diff options
author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 1999-10-01 14:10:46 +0000 |
---|---|---|
committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 1999-10-01 14:10:46 +0000 |
commit | 45a911116e9a62477d5fe055315a5669e2968e51 (patch) | |
tree | 12d441408f89cec640194b34cb0c7318c5ec9c7d /sbin/isakmpd | |
parent | da76e694d9d648d16f9e8997860f4d672828602d (diff) |
regress/x509/x509test.c: Merge with EOM 1.8
README.PKI: Merge with EOM 1.7
author: niklas
OpenSSL 0.9.4 support
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r-- | sbin/isakmpd/README.PKI | 21 | ||||
-rw-r--r-- | sbin/isakmpd/regress/x509/x509test.c | 12 |
2 files changed, 20 insertions, 13 deletions
diff --git a/sbin/isakmpd/README.PKI b/sbin/isakmpd/README.PKI index 11e4385b6ef..4b7d9f13a63 100644 --- a/sbin/isakmpd/README.PKI +++ b/sbin/isakmpd/README.PKI @@ -1,15 +1,14 @@ -$OpenBSD: README.PKI,v 1.6 1999/08/26 22:30:46 niklas Exp $ -$EOM: README.PKI,v 1.6 1999/08/12 22:34:26 niklas Exp $ +$OpenBSD: README.PKI,v 1.7 1999/10/01 14:10:45 niklas Exp $ +$EOM: README.PKI,v 1.7 1999/09/30 13:40:38 niklas Exp $ 1 Make sure you have an RSA-enabled isakmpd. An easy way to do this - is to find a dynamically linkable version of libcrypto from SSLeay - or perhaps OpenSSL (not tested by me) and install it where the - run-time linker can find it. + is to install a dynamically linkable version of libcrypto from + OpenSSL and install it where the run-time linker can find it. 2 Create your own CA as root. - ssleay genrsa -out /etc/ssl/private/ca.key 1024 - ssleay req -new -key /etc/ssl/private/ca.key \ + openssl genrsa -out /etc/ssl/private/ca.key 1024 + openssl req -new -key /etc/ssl/private/ca.key \ -out /etc/ssl/private/ca.csr You are now being asked to enter information that will be incorporated @@ -18,7 +17,7 @@ $EOM: README.PKI,v 1.6 1999/08/12 22:34:26 niklas Exp $ you can leave some blank. For some fields there will be a default value, if you enter '.', the field will be left blank. - ssleay x509 -req -days 365 -in /etc/ssl/private/ca.csr \ + openssl x509 -req -days 365 -in /etc/ssl/private/ca.csr \ -signkey /etc/ssl/private/ca.key \ -out /etc/ssl/ca.crt @@ -30,8 +29,8 @@ $EOM: README.PKI,v 1.6 1999/08/12 22:34:26 niklas Exp $ run too. See to encode the ID in the common name too, so it gets unique. - ssleay genrsa -out /etc/isakmpd/private/local.key 1024 - ssleay req -new -key /etc/isakmpd/private/local.key \ + openssl genrsa -out /etc/isakmpd/private/local.key 1024 + openssl req -new -key /etc/isakmpd/private/local.key \ -out /etc/isakmpd/private/10.0.0.1.csr Now take these certificate signing requests to your CA and process @@ -40,7 +39,7 @@ $EOM: README.PKI,v 1.6 1999/08/12 22:34:26 niklas Exp $ to run certpatch. Replace 10.0.0.1 with the IP-address which isakmpd will be using for identity. - ssleay x509 -req -days 365 -in 10.0.0.1.csr -CA /etc/ssl/ca.crt \ + openssl x509 -req -days 365 -in 10.0.0.1.csr -CA /etc/ssl/ca.crt \ -CAkey /etc/ssl/private/ca.key -CAcreateserial \ -out 10.0.0.1.crt certpatch -i 10.0.0.1 -k /etc/ssl/private/ca.key \ diff --git a/sbin/isakmpd/regress/x509/x509test.c b/sbin/isakmpd/regress/x509/x509test.c index a16500a2697..39ab6337c2e 100644 --- a/sbin/isakmpd/regress/x509/x509test.c +++ b/sbin/isakmpd/regress/x509/x509test.c @@ -1,5 +1,5 @@ -/* $OpenBSD: x509test.c,v 1.9 1999/08/26 22:30:46 niklas Exp $ */ -/* $EOM: x509test.c,v 1.7 1999/08/12 22:34:31 niklas Exp $ */ +/* $OpenBSD: x509test.c,v 1.10 1999/10/01 14:10:45 niklas Exp $ */ +/* $EOM: x509test.c,v 1.8 1999/09/30 13:40:39 niklas Exp $ */ /* * Copyright (c) 1998, 1999 Niels Provos. All rights reserved. @@ -132,7 +132,11 @@ main (int argc, char *argv[]) perror ("read"); exit (1); } +#if SSLEAY_VERSION_NUMBER >= 0x00904100L + priv_key = LC (PEM_read_bio_RSAPrivateKey, (keyfile, NULL, NULL, NULL)); +#else priv_key = LC (PEM_read_bio_RSAPrivateKey, (keyfile, NULL, NULL)); +#endif LC (BIO_free, (keyfile)); if (priv_key == NULL) { @@ -148,7 +152,11 @@ main (int argc, char *argv[]) perror ("read"); exit (1); } +#if SSLEAY_VERSION_NUMBER >= 0x00904100L + cert = LC (PEM_read_bio_X509, (certfile, NULL, NULL, NULL)); +#else cert = LC (PEM_read_bio_X509, (certfile, NULL, NULL)); +#endif LC (BIO_free, (certfile)); if (cert == NULL) { |