system.
Yes, the EPERM certainly suggests that.
Are these running on Linux VMs? SELinux or similar in use, perhaps?
--
Michael Wojcik
p6_dst
So something like this might work:
#if defined OPENSSL_SYS_WINDOWS
# include
#else
# include
#endif
(Note C does not require the argument of the operator "defined" to be
parenthesized. Doing so just adds visual noise. ISO 9899-1999 6.10.1 #1.)
--
Michael Wojcik
, if that's to be done in
a portable way.
3542 is only Informational, but I'd expect most or all platforms with IPv6
support to conform to it.
--
Michael Wojcik
hen you'll need to create a new
root. You can do that using the same Subject DN (if you revoke the old root)
and Subject Key Identifier (SKID), which means your client systems can just
update their trust stores with the new certificate and your server certificates
should continue to work (until they expire).
--
Michael Wojcik
. (Part of the problem is the same information, in
different forms, on multiple pages; that's not ideal for prompt and consistent
updates. But overhauling the website would take yet more resources.)
openssl-users is a better channel if you want rapid notification, and a paid
support contract is better yet.
--
Michael Wojcik
> From: edr
> Sent: Friday, 11 March, 2022 03:59
>
> On 10.03.2022 20:27, Michael Wojcik wrote:
> > Personally, I'd be leery of using openssl ca for anything other than
> dev/test purposes, in which case frequent CRL generation seems unlikely to
> be a requirement.
ike most openssl subcommands, allows the use of an engine (or
provider in 3.0), which means in many cases it's possible to use an inexpensive
USB-attached HSM (via the pkcs11 engine) rather than having an on-disk key in
the first place. I did this some years ago as an experiment using a NitroKey
and it worked well.
--
Michael Wojcik
later, use the SSL_CTX_something function. If you only need to alter the
properties of an existing SSL object, use the SSL_something function.
This is a fundamental aspect of the OpenSSL API.
--
Michael Wojcik
But that's just a guess, and I
don't know how you'd fix it.
--
Michael Wojcik
> From: Dr. Matthias St. Pierre
> Sent: Monday, 6 December, 2021 07:53
> To: Michael Wojcik ; openssl-
>
>
> > "Comparable elegant" is underspecified.
>
> (I guess, "Comparably elegant" would have been grammatically more
> correct.)
I just
ain the same results using the
> `openssl s_client`
> tool?
"Comparable elegant" is underspecified.
Perhaps try testssl.sh (https://testssl.sh/)? It has various options for
reducing the number and types of tests it runs. We've used it for profiling
internal TLS-enabled servers.
--
Michael Wojcik
> From: Michael Wojcik
> Sent: Wednesday, 17 November, 2021 14:22
> To: openssl-users@openssl.org
> Subject: RE: “EC PUBLIC KEY”
>
> > From: openssl-users On Behalf Of
> Billy
> > Brumley
> > Sent: Wednesday, 17 November, 2021 12:40
> > To: openssl-use
> From: openssl-users On Behalf Of Billy
> Brumley
> Sent: Wednesday, 17 November, 2021 12:40
> To: openssl-users@openssl.org
> Subject: Re: “EC PUBLIC KEY”
>
> That's an ed25519 key. Not an ECC key. They are different formats, at
> both the OID and asn1 structure levels.
Oh, of course you're ri
N PUBLIC KEY", but it's an ECC public key in PEM
format.
This version of OpenSSL doesn't recognize "BEGIN EC PUBLIC KEY", but it'd be
trivial to script copying the key to a temporary file and editing the PEM
header and footer.
--
Michael Wojcik
u can use with
SSH on QNX. I don't work on that platform, and we don't know what possibilities
you've investigated.
--
Michael Wojcik
;crypto/dso/dso_dlfcn.c", line 400.24: 1506-022 (S) "ldinfo_next" is not a
> member of "struct ld_info".
Try editing the Makefile and adding -D_ALL_SOURCE to see if that fixes the
RTLD_MEMBER error. It might also have an effect on the ldr.h errors. If so, the
Configure entry for aix-cc might need an update.
--
Michael Wojcik
protocols, not on providing a toolkit for
researchers.
I've never used quictls (as I think QUIC is broadly undesirable for most
applications), but my understanding is that it's a fork of OpenSSL, so it's
probably not any better in that regard.
--
Michael Wojcik
at I was looking for.
--
Michael Wojcik
We'll be picking up 1.1.1l shortly, but I'd like to be able to clarify the
situation for management and customers.
--
Michael Wojcik
firewall appliances or
from application firewalls, IDSes, and so on. These sorts of issues are not
uncommon when there are load balancers, traffic-inspecting firewalls, or the
like interfering with network traffic.
--
Michael Wojcik
ntly preventing data and/or ACK reception by one
side or the other. That will also eventually lead to timeouts.
--
Michael Wojcik
> From: openssl-users On Behalf Of Jakob
> Bohm via openssl-users
> Sent: Monday, 23 August, 2021 04:40
>
> On 21/08/2021 19:42, Michael Wojcik wrote:
> >> From: rgor...@centerprism.com
> >> Sent: Saturday, 21 August, 2021 11:26
> >>
> >
./server/req.pem -out
> server_certificate.pem -notext -batch -extensions server_ca_extensions
Try it without -batch and with -verbose. And again I'd recommend
-create_serial, unless you have some strange requirement to control serial
numbers. Browsers in particular may be unhappy if your serial numbers don't
conform to the CA/BF Basic Requirements, and it's a pain trying to do that
manually.
--
Michael Wojcik
CSR doesn't contain the private key (the CA should never see
the private key), this is safe to share.
--
Michael Wojcik
o in the required time. Are you setting a
receive timeout (typically with SO_RCVTIMEO)? Are you setting SO_KEEPALIVE?
What about SO_KEEPALIVE_VALS? If you're not setting SO_KEEPALIVE_VALS, what are
KeepAliveTime and KeepAliveInterval set to in the Registry? (See the MSDN docs
for SO_KEEPALIVE.)
Has the system administrator analyzed the Windows event logs and the network
statistics? Has anyone looked at network traces when the problem is occurring?
--
Michael Wojcik
t believes you're using. So you may be using the wrong
Configure target, or that target may assume a different C compiler, or a newer
version of it.
--
Michael Wojcik
e GCC. I'm pretty sure we discovered this in our SPARC
product builds.
This, and some other platform issues (there's one with GCC optimization on x86
64-bit, the details of which escape me now), are things I keep hoping to find
time to dig into, but more-pressing work never seems to ease up.
--
Michael Wojcik
> From: openssl-users On Behalf Of Jakob
> Bohm via openssl-users
> Sent: Friday, 18 June, 2021 09:38
>
> On 2021-06-18 16:23, Michael Wojcik wrote:
>
> >> From: openssl-users On Behalf Of Jakob
> >> Bohm via openssl-users
> >> Sent: Friday, 18 June,
national
governments. That's just one example of an X.509-related mess that almost no
one pays attention to.)
In practice you can learn enough about it to diagnose most
certificate-validation problems. But it takes time and effort.
--
Michael Wojcik
am web servers -- since those programs are
often written to follow the CA/BF rules -- but try to make it clear that the
CA/BF doesn't control PKIX.
--
Michael Wojcik
Just realized I sent this directly to Graham instead of to the list.
-Original Message-
From: Michael Wojcik
Sent: Friday, 28 May, 2021 09:37
To: 'Graham Leggett'
Subject: RE: X509_verify_cert() rejects all trusted certs with "default"
X509_VERIFY_PARAM
> From: o
docs. If you don't need those APIs, these warnings are irrelevant.
--
Michael Wojcik
> From: Blumenthal, Uri - 0553 - MITLL
> Sent: Thursday, 1 April, 2021 10:09
> To: Michael Wojcik ; openssl-users@openssl.org
> Subject: Re: Why does OpenSSL report google's certificate is "self-signed"?
>
> In general - I concur, but there are nuances: sending
e that specifies a trust anchor MAY be omitted from the
chain" (4.4.2). So servers are good either way.
--
Michael Wojcik
;
Falcon has a small combined public key and signature, if memory serves.)
--
Michael Wojcik
ich you don't currently trust, but maybe you'd like
to add it?". Which doesn't seem like a great plan either -- and PKIX says trust
anchors should be added using a trustworthy out-of-band procedure, which this
is not -- but I suppose it's a conceivable use case.
--
Michael Wojcik
wn validations for. That's not an option for
most people. (I don't blame openssl.org for this state of affairs -- FIPS
validations are expensive and resource-intensive, and few OpenSSL consumers
support the project. Yes, 3.0 has slipped its original schedule by quite a lot,
but better to get it right.)
--
Michael Wojcik
eptable certificate are allowed to establish a TLS connection
to the server. Any authentication beyond that is handled by the application
using other means.
So a client certificate can be "wrong" in the basic PKIX sense of "invalid
certificate" or "can't build a path", but beyond that the interpretation is up
to the server-side application.
--
Michael Wojcik
allowed by Rev.3 but not by earlier SP800-56A revisions. But I generally don't
work with FIPS mode.
--
Michael Wojcik
mail claims.
> Statis vs dynamic builds wouldn't normally be associated with such a
> large difference. If the difference were routinely this large, nobody
> would use dynamic linking.
In this case it's the static-linked version which is slower. But I'd be
surprised if that's actually the cause.
--
Michael Wojcik
e any effect when building no-shared?)
Linking with /MT will affect code size and layout, which could adversely affect
code caching. It's not impossible that would have a factor-of-four penalty on
compute-bound code. I'm reluctant to conclude that's the problem, though,
witho
e decides to give up and return an error. Maybe one of the libp11
maintainers or someone else using the library will dig into it at some point.
--
Michael Wojcik
recently on this list.
However, now you have the problem of securing the IPC channel. This is an
architecture I'd be reluctant to endorse, given the complexity and attack
surface.
--
Michael Wojcik
tion"? A Windows exception? UNIX signal? C++ exception?
My initial guess would be that this is a timing issue - maybe the device needs
some time to become available, for example. But that's just a guess. Maybe
someone with more experience with a variety of HSMs and PKCS#11 will weigh in.
--
Michael Wojcik
similar
problems.
Isn't PKCS#11 grand? If you're bored with all the interoperability problems of
X.509, PKIX, and TLS, we have good news!
--
Michael Wojcik
> From: Jan Just Keijser
> Sent: Thursday, 7 January, 2021 01:23
>
> On 06/01/21 21:57, Michael Wojcik wrote:
> >
> >
> > But you're asking the wrong question. The correct question is: Why are you
> > using an outdated version of OpenSSL?
>
>
7;re asking the wrong question. The correct question is: Why are you
using an outdated version of OpenSSL?
--
Michael Wojcik
the year, and
anyone not already in line will be waiting even longer than usual for a
validation.
--
Michael Wojcik
nd,
there are so many applications which fail to do even minimal certificate
validation, so you can take comfort in knowing you're better than them, anyway.
--
Michael Wojcik
aka "Matt Caswell " [full]
While checking the signature runs into all the well-documented issues with the
PGP Web of Trust, it's still stronger (in the sense that it prunes more of the
attack tree, under sensible threat models) than just checking the hash. And
once you're set up to do it, it's a simpler operation for future downloads.
--
Michael Wojcik
non-obvious calls to set the
expected name, and with 1.1.0 and later you need to use SSL_set1_host (or the
1.0.2 method); there's a page on the OpenSSL wiki for this. I don't remember if
this has changed again in 3.0.
--
Michael Wojcik
non-obvious calls to set the
expected name, and with 1.1.0 and later you need to use SSL_set1_host (or the
1.0.2 method); there's a page on the OpenSSL wiki for this. I don't remember if
this has changed again in 3.0.
--
Michael Wojcik
> From: 定平袁
> Sent: Tuesday, 22 December, 2020 20:08
> To: Michael Wojcik
Please do not send messages regarding OpenSSL to me directly. Send them to the
openss-users list. That is where the discussion belongs.
> > Why are you appending it to the file containing the existing ce
You haven't given us enough information to guess why the new certificate is
failing client verification. You need to get detailed failure information from
the client program, or use a different client that gives you detailed
information,
or use a utility such as "openssl verify" to test the certificate chain locally.
--
Michael Wojcik
an area I had
to get into when I was working with PKCS#11 some years ago.
My advice is to look at existing examples, such as the code Jan pointed you to.
--
Michael Wojcik
nts and what kind of support you already have for your device.
And all of this changes in 3.0 with the new "provider" architecture, so you'll
get to take another crack at it soon.
--
Michael Wojcik
of identity without the corresponding private key. (Some
HSMs and other crypto devices have support for exporting private keys, often as
multiple shares, for backup and cloning purposes. Using that to get the private
key for direct use defeats the whole purpose of an HSM, of course, so that
shouldn't be used to bypass the card.)
--
Michael Wojcik
ot a feasible solution
for you either.
If it is, cross-signing with a CA under your control and trusting only that CA
is probably the approach I'd go for. That's a legitimate approach under PKIX.
It could even be mostly automated, except the end users would have to install
updated user certificates, which is probably a deal-breaker.
--
Michael Wojcik
tional
restrictions (or removing existing ones) on which certificates will be accepted.
--
Michael Wojcik
to also allow prime256v1 for
interoperability. Again, that's a question for your threat model.
All that said, some people will have different, and quite possibly
better-informed, opinions on this.
--
Michael Wojcik
> From: Kyle Hamilton
> Sent: Tuesday, 17 November, 2020 02:37
> On Fri, Nov 13, 2020 at 11:51 AM Michael Wojcik
> wrote:
> >
> > > From: Brice André
> > > Sent: Friday, 13 November, 2020 09:13
> >
> > > "Does the server parent process cl
retransmit timer times the retransmit count to be exhausted - typically over 10
minutes. Again, some OSes let you change these defaults, and some let you change
them on an individual connection.
--
Michael Wojcik
simple: The connection is still established, but there's no data
to
receive. The question isn't why SSL_read is blocking; it's why you think the
connection is gone, but the stack thinks otherwise.
> Note that the normal behavior of my application is : client connects, server
> daemon forks a new instance,
Does the server parent process close its copy of the conversation socket?
--
Michael Wojcik
_url might be used, and whether anything else depends
on the existing semantics of removing the brackets. Someone should take a
closer look.
You could open an issue in GitHub and do a pull request for your change, to
make your suggestion official.
--
Michael Wojcik
1 - 100 of 583 matches
Mail list logo
