headers
Topwiz | 1 Feb 04:28
Favicon

Re: Error Sending TLS SMTP email to servers that are not GMail


Here is the extended error message:

Unexpected <Unknown type> (50) packet, expected handshake (22)                                                                                                                                                                                                 

--

-- 
View this message in context: http://old.nabble.com/Error-Sending-TLS-SMTP-email-to-servers-that-are-not-GMail-tp33230840p33241037.html
Sent from the Cryptlib mailing list archive at Nabble.com.

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 2 comments |
headers
Florian Weimer | 1 Feb 11:05
Picon

x


--

-- 
Florian Weimer                <fweimer <at> bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 0 comments |
headers
Peter Gutmann | 1 Feb 17:48
Picon
Picon
Picon
Favicon

Re: Error Sending TLS SMTP email to servers that are not GMail

Topwiz <rsmith <at> trusthss.com> writes:

>Here is the extended error message:
>
>Unexpected <Unknown type> (50) packet, expected handshake (22)

That looks like an ASCII character, are you sure you're connecting on an SSL
port?

Peter.

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 1 comment |
headers
Geir Ståle Eidissen | 2 Feb 10:19
Favicon

cryptGetAttribute - what to use for cryptObject parameter to get error information

A call to cryptImportCert fails ( CRYPT_ERROR_BADDATA -32) and I want to get more information using CRYPT_ATTRIBUTE_ERRORLOCUS ect.

 

The problem is that I have no valid object for cryptGetAttribute so the calls to get errorlocus, errortype and errormessage fails, returning -1 (CRYPT_ERROR_PARAM1. )

I have tried using CRYPT_UNUSED as the object, but that fails too.

 

How can I find what's wrong with the certificate I try to import (pem-format, base64 encoded wrapped in ----- BEGIN CERTIFICATE-----,----- END CERTIFICATE----- ) .

 

Using Cryptlib 3.4.1

 

--

Geir S. Eidissen

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 1 comment |
headers
Geir Ståle Eidissen | 2 Feb 13:52
Favicon

Problem reading b64 encoded certificate

I have narrowed it down to that it is the base64 decoding that reports CRYPT_ERROR_BADDATA when a certificate is base64encoded without linefeeds and there is no b64padding.

 

IF the encoded certificate has b64 padding ( = or == at the end) it works fine:

 

-----BEGIN CERTIFICATE-----

MIIE […]lxsaxft0Q==

-----END CERTIFICATE-----

 

When decoding this certificate, the last call to decodeBase64chunk results in outByteCount being 1 or 2 depending on the padding, so it returns OK_SPECIAL that tells base64decode() that end of data is reached. Note that there are no linefeeds in the base64encoded data.

 

But if there is no padding, the base64decode() function fails.

 

----- BEGIN CERTIFICATE -----

[…] p1TB3zKyHB1avxusOpgVxDM

-----END CERTIFICATE-----

 

Because in the last call to decodeBase64chunk() the outByteCount = 3, so base64decode continues to read and trigs the check in base64.c line 749 that allows only lines of 127 bytes or less.

 

This was no problem in cryptlib 3.2, and the certificate is OK.

Is this something that can be corrected?

 

--

Geir S. Eidissen

 

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 2 comments |
headers
Peter Gutmann | 3 Feb 06:13
Picon
Picon
Picon
Favicon

Re: cryptGetAttribute - what to use for cryptObject parameter to get error information

=?iso-8859-1?Q?Geir_St=E5le_Eidissen?= <geir.eidissen <at> medilink.com> writes:

>How can I find what's wrong with the certificate I try to import (pem-format,
>base64 encoded wrapped in ----- BEGIN CERTIFICATE-----,----- END
>CERTIFICATE----- ) .

Can you send me a copy of the cert, preferably zipped in order to preserve any
formatting irregularities that mailers might mangle?

Peter.

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 0 comments |
headers
Topwiz | 3 Feb 14:40
Favicon

Re: Error Sending TLS SMTP email to servers that are not GMail


I changed my prorgam to connect to the mail server the normal Winsock way,
send EHLO and get the response:

250-xc38.mail.ovh.net Hello [216.66.99.194]
250-SIZE 104857600
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH NTLM
250-8BITMIME
250-BINARYMIME
250 CHUNKING

Then I have the following cryptlib code:

// Cryptlib constants
Constant Long CRYPT_OK                                     =  0
Constant Long CRYPT_UNUSED                              = -101
Constant Long CRYPT_SESSION_SSL                      = 3
Constant Long CRYPT_SESSINFO_ACTIVE                = 6001
Constant Long CRYPT_SESSINFO_NETWORKSOCKET  = 6014

// Initialize the Library
ll_RetVal = cryptInit()

// Create the session
ll_RetVal = cryptCreateSession(il_Session, CRYPT_UNUSED, CRYPT_SESSION_SSL)

// Set the socket
ll_RetVal = cryptSetAttribute(il_Session, CRYPT_SESSINFO_NETWORKSOCKET,
iul_socket) 

// Activate the session
ll_RetVal = cryptSetAttribute(il_Session, CRYPT_SESSINFO_ACTIVE, 1) 

The return from this call is:  -16 Internal consistency check failed

--

-- 
View this message in context: http://old.nabble.com/Error-Sending-TLS-SMTP-email-to-servers-that-are-not-GMail-tp33230840p33256685.html
Sent from the Cryptlib mailing list archive at Nabble.com.

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 0 comments |
headers
Topwiz | 3 Feb 14:55
Favicon

Re: Error Sending TLS SMTP email to servers that are not GMail


I discovered I should send STARTTLS after EHLO and get this response:

220 2.0.0 SMTP server ready

But the the cryptlib session activate gives the same error.

Topwiz wrote:
> 
> My program is written in PowerBuilder and uses the latest copy of cl32.dll
> to send email. It works perfectly with GMail but when used with other
> servers that require TLS it fails. PowerBuilder is very similar to VB6 in
> how it calls .dll functions so I went by the example for that.
> 
> The error is returned from the call to activate the session. The error is
> -32 "Bad/unrecognised data format".
> 
> Here is the code, minus the error handling:
> 
> ll_RetVal = cryptInit()
> ll_RetVal = cryptCreateSession(ll_Session, CRYPT_UNUSED,
> CRYPT_SESSION_SSL)
> ll_RetVal = cryptSetAttributeString(ll_Session,
> CRYPT_SESSINFO_SERVER_NAME, ls_server, Len(ls_server))
> ll_RetVal = cryptSetAttribute(ll_Session, CRYPT_SESSINFO_SERVER_PORT,
> lui_port)
> ll_RetVal = cryptSetAttribute(ll_Session, CRYPT_SESSINFO_ACTIVE, 1)
> 
> The variables that start with ll_ are Long, ls_ are String and lui_ are
> UnsignedInteger. Long is a signed 4 byte number and UnsignedInteger is a
> unsigned 2 byte number.
> 
> Thanks in advance,
> Roland
> 

--

-- 
View this message in context: http://old.nabble.com/Error-Sending-TLS-SMTP-email-to-servers-that-are-not-GMail-tp33230840p33256731.html
Sent from the Cryptlib mailing list archive at Nabble.com.

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 0 comments |
headers
Peter Gutmann | 10 Feb 11:54
Picon
Picon
Picon
Favicon

Re: Problem reading b64 encoded certificate

=?iso-8859-1?Q?Geir_St=E5le_Eidissen?= <geir.eidissen <at> medilink.com> writes:

>I have narrowed it down to that it is the base64 decoding that reports
>CRYPT_ERROR_BADDATA when a certificate is base64encoded without linefeeds and
>there is no b64padding.

Having seen the files, the bigger problem is that this data is supposed to be
in PEM base64 format but there are no line breaks in it, it's just one
continuous text string so neither of the two are valid.  It's actually just
coincidence that cryptlib decodes the first one (with the padding), since the
code is shared with generic base64-decoding code for databases that don't
handle binary data.

Peter.

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 1 comment |
headers
Smith, Roland | 10 Feb 14:13
Favicon

Re: Problem reading b64 encoded certificate

Peter,

The change you made fixed the problem! I had to make a couple small changes to my program and now it works great.

If you can send me the final build that would be great.

Thanks,
Roland

-----Original Message-----
From: cryptlib-bounces <at> mbsks.franken.de [mailto:cryptlib-bounces <at> mbsks.franken.de] On Behalf Of
Peter Gutmann
Sent: Friday, February 10, 2012 5:54 AM
To: cryptlib <at> mbsks.franken.de; geir.eidissen <at> medilink.com
Subject: Re: [Cryptlib] Problem reading b64 encoded certificate

=?iso-8859-1?Q?Geir_St=E5le_Eidissen?= <geir.eidissen <at> medilink.com> writes:

>I have narrowed it down to that it is the base64 decoding that reports
>CRYPT_ERROR_BADDATA when a certificate is base64encoded without linefeeds and
>there is no b64padding.

Having seen the files, the bigger problem is that this data is supposed to be
in PEM base64 format but there are no line breaks in it, it's just one
continuous text string so neither of the two are valid.  It's actually just
coincidence that cryptlib decodes the first one (with the padding), since the
code is shared with generic base64-decoding code for databases that don't
handle binary data.

Peter.

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 0 comments |

Gmane