Box Backup OpenSSL Notes
TracNav
For Users
- Introduction
- Overview
- System Requirements
- Comparison With Other Systems
- Endorsements
Installation
Common Tasks
- Restoring Files
- Verify and Restore Whole Backups
- Checking Space Usage
- Managing Client Accounts
- Regular Maintenance
- Fixing Corruption on Server
- Recovering from Lost Keys
- Pull data from a USB hdd
- Recipies and HOWTOs
- Logging Output
- Related Projects
For Developers
- Developers Documentation
- Source Code Repository
- Coding Style
- Current Development Progress
- Future Development Plans
- Betas and Release Candidates
- Build Automation
Support
Ideally, you need to use version 0.9.7 or later of OpenSSL. If this is installed on your system by default (and it is on most recent releases of UNIX like OSes) then everything should just work.
However, if it isn't, you have a few options.
Upgrade Installation
The best option is to upgrade your installation to use 0.9.7. Hopefully your package manager will make this easy for you. This may require reinstallation of lots of software which depends on OpenSSL, so may not be ideal.
(But as there have been a few security flaws in OpenSSL recently, you probably want to upgrade it anyway.)
Install Another OpenSSL
The second best option is to install another copy. If you download and install from source, it will probably install into /usr/local/ssl. You can then configure Box Backup to use it using:
./configure openssl:/usr/local/ssl
which will set up the various includes and libraries for you.
The configuration scripts may be a problem, depending on your installation. See below for more information.
Use the Old Version of OpenSSL
If you have an old version installed, the configuration script will give you instructions on how to enable support for older versions. Read the warnings, and please, whatever you do, don't release binary packages or ports which enable this option.
You may have issues with the configuration scripts, see below.
If you have problems with the config scripts…
If you get OpenSSL related errors with the configuration scripts, there are two things to check.
- The bin directory within your OpenSSL directory is in the path (if you have installed another version)
- You have an <tt>openssl.cnf</tt> file which works and can be found.
OpenSSL Config File
You need to have an openssl.cnf file. The default will generally work well (see example at end). Make sure the openssl utility can find it, either set the OPENSSL_CONF environment variable, or install it into the location that is mentioned in the error messages.
Example OpenSSL Config File
# # OpenSSL example configuration file. # This is mostly being used for generation of certificate requests. # RANDFILE = /dev/arandom #################################################################### [ req ] default_bits = 1024 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes [ req_distinguished_name ] countryName = Country Name (2 letter code) #countryName_default = AU countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) #stateOrProvinceName_default = Some-State localityName = Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) #0.organizationName_default = Internet Widgits Pty Ltd # we can do this but it is not needed normally :-) #1.organizationName = Second Organization Name (eg, company) #1.organizationName_default = CryptSoft Pty Ltd organizationalUnitName = Organizational Unit Name (eg, section) #organizationalUnitName_default = commonName = Common Name (eg, fully qualified host name) commonName_max = 64 emailAddress = Email Address emailAddress_max = 64 [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 unstructuredName = An optional company name [ x509v3_extensions ] nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem nsComment = "This is a comment" # under ASN.1, the 0 bit would be encoded as 80 nsCertType = 0x40
