search

mpeylo / cmpossl

An OpenSSL-based implementation of the Certificate Management Protocol (CMP), defined in IETF RFCs 4210, 4211, and 6712. It is being extended according to the emerging RFCs 'CMP Updates' (CMPv3), 'CMP Algorithms', and 'Lightweight CMP Profile'.
https://github.com/mpeylo/cmpossl/wiki
Other
35 stars 13 forks source link

cmpossl-cmp-lib4: Invalid command 'cmp'; type "help" for a list #210

Closed mickae1 closed 4 years ago

mickae1 commented 4 years ago

OPENSSL_DIR=/usr/local make -f Makefile_cmp install detected OpenSSL version 1.1.x mkdir -p /usr/lib install -D ./libcmp.so /usr/lib mkdir -p /usr/include/openssl install -D ./include_cmp/openssl/*.h /usr/include/openssl

openssl cmp -section ECC -newkey test.ECC256p.pem -certout test.ECCcert.pe Invalid command 'cmp'; type "help" for a list

What can I do to check if it is well installed. How OpenSSL know that cmp lib exist ?

mpeylo commented 4 years ago

What you do might actually only build CMP library. The "openssl" command is an application which makes use of the library and includes cmp application functionality - but is not built here.

I'm not sure what you want to achieve, but if you just want to use OpenSSL with CMP support it might be easiest if you do something along the following lines (untested, there might be some typos). I realize that this simplest option to a quickly test drive might not be described in the Wiki as such...

git clone https://github.com/mpeylo/cmpossl.git
cd cmpossl
./config --prefix=SOME/FOLDER
make depend && make update
make
make install
SOME/FOLDER/bin/openssl cmp ...

While SOME/FOLDER might e.g. be $home/cmpinstall. Note: you should not install that OpenSSL with CMP over you system's openssl binary and libraries, you should generally be good in avoiding doing that by accident if you do not do that as root.

As an option, to avoid messing up a system's openssl, one could do that as docker container.

mickae1 commented 4 years ago

David told me :

Yes, CMPforOpenSSL can already be used with released OpenSSL versions (since 1.0.2), including 1.1.1 (just that we did not update the code base for it for a while, which should not be a problem for typical applications).

There is a pretty easy way to use it, dynamically linking it with an existing OpenSSL installation, so no need to manage two installations on the same system: https://github.com/mpeylo/cmpossl/wiki/Quick-Start

mickae1 commented 4 years ago

I wanted to try the dynamically linking option. But it doesn't work. The other option as you suggested it's to install your openssl in another folder .

DDvO commented 4 years ago

Meanwhile you can also use our (so far internal) development branch cmp-dev:

git clone --single-branch --branch cmp-dev git@github.com:mpeylo/cmpossl.git
cd cmpossl/
./config
make -j4

This produces the latest OpenSSL library and an openssl binary including cmp in apps/openssl, but not one that would dynamically link with an existing (older) OpenSSL version. This branch also includes tests that use the CMP mock server:

make test TESTS="test_cmp_cli_server" V=1