From owner-freebsd-questions@FreeBSD.ORG  Sun Jul 22 06:38:24 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 097B2106564A
	for <freebsd-questions@freebsd.org>;
	Sun, 22 Jul 2012 06:38:24 +0000 (UTC)
	(envelope-from guru@unixarea.de)
Received: from ms16-1.1blu.de (ms16-1.1blu.de [89.202.0.34])
	by mx1.freebsd.org (Postfix) with ESMTP id 8CA4D8FC14
	for <freebsd-questions@freebsd.org>;
	Sun, 22 Jul 2012 06:38:23 +0000 (UTC)
Received: from [188.174.214.14] (helo=localhost.my.domain)
	by ms16-1.1blu.de with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.69) (envelope-from <guru@unixarea.de>)
	id 1Sspo5-0000nm-8p; Sun, 22 Jul 2012 08:38:21 +0200
Received: from localhost.my.domain (localhost [127.0.0.1])
	by localhost.my.domain (8.14.4/8.14.3) with ESMTP id q6M6cJD2002524;
	Sun, 22 Jul 2012 08:38:19 +0200 (CEST)
	(envelope-from guru@unixarea.de)
Received: (from guru@localhost)
	by localhost.my.domain (8.14.4/8.14.3/Submit) id q6M6cIn4002523;
	Sun, 22 Jul 2012 08:38:18 +0200 (CEST)
	(envelope-from guru@unixarea.de)
X-Authentication-Warning: localhost.my.domain: guru set sender to
	guru@unixarea.de using -f
Date: Sun, 22 Jul 2012 08:38:18 +0200
From: Matthias Apitz <guru@unixarea.de>
To: Chuck Swiger <cswiger@mac.com>
Message-ID: <20120722063818.GA2445@tinyCurrent>
References: <20120721155922.GA4774@tinyCurrent>
	<E2209559-2902-48F4-93C1-224CDA680041@mac.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <E2209559-2902-48F4-93C1-224CDA680041@mac.com>
X-Operating-System: FreeBSD 9.0-CURRENT r214444 (i386)
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Con-Id: 51246
X-Con-U: 0-guru
X-Originating-IP: 188.174.214.14
Cc: freebsd-questions@freebsd.org
Subject: Re: setting up an openssl client/server
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Matthias Apitz <guru@unixarea.de>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Jul 2012 06:38:24 -0000

El día Saturday, July 21, 2012 a las 11:46:52AM -0700, Chuck Swiger escribió:

> On Jul 21, 2012, at 8:59 AM, Matthias Apitz wrote:
> > Then I copy over the files client.pem and server.pem to the example
> > software:
> > 
> > $ cp server.pem client.pem openssl-examples-20020110
> 
> You also need to copy server.key and client.key.

Thanks for your hints.

After the procedure described in my first mail, I have the
following files in that dir:

$ ls -ltr *.*
-rw-r--r--  1 guru  wheel     963 21 jul 17:31 privkey.pem
-rw-r--r--  1 guru  wheel     993 21 jul 17:31 ca.pem
-rw-r--r--  1 guru  wheel     887 21 jul 17:32 server.key
-rw-r--r--  1 guru  wheel     603 21 jul 17:33 server.req
-rw-r--r--  1 guru  wheel     887 21 jul 17:35 client.key
-rw-r--r--  1 guru  wheel     603 21 jul 17:36 client.req
-rw-r--r--  1 guru  wheel     745 21 jul 17:36 client.pem
-rw-r--r--  1 guru  wheel     745 21 jul 18:08 server.pem
-rw-r--r--  1 guru  wheel       3 21 jul 18:08 file.srl

I followed your hint and copied as well server.key and client.key:

$ cp server.key client.key openssl-examples-20020110

and put the server.key into the PEM file:

$ cat server.key server.pem > openssl-examples-20020110/server.pem

the example server expects the file in the current dir, I go to it:

$ cd openssl-examples-20020110

but now it is missing the CA file:

$ ./wserver
Can't read CA list
2478:error:02001002:system library:fopen:No such file or
directory:/usr/home/guru/myThings/FreeBSD/9-CURRENT/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:126:fopen('root.pem','r')
2478:error:2006D080:BIO routines:BIO_new_file:no such
file:/usr/home/guru/myThings/FreeBSD/9-CURRENT/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:129:
2478:error:0B084002:x509 certificate
routines:X509_load_cert_crl_file:system
lib:/usr/home/guru/myThings/FreeBSD/9-CURRENT/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/x509/by_file.c:274:

as a guess I copied the CA file as:

$ cp ../ca.pem root.pem

with the result:

$ ./wserver
Couldn't open DH file
2483:error:02001002:system library:fopen:No such file or
directory:/usr/home/guru/myThings/FreeBSD/9-CURRENT/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:126:fopen('dh1024.pem','r')
2483:error:2006D080:BIO routines:BIO_new_file:no such
file:/usr/home/guru/myThings/FreeBSD/9-CURRENT/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:129:

but I have no file dh1024.pem :-(

What it is missing, as well in the pages of www.openssl.org and
www.freebsd.org, is a complete step by step guide to make certificates
and keys to SSL a simple client/server communition, or at least I can't
see them.

Thanks

	matthias

-- 
Matthias Apitz
t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
e <guru@unixarea.de> - w http://www.unixarea.de/
UNIX since V7 on PDP-11 | UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2 | FreeBSD since 2.2.5