File: README

package info (click to toggle)
golang-github-google-certificate-transparency 0.0~git20160709.0.0f6e3d1~ds1-3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye, buster
  • size: 5,676 kB
  • sloc: cpp: 35,278; python: 11,838; java: 1,911; sh: 1,885; makefile: 950; xml: 520; ansic: 225
file content (70 lines) | stat: -rw-r--r-- 2,274 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 
sslconnect_test.sh does an end-to-end demo of creating a server
certificate, sending it to the log server and getting back a log
proof, serving the certificate and proof with Apache, and verifying
the log proof.

To run sslconnect_test, you will need to do the following:

1. Compile the log server and client, following the instructions in README.

2. To run a test SSL server, you will also need Apache. On Debian based
systems, running

$ sudo apt-get install apache2

should suffice. You may also need to modify httpd-local.conf (see
httpd-common.conf in this directory for tips).

For the following steps you should be in the directory where
this README resides.

3. Run the test

$ ./sslconnect_test.sh

This first runs client regression tests against existing certificates.
Secondly, the test generates fresh test certificates and tests
a) The submission of certificates and precertificates to the log server,
   and the retrieval of initial Signed Certificate Timestamps;
b) Serving Signed Certificate Timestamps in a TLS handshake; and
c) Retrieving audit proofs for those SCTs from the log server.

In the end, the tests should report something like this:

PASSED 38 tests
FAILED 0 tests

--------------------------------------------------------------------------------

To build a version of Apache that serves SCTs as TLS extensions...

1. Build and install a version of OpenSSL 1.0.2 (a snapshot can be
   found at ftp://ftp.openssl.org/snapshot/). Make sure you build a shared version, for example:

$ ./config shared

   You may want to modify the install path.

2. Apply the patch apache-serverinfo.patch to the Apache source
   (tested with current 2.4.x code). Make sure you have included APR
   in the source (may not be necessary). One way to achieve this is:

$ svn co https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x httpd-2.4
$ cd httpd-2.4
$ svn co https://svn.apache.org/repos/asf/apr/apr/trunk srclib/apr 

3. Configure Apache like this:

$ ./configure --with-included-apr --enable-ssl --with-ssl=<path to installed openssl>

   And build:

$ make

4. Run Apache:

$ ./run_apache_server.sh <path to httpd source> <path to installed openssl>

5. Test with, say:

$ OPENSSLDIR=<path to installed openssl> ./test_running_ssl_server.sh 8124