Skip to content

OpenSSL Client Certificates and Libevent-2.0.3-alpha

Tom Pusateri reported success with using OpenSSL client certificates and libevent's builtin OpenSSL support. Here is what he wrote on the mailing list:

I tried 2.0.3 alpha against the Apple Push notification feedback service which requires a client key/certificate and it works great.

One hint... Make sure you add the key and cert to the SSL context before calling SSL_new(). Otherwise, you'll get an error that looks like:
sslv3 alert handshake failure in SSL routines SSL3_READ_BYTES
Here's the working code:

static void
init_feedback_service(struct event_base *ev_base,
    struct evdns_base *dns)
{
   int rc;
   struct bufferevent *bev;
   SSL_CTX *ssl_ctx;
   SSL *ssl;

   ssl_ctx = SSL_CTX_new(SSLv3_method());

   rc = SSL_CTX_use_certificate_file(ssl_ctx, "my_apple_cert_key.pem",
       SSL_FILETYPE_PEM);
   if (rc != 1) {
       errx(EXIT_FAILURE, "Could not load certificate file");
   }
   rc = SSL_CTX_use_PrivateKey_file(ssl_ctx, "my_apple_cert_key.pem",
       SSL_FILETYPE_PEM);
   if (rc != 1) {
       errx(EXIT_FAILURE, "Could not load private key file");
   }

   ssl = SSL_new(ssl_ctx);
   bev = bufferevent_openssl_socket_new(ev_base, -1, ssl,
       BUFFEREVENT_SSL_CONNECTING, BEV_OPT_CLOSE_ON_FREE);
   bufferevent_setcb(bev, feedback_read_cb, NULL,
       feedback_event_cb, NULL);
   rc = bufferevent_socket_connect_hostname(bev, dns, AF_INET,
       "feedback.sandbox.push.apple.com", 2196);
   if (rc < 0) {
       warnx("could not connect to feedback service: %s",
             evutil_socket_error_to_string(EVUTIL_SOCKET_ERROR()));
       bufferevent_free(bev);
       return;
   }
   bufferevent_enable(bev, EV_READ);
}
Categories: Libevent
Defined tags for this entry:

Libevent-2.0.3-alpha release

It has been a while since the last alpha release of libevent-2.0. Yesterday, we released 2.0.3-alpha which can be downloaded from

http://monkey.org/~provos/libevent-2.0.3-alpha.tar.gz

Please, give it a spin and let us know if you run into any problems. There have been a lot of changes since the last release, mostly due to Nick's hard work. Here are just some highlights, the ChangeLog contains the full story:

- SSL/TLS support on bufferevents, using the OpenSSL library
- Improved searching on evbuffer objects
- Improved support for Windows
- More efficient memory allocation for event_bases that use epoll
- Improved thread-safety
- The IOCP bufferevent backend is now exposed on Windows; many thanks to Christopher Davis for his work.

Many thanks to everyone who helped with patches and bug reports including Rocco Carbone, Brodie Thiesfield, Caitlin Mercer, David Reiss, Alexander Pronchenkov, Jacek Masiulaniec, Ka-Hing Cheung, Christopher Davis, Ferenc Szalai, and Ryan Phillips.

Edited to fix the link.
Categories: Libevent, News
Defined tags for this entry: ,

Libevent 1.4.13-stable released

We just released a new stable version of Libevent that fixes the following problems:
  • If the kernel tells us that there are a negative number of bytes to read from a socket, do not believe it. Fixes bug 2841177; found by Alexander Pronchenkov.
  • Do not allocate the maximum event queue and fd array for the epoll backend at startup. Instead, start out accepting 32 events at a time, and double the queue's size when it seems that the OS is generating events faster than we're requesting them. Saves up to 512K per epoll-based event_base. Resolves bug 2839240.
  • Fix compilation on Android, which forgot to define fd_mask in its sys/select.h
  • Do not drop data from evbuffer when out of memory; reported by Jacek Masiulaniec
  • Rename our replacement compat/sys/_time.h header to avoid build a conflict on HPUX; reported by Kathryn Hogg.
  • Build kqueue.c correctly on GNU/kFreeBSD platforms. Patch pulled upstream from Debian.
  • Fix a problem with excessive memory allocation when using multiple event priorities.
  • When running set[ug]id, don't check the environment. Based on a patch from OpenBSD.

A new alpha release of libevent 2.0 is on its way, too. Thanks to everyone who submitted patches and bug reports.

The source code is available at http://www.monkey.org/~provos/libevent-1.4.13-stable.tar.gz. Don't forget to verify the signature.
Categories: Libevent, News
Defined tags for this entry: ,

San Mai Knife

Failed San Mai Attempt A while ago, I forged a San Mai billet with the hope to turn it into a tanto. Unfortunately, the forge I was using had a very oxygen rich atmosphere and the welds did not take very well. Over the last couple of days, I spent some time grinding and heat treating the remaining steel into a knife for practice purposes. The cable structure of the knife came out very nicely with repeated applications of lemon juice and metal polish to remove the oxides left by the lemon juice etch.

I also figured out how to take decent pictures of the steel. The trick was to use direct light rather than diffused light that shines directly on the blade, and then have black surfaces inside the light box. The angle of the knife needs to be so that the black is reflected do the camera. Although, this is a failed knife due to all the welding flaws, it still was an interesting experiment.
Categories: Hacking
Defined tags for this entry: ,

Forging a Wakizashi

WakizashiI just finished taking the 5-day basic forging class taught by Michael Bell at Dragonfly Forge. The wakizashi in the picture is the result of it. The blade is about 18in long and was forged from forge-welded cable. The forge welding of the cable conducted by Michael and his son Gabriel took the better half of the first day. Afterward, the steel was forged into a sunobe which has the basic taper for the tang and point of the sword. We then forged in the ji and the shinogi ji. The remainder of the time was spent grinding in preparation for heat treatment. Before the clay was applied, we draw filed the blade so that all file marks were parallel with the edge rather than the perpendicular marks left by the belt grinder. Applying the clay was a three step process; a light coating of the whole blade, applying the ashi lines, and then coating everything that should remain soft. You can see the ashi and where the clay was applied on the middle picture. After heat treating, the blade took on a nice curve and it was back to the grinder. During the last day there was a little bit of time to polish on stones which showed hints of some very wild hamon as well as some mune yaki. The whole class was a great experience.
Categories: Hacking
Defined tags for this entry: , ,

LEET '10 Call for Papers

The call for papers for the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '10) Botnets, Spyware, Worms, and More just went out. It will be held on April 27, 2010 in San Jose, CA.

LEET '10 will be co-located with the 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI '10), which will take place April 28–30, 2010.

Important Dates
  • Submissions due: Thursday, February 25, 2010, 11:59 p.m. PST
  • Notification of acceptance: Wednesday, March 24, 2010
  • Final papers due: Monday, April 5, 2010

Workshop Organizers
Program Chair
  • Michael Bailey, University of Michigan
Program Committee
  • Dan Boneh, Stanford University
  • Nick Feamster, Georgia Institute of Technology
  • Jaeyeon Jung, Intel Labs, Seattle
  • Christian Kreibich, International Computer Science Institute
  • Patrick McDaniel, Pennsylvania State University
  • Fabian Monrose, University of North Carolina, Chapel Hill
  • Jose Nazario, Arbor Networks, Inc.
  • Stefan Savage, University of California, San Diego
  • Matt Williamson, AVG Technologies
  • Yinglian Xie, Microsoft Research
  • Vinod Yegneswaran, SRI International

Go submit your work!
Categories: Malware, News, Security, SpyBye, Systrace
Defined tags for this entry: , , ,