[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: matrixssl

Guido Günther <agx@sigxcpu.org> writes:

> It has a link:
> "I created a patch against openssl that allows to test this." ->
> https://github.com/hannob/bignum-fuzz/blob/master/openssl-break-rsa-values.diff
> This allows to crash the matrix ssl server.

Ok, thanks. That looks like you can test it if you can setup a matrixssl
server. Fair enough.

I looked and found only one package in wheezy that uses matrixssl:

(wheezy-amd64-default)root@prune:/home/brian# apt-cache rdepends libmatrixssl1.8
Reverse Depends:

So I installed ipvsd, and attempted to test using the provided
sslio. I used 1024 bits just in case on the self signed certifcate, in the off
chance this would improve compatability.

=== cut ===
(wheezy-amd64-default)root@prune:/home/brian# openssl req -x509 -newkey rsa:1024 -keyout key.pem -out cert.pem -nodes
Generating a 1024 bit RSA private key
writing new private key to 'key.pem'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:localhost
Email Address []:
(wheezy-amd64-default)root@prune:/home/brian# chmod 777 key.pem cert.pem 
(wheezy-amd64-default)root@prune:/home/brian# sslio  -vvv -u brian -C cert.pem -K key.pem cat
sslio[8259]: fatal: unable to read cert or key file: no error
=== cut ===

Any ideas why it isn't accepting my self signed certificate? Did I do
something stupid?

Some debugging information would be really nice.

strace shows that it is reading both files.

I imagine that once I get sslio working properly, I can run a SSL server
with something like:

tcpsvd localhost 8123 sslio -u brian -C cert.pem -K key.pem cat

Currently this produces the same error as above.
Brian May <bam@debian.org>

Reply to: