Calling 'openssl' utility as a C function?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
17 messages Options
Reply | Threaded
Open this post in threaded view
|

Calling 'openssl' utility as a C function?

Amir Yiron
Calling 'openssl' utility as a C function?

Hello,

I need my embedded application to be capable of creating a CA and creating SSL certificate.

My operating system is eCos, which means I don't have shell or any scripts, and I can't run utilities (However, I have a file system!).

I can only use a C interface.

I'm looking for a way to do what the 'openssl' utility does - just by calling OpenSSL library C functions.
e.g. I want to
generate the CA root certificate and key,
so instead of calling:

        openssl req -x509 -newkey rsa -out cacert.pem -outform PEM -days 1825

I want to do it in C code, probably by one of the following ways:

1. call the main code of the openssl utility as a function, and prepare an appropriate arg/argc arguments vector, or

2. call directly the specific C function for the specific openssl subcommand ('req' in this case) with appropriate parameters.

Note:

- I can't use Unix specific APIs like getenv();

- command execution cannot be interactive (command arguments and configuration files have to supply all required parameters).


Reply | Threaded
Open this post in threaded view
|

Calling 'openssl' utility as a C function?

Amir Yiron
Calling 'openssl' utility as a C function?

    Hello,

    I need my embedded application to be capable of creating a CA and creating SSL certificate.

    My operating system is eCos, which means I don't have shell or any scripts, and I can't run utilities (However, I have a file system!).

    I can only use a C interface.

    I'm looking for a way to do what the 'openssl' utility does - just by calling OpenSSL library C functions.
    e.g. I want to
    generate the CA root certificate and key,
    so instead of calling:

            openssl req -x509 -newkey rsa -out cacert.pem -outform PEM -days 1825

    I want to do it in C code, probably by one of the following ways:

    1. call the main code of the openssl utility as a function, and prepare an appropriate arg/argc arguments vector, or

    2. call directly the specific C function for the specific openssl subcommand ('req' in this case) with appropriate parameters.

    Note:

    - I can't use Unix specific APIs like getenv();

    - command execution cannot be interactive (command arguments and configuration files have to supply all required parameters).

    Any suggestion how to do that?

    Thanks in advance,

    -- Amir

Reply | Threaded
Open this post in threaded view
|

Re: Calling 'openssl' utility as a C function?

Dr. Stephen Henson
In reply to this post by Amir Yiron
On Wed, Jan 11, 2006, Amir Yiron wrote:

> Hello,
>
> I need my embedded application to be capable of creating a CA and creating SSL certificate.
> My operating system is eCos, which means I don't have shell or any scripts, and I can't run utilities (However, I have a file system!).
> I can only use a C interface.
>
> I'm looking for a way to do what the 'openssl' utility does - just by calling OpenSSL library C functions.
> e.g. I want to generate the CA root certificate and key,
> so instead of calling:
> openssl req -x509 -newkey rsa -out cacert.pem -outform PEM -days 1825
> I want to do it in C code, probably by one of the following ways:
> 1. call the main code of the openssl utility as a function, and prepare an appropriate arg/argc arguments vector, or
> 2. call directly the specific C function for the specific openssl subcommand ('req' in this case) with appropriate parameters.
>
> Note:
> - I can't use Unix specific APIs like getenv();
> - command execution cannot be interactive (command arguments and configuration files have to supply all required parameters).
>
>

The example code in demos/x509/mkcert.c would be a good starting point.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Calling 'openssl' utility as a C function?

Bernhard Fröhlich-2
In reply to this post by Amir Yiron
Amir Yiron wrote:

> Hello,
>
> I need my embedded application to be capable of creating a CA and
> creating SSL certificate.
>
> My operating system is eCos, which means I don't have shell or any
> scripts, and I can't run utilities (However, I have a file system!).
>
> I can only use a C interface.
>
> I'm looking for a way to do what the 'openssl' utility does - just by
> calling OpenSSL library C functions.
> e.g. I want to generate the CA root certificate and key,
> so instead of calling:
>
>         openssl req -x509 -newkey rsa -out cacert.pem -outform PEM
> -days 1825
>
> I want to do it in C code, probably by one of the following ways:
>
> 1. call the main code of the openssl utility as a function, and
> prepare an appropriate arg/argc arguments vector, or
>
> 2. call directly the specific C function for the specific openssl
> subcommand ('req' in this case) with appropriate parameters.
>
> Note:
>
> - I can't use Unix specific APIs like getenv();
>
> - command execution cannot be interactive (command arguments and
> configuration files have to supply all required parameters)
>
Have a look at the source code (apps/req.c) how it is done in the
utility. This is C-code and compilable on Windows.

Hope it helps
Ted
;)

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26


smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: Calling 'openssl' utility as a C function?

Amir Yiron
In reply to this post by Amir Yiron
Thank you, Dr. Henson!
You helped me very much!

I used the mkcert.c and it printed the certificate stuff to the stdout.
Now, I try to map this output to appropriate SSL files.
As a newbie to OpenSSL, I have some difficult here:

in my server I'm using the following demo SSL files:
server.pem => for cert & private key using: SSL_CTX_use_certificate_file() and SSL_CTX_use_PrivateKey_file()
cacert.pem => for locations verification using: SSL_CTX_load_verify_locations()
cakey.pem  => is not in use currently

Now, where does each one of mkcert print commands go?
RSA_print_fp() ?
        (it prints info like: modulus, publicExponent, privateExponent, prime1, prime2, etc.)
X509_print_fp() ?
        (it prints certificate data like: Version, Serial Number, Signature Algorithm, etc.)
PEM_write_PrivateKey() ?
        (it prints the private key code starting with "-----BEGIN RSA PRIVATE KEY-----")
PEM_write_X509() ?
        (it prints certificate code starting with "-----BEGIN CERTIFICATE-----")

Thanks a lot,
-- Amir

-----Original Message-----
From: [hidden email] [mailto:[hidden email]]On Behalf Of Dr. Stephen Henson
Sent: Wednesday, January 11, 2006 3:54 PM
To: [hidden email]
Subject: Re: Calling 'openssl' utility as a C function?


On Wed, Jan 11, 2006, Amir Yiron wrote:

> Hello,
>
> I need my embedded application to be capable of creating a CA and creating SSL certificate.
> My operating system is eCos, which means I don't have shell or any scripts, and I can't run utilities (However, I have a file system!).
> I can only use a C interface.
>
> I'm looking for a way to do what the 'openssl' utility does - just by calling OpenSSL library C functions.
> e.g. I want to generate the CA root certificate and key,
> so instead of calling:
> openssl req -x509 -newkey rsa -out cacert.pem -outform PEM -days 1825
> I want to do it in C code, probably by one of the following ways:
> 1. call the main code of the openssl utility as a function, and prepare an appropriate arg/argc arguments vector, or
> 2. call directly the specific C function for the specific openssl subcommand ('req' in this case) with appropriate parameters.
>
> Note:
> - I can't use Unix specific APIs like getenv();
> - command execution cannot be interactive (command arguments and configuration files have to supply all required parameters).
>
>

The example code in demos/x509/mkcert.c would be a good starting point.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Calling 'openssl' utility as a C function?

Gerrit E.G. Hobbelt
In reply to this post by Amir Yiron
I ported OpenSSL a few years back to embedded environments for
EtcBin/EbsNet (http://www.ebsnetinc.com/); what I did (among other
things) is extend the use of the 'MONOLITH' #define to create a
single has-it-all demo application with a telnet-based interface.

Yes, this requires some code changes, but only minimal changes to
the actual OpenSSL library, easing its upgrade path when new
OpenSSL releases come available.

In your case, as you specifically state you won't have any user
interaction, you can take option #1 (create an argv[] array in
code), while renaming the main() function to something suitable
(like the MONOLITH #define does to some apps/ in OpenSSL).

OR - which I'd do if the changes have more impact or when the code
is for production purposes instead of just demo value - extract
the relevant code snippets from the OpenSSL apps\ sources and go
from there. Makes for cleaner code, if you plan to add/change the
functionality significantly.

HTH

Ger

PS: please note that you may have to port several C run-time
library calls in the OpenSSL code proper, depending on the
functionality available in your own C run-time library; some
preprocessor macros will help here to keep the OpenSSL code intact
(and thus easier to upgrade), while rerouting the C run-time
library calls to your own functions at compile time.


PPS: I won't go into the actual quality of the 'security' offered
by such an embedded CA; it depends on many parameters and there
have been quite a few discussions about that in the past in these
mailing lists. You might wish to check out the mailing list
archives if this is important to you.





On Wed Jan 11 05:05:10 PST 2006, Amir Yiron
<[hidden email]> wrote:

>> Hello,
>>
>> I need my embedded application to be capable of creating a CA
>> and creating SSL certificate.
>> My operating system is eCos, which means I don't have shell or
>> any scripts, and I can't run utilities (However, I have a file
>> system!).
>> I can only use a C interface.
Reply | Threaded
Open this post in threaded view
|

RE: Calling 'openssl' utility as a C function?

kadir iscmng
Hi ,

We got SSL Certification from the Verisign  ..

Now , We have problem with the installation of .Cert

Our WEB server uses Apache server on Windows 2003 server Operation System .

I tried to install that CERT  according to the Steps on Verisign Site ..

When I  try to modify the httpd.config file  ..

I got  following error  .

"Syntax error on line [some number] of c:/appserv/apache/conf/httpd.conf:
Invalid command ' SSLEngine', perhaps mis-spelled or defined by a module not
included in the server configuration
"
My Apache server is 1.3.27 , I had used OpenSSL to generate the key  ..
By the way I downloaded the openssl-0.9.8a.tar.gz .. but I cant install it  
Plz Help me to install the cert  ..
I cant get enough information from the Verisign Support  ..
.

Thanks ,
Kadir

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Gerrit E.G.
'Insh_Allah' Hobbelt
Sent: Tuesday, January 17, 2006 7:38 PM
To: [hidden email]
Subject: Re: Calling 'openssl' utility as a C function?

I ported OpenSSL a few years back to embedded environments for
EtcBin/EbsNet (http://www.ebsnetinc.com/); what I did (among other
things) is extend the use of the 'MONOLITH' #define to create a
single has-it-all demo application with a telnet-based interface.

Yes, this requires some code changes, but only minimal changes to
the actual OpenSSL library, easing its upgrade path when new
OpenSSL releases come available.

In your case, as you specifically state you won't have any user
interaction, you can take option #1 (create an argv[] array in
code), while renaming the main() function to something suitable
(like the MONOLITH #define does to some apps/ in OpenSSL).

OR - which I'd do if the changes have more impact or when the code
is for production purposes instead of just demo value - extract
the relevant code snippets from the OpenSSL apps\ sources and go
from there. Makes for cleaner code, if you plan to add/change the
functionality significantly.

HTH

Ger

PS: please note that you may have to port several C run-time
library calls in the OpenSSL code proper, depending on the
functionality available in your own C run-time library; some
preprocessor macros will help here to keep the OpenSSL code intact
(and thus easier to upgrade), while rerouting the C run-time
library calls to your own functions at compile time.


PPS: I won't go into the actual quality of the 'security' offered
by such an embedded CA; it depends on many parameters and there
have been quite a few discussions about that in the past in these
mailing lists. You might wish to check out the mailing list
archives if this is important to you.





On Wed Jan 11 05:05:10 PST 2006, Amir Yiron
<[hidden email]> wrote:

>> Hello,
>>
>> I need my embedded application to be capable of creating a CA
>> and creating SSL certificate.
>> My operating system is eCos, which means I don't have shell or
>> any scripts, and I can't run utilities (However, I have a file
>> system!).
>> I can only use a C interface.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Calling 'openssl' utility as a C function?

Bernhard Fröhlich-2
kadir iscmng wrote:

>Hi ,
>
>We got SSL Certification from the Verisign  ..
>
>Now , We have problem with the installation of .Cert
>
>Our WEB server uses Apache server on Windows 2003 server Operation System .
>
>I tried to install that CERT  according to the Steps on Verisign Site ..
>
>When I  try to modify the httpd.config file  ..
>
>I got  following error  .
>
>"Syntax error on line [some number] of c:/appserv/apache/conf/httpd.conf:
>Invalid command ' SSLEngine', perhaps mis-spelled or defined by a module not
>included in the server configuration
>"
>  
>
I really doubt that OpenSSL or the certificate have anything to do with
this error message, since they do not influence (or are influenced by)
httpd.conf. It sounds more like you did not include a module in the
server configuration (could it be that you did not include mod_ssl?)...

I'd advise you to ask this on a mod_ssl (or the module you use to
support SSL) or Apache mailing list.

>My Apache server is 1.3.27 , I had used OpenSSL to generate the key  ..
>By the way I downloaded the openssl-0.9.8a.tar.gz .. but I cant install it  
>Plz Help me to install the cert  ..
>I cant get enough information from the Verisign Support  ..
>.
>
>Thanks ,
>Kadir
>[...]
>  
>
Hope it helps
Ted
;)

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26


smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: Calling 'openssl' utility as a C function?

Girish Venkatachalam
In reply to this post by kadir iscmng
Dear Kadir,

Did you enable mod_ssl while building httpd?

Is mod_ssl listed in "httpd -l"?

Most likely httpd doesn't recognize the directive
"SSLEngine" since mod_ssl is not able to see it.

Hope this helps.

Also this mail belongs to Apache mailing list. :-)

regards,
Girish

--- kadir iscmng <[hidden email]> wrote:

> Hi ,
>
> We got SSL Certification from the Verisign  ..
>
> Now , We have problem with the installation of .Cert
>
> Our WEB server uses Apache server on Windows 2003
> server Operation System .
>
> I tried to install that CERT  according to the Steps
> on Verisign Site ..
>
> When I  try to modify the httpd.config file  ..
>
> I got  following error  .
>
> "Syntax error on line [some number] of
> c:/appserv/apache/conf/httpd.conf:
> Invalid command ' SSLEngine', perhaps mis-spelled or
> defined by a module not
> included in the server configuration
> "
> My Apache server is 1.3.27 , I had used OpenSSL to
> generate the key  ..
> By the way I downloaded the openssl-0.9.8a.tar.gz ..
> but I cant install it  
> Plz Help me to install the cert  ..
> I cant get enough information from the Verisign
> Support  ..
> .
>
> Thanks ,
> Kadir
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf
> Of Gerrit E.G.
> 'Insh_Allah' Hobbelt
> Sent: Tuesday, January 17, 2006 7:38 PM
> To: [hidden email]
> Subject: Re: Calling 'openssl' utility as a C
> function?
>
> I ported OpenSSL a few years back to embedded
> environments for
> EtcBin/EbsNet (http://www.ebsnetinc.com/); what I
> did (among other
> things) is extend the use of the 'MONOLITH' #define
> to create a
> single has-it-all demo application with a
> telnet-based interface.
>
> Yes, this requires some code changes, but only
> minimal changes to
> the actual OpenSSL library, easing its upgrade path
> when new
> OpenSSL releases come available.
>
> In your case, as you specifically state you won't
> have any user
> interaction, you can take option #1 (create an
> argv[] array in
> code), while renaming the main() function to
> something suitable
> (like the MONOLITH #define does to some apps/ in
> OpenSSL).
>
> OR - which I'd do if the changes have more impact or
> when the code
> is for production purposes instead of just demo
> value - extract
> the relevant code snippets from the OpenSSL apps\
> sources and go
> from there. Makes for cleaner code, if you plan to
> add/change the
> functionality significantly.
>
> HTH
>
> Ger
>
> PS: please note that you may have to port several C
> run-time
> library calls in the OpenSSL code proper, depending
> on the
> functionality available in your own C run-time
> library; some
> preprocessor macros will help here to keep the
> OpenSSL code intact
> (and thus easier to upgrade), while rerouting the C
> run-time
> library calls to your own functions at compile time.
>
>
> PPS: I won't go into the actual quality of the
> 'security' offered
> by such an embedded CA; it depends on many
> parameters and there
> have been quite a few discussions about that in the
> past in these
> mailing lists. You might wish to check out the
> mailing list
> archives if this is important to you.
>
>
>
>
>
> On Wed Jan 11 05:05:10 PST 2006, Amir Yiron
> <[hidden email]> wrote:
>
> >> Hello,
> >>
> >> I need my embedded application to be capable of
> creating a CA
> >> and creating SSL certificate.
> >> My operating system is eCos, which means I don't
> have shell or
> >> any scripts, and I can't run utilities (However,
> I have a file
> >> system!).
> >> I can only use a C interface.
>
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                  
> [hidden email]
> Automated List Manager                          
> [hidden email]
>


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Calling 'openssl' utility as a C function?

kadir iscmng
Hi ,
Thanks for you time ,
So, Can you plz help me  how to enable mod_ssl  ..

I think This is the problem we r facing  .

 

Thanks


-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Girish Venkatachalam
Sent: Tuesday, January 17, 2006 8:31 PM
To: [hidden email]
Subject: RE: Calling 'openssl' utility as a C function?

Dear Kadir,

Did you enable mod_ssl while building httpd?

Is mod_ssl listed in "httpd -l"?

Most likely httpd doesn't recognize the directive
"SSLEngine" since mod_ssl is not able to see it.

Hope this helps.

Also this mail belongs to Apache mailing list. :-)

regards,
Girish

--- kadir iscmng <[hidden email]> wrote:

> Hi ,
>
> We got SSL Certification from the Verisign  ..
>
> Now , We have problem with the installation of .Cert
>
> Our WEB server uses Apache server on Windows 2003
> server Operation System .
>
> I tried to install that CERT  according to the Steps
> on Verisign Site ..
>
> When I  try to modify the httpd.config file  ..
>
> I got  following error  .
>
> "Syntax error on line [some number] of
> c:/appserv/apache/conf/httpd.conf:
> Invalid command ' SSLEngine', perhaps mis-spelled or
> defined by a module not
> included in the server configuration
> "
> My Apache server is 1.3.27 , I had used OpenSSL to
> generate the key  ..
> By the way I downloaded the openssl-0.9.8a.tar.gz ..
> but I cant install it  
> Plz Help me to install the cert  ..
> I cant get enough information from the Verisign
> Support  ..
> .
>
> Thanks ,
> Kadir
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf
> Of Gerrit E.G.
> 'Insh_Allah' Hobbelt
> Sent: Tuesday, January 17, 2006 7:38 PM
> To: [hidden email]
> Subject: Re: Calling 'openssl' utility as a C
> function?
>
> I ported OpenSSL a few years back to embedded
> environments for
> EtcBin/EbsNet (http://www.ebsnetinc.com/); what I
> did (among other
> things) is extend the use of the 'MONOLITH' #define
> to create a
> single has-it-all demo application with a
> telnet-based interface.
>
> Yes, this requires some code changes, but only
> minimal changes to
> the actual OpenSSL library, easing its upgrade path
> when new
> OpenSSL releases come available.
>
> In your case, as you specifically state you won't
> have any user
> interaction, you can take option #1 (create an
> argv[] array in
> code), while renaming the main() function to
> something suitable
> (like the MONOLITH #define does to some apps/ in
> OpenSSL).
>
> OR - which I'd do if the changes have more impact or
> when the code
> is for production purposes instead of just demo
> value - extract
> the relevant code snippets from the OpenSSL apps\
> sources and go
> from there. Makes for cleaner code, if you plan to
> add/change the
> functionality significantly.
>
> HTH
>
> Ger
>
> PS: please note that you may have to port several C
> run-time
> library calls in the OpenSSL code proper, depending
> on the
> functionality available in your own C run-time
> library; some
> preprocessor macros will help here to keep the
> OpenSSL code intact
> (and thus easier to upgrade), while rerouting the C
> run-time
> library calls to your own functions at compile time.
>
>
> PPS: I won't go into the actual quality of the
> 'security' offered
> by such an embedded CA; it depends on many
> parameters and there
> have been quite a few discussions about that in the
> past in these
> mailing lists. You might wish to check out the
> mailing list
> archives if this is important to you.
>
>
>
>
>
> On Wed Jan 11 05:05:10 PST 2006, Amir Yiron
> <[hidden email]> wrote:
>
> >> Hello,
> >>
> >> I need my embedded application to be capable of
> creating a CA
> >> and creating SSL certificate.
> >> My operating system is eCos, which means I don't
> have shell or
> >> any scripts, and I can't run utilities (However,
> I have a file
> >> system!).
> >> I can only use a C interface.
>
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                  
> [hidden email]
> Automated List Manager                          
> [hidden email]
>


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Calling 'openssl' utility as a C function?

kadir iscmng
Hi,
I have downloaded the mod_ssl-2.8.23-1.3.33.tar.gz,
but my apache version is 1.3.27 ,so do I have to get
mod_ssl-2.8.23-1.3.27.tar.gz  version ?
while applying the patch , I followed the following instruction

" cd /usr/local/
tar -xvzf mod_ssl-2.8.12-1.3.27.tar.gz
cd mod_ssl-2.8.12-1.3.27/
./configure --with-apache=../apache_1.3.27 "

But unfortunately my command prompt gives me 'tar' is not recognized as an
internal or external command, ...
I hope you ll help me to apply my patch  ...

My Apache is running on Windows2003 server  ..

Any Help will most welcome ,
Regards,
Kadir

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of kadir iscmng
Sent: Wednesday, January 18, 2006 10:08 AM
To: [hidden email]
Subject: RE: Calling 'openssl' utility as a C function?

Hi ,
Thanks for you time ,
So, Can you plz help me  how to enable mod_ssl  ..

I think This is the problem we r facing  .

 

Thanks


-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Girish Venkatachalam
Sent: Tuesday, January 17, 2006 8:31 PM
To: [hidden email]
Subject: RE: Calling 'openssl' utility as a C function?

Dear Kadir,

Did you enable mod_ssl while building httpd?

Is mod_ssl listed in "httpd -l"?

Most likely httpd doesn't recognize the directive
"SSLEngine" since mod_ssl is not able to see it.

Hope this helps.

Also this mail belongs to Apache mailing list. :-)

regards,
Girish

--- kadir iscmng <[hidden email]> wrote:

> Hi ,
>
> We got SSL Certification from the Verisign  ..
>
> Now , We have problem with the installation of .Cert
>
> Our WEB server uses Apache server on Windows 2003
> server Operation System .
>
> I tried to install that CERT  according to the Steps
> on Verisign Site ..
>
> When I  try to modify the httpd.config file  ..
>
> I got  following error  .
>
> "Syntax error on line [some number] of
> c:/appserv/apache/conf/httpd.conf:
> Invalid command ' SSLEngine', perhaps mis-spelled or
> defined by a module not
> included in the server configuration
> "
> My Apache server is 1.3.27 , I had used OpenSSL to
> generate the key  ..
> By the way I downloaded the openssl-0.9.8a.tar.gz ..
> but I cant install it  
> Plz Help me to install the cert  ..
> I cant get enough information from the Verisign
> Support  ..
> .
>
> Thanks ,
> Kadir
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf
> Of Gerrit E.G.
> 'Insh_Allah' Hobbelt
> Sent: Tuesday, January 17, 2006 7:38 PM
> To: [hidden email]
> Subject: Re: Calling 'openssl' utility as a C
> function?
>
> I ported OpenSSL a few years back to embedded
> environments for
> EtcBin/EbsNet (http://www.ebsnetinc.com/); what I
> did (among other
> things) is extend the use of the 'MONOLITH' #define
> to create a
> single has-it-all demo application with a
> telnet-based interface.
>
> Yes, this requires some code changes, but only
> minimal changes to
> the actual OpenSSL library, easing its upgrade path
> when new
> OpenSSL releases come available.
>
> In your case, as you specifically state you won't
> have any user
> interaction, you can take option #1 (create an
> argv[] array in
> code), while renaming the main() function to
> something suitable
> (like the MONOLITH #define does to some apps/ in
> OpenSSL).
>
> OR - which I'd do if the changes have more impact or
> when the code
> is for production purposes instead of just demo
> value - extract
> the relevant code snippets from the OpenSSL apps\
> sources and go
> from there. Makes for cleaner code, if you plan to
> add/change the
> functionality significantly.
>
> HTH
>
> Ger
>
> PS: please note that you may have to port several C
> run-time
> library calls in the OpenSSL code proper, depending
> on the
> functionality available in your own C run-time
> library; some
> preprocessor macros will help here to keep the
> OpenSSL code intact
> (and thus easier to upgrade), while rerouting the C
> run-time
> library calls to your own functions at compile time.
>
>
> PPS: I won't go into the actual quality of the
> 'security' offered
> by such an embedded CA; it depends on many
> parameters and there
> have been quite a few discussions about that in the
> past in these
> mailing lists. You might wish to check out the
> mailing list
> archives if this is important to you.
>
>
>
>
>
> On Wed Jan 11 05:05:10 PST 2006, Amir Yiron
> <[hidden email]> wrote:
>
> >> Hello,
> >>
> >> I need my embedded application to be capable of
> creating a CA
> >> and creating SSL certificate.
> >> My operating system is eCos, which means I don't
> have shell or
> >> any scripts, and I can't run utilities (However,
> I have a file
> >> system!).
> >> I can only use a C interface.
>
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                  
> [hidden email]
> Automated List Manager                          
> [hidden email]
>


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

how to install MOD_SSL on Windows2003 server .. plz help!

kadir iscmng
Hi ,
I have download mod_ssl  ..
But I cant install this package , is there any solution to install this
package on Win32/win2003 environment ?
From my understanding, I should use a $ shell to compile PERL and MOD_SSL
So From Where I can get this shell ?

From the INSTALL.32 file , it suggests me to install the following packages


To use mod_ssl you need at least the following two packages:

   o  Package:      Apache
      Version:      1.3.x
      Description:  Apache Group HTTP Server
      Homepage:     http://www.apache.org/
      Distribution: http://www.apache.org/dist/
      Tarball:      apache_1.3.x.tar.gz
      Location:     SF, USA
      Author(s):    The Apache Group <[hidden email]>

   o  Package:      mod_ssl
      Version:      2.8.x
      Description:  Apache Interface to OpenSSL
      Homepage:     http://www.modssl.org/
      Distribution: ftp://ftp.modssl.org/source/
      Tarball:      mod_ssl-2.8.x-1.3.x.tar.gz
      Location:     Zurich, Switzerland, Europe
      Author(s):    Ralf S. Engelschall <[hidden email]>

  If you have the OpenSSL package not already installed on your system you
  additionally need the following package:

   o  Package:      OpenSSL
      Version:      0.9.x
      Description:  Open Source Toolkit for SSL/TLS
      Homepage:     http://www.openssl.org/
      Distribution: ftp://ftp.openssl.org/source/
      Tarball:      openssl-0.9.x.tar.gz
      Location:     Zurich, Switzerland, Europe
      Author(s):    The OpenSSL Project

  Finally you need the following auxiliary packages already installed
  (CygWin for unpacking the tarballs with GZip and Perl for building
OpenSSL):

   o  Package:      CygWin32
      Version:      B20
      Description:  The Unix tools for Win32
      Homepage:     http://sourceware.cygnus.com/cygwin/
      Distribution: ftp://sourceware.cygnus.com/pub/cygwin/
      Tarball:      usertools.exe
      Location:     USA
      Author(s):    Cygnus
 
   o  Package:      Perl
      Version:      5.004 or 5.005
      Description:  The Practical Extraction and Reporting Language
      Homepage:     http://www.perl.com/
      Distribution: http://www.perl.com/CPAN/src/5.0/
      Tarball:      perl5.00402-bindist04-bc.zip
      Location:     USA
      Author(s):    Larry Wall

  And finally you need MS Visual C++ 5.0
  (Sorry, not free software :-(, but Apache only supports this compiler)

   o  Package:      Visual C++ Std. (or Pro)
      Version:      5.0
      Description:  The Microsoft C/C++ Compiler Framework
      Homepage:     http://www.microsoft.com/vstudio/
      Distribution: -
      Tarball:      -
      Location:     USA
      Author(s):    Microsoft Corp.
--------------------------------------------
I ve been trying to install the CRT for 2 days , Due to the mod_ssl
installation problem, I cant do anythink
-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of kadir iscmng
Sent: Wednesday, January 18, 2006 10:48 AM
To: [hidden email]
Subject: RE: Calling 'openssl' utility as a C function?

Hi,
I have downloaded the mod_ssl-2.8.23-1.3.33.tar.gz,
but my apache version is 1.3.27 ,so do I have to get
mod_ssl-2.8.23-1.3.27.tar.gz  version ?
while applying the patch , I followed the following instruction

" cd /usr/local/
tar -xvzf mod_ssl-2.8.12-1.3.27.tar.gz
cd mod_ssl-2.8.12-1.3.27/
./configure --with-apache=../apache_1.3.27 "

But unfortunately my command prompt gives me 'tar' is not recognized as an
internal or external command, ...
I hope you ll help me to apply my patch  ...

My Apache is running on Windows2003 server  ..

Any Help will most welcome ,
Regards,
Kadir

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of kadir iscmng
Sent: Wednesday, January 18, 2006 10:08 AM
To: [hidden email]
Subject: RE: Calling 'openssl' utility as a C function?

Hi ,
Thanks for you time ,
So, Can you plz help me  how to enable mod_ssl  ..

I think This is the problem we r facing  .

 

Thanks


-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Girish Venkatachalam
Sent: Tuesday, January 17, 2006 8:31 PM
To: [hidden email]
Subject: RE: Calling 'openssl' utility as a C function?

Dear Kadir,

Did you enable mod_ssl while building httpd?

Is mod_ssl listed in "httpd -l"?

Most likely httpd doesn't recognize the directive
"SSLEngine" since mod_ssl is not able to see it.

Hope this helps.

Also this mail belongs to Apache mailing list. :-)

regards,
Girish

--- kadir iscmng <[hidden email]> wrote:

> Hi ,
>
> We got SSL Certification from the Verisign  ..
>
> Now , We have problem with the installation of .Cert
>
> Our WEB server uses Apache server on Windows 2003
> server Operation System .
>
> I tried to install that CERT  according to the Steps
> on Verisign Site ..
>
> When I  try to modify the httpd.config file  ..
>
> I got  following error  .
>
> "Syntax error on line [some number] of
> c:/appserv/apache/conf/httpd.conf:
> Invalid command ' SSLEngine', perhaps mis-spelled or
> defined by a module not
> included in the server configuration
> "
> My Apache server is 1.3.27 , I had used OpenSSL to
> generate the key  ..
> By the way I downloaded the openssl-0.9.8a.tar.gz ..
> but I cant install it  
> Plz Help me to install the cert  ..
> I cant get enough information from the Verisign
> Support  ..
> .
>
> Thanks ,
> Kadir
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf
> Of Gerrit E.G.
> 'Insh_Allah' Hobbelt
> Sent: Tuesday, January 17, 2006 7:38 PM
> To: [hidden email]
> Subject: Re: Calling 'openssl' utility as a C
> function?
>
> I ported OpenSSL a few years back to embedded
> environments for
> EtcBin/EbsNet (http://www.ebsnetinc.com/); what I
> did (among other
> things) is extend the use of the 'MONOLITH' #define
> to create a
> single has-it-all demo application with a
> telnet-based interface.
>
> Yes, this requires some code changes, but only
> minimal changes to
> the actual OpenSSL library, easing its upgrade path
> when new
> OpenSSL releases come available.
>
> In your case, as you specifically state you won't
> have any user
> interaction, you can take option #1 (create an
> argv[] array in
> code), while renaming the main() function to
> something suitable
> (like the MONOLITH #define does to some apps/ in
> OpenSSL).
>
> OR - which I'd do if the changes have more impact or
> when the code
> is for production purposes instead of just demo
> value - extract
> the relevant code snippets from the OpenSSL apps\
> sources and go
> from there. Makes for cleaner code, if you plan to
> add/change the
> functionality significantly.
>
> HTH
>
> Ger
>
> PS: please note that you may have to port several C
> run-time
> library calls in the OpenSSL code proper, depending
> on the
> functionality available in your own C run-time
> library; some
> preprocessor macros will help here to keep the
> OpenSSL code intact
> (and thus easier to upgrade), while rerouting the C
> run-time
> library calls to your own functions at compile time.
>
>
> PPS: I won't go into the actual quality of the
> 'security' offered
> by such an embedded CA; it depends on many
> parameters and there
> have been quite a few discussions about that in the
> past in these
> mailing lists. You might wish to check out the
> mailing list
> archives if this is important to you.
>
>
>
>
>
> On Wed Jan 11 05:05:10 PST 2006, Amir Yiron
> <[hidden email]> wrote:
>
> >> Hello,
> >>
> >> I need my embedded application to be capable of
> creating a CA
> >> and creating SSL certificate.
> >> My operating system is eCos, which means I don't
> have shell or
> >> any scripts, and I can't run utilities (However,
> I have a file
> >> system!).
> >> I can only use a C interface.
>
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                  
> [hidden email]
> Automated List Manager                          
> [hidden email]
>


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: how to install MOD_SSL on Windows2003 server .. plz help!

Bernhard Fröhlich-2
kadir iscmng wrote:

>Hi ,
>I have download mod_ssl  ..
>But I cant install this package , is there any solution to install this
>package on Win32/win2003 environment ?
>>From my understanding, I should use a $ shell to compile PERL and MOD_SSL
>So From Where I can get this shell ?
>  
>
>[...]
>  
>
http://httpd.apache.org/docs/2.0/platform/win_compiling.html
http://www.modssl.org/support/
http://httpd.apache.org/docs/1.3/misc/FAQ.html
http://www.devside.net/web/server/windows/apache-ssl-deflate

and maybe other hits of google with the search term "apache windows
build" or similar...

Ted

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26


smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: how to install MOD_SSL on Windows2003 server .. plz help!

kadir iscmng
I still cant install my mod_ssl ..
IF anyone exists to  install MOD_SSL on windows2003 server , plz let me know
how it will be done  ...
I think there should be a shell $ to install mod_ssl  on win2003 server  ..
Plz help me find that shell  .. or other solution for this problem
thanks

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Bernhard Froehlich
Sent: Wednesday, January 18, 2006 3:48 PM
To: [hidden email]
Subject: Re: how to install MOD_SSL on Windows2003 server .. plz help!

kadir iscmng wrote:

>Hi ,
>I have download mod_ssl  ..
>But I cant install this package , is there any solution to install this
>package on Win32/win2003 environment ?
>>From my understanding, I should use a $ shell to compile PERL and MOD_SSL
>So From Where I can get this shell ?
>  
>
>[...]
>  
>
http://httpd.apache.org/docs/2.0/platform/win_compiling.html
http://www.modssl.org/support/
http://httpd.apache.org/docs/1.3/misc/FAQ.html
http://www.devside.net/web/server/windows/apache-ssl-deflate

and maybe other hits of google with the search term "apache windows
build" or similar...

Ted

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: how to install MOD_SSL on Windows2003 server .. plz help!

kadir iscmng
In reply to this post by Bernhard Fröhlich-2
Hi  everybody,
I downloaded and installed SFU35SEL_EN.exe (Windows Services for
UNIX)software
I m using the Korn Shell from  C Shell and Korn Shell ..
So Korn Shell takes me to the  C:\Documents and Settings\Administrator
folder
So I have copied my Apache,PHP,ModSSL,Perl,OpenSSL under here  ...
Now I m trying to install modssl
i got into the modssl folder and type the followings

./configure \
                > --with-apache=../apache \
                > --with-ssl=/usr/local \
                > --with-crt=/ usr/local/openssl/certs/server.crt \
                > --with-key=/usr/local/openssl/private/server.key \
                > --enable-shared=ssl \
                > --enable-module=so \
                > --disable-module=status
1) I have a Question for typing this , I m pressing  ENTER for the next row
..
Or I should wirite them in a line ? ,
 Like: $./configure --with-apache=../apache --with-ssl=/usr/local --  etc  

Afer pressing Enter .. I shows me followings ..

2.) Configuring mod_ssl/2.8.14 for Apache/1.3.27
.Configure:Error: Cannot find Apache 1.3 source tree under ../apache
./configure:Hint: Please specify location via --with-apache=DIR
Memory fault (core dumped)

What does this error mean ?
By the way the path  /usr/local/openssl/certs/server.crt is under the c:\
3.) I mean it s C:\usr\local\openssl\certs ..
I m confused that where is the root of this shell  ..
Is it under the C:\ or C:\Documents and Settings\Administrator ?
If it is the second one How can I Show the path of Apache and User/Local
under the C:\ ?

4.) Please help me to install my CERT , I cant install it for 3 days  ...

Sorry 4 my poor English
Thanks in advance  ...



-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Bernhard Froehlich
Sent: Wednesday, January 18, 2006 3:48 PM
To: [hidden email]
Subject: Re: how to install MOD_SSL on Windows2003 server .. plz help!

kadir iscmng wrote:

>Hi ,
>I have download mod_ssl  ..
>But I cant install this package , is there any solution to install this
>package on Win32/win2003 environment ?
>>From my understanding, I should use a $ shell to compile PERL and MOD_SSL
>So From Where I can get this shell ?
>  
>
>[...]
>  
>
http://httpd.apache.org/docs/2.0/platform/win_compiling.html
http://www.modssl.org/support/
http://httpd.apache.org/docs/1.3/misc/FAQ.html
http://www.devside.net/web/server/windows/apache-ssl-deflate

and maybe other hits of google with the search term "apache windows
build" or similar...

Ted

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: how to install MOD_SSL on Windows2003 server .. plz help!

wrowe
kadir iscmng wrote:
> I downloaded and installed SFU35SEL_EN.exe (Windows Services for UNIX) software

I'll just warn you you've wandered deep, deep into uncharted waters :)

The native win32 build is the only one most folks support.  Some have invested
effort and energy into getting 1.3 cygwin running, afaik without major issues.
The 2.x versions definately aren't completely cygwin ready but some folks are
working on cygwin, and mingw builds.

Never read about anyone successfully deploying under SFU.

Good luck.

Bill
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: how to install MOD_SSL on Windows2003 server .. plz help!

kadir iscmng
In reply to this post by Bernhard Fröhlich-2
I have Cygwin ..
I m trying to install Perl
When I type  sh Configure -de
I get this error  :
"I don't know where 'make' is and my life depends on it.  Go find a
public domain implementation or fix your PATH settings!"

I downloaded the dmake-4.1pl1-win32 .. I tried to install it  .. , then
retry the perl installation  .. the same error occurred ...

Any Help will most welcome  ..
Thanks ,

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Bernhard Froehlich
Sent: Wednesday, January 18, 2006 3:48 PM
To: [hidden email]
Subject: Re: how to install MOD_SSL on Windows2003 server .. plz help!

kadir iscmng wrote:

>Hi ,
>I have download mod_ssl  ..
>But I cant install this package , is there any solution to install this
>package on Win32/win2003 environment ?
>>From my understanding, I should use a $ shell to compile PERL and MOD_SSL
>So From Where I can get this shell ?
>  
>
>[...]
>  
>
http://httpd.apache.org/docs/2.0/platform/win_compiling.html
http://www.modssl.org/support/
http://httpd.apache.org/docs/1.3/misc/FAQ.html
http://www.devside.net/web/server/windows/apache-ssl-deflate

and maybe other hits of google with the search term "apache windows
build" or similar...

Ted

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]