Re: matrixssl
Guido Günther <agx@sigxcpu.org> writes:
> It has a link:
>
> "I created a patch against openssl that allows to test this." ->
> https://github.com/hannob/bignum-fuzz/blob/master/openssl-break-rsa-values.diff
>
> This allows to crash the matrix ssl server.
Ok, thanks. That looks like you can test it if you can setup a matrixssl
server. Fair enough.
I looked and found only one package in wheezy that uses matrixssl:
(wheezy-amd64-default)root@prune:/home/brian# apt-cache rdepends libmatrixssl1.8
libmatrixssl1.8
Reverse Depends:
libmatrixssl1.8-dev
ipsvd
So I installed ipvsd, and attempted to test using the provided
sslio. I used 1024 bits just in case on the self signed certifcate, in the off
chance this would improve compatability.
=== cut ===
(wheezy-amd64-default)root@prune:/home/brian# openssl req -x509 -newkey rsa:1024 -keyout key.pem -out cert.pem -nodes
Generating a 1024 bit RSA private key
....................++++++
....................................................................++++++
writing new private key to 'key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:localhost
Email Address []:
(wheezy-amd64-default)root@prune:/home/brian# chmod 777 key.pem cert.pem
(wheezy-amd64-default)root@prune:/home/brian# sslio -vvv -u brian -C cert.pem -K key.pem cat
sslio[8259]: fatal: unable to read cert or key file: no error
=== cut ===
Any ideas why it isn't accepting my self signed certificate? Did I do
something stupid?
Some debugging information would be really nice.
strace shows that it is reading both files.
I imagine that once I get sslio working properly, I can run a SSL server
with something like:
tcpsvd localhost 8123 sslio -u brian -C cert.pem -K key.pem cat
Currently this produces the same error as above.
--
Brian May <bam@debian.org>
Reply to: