bredzhang / shellinabox

Automatically exported from code.google.com/p/shellinabox
0 stars 0 forks source link

ssl support doesn't work on openbsd 4.4 #14

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Hi again

I downloaded the latest source available from svn (revision 121) and it
compiles fine (thanks for that :), then I launched shellinabox on this way:
"sudo ./shellinaboxd --cert=/etc/ssl/ --no-beep --port=8080 --service
/:LOGIN -v" and I got this error when I used https:
http://tinyurl.com/ovkmkf , when I used simple http it doesn't encrypt the
data: http://tinyurl.com/qow8uc 

I also tried with "sudo ./shellinaboxd --no-beep --port=8080 --service
/:LOGIN -v" but I got the same, the output of shellinabox is attached.

Now, as you said that you didn't have access to a "current" openbsd box I
thought that you could use my machine, It runs a 4.4 patched version, so I
think it could be enough, I've searched for ssl libraries and it looks that
all is on its place, although PAM will not work (afaik openbsd doesn't
support it).

Anyway I've made you an account (user/pass=zodiac) with super powers to do
whatever you want on josefina.zapto.org.

Thanks again!

Original issue reported on code.google.com by disco...@gmail.com on 24 May 2009 at 12:55

Attachments:

GoogleCodeExporter commented 8 years ago
Ups I forgot to mention the port, it uses the 1001/tcp

Original comment by disco...@gmail.com on 24 May 2009 at 12:58

GoogleCodeExporter commented 8 years ago
This was a result of OpenBSD not being able to automatically load 
"libcrypto.so" as
dependency of "libssl.so". No idea, why that doesn't work on OpenBSD. I now 
fixed the
code to link against both libraries explicitly (when run-time loading has been
disabled in "./configure"), or to load "libcrypto.so" with "dlopen()", if 
resolving
symbols from "libssl.so" otherwise fails.

The upshot is, that everything should work correctly now, if you build the 
latest SVN
release on OpenBSD.

PAM support is still not available, but that seems to be a short-coming of 
OpenBSD.
So, you will not be able to use the "AUTH" token in any service definitions. Use
"LOGIN" and run as "root" instead, or provide your own authentication module in 
your
web server; for the latter, you should use the "--cgi" option.

I also noticed that on OpenBSD, "shellinaboxd" cannot retrieve symbolic group 
names.
This appears to be a permission problem. Just use numeric group names instead.

Sorry for all these caveats when running on OpenBSD. That OS is just a little 
more
restrictive and tends to make different design choices than other operating 
systems.
So, it is sometimes not possible to support every feature. If you are aware of
OpenBSD-specific work-arounds, please let me know, though.

Original comment by zod...@gmail.com on 25 May 2009 at 6:25