Open-SSL - Vxworks port

Discussion:

n***@public.gmane.org

2003-09-09 08:43:57 UTC

Hi,

TLS feature was implemented using the OpenSSL libraries (the library
version being 0.9.7b). This feature works fine for Solaris, Linux and
Windows port.

...was able to encrypt/decrypt messages (using the OpenSSL libraries) and
also was able to authenticate the peer through exchange of signed
certificates using the OpenSSL libraries.

Now, when trying to port our product (with the TLS feature) on VxWorks, we
are facing problems here. The encryption/decryption part is working fine
but the problem comes in authentications with error as "Bad certificate".

Please note that the certificates are dummy ones and all (the server, CA
and the root certificates) are generated using some scripts. As mentioned
above, we have successfully run TLS calls using the same set of
certificates on Solaris, Linux and Windows.

Any pointers on what may be the problem.

Regards
Lakshminarayan

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org

linux guy

2003-09-10 02:51:15 UTC

Permalink

is ur product the server one?
maybe your sslconfig is not correct.
----- Original Message -----
From: nrlakshmi-***@public.gmane.org
Date: Tue, 9 Sep 2003 14:13:57 +0530
To: openssl-users-MCmKBN63+***@public.gmane.org, owner-openssl-***@openssl.org
Subject: Open-SSL - Vxworks port

Post by n***@public.gmane.org
Hi,
TLS feature was implemented using the OpenSSL libraries (the library
version being 0.9.7b). This feature works fine for Solaris, Linux and
Windows port.
...was able to encrypt/decrypt messages (using the OpenSSL libraries) and
also was able to authenticate the peer through exchange of signed
certificates using the OpenSSL libraries.
Now, when trying to port our product (with the TLS feature) on VxWorks, we
are facing problems here. The encryption/decryption part is working fine
but the problem comes in authentications with error as "Bad certificate".
Please note that the certificates are dummy ones and all (the server, CA
and the root certificates) are generated using some scripts. As mentioned
above, we have successfully run TLS calls using the same set of
certificates on Solaris, Linux and Windows.
Any pointers on what may be the problem.
Regards
Lakshminarayan
______________________________________________________________________
OpenSSL Project http://www.openssl.org

--
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr

Powered by Outblaze
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org

a***@public.gmane.org

2003-09-10 05:47:26 UTC

Permalink

Hello linuxguy

Are you refering to the Configure script that is executed before compiling
the OpenSSL libraries ?

If that is the case, then could you please point exactly where could be
the problem. I have attached the Configure file that we are using, for
your reference.

Also, we are using the following Configure command to create the
Makefile.ssl files -

./Configure vxworks-ppc750-debug -DOPENSSL_SYS_VXWORKS threads no-shared
--prefix=<path where openssl is installed>

Thanks in advance.

Anil Kumar Chaudhury
Senior Software Engineer
Hughes Software Systems
Bangalore - 560 001
Phone: (080) 2867921 Extn: 7605
www.hssworld.com

"linux guy" <linuxguy-jjFNsPSvq+***@public.gmane.org>
Sent by: owner-openssl-users-MCmKBN63+***@public.gmane.org
09/10/03 08:21 AM
Please respond to
openssl-users-MCmKBN63+***@public.gmane.org

To
openssl-users-MCmKBN63+***@public.gmane.org
cc

Subject
Re: Open-SSL - Vxworks port

is ur product the server one?
maybe your sslconfig is not correct.
----- Original Message -----
From: nrlakshmi-***@public.gmane.org
Date: Tue, 9 Sep 2003 14:13:57 +0530
To: openssl-users-MCmKBN63+***@public.gmane.org, owner-openssl-***@openssl.org
Subject: Open-SSL - Vxworks port

and

Post by n***@public.gmane.org
also was able to authenticate the peer through exchange of signed
certificates using the OpenSSL libraries.
Now, when trying to port our product (with the TLS feature) on VxWorks,

Post by n***@public.gmane.org
are facing problems here. The encryption/decryption part is working fine
but the problem comes in authentications with error as "Bad

certificate".

Post by n***@public.gmane.org
Please note that the certificates are dummy ones and all (the server, CA
and the root certificates) are generated using some scripts. As

mentioned

Post by n***@public.gmane.org
above, we have successfully run TLS calls using the same set of
certificates on Solaris, Linux and Windows.
Any pointers on what may be the problem.
Regards
Lakshminarayan
______________________________________________________________________
OpenSSL Project http://www.openssl.org

linux guy

2003-09-10 06:25:26 UTC

Permalink

hello akchaudhury,I just finished one SSL-supported web server under vxworks(ppc603),
and I don't know much about TLS.
ur configure command to generate the Makefile for u to make libcrypto.a&libssl.a with is
(almost)right.
since the error prompt is BAD CERTIFAICATE,if ur product is a server one,U need
provide the client one correct CERTIFICATE(self-signed or CA signed).
the sslconfig is one structure used by our SSL server,it includes several options such as
SSL methods it supports,whether the client certificate is needed,and the path of CERTIFICATE file,the path of private key file and so on which r all needed when SSL
server runs.
btw:our web server provides self-signed certificate. 
--
______________________________________________ 
<a href="http://www.linuxmail.org" target="_blank">http://www.linuxmail.org/</a> 
Now with e-mail forwarding for only US$5.95/yr

Powered by Outblaze
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org

a***@public.gmane.org

2003-09-10 07:21:40 UTC

Permalink

Hello linuxguy

Our product is client and it asks the server for certificates. The server
sends the certificates which the client tries to authenticate using its
CA certificates. This is the point when the client fails to authenticate
the certificates received from the server and generates a fatal alarm
whose value is bad_certificate.

As you have mentioned, the client needs to know about the certificate
file, CA-certificate path, etc. For doing all this, we are making use of
the OpenSSL APIs -

SSL_CTX_use_certificate_file
SSL_CTX_use_PrivateKey_file
SSL_CTX_load_verify_locations
SSL_CTX_set_verify
SSL_CTX_set_cipher_list
etc.

and we create the SSL_CTX structure. Using this SSL_CTX structure we are
creating a SSL structure at the time of TLS connection establishment.
The most amazing part here is that the certificates present with the
client and the server are the same set. So, there should not be any
invalid/incorrect certificate problem. Moreover, the Solaris port of our
product with the same set of certificates works absolutely fine i.e. there
are no certificate authentication errors.

Any pointers ??

Thanks.

Anil Kumar Chaudhury
Senior Software Engineer
Hughes Software Systems
Bangalore - 560 001
Phone: (080) 2867921 Extn: 7605
www.hssworld.com

"linux guy" <linuxguy-jjFNsPSvq+***@public.gmane.org>
Sent by: owner-openssl-users-MCmKBN63+***@public.gmane.org
09/10/03 11:55 AM
Please respond to
openssl-users-MCmKBN63+***@public.gmane.org

To
openssl-users-MCmKBN63+***@public.gmane.org
cc

Subject
Re: Open-SSL - Vxworks port

hello akchaudhury,I just finished one SSL-supported web server under
vxworks(ppc603),
and I don't know much about TLS.
ur configure command to generate the Makefile for u to make
libcrypto.a&libssl.a with is
(almost)right.
since the error prompt is BAD CERTIFAICATE,if ur product is a server one,U
need
provide the client one correct CERTIFICATE(self-signed or CA signed).
the sslconfig is one structure used by our SSL server,it includes several
options such as
SSL methods it supports,whether the client certificate is needed,and the
path of CERTIFICATE file,the path of private key file and so on which r
all needed when SSL
server runs.
btw:our web server provides self-signed certificate.

--
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr
Powered by Outblaze
______________________________________________________________________
OpenSSL Project http://www.openssl.org User Support Mailing List
openssl-users-MCmKBN63+***@public.gmane.org Automated List Manager ***@openssl.org