Re: PSK with TLSv1.3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 23.10.19 11:24, Johannes Bauer wrote:

> All error checking omitted for now, this is obviously just a sample.
> When I try to connect to my server on the command line using s_client:
>
> $ openssl s_client -connect 127.0.0.1:12345 -psk_identity foo -psk 001122
>
> The server pukes:
>
> PSK server SSL 0x623000000100 identity foo len 3 sess (nil)
> 139933268309760:error:141F906E:SSL routines:tls_parse_ctos_psk:bad
> extension:../ssl/statem/extensions_srvr.c:1267:
>
> And I have no idea what that's supposed to mean.

One step further... I've peeked at s_server.c and copied some of that
code. I.e., concretely I now am at:

const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 };
const SSL_CIPHER *cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id);
if (!cipher) {
	return 0;
}
SSL_SESSION_set_cipher(sess, cipher);

But, uhm... this is positively terrifying code. Is this how it's
supposed to look, i.e., hard-coded magic numbers in the application?! Or
is that just the route s_server took and there's a preferred, better way?

In any case, while it throws a different error message now, it still
does not work:

PSK server SSL 0x62300000fd00 identity foo len 3 sess (nil)
140710464452352:error:14201076:SSL routines:tls_choose_sigalg:no
suitable signature algorithm:../ssl/t1_lib.c:2649:

I've never in the setup limited the signature algorithms and s_client
does not, either (when I peek at the ClientHello it advertises a whole
bunch of signature algorithms).

Any advice?
Thank you,
Johannes




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux