summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
diff options
context:
space:
mode:
authorNiklas Hallqvist <niklas@cvs.openbsd.org>1999-10-01 14:10:46 +0000
committerNiklas Hallqvist <niklas@cvs.openbsd.org>1999-10-01 14:10:46 +0000
commit45a911116e9a62477d5fe055315a5669e2968e51 (patch)
tree12d441408f89cec640194b34cb0c7318c5ec9c7d /sbin/isakmpd
parentda76e694d9d648d16f9e8997860f4d672828602d (diff)
regress/x509/x509test.c: Merge with EOM 1.8
README.PKI: Merge with EOM 1.7 author: niklas OpenSSL 0.9.4 support
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r--sbin/isakmpd/README.PKI21
-rw-r--r--sbin/isakmpd/regress/x509/x509test.c12
2 files changed, 20 insertions, 13 deletions
diff --git a/sbin/isakmpd/README.PKI b/sbin/isakmpd/README.PKI
index 11e4385b6ef..4b7d9f13a63 100644
--- a/sbin/isakmpd/README.PKI
+++ b/sbin/isakmpd/README.PKI
@@ -1,15 +1,14 @@
-$OpenBSD: README.PKI,v 1.6 1999/08/26 22:30:46 niklas Exp $
-$EOM: README.PKI,v 1.6 1999/08/12 22:34:26 niklas Exp $
+$OpenBSD: README.PKI,v 1.7 1999/10/01 14:10:45 niklas Exp $
+$EOM: README.PKI,v 1.7 1999/09/30 13:40:38 niklas Exp $
1 Make sure you have an RSA-enabled isakmpd. An easy way to do this
- is to find a dynamically linkable version of libcrypto from SSLeay
- or perhaps OpenSSL (not tested by me) and install it where the
- run-time linker can find it.
+ is to install a dynamically linkable version of libcrypto from
+ OpenSSL and install it where the run-time linker can find it.
2 Create your own CA as root.
- ssleay genrsa -out /etc/ssl/private/ca.key 1024
- ssleay req -new -key /etc/ssl/private/ca.key \
+ openssl genrsa -out /etc/ssl/private/ca.key 1024
+ openssl req -new -key /etc/ssl/private/ca.key \
-out /etc/ssl/private/ca.csr
You are now being asked to enter information that will be incorporated
@@ -18,7 +17,7 @@ $EOM: README.PKI,v 1.6 1999/08/12 22:34:26 niklas Exp $
you can leave some blank. For some fields there will be a default
value, if you enter '.', the field will be left blank.
- ssleay x509 -req -days 365 -in /etc/ssl/private/ca.csr \
+ openssl x509 -req -days 365 -in /etc/ssl/private/ca.csr \
-signkey /etc/ssl/private/ca.key \
-out /etc/ssl/ca.crt
@@ -30,8 +29,8 @@ $EOM: README.PKI,v 1.6 1999/08/12 22:34:26 niklas Exp $
run too. See to encode the ID in the common name too, so it gets
unique.
- ssleay genrsa -out /etc/isakmpd/private/local.key 1024
- ssleay req -new -key /etc/isakmpd/private/local.key \
+ openssl genrsa -out /etc/isakmpd/private/local.key 1024
+ openssl req -new -key /etc/isakmpd/private/local.key \
-out /etc/isakmpd/private/10.0.0.1.csr
Now take these certificate signing requests to your CA and process
@@ -40,7 +39,7 @@ $EOM: README.PKI,v 1.6 1999/08/12 22:34:26 niklas Exp $
to run certpatch. Replace 10.0.0.1 with the IP-address which isakmpd
will be using for identity.
- ssleay x509 -req -days 365 -in 10.0.0.1.csr -CA /etc/ssl/ca.crt \
+ openssl x509 -req -days 365 -in 10.0.0.1.csr -CA /etc/ssl/ca.crt \
-CAkey /etc/ssl/private/ca.key -CAcreateserial \
-out 10.0.0.1.crt
certpatch -i 10.0.0.1 -k /etc/ssl/private/ca.key \
diff --git a/sbin/isakmpd/regress/x509/x509test.c b/sbin/isakmpd/regress/x509/x509test.c
index a16500a2697..39ab6337c2e 100644
--- a/sbin/isakmpd/regress/x509/x509test.c
+++ b/sbin/isakmpd/regress/x509/x509test.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: x509test.c,v 1.9 1999/08/26 22:30:46 niklas Exp $ */
-/* $EOM: x509test.c,v 1.7 1999/08/12 22:34:31 niklas Exp $ */
+/* $OpenBSD: x509test.c,v 1.10 1999/10/01 14:10:45 niklas Exp $ */
+/* $EOM: x509test.c,v 1.8 1999/09/30 13:40:39 niklas Exp $ */
/*
* Copyright (c) 1998, 1999 Niels Provos. All rights reserved.
@@ -132,7 +132,11 @@ main (int argc, char *argv[])
perror ("read");
exit (1);
}
+#if SSLEAY_VERSION_NUMBER >= 0x00904100L
+ priv_key = LC (PEM_read_bio_RSAPrivateKey, (keyfile, NULL, NULL, NULL));
+#else
priv_key = LC (PEM_read_bio_RSAPrivateKey, (keyfile, NULL, NULL));
+#endif
LC (BIO_free, (keyfile));
if (priv_key == NULL)
{
@@ -148,7 +152,11 @@ main (int argc, char *argv[])
perror ("read");
exit (1);
}
+#if SSLEAY_VERSION_NUMBER >= 0x00904100L
+ cert = LC (PEM_read_bio_X509, (certfile, NULL, NULL, NULL));
+#else
cert = LC (PEM_read_bio_X509, (certfile, NULL, NULL));
+#endif
LC (BIO_free, (certfile));
if (cert == NULL)
{