20170224_jeffrey - silenceuncrio/diary GitHub Wiki

0920

繼續深入 x509 相關事宜

參考 Creating OpenSSL x509 certificates

過程當中順便參考之前的電子書 - Cryptography and Network Security: Principles and Practice

1135

剛剛結束了 M300 的週會

我差不多要來把 HTPPS 結束掉了

1510

試著修改 iweb 讓它支援 HTTPS

compile 出現錯誤

build@96071aed6837:/var/m300/proscend/prosrc/icos/iweb/simplest_web_server_ssl$ make
/var/m300/build_small/tmp/sysroots/x86_64-linux/usr/bin/arm-poky-linux-gnueabi/arm-poky-linux-gnueabi-gcc  -march=armv7-a -mfloat-abi=hard -mfpu=neon -mtune=cortex-a7 --sysroot=/var/m300/build_small/tmp/sysroots/m300 -c  -finstrument-functions -fPIC -std=gnu99 -Wall -I/var/m300/proscend/prosrc/icos/include -I/var/m300/build_small/tmp/sysroots/m300/usr/include -I/var/m300/build_small/tmp/sysroots/x86_64-linux/usr/include  -O2 -pipe -g -feliminate-unused-debug-types -DMG_ENABLE_SSL -o simplest_web_server_ssl.o  simplest_web_server_ssl.c
/var/m300/build_small/tmp/sysroots/x86_64-linux/usr/bin/arm-poky-linux-gnueabi/arm-poky-linux-gnueabi-gcc  -march=armv7-a -mfloat-abi=hard -mfpu=neon -mtune=cortex-a7 --sysroot=/var/m300/build_small/tmp/sysroots/m300 -c  -finstrument-functions -fPIC -std=gnu99 -Wall -I/var/m300/proscend/prosrc/icos/include -I/var/m300/build_small/tmp/sysroots/m300/usr/include -I/var/m300/build_small/tmp/sysroots/x86_64-linux/usr/include  -O2 -pipe -g -feliminate-unused-debug-types -DMG_ENABLE_SSL -o mongoose.o  mongoose.c
=================================================================
build target default ...
=================================================================
/var/m300/build_small/tmp/sysroots/x86_64-linux/usr/bin/arm-poky-linux-gnueabi/arm-poky-linux-gnueabi-gcc  -march=armv7-a -mfloat-abi=hard -mfpu=neon -mtune=cortex-a7 --sysroot=/var/m300/build_small/tmp/sysroots/m300 -finstrument-functions -fPIC -std=gnu99 -Wall -I/var/m300/proscend/prosrc/icos/include -I/var/m300/build_small/tmp/sysroots/m300/usr/include -I/var/m300/build_small/tmp/sysroots/x86_64-linux/usr/include  -O2 -pipe -g -feliminate-unused-debug-types -DMG_ENABLE_SSL -Wl,-rpath,/tmp  --sysroot=/var/m300/build_small/tmp/sysroots/m300 -L/var/m300/proscend/prosrc/icos -L/var/m300/build_small/tmp/sysroots/m300/lib -L/var/m300/build_small/tmp/sysroots/m300/usr/lib -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed simplest_web_server_ssl.o mongoose.o -o simplest_web_server_ssl -lssl
/var/m300/build_small/tmp/sysroots/x86_64-linux/usr/libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/5.2.0/ld: mongoose.o: undefined reference to symbol 'BIO_new_file@@OPENSSL_1.0.0'
/var/m300/build_small/tmp/sysroots/m300/lib/libcrypto.so.1.0.0: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
make: *** [default] Error 1

關鍵是要 include libssl 和 libcrypto 這兩個 library

libcrypt 和 libcrypto 是不一樣的

1730

目前 iweb 已經能順利啟動 HTTPS

不過要注意整進 web icos module 的時候 iptable 的相關設定

還有就是 openssl 指令的相關部分也可以參考 GenOpenVPNCert.sh

aaron 是 owner...