Re: matrixssl

To: Guido Günther <agx@sigxcpu.org>
Cc: Ola Lundqvist <ola@inguza.com>, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: matrixssl
From: Brian May <bam@debian.org>
Date: Fri, 02 Sep 2016 18:42:52 +1000
Message-id: <[🔎] 87wpiur8tv.fsf@prune.linuxpenguins.xyz>
In-reply-to: <[🔎] 20160901180911.7o2hfxmdzsd3p3gx@bogon.m.sigxcpu.org>
References: <20160811183508.GA25886@bogon.m.sigxcpu.org> <87d1l76did.fsf@prune.linuxpenguins.xyz> <20160818052455.kybgoxuauzietal2@bogon.m.sigxcpu.org> <20160819144920.7eyncqm2kfzjndl7@bogon.m.sigxcpu.org> <87a8g544ue.fsf@prune.linuxpenguins.xyz> <8760qt43tm.fsf@prune.linuxpenguins.xyz> <20160823052256.ysety37mygjxxovu@bogon.m.sigxcpu.org> <CABY6=0=XPkeD5aeczFcWaiZJHRnMiKSckb2xrFat3X2j+1VoZg@mail.gmail.com> <20160823184619.ligohblvpi5wxsiu@bogon.m.sigxcpu.org> <[🔎] 87oa48qd7k.fsf@prune.linuxpenguins.xyz> <[🔎] 20160901180911.7o2hfxmdzsd3p3gx@bogon.m.sigxcpu.org>

Guido Günther <agx@sigxcpu.org> writes:

> It has a link:
>
> "I created a patch against openssl that allows to test this." ->
> https://github.com/hannob/bignum-fuzz/blob/master/openssl-break-rsa-values.diff
>
> This allows to crash the matrix ssl server.

Ok, thanks. That looks like you can test it if you can setup a matrixssl
server. Fair enough.

I looked and found only one package in wheezy that uses matrixssl:

(wheezy-amd64-default)root@prune:/home/brian# apt-cache rdepends libmatrixssl1.8
libmatrixssl1.8
Reverse Depends:
  libmatrixssl1.8-dev
  ipsvd

So I installed ipvsd, and attempted to test using the provided
sslio. I used 1024 bits just in case on the self signed certifcate, in the off
chance this would improve compatability.

=== cut ===
(wheezy-amd64-default)root@prune:/home/brian# openssl req -x509 -newkey rsa:1024 -keyout key.pem -out cert.pem -nodes
Generating a 1024 bit RSA private key
....................++++++
....................................................................++++++
writing new private key to 'key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:localhost
Email Address []:
(wheezy-amd64-default)root@prune:/home/brian# chmod 777 key.pem cert.pem 
(wheezy-amd64-default)root@prune:/home/brian# sslio  -vvv -u brian -C cert.pem -K key.pem cat
sslio[8259]: fatal: unable to read cert or key file: no error
=== cut ===

Any ideas why it isn't accepting my self signed certificate? Did I do
something stupid?

Some debugging information would be really nice.

strace shows that it is reading both files.

I imagine that once I get sslio working properly, I can run a SSL server
with something like:

tcpsvd localhost 8123 sslio -u brian -C cert.pem -K key.pem cat

Currently this produces the same error as above.
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: matrixssl
  - From: Christopher Samuel <samuel@unimelb.edu.au>

References:
- Re: matrixssl
  - From: Brian May <bam@debian.org>
- Re: matrixssl
  - From: Guido Günther <agx@sigxcpu.org>

Prev by Date: Re: Security update of firefox-esr for Wheezy
Next by Date: Re: Wheezy update of mailman?
Previous by thread: Re: matrixssl
Next by thread: Re: matrixssl
Index(es):
- Date
- Thread