I don't see how this is related to my question in the slightest?
Ed W
vinni rathore wrote:
hi....
i m getting undefined symbol for my sample server program that is on
linux. my program is using openssl apis.
i have installed the openssl 0.9.8g version on the red hat machine
everything got sucess but still getting the linking errors.
steps that i followed:
1- config
2. make
3. make install
finally when i tried my sample with gcc compiler it gives the
undefined symbol errors.
like : undefined reference to SSL_library_init.
plz reply as soon as possible.
thnx in advance.
On Sat, Jun 14, 2008 at 9:29 PM, Dr. Stephen Henson <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
On Fri, Jun 13, 2008, Ed W wrote:
> Hi
>
> After a lot of false starts I have finally managed to generate a
cert with
> a subjectAltName extension. I still don't understand the solution
> though...
>
> Basically I modified the default openssl.cnf file to have
x509_extensions =
> v3_req in the [ req ] section and then then updated the v3_req
section to
> list my subjectAltNames. Now when I generate a request and self
sign it
> with:
>
> openssl x509 -req -days 365 -in server.csr -signkey
server.pem -out
> server.crt
>
> ...then all I get is a v1 cert with no extensions section, but
if instead I
> use:
>
> openssl x509 -req -days 365 -in server.csr -signkey
server.pem -out
> server.crt -extfile ../openssl.cnf
>
> (and edit openssl.cnf to have an "extensions=v3_req" line) then
I get the
> v3 certificate with what appears to be the correct extensions...
wahoo!
>
> My question is whether it's possible to avoid having to write
"-extfile" on
> the signing request above? It's not that the extra typing is a
big deal,
> it's just that I have torn my hair out for several days over
this because
> all the examples on the web don't seem to have this extra
stanza? Am I
> just missing something really simple in my config file to avoid
needing
> this on my command line? I would like to try and understand why
this is
> necessary if possible please?
>
> Can someone please also confirm that the CA.pl script supplied
with my
> gentoo openssl install will NOT correctly generate certs with a
> subjectAltName?
>
There are many examples on the web which are *ancient* and "new"
one's derived
from them.
If you don't use the -extfile option the 'x509' command does not
know which extensions to use so defaults to none at all in a (now
obsolete) v1
certificate. You can also include an -extensions v3_req option on
the command
line and avoid having to modify openssl.cnf any further.
The CA.pl script is the recommended way to generate certificates
and should
make matters easier.
You can use CA.pl to include subjectAltName. However you need a
customised
openssl.cnf file which you can point to using the OPENSSL_CONF
environment
variable or you could modify the system one but that is not
recommended.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org <mailto:openssl-users@openssl.org>
Automated List Manager
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
--
regards,
Vineeta Kumari
Software engg
Mobera Systems
Chandigarh
