Closed mickae1 closed 4 years ago
What you do might actually only build CMP library. The "openssl" command is an application which makes use of the library and includes cmp application functionality - but is not built here.
I'm not sure what you want to achieve, but if you just want to use OpenSSL with CMP support it might be easiest if you do something along the following lines (untested, there might be some typos). I realize that this simplest option to a quickly test drive might not be described in the Wiki as such...
git clone https://github.com/mpeylo/cmpossl.git
cd cmpossl
./config --prefix=SOME/FOLDER
make depend && make update
make
make install
SOME/FOLDER/bin/openssl cmp ...
While SOME/FOLDER might e.g. be $home/cmpinstall. Note: you should not install that OpenSSL with CMP over you system's openssl binary and libraries, you should generally be good in avoiding doing that by accident if you do not do that as root.
As an option, to avoid messing up a system's openssl, one could do that as docker container.
David told me :
Yes, CMPforOpenSSL can already be used with released OpenSSL versions (since 1.0.2), including 1.1.1 (just that we did not update the code base for it for a while, which should not be a problem for typical applications).
There is a pretty easy way to use it, dynamically linking it with an existing OpenSSL installation, so no need to manage two installations on the same system: https://github.com/mpeylo/cmpossl/wiki/Quick-Start
I wanted to try the dynamically linking option. But it doesn't work. The other option as you suggested it's to install your openssl in another folder .
Meanwhile you can also use our (so far internal) development branch cmp-dev
:
git clone --single-branch --branch cmp-dev git@github.com:mpeylo/cmpossl.git
cd cmpossl/
./config
make -j4
This produces the latest OpenSSL library and an openssl
binary including cmp in apps/openssl
,
but not one that would dynamically link with an existing (older) OpenSSL version.
This branch also includes tests that use the CMP mock server:
make test TESTS="test_cmp_cli_server" V=1
OPENSSL_DIR=/usr/local make -f Makefile_cmp install detected OpenSSL version 1.1.x mkdir -p /usr/lib install -D ./libcmp.so /usr/lib mkdir -p /usr/include/openssl install -D ./include_cmp/openssl/*.h /usr/include/openssl
openssl cmp -section ECC -newkey test.ECC256p.pem -certout test.ECCcert.pe Invalid command 'cmp'; type "help" for a list
What can I do to check if it is well installed. How OpenSSL know that cmp lib exist ?