Calling 'openssl' utility as a C function?
Locked
Calling 'openssl' utility as a C function?
 
|
Hello, I need my embedded application to be capable of creating a CA and creating SSL certificate. My operating system is eCos, which means I don't have shell or any scripts, and I can't run utilities (However, I have a file system!). I can only use a C interface. I'm looking for a way to do what the 'openssl' utility does - just by calling OpenSSL library C functions. openssl req -x509 -newkey rsa -out cacert.pem -outform PEM -days 1825 I want to do it in C code, probably by one of the following ways: 1. call the main code of the openssl utility as a function, and prepare an appropriate arg/argc arguments vector, or 2. call directly the specific C function for the specific openssl subcommand ('req' in this case) with appropriate parameters. Note: - I can't use Unix specific APIs like getenv(); - command execution cannot be interactive (command arguments and configuration files have to supply all required parameters). |
Calling 'openssl' utility as a C function?
|
|
Hello, I need my embedded application to be capable of creating a CA and creating SSL certificate. My operating system is eCos, which means I don't have shell or any scripts, and I can't run utilities (However, I have a file system!). I can only use a C interface. I'm looking for a way to do what the 'openssl' utility does - just by calling OpenSSL library C functions. openssl req -x509 -newkey rsa -out cacert.pem -outform PEM -days 1825 I want to do it in C code, probably by one of the following ways: 1. call the main code of the openssl utility as a function, and prepare an appropriate arg/argc arguments vector, or 2. call directly the specific C function for the specific openssl subcommand ('req' in this case) with appropriate parameters. Note: - I can't use Unix specific APIs like getenv(); - command execution cannot be interactive (command arguments and configuration files have to supply all required parameters). Any suggestion how to do that? Thanks in advance, -- Amir |
Re: Calling 'openssl' utility as a C function?
|
|
In reply to this post by Amir Yiron
On Wed, Jan 11, 2006, Amir Yiron wrote:
> Hello, > > I need my embedded application to be capable of creating a CA and creating SSL certificate. > My operating system is eCos, which means I don't have shell or any scripts, and I can't run utilities (However, I have a file system!). > I can only use a C interface. > > I'm looking for a way to do what the 'openssl' utility does - just by calling OpenSSL library C functions. > e.g. I want to generate the CA root certificate and key, > so instead of calling: > openssl req -x509 -newkey rsa -out cacert.pem -outform PEM -days 1825 > I want to do it in C code, probably by one of the following ways: > 1. call the main code of the openssl utility as a function, and prepare an appropriate arg/argc arguments vector, or > 2. call directly the specific C function for the specific openssl subcommand ('req' in this case) with appropriate parameters. > > Note: > - I can't use Unix specific APIs like getenv(); > - command execution cannot be interactive (command arguments and configuration files have to supply all required parameters). > > The example code in demos/x509/mkcert.c would be a good starting point. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Re: Calling 'openssl' utility as a C function?
|
|
In reply to this post by Amir Yiron
Amir Yiron wrote:
> Hello, > > I need my embedded application to be capable of creating a CA and > creating SSL certificate. > > My operating system is eCos, which means I don't have shell or any > scripts, and I can't run utilities (However, I have a file system!). > > I can only use a C interface. > > I'm looking for a way to do what the 'openssl' utility does - just by > calling OpenSSL library C functions. > e.g. I want to generate the CA root certificate and key, > so instead of calling: > > openssl req -x509 -newkey rsa -out cacert.pem -outform PEM > -days 1825 > > I want to do it in C code, probably by one of the following ways: > > 1. call the main code of the openssl utility as a function, and > prepare an appropriate arg/argc arguments vector, or > > 2. call directly the specific C function for the specific openssl > subcommand ('req' in this case) with appropriate parameters. > > Note: > > - I can't use Unix specific APIs like getenv(); > > - command execution cannot be interactive (command arguments and > configuration files have to supply all required parameters) > Hope it helps Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 |
smime.p7s (4K)
RE: Calling 'openssl' utility as a C function?
|
|
In reply to this post by Amir Yiron
Thank you, Dr. Henson!
You helped me very much! I used the mkcert.c and it printed the certificate stuff to the stdout. Now, I try to map this output to appropriate SSL files. As a newbie to OpenSSL, I have some difficult here: in my server I'm using the following demo SSL files: server.pem => for cert & private key using: SSL_CTX_use_certificate_file() and SSL_CTX_use_PrivateKey_file() cacert.pem => for locations verification using: SSL_CTX_load_verify_locations() cakey.pem => is not in use currently Now, where does each one of mkcert print commands go? RSA_print_fp() ? (it prints info like: modulus, publicExponent, privateExponent, prime1, prime2, etc.) X509_print_fp() ? (it prints certificate data like: Version, Serial Number, Signature Algorithm, etc.) PEM_write_PrivateKey() ? (it prints the private key code starting with "-----BEGIN RSA PRIVATE KEY-----") PEM_write_X509() ? (it prints certificate code starting with "-----BEGIN CERTIFICATE-----") Thanks a lot, -- Amir -----Original Message----- From: [hidden email] [mailto:[hidden email]]On Behalf Of Dr. Stephen Henson Sent: Wednesday, January 11, 2006 3:54 PM To: [hidden email] Subject: Re: Calling 'openssl' utility as a C function? On Wed, Jan 11, 2006, Amir Yiron wrote: > Hello, > > I need my embedded application to be capable of creating a CA and creating SSL certificate. > My operating system is eCos, which means I don't have shell or any scripts, and I can't run utilities (However, I have a file system!). > I can only use a C interface. > > I'm looking for a way to do what the 'openssl' utility does - just by calling OpenSSL library C functions. > e.g. I want to generate the CA root certificate and key, > so instead of calling: > openssl req -x509 -newkey rsa -out cacert.pem -outform PEM -days 1825 > I want to do it in C code, probably by one of the following ways: > 1. call the main code of the openssl utility as a function, and prepare an appropriate arg/argc arguments vector, or > 2. call directly the specific C function for the specific openssl subcommand ('req' in this case) with appropriate parameters. > > Note: > - I can't use Unix specific APIs like getenv(); > - command execution cannot be interactive (command arguments and configuration files have to supply all required parameters). > > The example code in demos/x509/mkcert.c would be a good starting point. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Re: Calling 'openssl' utility as a C function?
|
|
In reply to this post by Amir Yiron
I ported OpenSSL a few years back to embedded environments for
EtcBin/EbsNet (http://www.ebsnetinc.com/); what I did (among other things) is extend the use of the 'MONOLITH' #define to create a single has-it-all demo application with a telnet-based interface. Yes, this requires some code changes, but only minimal changes to the actual OpenSSL library, easing its upgrade path when new OpenSSL releases come available. In your case, as you specifically state you won't have any user interaction, you can take option #1 (create an argv[] array in code), while renaming the main() function to something suitable (like the MONOLITH #define does to some apps/ in OpenSSL). OR - which I'd do if the changes have more impact or when the code is for production purposes instead of just demo value - extract the relevant code snippets from the OpenSSL apps\ sources and go from there. Makes for cleaner code, if you plan to add/change the functionality significantly. HTH Ger PS: please note that you may have to port several C run-time library calls in the OpenSSL code proper, depending on the functionality available in your own C run-time library; some preprocessor macros will help here to keep the OpenSSL code intact (and thus easier to upgrade), while rerouting the C run-time library calls to your own functions at compile time. PPS: I won't go into the actual quality of the 'security' offered by such an embedded CA; it depends on many parameters and there have been quite a few discussions about that in the past in these mailing lists. You might wish to check out the mailing list archives if this is important to you. On Wed Jan 11 05:05:10 PST 2006, Amir Yiron <[hidden email]> wrote: >> Hello, >> >> I need my embedded application to be capable of creating a CA >> and creating SSL certificate. >> My operating system is eCos, which means I don't have shell or >> any scripts, and I can't run utilities (However, I have a file >> system!). >> I can only use a C interface. |
RE: Calling 'openssl' utility as a C function?
|
|
Hi ,
We got SSL Certification from the Verisign .. Now , We have problem with the installation of .Cert Our WEB server uses Apache server on Windows 2003 server Operation System . I tried to install that CERT according to the Steps on Verisign Site .. When I try to modify the httpd.config file .. I got following error . "Syntax error on line [some number] of c:/appserv/apache/conf/httpd.conf: Invalid command ' SSLEngine', perhaps mis-spelled or defined by a module not included in the server configuration " My Apache server is 1.3.27 , I had used OpenSSL to generate the key .. By the way I downloaded the openssl-0.9.8a.tar.gz .. but I cant install it Plz Help me to install the cert .. I cant get enough information from the Verisign Support .. . Thanks , Kadir -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of Gerrit E.G. 'Insh_Allah' Hobbelt Sent: Tuesday, January 17, 2006 7:38 PM To: [hidden email] Subject: Re: Calling 'openssl' utility as a C function? I ported OpenSSL a few years back to embedded environments for EtcBin/EbsNet (http://www.ebsnetinc.com/); what I did (among other things) is extend the use of the 'MONOLITH' #define to create a single has-it-all demo application with a telnet-based interface. Yes, this requires some code changes, but only minimal changes to the actual OpenSSL library, easing its upgrade path when new OpenSSL releases come available. In your case, as you specifically state you won't have any user interaction, you can take option #1 (create an argv[] array in code), while renaming the main() function to something suitable (like the MONOLITH #define does to some apps/ in OpenSSL). OR - which I'd do if the changes have more impact or when the code is for production purposes instead of just demo value - extract the relevant code snippets from the OpenSSL apps\ sources and go from there. Makes for cleaner code, if you plan to add/change the functionality significantly. HTH Ger PS: please note that you may have to port several C run-time library calls in the OpenSSL code proper, depending on the functionality available in your own C run-time library; some preprocessor macros will help here to keep the OpenSSL code intact (and thus easier to upgrade), while rerouting the C run-time library calls to your own functions at compile time. PPS: I won't go into the actual quality of the 'security' offered by such an embedded CA; it depends on many parameters and there have been quite a few discussions about that in the past in these mailing lists. You might wish to check out the mailing list archives if this is important to you. On Wed Jan 11 05:05:10 PST 2006, Amir Yiron <[hidden email]> wrote: >> Hello, >> >> I need my embedded application to be capable of creating a CA >> and creating SSL certificate. >> My operating system is eCos, which means I don't have shell or >> any scripts, and I can't run utilities (However, I have a file >> system!). >> I can only use a C interface. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Re: Calling 'openssl' utility as a C function?
|
|
kadir iscmng wrote:
>Hi , > >We got SSL Certification from the Verisign .. > >Now , We have problem with the installation of .Cert > >Our WEB server uses Apache server on Windows 2003 server Operation System . > >I tried to install that CERT according to the Steps on Verisign Site .. > >When I try to modify the httpd.config file .. > >I got following error . > >"Syntax error on line [some number] of c:/appserv/apache/conf/httpd.conf: >Invalid command ' SSLEngine', perhaps mis-spelled or defined by a module not >included in the server configuration >" > > httpd.conf. It sounds more like you did not include a module in the server configuration (could it be that you did not include mod_ssl?)... I'd advise you to ask this on a mod_ssl (or the module you use to support SSL) or Apache mailing list. >My Apache server is 1.3.27 , I had used OpenSSL to generate the key .. >By the way I downloaded the openssl-0.9.8a.tar.gz .. but I cant install it >Plz Help me to install the cert .. >I cant get enough information from the Verisign Support .. >. > >Thanks , >Kadir >[...] > > ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 |
RE: Calling 'openssl' utility as a C function?
|
|
In reply to this post by kadir iscmng
Dear Kadir,
Did you enable mod_ssl while building httpd? Is mod_ssl listed in "httpd -l"? Most likely httpd doesn't recognize the directive "SSLEngine" since mod_ssl is not able to see it. Hope this helps. Also this mail belongs to Apache mailing list. :-) regards, Girish --- kadir iscmng <[hidden email]> wrote: > Hi , > > We got SSL Certification from the Verisign .. > > Now , We have problem with the installation of .Cert > > Our WEB server uses Apache server on Windows 2003 > server Operation System . > > I tried to install that CERT according to the Steps > on Verisign Site .. > > When I try to modify the httpd.config file .. > > I got following error . > > "Syntax error on line [some number] of > c:/appserv/apache/conf/httpd.conf: > Invalid command ' SSLEngine', perhaps mis-spelled or > defined by a module not > included in the server configuration > " > My Apache server is 1.3.27 , I had used OpenSSL to > generate the key .. > By the way I downloaded the openssl-0.9.8a.tar.gz .. > but I cant install it > Plz Help me to install the cert .. > I cant get enough information from the Verisign > Support .. > . > > Thanks , > Kadir > > -----Original Message----- > From: [hidden email] > [mailto:[hidden email]] On Behalf > Of Gerrit E.G. > 'Insh_Allah' Hobbelt > Sent: Tuesday, January 17, 2006 7:38 PM > To: [hidden email] > Subject: Re: Calling 'openssl' utility as a C > function? > > I ported OpenSSL a few years back to embedded > environments for > EtcBin/EbsNet (http://www.ebsnetinc.com/); what I > did (among other > things) is extend the use of the 'MONOLITH' #define > to create a > single has-it-all demo application with a > telnet-based interface. > > Yes, this requires some code changes, but only > minimal changes to > the actual OpenSSL library, easing its upgrade path > when new > OpenSSL releases come available. > > In your case, as you specifically state you won't > have any user > interaction, you can take option #1 (create an > argv[] array in > code), while renaming the main() function to > something suitable > (like the MONOLITH #define does to some apps/ in > OpenSSL). > > OR - which I'd do if the changes have more impact or > when the code > is for production purposes instead of just demo > value - extract > the relevant code snippets from the OpenSSL apps\ > sources and go > from there. Makes for cleaner code, if you plan to > add/change the > functionality significantly. > > HTH > > Ger > > PS: please note that you may have to port several C > run-time > library calls in the OpenSSL code proper, depending > on the > functionality available in your own C run-time > library; some > preprocessor macros will help here to keep the > OpenSSL code intact > (and thus easier to upgrade), while rerouting the C > run-time > library calls to your own functions at compile time. > > > PPS: I won't go into the actual quality of the > 'security' offered > by such an embedded CA; it depends on many > parameters and there > have been quite a few discussions about that in the > past in these > mailing lists. You might wish to check out the > mailing list > archives if this is important to you. > > > > > > On Wed Jan 11 05:05:10 PST 2006, Amir Yiron > <[hidden email]> wrote: > > >> Hello, > >> > >> I need my embedded application to be capable of > creating a CA > >> and creating SSL certificate. > >> My operating system is eCos, which means I don't > have shell or > >> any scripts, and I can't run utilities (However, > I have a file > >> system!). > >> I can only use a C interface. > > > OpenSSL Project > http://www.openssl.org > User Support Mailing List > [hidden email] > Automated List Manager > [hidden email] > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
RE: Calling 'openssl' utility as a C function?
|
|
Hi ,
Thanks for you time , So, Can you plz help me how to enable mod_ssl .. I think This is the problem we r facing . Thanks -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of Girish Venkatachalam Sent: Tuesday, January 17, 2006 8:31 PM To: [hidden email] Subject: RE: Calling 'openssl' utility as a C function? Dear Kadir, Did you enable mod_ssl while building httpd? Is mod_ssl listed in "httpd -l"? Most likely httpd doesn't recognize the directive "SSLEngine" since mod_ssl is not able to see it. Hope this helps. Also this mail belongs to Apache mailing list. :-) regards, Girish --- kadir iscmng <[hidden email]> wrote: > Hi , > > We got SSL Certification from the Verisign .. > > Now , We have problem with the installation of .Cert > > Our WEB server uses Apache server on Windows 2003 > server Operation System . > > I tried to install that CERT according to the Steps > on Verisign Site .. > > When I try to modify the httpd.config file .. > > I got following error . > > "Syntax error on line [some number] of > c:/appserv/apache/conf/httpd.conf: > Invalid command ' SSLEngine', perhaps mis-spelled or > defined by a module not > included in the server configuration > " > My Apache server is 1.3.27 , I had used OpenSSL to > generate the key .. > By the way I downloaded the openssl-0.9.8a.tar.gz .. > but I cant install it > Plz Help me to install the cert .. > I cant get enough information from the Verisign > Support .. > . > > Thanks , > Kadir > > -----Original Message----- > From: [hidden email] > [mailto:[hidden email]] On Behalf > Of Gerrit E.G. > 'Insh_Allah' Hobbelt > Sent: Tuesday, January 17, 2006 7:38 PM > To: [hidden email] > Subject: Re: Calling 'openssl' utility as a C > function? > > I ported OpenSSL a few years back to embedded > environments for > EtcBin/EbsNet (http://www.ebsnetinc.com/); what I > did (among other > things) is extend the use of the 'MONOLITH' #define > to create a > single has-it-all demo application with a > telnet-based interface. > > Yes, this requires some code changes, but only > minimal changes to > the actual OpenSSL library, easing its upgrade path > when new > OpenSSL releases come available. > > In your case, as you specifically state you won't > have any user > interaction, you can take option #1 (create an > argv[] array in > code), while renaming the main() function to > something suitable > (like the MONOLITH #define does to some apps/ in > OpenSSL). > > OR - which I'd do if the changes have more impact or > when the code > is for production purposes instead of just demo > value - extract > the relevant code snippets from the OpenSSL apps\ > sources and go > from there. Makes for cleaner code, if you plan to > add/change the > functionality significantly. > > HTH > > Ger > > PS: please note that you may have to port several C > run-time > library calls in the OpenSSL code proper, depending > on the > functionality available in your own C run-time > library; some > preprocessor macros will help here to keep the > OpenSSL code intact > (and thus easier to upgrade), while rerouting the C > run-time > library calls to your own functions at compile time. > > > PPS: I won't go into the actual quality of the > 'security' offered > by such an embedded CA; it depends on many > parameters and there > have been quite a few discussions about that in the > past in these > mailing lists. You might wish to check out the > mailing list > archives if this is important to you. > > > > > > On Wed Jan 11 05:05:10 PST 2006, Amir Yiron > <[hidden email]> wrote: > > >> Hello, > >> > >> I need my embedded application to be capable of > creating a CA > >> and creating SSL certificate. > >> My operating system is eCos, which means I don't > have shell or > >> any scripts, and I can't run utilities (However, > I have a file > >> system!). > >> I can only use a C interface. > > > OpenSSL Project > http://www.openssl.org > User Support Mailing List > [hidden email] > Automated List Manager > [hidden email] > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
RE: Calling 'openssl' utility as a C function?
|
|
Hi,
I have downloaded the mod_ssl-2.8.23-1.3.33.tar.gz, but my apache version is 1.3.27 ,so do I have to get mod_ssl-2.8.23-1.3.27.tar.gz version ? while applying the patch , I followed the following instruction " cd /usr/local/ tar -xvzf mod_ssl-2.8.12-1.3.27.tar.gz cd mod_ssl-2.8.12-1.3.27/ ./configure --with-apache=../apache_1.3.27 " But unfortunately my command prompt gives me 'tar' is not recognized as an internal or external command, ... I hope you ll help me to apply my patch ... My Apache is running on Windows2003 server .. Any Help will most welcome , Regards, Kadir -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of kadir iscmng Sent: Wednesday, January 18, 2006 10:08 AM To: [hidden email] Subject: RE: Calling 'openssl' utility as a C function? Hi , Thanks for you time , So, Can you plz help me how to enable mod_ssl .. I think This is the problem we r facing . Thanks -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of Girish Venkatachalam Sent: Tuesday, January 17, 2006 8:31 PM To: [hidden email] Subject: RE: Calling 'openssl' utility as a C function? Dear Kadir, Did you enable mod_ssl while building httpd? Is mod_ssl listed in "httpd -l"? Most likely httpd doesn't recognize the directive "SSLEngine" since mod_ssl is not able to see it. Hope this helps. Also this mail belongs to Apache mailing list. :-) regards, Girish --- kadir iscmng <[hidden email]> wrote: > Hi , > > We got SSL Certification from the Verisign .. > > Now , We have problem with the installation of .Cert > > Our WEB server uses Apache server on Windows 2003 > server Operation System . > > I tried to install that CERT according to the Steps > on Verisign Site .. > > When I try to modify the httpd.config file .. > > I got following error . > > "Syntax error on line [some number] of > c:/appserv/apache/conf/httpd.conf: > Invalid command ' SSLEngine', perhaps mis-spelled or > defined by a module not > included in the server configuration > " > My Apache server is 1.3.27 , I had used OpenSSL to > generate the key .. > By the way I downloaded the openssl-0.9.8a.tar.gz .. > but I cant install it > Plz Help me to install the cert .. > I cant get enough information from the Verisign > Support .. > . > > Thanks , > Kadir > > -----Original Message----- > From: [hidden email] > [mailto:[hidden email]] On Behalf > Of Gerrit E.G. > 'Insh_Allah' Hobbelt > Sent: Tuesday, January 17, 2006 7:38 PM > To: [hidden email] > Subject: Re: Calling 'openssl' utility as a C > function? > > I ported OpenSSL a few years back to embedded > environments for > EtcBin/EbsNet (http://www.ebsnetinc.com/); what I > did (among other > things) is extend the use of the 'MONOLITH' #define > to create a > single has-it-all demo application with a > telnet-based interface. > > Yes, this requires some code changes, but only > minimal changes to > the actual OpenSSL library, easing its upgrade path > when new > OpenSSL releases come available. > > In your case, as you specifically state you won't > have any user > interaction, you can take option #1 (create an > argv[] array in > code), while renaming the main() function to > something suitable > (like the MONOLITH #define does to some apps/ in > OpenSSL). > > OR - which I'd do if the changes have more impact or > when the code > is for production purposes instead of just demo > value - extract > the relevant code snippets from the OpenSSL apps\ > sources and go > from there. Makes for cleaner code, if you plan to > add/change the > functionality significantly. > > HTH > > Ger > > PS: please note that you may have to port several C > run-time > library calls in the OpenSSL code proper, depending > on the > functionality available in your own C run-time > library; some > preprocessor macros will help here to keep the > OpenSSL code intact > (and thus easier to upgrade), while rerouting the C > run-time > library calls to your own functions at compile time. > > > PPS: I won't go into the actual quality of the > 'security' offered > by such an embedded CA; it depends on many > parameters and there > have been quite a few discussions about that in the > past in these > mailing lists. You might wish to check out the > mailing list > archives if this is important to you. > > > > > > On Wed Jan 11 05:05:10 PST 2006, Amir Yiron > <[hidden email]> wrote: > > >> Hello, > >> > >> I need my embedded application to be capable of > creating a CA > >> and creating SSL certificate. > >> My operating system is eCos, which means I don't > have shell or > >> any scripts, and I can't run utilities (However, > I have a file > >> system!). > >> I can only use a C interface. > > > OpenSSL Project > http://www.openssl.org > User Support Mailing List > [hidden email] > Automated List Manager > [hidden email] > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
how to install MOD_SSL on Windows2003 server .. plz help!
|
|
Hi ,
I have download mod_ssl .. But I cant install this package , is there any solution to install this package on Win32/win2003 environment ? From my understanding, I should use a $ shell to compile PERL and MOD_SSL So From Where I can get this shell ? From the INSTALL.32 file , it suggests me to install the following packages To use mod_ssl you need at least the following two packages: o Package: Apache Version: 1.3.x Description: Apache Group HTTP Server Homepage: http://www.apache.org/ Distribution: http://www.apache.org/dist/ Tarball: apache_1.3.x.tar.gz Location: SF, USA Author(s): The Apache Group <[hidden email]> o Package: mod_ssl Version: 2.8.x Description: Apache Interface to OpenSSL Homepage: http://www.modssl.org/ Distribution: ftp://ftp.modssl.org/source/ Tarball: mod_ssl-2.8.x-1.3.x.tar.gz Location: Zurich, Switzerland, Europe Author(s): Ralf S. Engelschall <[hidden email]> If you have the OpenSSL package not already installed on your system you additionally need the following package: o Package: OpenSSL Version: 0.9.x Description: Open Source Toolkit for SSL/TLS Homepage: http://www.openssl.org/ Distribution: ftp://ftp.openssl.org/source/ Tarball: openssl-0.9.x.tar.gz Location: Zurich, Switzerland, Europe Author(s): The OpenSSL Project Finally you need the following auxiliary packages already installed (CygWin for unpacking the tarballs with GZip and Perl for building OpenSSL): o Package: CygWin32 Version: B20 Description: The Unix tools for Win32 Homepage: http://sourceware.cygnus.com/cygwin/ Distribution: ftp://sourceware.cygnus.com/pub/cygwin/ Tarball: usertools.exe Location: USA Author(s): Cygnus o Package: Perl Version: 5.004 or 5.005 Description: The Practical Extraction and Reporting Language Homepage: http://www.perl.com/ Distribution: http://www.perl.com/CPAN/src/5.0/ Tarball: perl5.00402-bindist04-bc.zip Location: USA Author(s): Larry Wall And finally you need MS Visual C++ 5.0 (Sorry, not free software :-(, but Apache only supports this compiler) o Package: Visual C++ Std. (or Pro) Version: 5.0 Description: The Microsoft C/C++ Compiler Framework Homepage: http://www.microsoft.com/vstudio/ Distribution: - Tarball: - Location: USA Author(s): Microsoft Corp. -------------------------------------------- I ve been trying to install the CRT for 2 days , Due to the mod_ssl installation problem, I cant do anythink -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of kadir iscmng Sent: Wednesday, January 18, 2006 10:48 AM To: [hidden email] Subject: RE: Calling 'openssl' utility as a C function? Hi, I have downloaded the mod_ssl-2.8.23-1.3.33.tar.gz, but my apache version is 1.3.27 ,so do I have to get mod_ssl-2.8.23-1.3.27.tar.gz version ? while applying the patch , I followed the following instruction " cd /usr/local/ tar -xvzf mod_ssl-2.8.12-1.3.27.tar.gz cd mod_ssl-2.8.12-1.3.27/ ./configure --with-apache=../apache_1.3.27 " But unfortunately my command prompt gives me 'tar' is not recognized as an internal or external command, ... I hope you ll help me to apply my patch ... My Apache is running on Windows2003 server .. Any Help will most welcome , Regards, Kadir -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of kadir iscmng Sent: Wednesday, January 18, 2006 10:08 AM To: [hidden email] Subject: RE: Calling 'openssl' utility as a C function? Hi , Thanks for you time , So, Can you plz help me how to enable mod_ssl .. I think This is the problem we r facing . Thanks -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of Girish Venkatachalam Sent: Tuesday, January 17, 2006 8:31 PM To: [hidden email] Subject: RE: Calling 'openssl' utility as a C function? Dear Kadir, Did you enable mod_ssl while building httpd? Is mod_ssl listed in "httpd -l"? Most likely httpd doesn't recognize the directive "SSLEngine" since mod_ssl is not able to see it. Hope this helps. Also this mail belongs to Apache mailing list. :-) regards, Girish --- kadir iscmng <[hidden email]> wrote: > Hi , > > We got SSL Certification from the Verisign .. > > Now , We have problem with the installation of .Cert > > Our WEB server uses Apache server on Windows 2003 > server Operation System . > > I tried to install that CERT according to the Steps > on Verisign Site .. > > When I try to modify the httpd.config file .. > > I got following error . > > "Syntax error on line [some number] of > c:/appserv/apache/conf/httpd.conf: > Invalid command ' SSLEngine', perhaps mis-spelled or > defined by a module not > included in the server configuration > " > My Apache server is 1.3.27 , I had used OpenSSL to > generate the key .. > By the way I downloaded the openssl-0.9.8a.tar.gz .. > but I cant install it > Plz Help me to install the cert .. > I cant get enough information from the Verisign > Support .. > . > > Thanks , > Kadir > > -----Original Message----- > From: [hidden email] > [mailto:[hidden email]] On Behalf > Of Gerrit E.G. > 'Insh_Allah' Hobbelt > Sent: Tuesday, January 17, 2006 7:38 PM > To: [hidden email] > Subject: Re: Calling 'openssl' utility as a C > function? > > I ported OpenSSL a few years back to embedded > environments for > EtcBin/EbsNet (http://www.ebsnetinc.com/); what I > did (among other > things) is extend the use of the 'MONOLITH' #define > to create a > single has-it-all demo application with a > telnet-based interface. > > Yes, this requires some code changes, but only > minimal changes to > the actual OpenSSL library, easing its upgrade path > when new > OpenSSL releases come available. > > In your case, as you specifically state you won't > have any user > interaction, you can take option #1 (create an > argv[] array in > code), while renaming the main() function to > something suitable > (like the MONOLITH #define does to some apps/ in > OpenSSL). > > OR - which I'd do if the changes have more impact or > when the code > is for production purposes instead of just demo > value - extract > the relevant code snippets from the OpenSSL apps\ > sources and go > from there. Makes for cleaner code, if you plan to > add/change the > functionality significantly. > > HTH > > Ger > > PS: please note that you may have to port several C > run-time > library calls in the OpenSSL code proper, depending > on the > functionality available in your own C run-time > library; some > preprocessor macros will help here to keep the > OpenSSL code intact > (and thus easier to upgrade), while rerouting the C > run-time > library calls to your own functions at compile time. > > > PPS: I won't go into the actual quality of the > 'security' offered > by such an embedded CA; it depends on many > parameters and there > have been quite a few discussions about that in the > past in these > mailing lists. You might wish to check out the > mailing list > archives if this is important to you. > > > > > > On Wed Jan 11 05:05:10 PST 2006, Amir Yiron > <[hidden email]> wrote: > > >> Hello, > >> > >> I need my embedded application to be capable of > creating a CA > >> and creating SSL certificate. > >> My operating system is eCos, which means I don't > have shell or > >> any scripts, and I can't run utilities (However, > I have a file > >> system!). > >> I can only use a C interface. > > > OpenSSL Project > http://www.openssl.org > User Support Mailing List > [hidden email] > Automated List Manager > [hidden email] > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Re: how to install MOD_SSL on Windows2003 server .. plz help!
|
|
kadir iscmng wrote:
>Hi , >I have download mod_ssl .. >But I cant install this package , is there any solution to install this >package on Win32/win2003 environment ? >>From my understanding, I should use a $ shell to compile PERL and MOD_SSL >So From Where I can get this shell ? > > >[...] > > http://httpd.apache.org/docs/1.3/misc/FAQ.html http://www.devside.net/web/server/windows/apache-ssl-deflate and maybe other hits of google with the search term "apache windows build" or similar... Ted -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 |
RE: how to install MOD_SSL on Windows2003 server .. plz help!
|
|
I still cant install my mod_ssl ..
IF anyone exists to install MOD_SSL on windows2003 server , plz let me know how it will be done ... I think there should be a shell $ to install mod_ssl on win2003 server .. Plz help me find that shell .. or other solution for this problem thanks -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of Bernhard Froehlich Sent: Wednesday, January 18, 2006 3:48 PM To: [hidden email] Subject: Re: how to install MOD_SSL on Windows2003 server .. plz help! kadir iscmng wrote: >Hi , >I have download mod_ssl .. >But I cant install this package , is there any solution to install this >package on Win32/win2003 environment ? >>From my understanding, I should use a $ shell to compile PERL and MOD_SSL >So From Where I can get this shell ? > > >[...] > > http://www.modssl.org/support/ http://httpd.apache.org/docs/1.3/misc/FAQ.html http://www.devside.net/web/server/windows/apache-ssl-deflate and maybe other hits of google with the search term "apache windows build" or similar... Ted -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
RE: how to install MOD_SSL on Windows2003 server .. plz help!
|
|
In reply to this post by Bernhard Fröhlich-2
Hi everybody,
I downloaded and installed SFU35SEL_EN.exe (Windows Services for UNIX)software I m using the Korn Shell from C Shell and Korn Shell .. So Korn Shell takes me to the C:\Documents and Settings\Administrator folder So I have copied my Apache,PHP,ModSSL,Perl,OpenSSL under here ... Now I m trying to install modssl i got into the modssl folder and type the followings ./configure \ > --with-apache=../apache \ > --with-ssl=/usr/local \ > --with-crt=/ usr/local/openssl/certs/server.crt \ > --with-key=/usr/local/openssl/private/server.key \ > --enable-shared=ssl \ > --enable-module=so \ > --disable-module=status 1) I have a Question for typing this , I m pressing ENTER for the next row .. Or I should wirite them in a line ? , Like: $./configure --with-apache=../apache --with-ssl=/usr/local -- etc Afer pressing Enter .. I shows me followings .. 2.) Configuring mod_ssl/2.8.14 for Apache/1.3.27 .Configure:Error: Cannot find Apache 1.3 source tree under ../apache ./configure:Hint: Please specify location via --with-apache=DIR Memory fault (core dumped) What does this error mean ? By the way the path /usr/local/openssl/certs/server.crt is under the c:\ 3.) I mean it s C:\usr\local\openssl\certs .. I m confused that where is the root of this shell .. Is it under the C:\ or C:\Documents and Settings\Administrator ? If it is the second one How can I Show the path of Apache and User/Local under the C:\ ? 4.) Please help me to install my CERT , I cant install it for 3 days ... Sorry 4 my poor English Thanks in advance ... -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of Bernhard Froehlich Sent: Wednesday, January 18, 2006 3:48 PM To: [hidden email] Subject: Re: how to install MOD_SSL on Windows2003 server .. plz help! kadir iscmng wrote: >Hi , >I have download mod_ssl .. >But I cant install this package , is there any solution to install this >package on Win32/win2003 environment ? >>From my understanding, I should use a $ shell to compile PERL and MOD_SSL >So From Where I can get this shell ? > > >[...] > > http://www.modssl.org/support/ http://httpd.apache.org/docs/1.3/misc/FAQ.html http://www.devside.net/web/server/windows/apache-ssl-deflate and maybe other hits of google with the search term "apache windows build" or similar... Ted -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
|
|
kadir iscmng wrote:
> I downloaded and installed SFU35SEL_EN.exe (Windows Services for UNIX) software I'll just warn you you've wandered deep, deep into uncharted waters :) The native win32 build is the only one most folks support. Some have invested effort and energy into getting 1.3 cygwin running, afaik without major issues. The 2.x versions definately aren't completely cygwin ready but some folks are working on cygwin, and mingw builds. Never read about anyone successfully deploying under SFU. Good luck. Bill ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
RE: how to install MOD_SSL on Windows2003 server .. plz help!
|
|
In reply to this post by Bernhard Fröhlich-2
I have Cygwin ..
I m trying to install Perl When I type sh Configure -de I get this error : "I don't know where 'make' is and my life depends on it. Go find a public domain implementation or fix your PATH settings!" I downloaded the dmake-4.1pl1-win32 .. I tried to install it .. , then retry the perl installation .. the same error occurred ... Any Help will most welcome .. Thanks , -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of Bernhard Froehlich Sent: Wednesday, January 18, 2006 3:48 PM To: [hidden email] Subject: Re: how to install MOD_SSL on Windows2003 server .. plz help! kadir iscmng wrote: >Hi , >I have download mod_ssl .. >But I cant install this package , is there any solution to install this >package on Win32/win2003 environment ? >>From my understanding, I should use a $ shell to compile PERL and MOD_SSL >So From Where I can get this shell ? > > >[...] > > http://www.modssl.org/support/ http://httpd.apache.org/docs/1.3/misc/FAQ.html http://www.devside.net/web/server/windows/apache-ssl-deflate and maybe other hits of google with the search term "apache windows build" or similar... Ted -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
«
Return to OpenSSL - User
|
1 view|%1 views
| Free forum by Nabble | Edit this page |