Openssl installation....

EOA_Mushy

Hey all, im trying to get openssl installed on my server... Except i have little to no experience with cygwin/vc++

OS - win2k server

Is there a step by step guide for this any where that you might know about?

Any help most appriciated

lexeme

openssl is really sweet.

especially the EVP (type "man evp" into your cygwin shell, without quotes) cryptographic API.

why not just use a *NIX ?

download the compressed archive from the openssl website. these files have the .tar.gz extension.

tar (man tar) is an archive utility. it will pack multiple files into a single file. these archives are normally compressed, with gzip, bzip2 (stronger) rar (propritary, but good), and so on.

tar -zxvf openssl<version>.tar.gz

or

tar -jxvf openssl<version>.tar.bz2

maybe even

tar -Ixvf openssl<version>.tar.bz2

if you are using an old version of the tar program. the tar program will run the file through either the gzip or bzip2 program before deflating the files form the archive. alternatively, you can first call gunzip and then tar.

next, change directory to the newly created one.

cd openssl<version>

then run the configure script

./Configure --help

will give you a list of options, set some if you want. google for verbose explaination of these options. then run the script

./Configure -options which -are optional;
#or just run
./Configure

then compile

make

then install

make install

that's how you normally configure, build and install source code which comes packaged with the standard GNU make config files.

now you should have the right files in the right places. and you can

#include <openssl/evp.h>

and go crazy with the encryption API.

and of course, you can use secure sockets and talk to https web servers or whatever.


also, download a tool called ssldump. it's basically tcpdump, but it can recognise SSL communication (initiation, capability exchange and so on). it will show the packet contents as crypted text. but you can provide it with a key, and it will auto decrypt for you, if you know the key and put in the correct one.


Edit: i've never done this on windows with colinux, vmware, xen, ms virtual machine, cygwin or cygwin/X.
your mileage may vary

EOA_Mushy

cheers lexeme, will give it a shot.

EOA_Mushy

All happy, have the openssl compiled and installed...

And ooo' briliant :rolleyes: , just found out i have to go attempt to compile apache to get the mod_ssl module to work in the first place.

To use the cygwin compiler again can i just do as you mentioned above with the Unix source ....tar.gz

Will this work on a windows platform or is this just crazy talk?

E.G.

tar -zxvf httpd-2.0.55.tar.gz
....
./configure --prefix=/d:/apache2 --enable-module=dll
.....
make

[edit] Nope, i assume *.so modules dont work with windows...

jcunningham

http://prdownloads.sourceforge.net/gnuwin32/openssl-0.9.7c-bin.zip?use_mirror=heanet

Download the precompliled Windows version, make life a lot easier

EOA_Mushy

Now thats what im talking about!!!
Thank you dude, played around with c++ compiler / cygwin / some thing called awk (still dont know what this does... moduel for c++ maby ) untill i fell asleep on the key board last night... (7am -> up for other reasons 1.5hrs later)

Has been a good day... lol

EOA_Mushy

Damn it... thought that was the pre-compiled version of apache with the oppen ssl module... Should have known that couldnt be the case...
Have managed to compile openssl....

lexeme

EOA_Mushy wrote:

Damn it... thought that was the pre-compiled version of apache with the oppen ssl module... Should have known that couldnt be the case...
Have managed to compile openssl....

well done, there's nothing like doing it yourself. you won't rely on someone else compiling it for you.

read the awk man page ($man awk).
an alternative is a program called sed
you can using them for "parsing", or "editing" stuff. very archaic syntax though.

apache should compile the same as openssl

also, .so files are called shared objects. they are like the linux equivilent of windows .dll (dynamic link libs) files. but, they don't have to be loaded dynamically - there's nothing magically special that differentiates a statically loadable module from a dynamic one. they can be linked in at compile/link time, or, using a special API, they can be loaded at run-time. then you can call whatever functions() and use whatever classes/objects are in them.

it's easier to do it at compile time. pass the -l libraryName to the gcc compiler (which will pass it to the linker).

EOA_Mushy

lexeme wrote:

apache should compile the same as openssl

Yup figured this out just didnt know about the -l LibraryName arg....
ended up with apache with out openssl or php & copying the "LoadModule" from a binary to the compiled version...... Well guess.

lexeme

EOA_Mushy wrote:

Yup figured this out just didnt know about the -l LibraryName arg....
ended up with apache with out openssl or php & copying the "LoadModule" from a binary to the compiled version...... Well guess.

the -l option is only for gcc, so you would only use it with your programs when you are compiling them and you want to include another lib. -L would then be used to pass a path to gcc.

lets say you gcc -c -o class.o myclass.c.
then you would gcc -o binary -l class.o -L ./ main.c
if class.o was in /root/somedir you would gcc -o binary -l class.o -L /root/somedir/ main.c

or you can add the path to /etc/ld.so.conf

alternatively you can make use of the LD_LIBRARY_PATH environment variable, but that's not wise.

apache on the other hand you are going to compile using a configure script and the make system, not manually with gcc. you can if you want, but it could get messy. ./configure && make && make install.

when configuring it, you may have to pass in a path so it knows where to look for ossl.

whatever works for you i suppose.