zhaozg / openscep Goto Github PK
View Code? Open in Web Editor NEWOpenSCEP(minor change against http://openscep.othello.ch/)
License: GNU General Public License v2.0
openscep's Introduction
___ ____ ____ _____ ____ ___ _ _ ____
/ _ \ _ __ ___ _ __ / ___| / ___| ____| _ \ / _ \| || | |___ \
| | | | '_ \ / _ \ '_ \\___ \| | | _| | |_) |____| | | | || |_ __) |
| |_| | |_) | __/ | | |___) | |___| |___| __/_____| |_| |__ _| / __/
\___/| .__/ \___|_| |_|____/ \____|_____|_| \___(_) |_|(_)_____|
|_|
OpenSCEP is an open source implementation of the Simple Certificate
Enrollment Protocol SCEP used e.g. by Cisco routers to build a VPN
based on PKI technology.
What is SCEP?
=============
The protocol is documented in a recently expired internet draft
which for the convenience of the reader has been include in the
distribution in the doc directory. It basically works by sending a
PKCS#7 encrypted and signed certificate request to a CGI program
on an HTTP server, which then either returns a certificate, denies
it or puts it in a queue of pending requests. In the latter case
the client will poll the server until it either times out or receives
a certificate or is denied a certificate.
It is also possible to automatically issue a certificate if the
requesting user can be authenticated in an LDAP directory. The
protocol protects the password used to authenticate the user by
encrypting the certificate request. OpenSCEP will store the certificate
of the user automatically in the directory in this case.
Installation
============
This package is configured and built using the normal configure;
make; make install cycle you may be familiar with. However, to build
successfully, the following prerequisite packages need to be installed:
- openssl-2.0.7, note that other versions will work also, but are not
currently supported. In particular the schema extensions needed for
automatic enrollment are only documented in the form needed by
openldap 2. Other LDAP servers may work as well, but have not
been tested.
- openssl-0.9.6, note that a patch should be applied if you wish
crl distribution points to work (this patch is from openosp, and
the status is not quite clear). The patch can be found in the openssl
subdirectory of the distribution.
- Apache, probably almost any version will do. Other servers have not
been tested, but any server able to run CGI programs should do.
- Perl must be installed on the system. No special modules are required
though.
For Solaris, there is a binary package available. However, this package
was built with default settings on an UltraSPARC system, so the OpenSSL
libraries require the SPARC V8+ instruction set. They will not work on
systems only supporting the plain V8 instruction set, like the web server
openscep.othello.ch.
Configuration
=============
Setting up OpenSCEP is described in detail in the file SETUP in the
top level distribution directory.
--
$Id: README,v 1.13 2002/02/25 23:03:13 afm Exp $
openscep's People
Contributors
Stargazers
Watchers
openscep's Issues
安装openscep服务问题
你好!zhaozg
我是一名上海刚工作的java开发者,我在linux上安装openscep时,make编译时报错,能不能请教一下这方面的问题,这是我的qq:870963566, 非常感谢!
openscep 安装失败
mac osx 10.14.3
openssl version
# robert @ Paul in ~/openscep on git:master x [10:07:37] C:127
$ openssl version
OpenSSL 1.1.1b 26 Feb 2019
我注意到在
https://github.com/zhaozg/openscep/blob/master/include/scep.h#L20
中定义了openssl的版本在1.0.0以上
我在configure时指定了openssl的路径
# robert @ Paul in ~/openscep on git:master x [10:08:58]
$ ./configure --with-openssl-dir=/opt/openssl
checking build system type... i386-apple-darwin18.2.0
checking host system type... i386-apple-darwin18.2.0
checking target system type... i386-apple-darwin18.2.0
checking for a BSD compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking whether make sets ${MAKE}... yes
checking for working aclocal... found
checking for working autoconf... found
checking for working automake... found
checking for working autoheader... found
checking for working makeinfo... found
checking for gcc... gcc
checking for C compiler default output... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for executable suffix...
checking for object suffix... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for a BSD compatible install... /usr/bin/install -c
checking for mv... /bin/mv
checking for ldapsearch... /usr/bin/ldapsearch
checking for ldapsearch... /usr/bin/ldapsearch
checking for openssl... /opt/openssl/bin/openssl
checking for gethostbyname in -lnsl... no
checking for socket in -lsocket... no
checking for res_query in -lresolv... yes
checking for ber_init in -llber... yes
checking for ldap_init in -lldap... yes
checking for date... /bin/date
checking for pkgmk... no
checking for rpm... no
checking for perl... /usr/local/bin/perl
checking "whether we have the altzone global variable"... no
checking for ld used by GCC... /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld
checking if the linker (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld) is GNU ld... no
checking for /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld option to reload object files... -r
checking for BSD-compatible nm... /usr/bin/nm -B
checking whether ln -s works... yes
checking how to recognise dependant libraries... file_magic Mach-O dynamically linked shared library
checking command to parse /usr/bin/nm -B output... rm: conftest.dSYM: is a directory
rm: conftest.dSYM: is a directory
rm: conftest.dSYM: is a directory
rm: conftest.dSYM: is a directory
ok
checking how to run the C preprocessor... gcc -E
checking for dlfcn.h... yes
checking for ranlib... ranlib
checking for strip... strip
checking for objdir... .libs
checking for gcc option to produce PIC... -fno-common
checking if gcc PIC flag -fno-common works... yes
checking if gcc static flag -static works... no
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.lo... yes
checking if gcc supports -fno-rtti -fno-exceptions... yes
checking whether the linker (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld) supports shared libraries... yes
checking how to hardcode library paths into programs... unsupported
checking whether stripping libraries is possible... no
checking dynamic linker characteristics... darwin18.2.0 dyld
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for shl_load... no
checking for shl_load in -ldld... no
checking for dlopen... yes
checking whether a program can dlopen itself... yes
checking whether a statically linked program can dlopen itself... yes
creating libtool
checking for dlopen in -ldl... yes
checking for ANSI C header files... rm: conftest.dSYM: is a directory
rm: conftest.dSYM: is a directory
yes
checking whether byte ordering is bigendian... no
checking for strdup... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating include/Makefile
config.status: creating lib/Makefile
config.status: creating scep/Makefile
config.status: creating scepd/Makefile
config.status: creating cgi-bin/Makefile
config.status: creating ldap/Makefile
config.status: creating openssl/Makefile
config.status: creating doc/Makefile
config.status: creating html/Makefile
config.status: creating man/Makefile
config.status: creating package/Makefile
config.status: creating rpm/Makefile
config.status: creating config.sh
config.status: creating include/config.h
config.status: include/config.h is unchanged
configure: configuring in libltdl
configure: running /bin/ksh './configure' --with-openssl-dir=/opt/openssl --enable-ltdl-convenience --cache-file=/dev/null --srcdir=.
loading cache /dev/null
checking for a BSD compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking whether make sets ${MAKE}... yes
checking for working aclocal... found
checking for working autoconf... found
checking for working automake... found
checking for working autoheader... found
checking for working makeinfo... found
checking whether to enable maintainer-specific portions of Makefiles... no
checking for gcc... gcc
checking whether the C compiler (gcc ) works... yes
checking whether the C compiler (gcc ) is a cross-compiler... no
checking whether we are using GNU C... yes
checking whether gcc accepts -g... yes
checking for working const... yes
checking for inline... inline
checking host system type... i386-apple-darwin18.2.0
checking build system type... i386-apple-darwin18.2.0
checking for ranlib... ranlib
checking for ld used by GCC... /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld
checking if the linker (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld) is GNU ld... no
checking for BSD-compatible nm... /usr/bin/nm -B
checking whether ln -s works... yes
updating cache /dev/null
loading cache /dev/null within ltconfig
checking for object suffix... o
checking for executable suffix... rm: conftest.dSYM: is a directory
.dSYM
checking for gcc option to produce PIC... -fPIC
checking if gcc PIC flag -fPIC works... rm: conftest.dSYM: is a directory
yes
rm: conftest.dSYM: is a directory
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.lo... rm: conftest.dSYM: is a directory
yes
rm: conftest.dSYM: is a directory
checking if gcc supports -fno-rtti -fno-exceptions ... rm: conftest.dSYM: is a directory
yes
rm: conftest.dSYM: is a directory
checking if gcc static flag -static works... rm: conftest.dSYM: is a directory
none
rm: conftest.dSYM: is a directory
checking if the linker (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld) is GNU ld... no
checking whether the linker (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld) supports shared libraries... no
checking command to parse /usr/bin/nm -B output... rm: conftest.dSYM: is a directory
rm: conftest.dSYM: is a directory
rm: conftest.dSYM: is a directory
rm: conftest.dSYM: is a directory
ok
checking how to hardcode library paths into programs... unsupported
checking for /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld option to reload object files... -r
checking dynamic linker characteristics... no
checking if libtool supports shared libraries... no
checking whether to build shared libraries... no
checking whether to build static libraries... yes
checking for objdir... .libs
creating libtool
updating cache /dev/null
loading cache /dev/null
checking which extension is used for shared libraries...
checking which variable specifies run-time library path...
checking for objdir...
checking how to run the C preprocessor... rm: conftest.dSYM: is a directory
gcc -E
checking for ANSI C header files... yes
checking for malloc.h... no
checking for memory.h... yes
checking for stdlib.h... yes
checking for stdio.h... yes
checking for ctype.h... yes
checking for dlfcn.h... yes
checking for dl.h... no
checking for dld.h... no
checking for string.h... yes
checking for strchr... yes
checking for strrchr... yes
checking whether libtool supports -dlopen/-dlpreopen... no
checking for dlopen in -ldl... yes
checking for shl_load... no
checking for shl_load in -ldld... no
checking for dld_link in -ldld... no
checking for dlerror... yes
checking command to parse /usr/bin/nm -B output... yes
checking for _ prefix in compiled symbols... (cached) yes
checking whether we have to add an underscore for dlsym... no
updating cache /dev/null
creating ./config.status
creating Makefile
creating config.h
config.h is unchanged
# robert @ Paul in ~/openscep on git:master x [10:00:10]
$ make
Making all in libltdl
/bin/ksh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -c ltdl.c
./libtool[727]: test: argument expected
gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -c ltdl.c -o ltdl.o
echo timestamp > ltdl.lo
/bin/ksh ./libtool --mode=link gcc -g -O2 -o libltdlc.la ltdl.lo -ldl
mkdir .libs
rm -fr .libs/libltdlc.la .libs/libltdlc.* .libs/libltdlc.*
ar cru .libs/libltdlc.a ltdl.o
ranlib .libs/libltdlc.a
creating libltdlc.la
(cd .libs && rm -f libltdlc.la && ln -s ../libltdlc.la libltdlc.la)
Making all in include
Making all in openssl
sh ../config.sh <openscepsetup.in >openscepsetup
sh ../config.sh <openscep.cnf.in >openscep.cnf
Making all in ldap
sh ../config.sh <openscep.ldif.in >openscep.ldif
Making all in lib
/bin/ksh ../libtool --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I../include -I../libltdl -I../include -I/opt/openssl/include -DOPENSCEPDIR=\"/usr/local/lib/openscep\" -g -O2 -c init.c
mkdir .libs
gcc -DHAVE_CONFIG_H -I. -I. -I../include -I../libltdl -I../include -I/opt/openssl/include "-DOPENSCEPDIR=\"/usr/local/lib/openscep\"" -g -O2 -c init.c -fno-common -DPIC -o .libs/init.lo
gcc -DHAVE_CONFIG_H -I. -I. -I../include -I../libltdl -I../include -I/opt/openssl/include "-DOPENSCEPDIR=\"/usr/local/lib/openscep\"" -g -O2 -c init.c -o init.o >/dev/null 2>&1
mv -f .libs/init.lo init.lo
/bin/ksh ../libtool --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I../include -I../libltdl -I../include -I/opt/openssl/include -DOPENSCEPDIR=\"/usr/local/lib/openscep\" -g -O2 -c isasu.c
rm -f .libs/isasu.lo
gcc -DHAVE_CONFIG_H -I. -I. -I../include -I../libltdl -I../include -I/opt/openssl/include "-DOPENSCEPDIR=\"/usr/local/lib/openscep\"" -g -O2 -c isasu.c -fno-common -DPIC -o .libs/isasu.lo
In file included from isasu.c:9:
/opt/openssl/include/openssl/asn1_mac.h:10:2: error: "This file is obsolete; please update your software."
#error "This file is obsolete; please update your software."
^
isasu.c:26:2: warning: implicit declaration of function 'M_ASN1_I2D_vars' is invalid in C99 [-Wimplicit-function-declaration]
M_ASN1_I2D_vars(a);
^
isasu.c:27:2: warning: implicit declaration of function 'M_ASN1_I2D_len' is invalid in C99 [-Wimplicit-function-declaration]
M_ASN1_I2D_len(a->issuer, i2d_X509_NAME);
^
isasu.c:29:2: warning: implicit declaration of function 'M_ASN1_I2D_seq_total' is invalid in C99 [-Wimplicit-function-declaration]
M_ASN1_I2D_seq_total();
^
isasu.c:30:2: warning: implicit declaration of function 'M_ASN1_I2D_put' is invalid in C99 [-Wimplicit-function-declaration]
M_ASN1_I2D_put(a->issuer, i2d_X509_NAME);
^
isasu.c:32:2: warning: implicit declaration of function 'M_ASN1_I2D_finish' is invalid in C99 [-Wimplicit-function-declaration]
M_ASN1_I2D_finish();
^
isasu.c:37:2: warning: implicit declaration of function 'M_ASN1_D2I_vars' is invalid in C99 [-Wimplicit-function-declaration]
M_ASN1_D2I_vars(a, issuer_and_subject_t *,issuer_and_subject_new);
^
isasu.c:37:21: error: unexpected type name 'issuer_and_subject_t': expected expression
M_ASN1_D2I_vars(a, issuer_and_subject_t *,issuer_and_subject_new);
^
isasu.c:37:43: error: expected expression
M_ASN1_D2I_vars(a, issuer_and_subject_t *,issuer_and_subject_new);
^
isasu.c:38:2: warning: implicit declaration of function 'M_ASN1_D2I_Init' is invalid in C99 [-Wimplicit-function-declaration]
M_ASN1_D2I_Init();
^
isasu.c:39:2: warning: implicit declaration of function 'M_ASN1_D2I_start_sequence' is invalid in C99 [-Wimplicit-function-declaration]
M_ASN1_D2I_start_sequence();
^
isasu.c:40:2: warning: implicit declaration of function 'M_ASN1_D2I_get' is invalid in C99 [-Wimplicit-function-declaration]
M_ASN1_D2I_get(ret->issuer, d2i_X509_NAME);
^
isasu.c:40:17: error: use of undeclared identifier 'ret'
M_ASN1_D2I_get(ret->issuer, d2i_X509_NAME);
^
isasu.c:41:17: error: use of undeclared identifier 'ret'
M_ASN1_D2I_get(ret->subject, d2i_X509_NAME);
^
isasu.c:42:3: warning: implicit declaration of function 'M_ASN1_D2I_Finish' is invalid in C99 [-Wimplicit-function-declaration]
M_ASN1_D2I_Finish(a, issuer_and_subject_free,
^
isasu.c:48:10: error: expected ';' after expression
ASN1_CTX c;
^
;
isasu.c:48:2: error: use of undeclared identifier 'ASN1_CTX'; did you mean 'ASN1_dup'?
ASN1_CTX c;
^~~~~~~~
ASN1_dup
/opt/openssl/include/openssl/asn1.h:688:7: note: 'ASN1_dup' declared here
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
^
isasu.c:48:12: error: use of undeclared identifier 'c'
ASN1_CTX c;
^
isasu.c:49:2: warning: implicit declaration of function 'M_ASN1_New_Malloc' is invalid in C99 [-Wimplicit-function-declaration]
M_ASN1_New_Malloc(ret, issuer_and_subject_t);
^
isasu.c:49:25: error: unexpected type name 'issuer_and_subject_t': expected expression
M_ASN1_New_Malloc(ret, issuer_and_subject_t);
^
isasu.c:50:2: warning: implicit declaration of function 'M_ASN1_New' is invalid in C99 [-Wimplicit-function-declaration]
M_ASN1_New(ret->issuer, X509_NAME_new);
^
isasu.c:53:3: warning: implicit declaration of function 'M_ASN1_New_Error' is invalid in C99 [-Wimplicit-function-declaration]
M_ASN1_New_Error(-1); /* wrong error code */
^
isasu.c:48:2: warning: expression result unused [-Wunused-value]
ASN1_CTX c;
^~~~~~~~
14 warnings and 9 errors generated.
make[1]: *** [isasu.lo] Error 1
make: *** [all-recursive] Error 1
请问你可以帮助我吗?
openscep installation on ubuntu server 14
Hi All,
I have a problem in installing openscep on ubuntu server 14.
Does anyone here successfully install the openscep on new ubuntu server os?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.