Date: Mon, 18 Dec 1995 09:57:42 -0500 (EST) From: Rashid Karimov <rashid@rk.ios.com> To: hackers@FreeBSD.org Subject: Any luck with Apache/SSl from c2.org ??? Message-ID: <199512181457.JAA00854@rk.ios.com>
next in thread | raw e-mail | index | archive | help
Hi there folx,
I'm sorry for the empty message with the same subj. -
my fault :(
Here goes :
I know that guys at c2.org are pretty busy with making
the subj. to work with SSleay 350a - probably we can help
them to finish/polish the thing sooner by this discussion here.
A couple of days ago I ftp'ed the apache ssl sources
from c2.org and the latest version of SSleay ( free
implementation of Netscape's SSL proto) from _the
site in Oz :)
Looks like thing was produced in the rush - the sad
truth is that one has to forget about compiling the thing
"out of box" :((
So problems ( they are related more to SSleay I think)
- there is obvious typo in ssl/apps/s_socket.c -
instead of #ifdef for EPROTO they used #ifndef
along with following EPROTO usage ( it's easy
to find searching for EPROTO )
- the ssl/Configure doesnt provide support for FreeBSD -
TERMIOS should be defined instead of TERMIO , but even
after that TERMIO somehow gets defined in one of the Makefiles
so ssl/crypto/des/get_pwd.c will not compile .
- there is a typo in one of the sources which causes
problem with compiling again - they #includeD
sys/types.h _after sys/stats.h , which is wrong
- some Makefile is corrupted so instead of
defining "-I../../include" it has "-I../inc" -
the corresponding subtree won't compile unless
fixed
-very weird problem with ssl/crypto/Makefile .
I spend a lot of time on that one ( shame on me) -
but wasnt able to figure out what exactly
is/was wrong.
In few words - 'cause of something there the
libcrypto will not compile completely ...
instead of ~1.5Mb in size I kept getting ~20K.
I had to rename Makefile to makefile , manually
define valid CFLAGS in it and run make by hand.
Otherwise not only I wasnt able to get the whole
libcrypto.a compiled'n'assembled , but the top
level make was causing weird loops when walking
down Makefile's tree
Well, that's about it ... the ssleay will not
compile after all because of single unresolved function
or macro with name like
"X509_****_error" or something like it - I went
thru all *.[hc] files but wasn't able to find
where the freaking thing was defined - so I just
I wiped it out from the 2 places it was called -
it is pretty safe , since they use it for logging
only.
OK , so finally I got everything compiled ( there
still be a few warnings while compiling , including
the nasty one = "the result of **** is always 0 because
of limited range" or something like it ).
The only problem which remains is HOW to generate
and sign the TEST certificate ... the recepie from
the old version of SSleay doesn't work:
#!/bin/sh
PATH=$PATH:/usr/local/ssl/bin
genrsa -des -rand /var/log/messages:/etc/utmp -out httpd.key
makecert 2> httpd.text
x509 -inform TEXT -in httpd.text -signkey httpd.key \
-CAkeyform TEXT -CAform TEXT -CA httpd.text -CAkey httpd.key -CAcreateseria
l \
> httpd.cert
cp httpd.cert /usr/local/ssl/certs
chmod 644 /usr/local/ssl/certs/httpd.cert
cp httpd.key /usr/local/ssl/private
chmod 600 /usr/local/ssl/private/httpd.key
It failes in the third line with "invalid informat". I tried
to change TEXT to TXT ( as per help page from x509 ) - didn't
help at all.
This simple script did work with previous ssl and Apache -
I was able to run apache in secure(SSL) mode - the famous
blue raincoat... I mean key,was there - but the thing wasn;t
useful because of some other bug , which caused memory overflow
on the clients side.
Rashid
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199512181457.JAA00854>