wiki:OpenSSLNotes
close Warning: Error with navigation contributor "AccountModule"

Box Backup OpenSSL Notes

Ideally, you need to use version 0.9.7 or later of OpenSSL. If this is installed on your system by default (and it is on most recent releases of UNIX like OSes) then everything should just work.

However, if it isn't, you have a few options.

Upgrade Installation

The best option is to upgrade your installation to use 0.9.7. Hopefully your package manager will make this easy for you. This may require reinstallation of lots of software which depends on OpenSSL, so may not be ideal.

(But as there have been a few security flaws in OpenSSL recently, you probably want to upgrade it anyway.)

Install Another OpenSSL

The second best option is to install another copy. If you download and install from source, it will probably install into /usr/local/ssl. You can then configure Box Backup to use it using:

./configure openssl:/usr/local/ssl

which will set up the various includes and libraries for you.

The configuration scripts may be a problem, depending on your installation. See below for more information.

Use the Old Version of OpenSSL

If you have an old version installed, the configuration script will give you instructions on how to enable support for older versions. Read the warnings, and please, whatever you do, don't release binary packages or ports which enable this option.

You may have issues with the configuration scripts, see below.

If you have problems with the config scripts…

If you get OpenSSL related errors with the configuration scripts, there are two things to check.

  • The bin directory within your OpenSSL directory is in the path (if you have installed another version)
  • You have an <tt>openssl.cnf</tt> file which works and can be found.

OpenSSL Config File

You need to have an openssl.cnf file. The default will generally work well (see example at end). Make sure the openssl utility can find it, either set the OPENSSL_CONF environment variable, or install it into the location that is mentioned in the error messages.

Example OpenSSL Config File

#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#

RANDFILE                = /dev/arandom

####################################################################
[ req ]
default_bits            = 1024
default_keyfile         = privkey.pem
distinguished_name      = req_distinguished_name
attributes              = req_attributes

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
#countryName_default            = AU
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
#stateOrProvinceName_default    = Some-State

localityName                    = Locality Name (eg, city)

0.organizationName              = Organization Name (eg, company)
#0.organizationName_default     = Internet Widgits Pty Ltd

# we can do this but it is not needed normally :-)
#1.organizationName             = Second Organization Name (eg, company)
#1.organizationName_default     = CryptSoft Pty Ltd

organizationalUnitName          = Organizational Unit Name (eg, section)
#organizationalUnitName_default =

commonName                      = Common Name (eg, fully qualified host name)
commonName_max                  = 64

emailAddress                    = Email Address
emailAddress_max                = 64

[ req_attributes ]
challengePassword               = A challenge password
challengePassword_min           = 4
challengePassword_max           = 20

unstructuredName                = An optional company name

[ x509v3_extensions ]

nsCaRevocationUrl               = http://www.cryptsoft.com/ca-crl.pem
nsComment                       = "This is a comment"

# under ASN.1, the 0 bit would be encoded as 80
nsCertType                      = 0x40
Last modified 11 years ago Last modified on Nov 23, 2006, 12:26:59 AM