Date: Mon, 18 Dec 1995 09:57:42 -0500 (EST) From: Rashid Karimov <rashid@rk.ios.com> To: hackers@FreeBSD.org Subject: Any luck with Apache/SSl from c2.org ??? Message-ID: <199512181457.JAA00854@rk.ios.com>
next in thread | raw e-mail | index | archive | help
Hi there folx, I'm sorry for the empty message with the same subj. - my fault :( Here goes : I know that guys at c2.org are pretty busy with making the subj. to work with SSleay 350a - probably we can help them to finish/polish the thing sooner by this discussion here. A couple of days ago I ftp'ed the apache ssl sources from c2.org and the latest version of SSleay ( free implementation of Netscape's SSL proto) from _the site in Oz :) Looks like thing was produced in the rush - the sad truth is that one has to forget about compiling the thing "out of box" :(( So problems ( they are related more to SSleay I think) - there is obvious typo in ssl/apps/s_socket.c - instead of #ifdef for EPROTO they used #ifndef along with following EPROTO usage ( it's easy to find searching for EPROTO ) - the ssl/Configure doesnt provide support for FreeBSD - TERMIOS should be defined instead of TERMIO , but even after that TERMIO somehow gets defined in one of the Makefiles so ssl/crypto/des/get_pwd.c will not compile . - there is a typo in one of the sources which causes problem with compiling again - they #includeD sys/types.h _after sys/stats.h , which is wrong - some Makefile is corrupted so instead of defining "-I../../include" it has "-I../inc" - the corresponding subtree won't compile unless fixed -very weird problem with ssl/crypto/Makefile . I spend a lot of time on that one ( shame on me) - but wasnt able to figure out what exactly is/was wrong. In few words - 'cause of something there the libcrypto will not compile completely ... instead of ~1.5Mb in size I kept getting ~20K. I had to rename Makefile to makefile , manually define valid CFLAGS in it and run make by hand. Otherwise not only I wasnt able to get the whole libcrypto.a compiled'n'assembled , but the top level make was causing weird loops when walking down Makefile's tree Well, that's about it ... the ssleay will not compile after all because of single unresolved function or macro with name like "X509_****_error" or something like it - I went thru all *.[hc] files but wasn't able to find where the freaking thing was defined - so I just I wiped it out from the 2 places it was called - it is pretty safe , since they use it for logging only. OK , so finally I got everything compiled ( there still be a few warnings while compiling , including the nasty one = "the result of **** is always 0 because of limited range" or something like it ). The only problem which remains is HOW to generate and sign the TEST certificate ... the recepie from the old version of SSleay doesn't work: #!/bin/sh PATH=$PATH:/usr/local/ssl/bin genrsa -des -rand /var/log/messages:/etc/utmp -out httpd.key makecert 2> httpd.text x509 -inform TEXT -in httpd.text -signkey httpd.key \ -CAkeyform TEXT -CAform TEXT -CA httpd.text -CAkey httpd.key -CAcreateseria l \ > httpd.cert cp httpd.cert /usr/local/ssl/certs chmod 644 /usr/local/ssl/certs/httpd.cert cp httpd.key /usr/local/ssl/private chmod 600 /usr/local/ssl/private/httpd.key It failes in the third line with "invalid informat". I tried to change TEXT to TXT ( as per help page from x509 ) - didn't help at all. This simple script did work with previous ssl and Apache - I was able to run apache in secure(SSL) mode - the famous blue raincoat... I mean key,was there - but the thing wasn;t useful because of some other bug , which caused memory overflow on the clients side. Rashid
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199512181457.JAA00854>