That makes sense. Any sort of SSL app (perhaps other crypto apps, as well) needs to have "random entropy" in order to operate. In the not-so-distant past, Solaris didn't offer a "randomness generator", so openssl's solution was to force the user to enter random keystrokes.... In other words, be thankful that Linux (or uCLinux) doesn't require this :-) 

 

Cheers, and Thanks for the SSLed BOA! 

 

- slacker

 

--- Quote Start ---  

originally posted by nacide@May 31 2006, 08:37 AM 

in the mean time i could solve the problem myself. it was due to the device /dev/urandom missing. 

creating the device in the rootfs solved the problem and ssl works now. 

 

get the boa webserver with auth and ssl working from 

my webpage (http://www.8ung.at/nacide_manfred/linuxtutorial.html#boawebserver) 

<div align='right'><{post_snapback}> (index.php?act=findpost&pid=15724) 

--- quote end ---  

 

--- Quote End ---  

 

Hi,nacide. 

Could you tell me something more about how to create boa_passwd? what is it format? How to get crypt password? 

my source file as follow: 

# Boa v0.94 configuration file# File format has changed little from 0.92# version changes are noted in the comments# # The Boa configuration file is parsed with a lex/yacc or flex/bison# generated parser.  If it reports an error, the line number will be# provided; it should be easy to spot.  The syntax of each of these# rules is very simple, and they can occur in any order.  Where possible# these directives mimic those of NCSA httpd 1.3; I saw no reason to # introduce gratuitous differences. # The "ServerRoot" is not in this configuration file.  It can be compiled# into the server (see defines.h) or specified on the command line with# the -c option, for example:# # boa -c /usr/local/boa # Port: The port Boa runs on.  The default port for http servers is 80.# If it is less than 1024, the server must be started as root. Port 80 #  User: The name or UID the server should run as.# Group: The group name or GID the server should run as. User 0 Group 0 # ServerAdmin: The email address where server problems should be sent.# Note: this is not currently used. ServerAdmin root@localhost # ErrorLog: The location of the error log file. If this does not start# with /, it is considered relative to the server root.# Set to /dev/null if you don&#39;t want errors logged. # ErrorLog /dev/null # AccessLog: The location of the access log file. If this does not# start with /, it is considered relative to the server root.# Comment out or set to /dev/null (less effective) to disable # Access logging. # AccessLog /log/boa/access_log # RefererLog: The location of the referer log file. If this does not# start with /, it is considered relative to the server root.# Comment out or set to /dev/null (less effective) to disable# referer logging. # RefererLog /log/boa/referer_log # AgentLog: The location of the agent log file. If this does not# start with /, it is considered relative to the server root.# Comment out or set to /dev/null (less effective) to disable# User-Agent logging. # AgentLog /mnt/jaguar/log/boa/agent_log # VerboseCGILogs: this is just a logical switch.# Comment out to disable.# VerboseCGILogs # ServerName: the name of this server that should be sent back to # clients if different than that returned by gethostname -- often# this is www.foo.bar. # ServerName www.your.org.here # DocumentRoot: The root directory of the HTML documents. # DocumentRoot /var/www DocumentRoot /home/httpd # ChRoot: Boa root &#39;/&#39; directory. This is useful to improve security of# your system. Don&#39;t forget that ALL DIRECTORIES used by boa except logs# must be in this directory. If you need cgi scripts, you must copy shared# libraries to this directory (see ldconfig(8) for more info) ChRoot /home/httpd # UserDir: The name of the directory which is appended onto a user&#39;s home# directory if a ~user request is recieved. UserDir public_html # DirectoryIndex: Name of the file to use as a pre-written HTML# directory index.  Please MAKE AND USE THESE FILES.  On the# fly creation of directory indexes can be _slow_.# DirectoryIndex index.html # DirectoryMaker /usr/local/sbin/boa_indexer DirectoryMaker /sbin/boa_indexer # LocalCodepage: Local codepage. This is send to client in &#39;Content-Type:&#39;# header by default. # LocalCodepage iso-8859-1 # Codepage: Load codepage conversion table from file. This table will be used# on-the-fly conversion. # Codepage us-ascii /usr/lib/boa/iso-8859-2/us-ascii # CodepageByURL: Specify URL prefix codepage. This command is used for manual# codepage selection. For example, http://www.cz.boa.org/asc/document.html# converts /document.html to us-ascii # CodepageByURL    /asc    us-ascii # CodepageByBrowser: Specify codepage by $USER_AGENT. This command is used for# automatic codepage selection. You can use characters &#39;*&#39; and &#39;?&#39; in browser# string. For example, "CodepageByBrowser Lynx/* us-ascii" will send for Lynx# users all documents in us-ascii. # CodepageByBrowser Lynx/* us-ascii # KeepAliveMax: Number of KeepAlive requests to allow per connection# Comment out, or set to 0 to disable keepalive processing KeepAliveMax 100 # KeepAliveTimeout: seconds to wait before keepalive connection times out KeepAliveTimeout 10 # MimeTypes: This is the file that is used to generate mime type pairs# and Content-Type fields for boa. MimeTypes /etc/mime.types # DefaultType: MIME type used if the file extension is unknown, or there# is no file extension. DefaultType text/plain # AddType: adds types without editing mime.types# Example: AddType type extension # Uncomment the next line if you want .cgi files to execute from anywhere AddType application/x-httpd-cgi cgi AddType application/x-httpd-cgi cgi AddType application/postscript ps AddType application/postscript eps AddType application/pgp pgp AddType audio/x-aiff aif AddType audio/x-aiff aifc AddType audio/x-aiff aiff AddType text/plain asc AddType text/plain txt AddType audio/ulaw au AddType video/x-msvideo avi AddType application/x-bcpio bcpio AddType application/octet-stream bin AddType application/x-netcdf cdf AddType application/x-cpio cpio AddType application/x-csh csh AddType application/x-dvi dvi AddType text/x-setext etx AddType application/andrew-inset ez AddType image/gif gif AddType application/x-gtar gtar AddType application/x-gunzip gz AddType application/x-hdf hdf AddType text/html html AddType image/ief ief AddType image/jpeg jpe AddType image/jpeg jpeg AddType image/jpeg jpg AddType application/x-latex latex AddType application/x-troff-man man AddType application/x-troff-me me AddType application/x-mif mif AddType video/quicktime mov AddType video/quicktime qt AddType video/x-sgi-movie movie AddType video/mpeg mp2 AddType video/mpeg mpe AddType video/mpeg mpeg AddType video/mpeg mpg AddType application/x-troff-ms ms AddType application/x-netcdf nc AddType application/oda oda AddType image/x-portable-bitmap pbm AddType application/pdf pdf AddType image/x-portable-graymap pgm AddType application/x-chess-pgn pgn AddType image/x-portable-anymap pnm AddType image/x-portable-pixmap ppm AddType application/postscript ps AddType image/x-cmu-raster ras AddType image/x-rgb rgb AddType application/x-troff roff AddType application/rtf rtf AddType text/richtext rtx AddType application/x-sh sh AddType application/x-shar shar AddType audio/basic snd AddType application/x-wais-source src AddType application/x-sv4cpio sv4cpio AddType application/x-sv4crc sv4crc AddType application/x-troff t AddType application/x-troff tr AddType application/x-tar tar AddType application/x-tcl tcl AddType application/x-tex tex AddType application/x-texinfo texi AddType application/x-texinfo texinfo AddType image/tiff tif AddType image/tiff tiff AddType text/tab-separated-values tsv AddType application/x-ustar ustar AddType audio/x-wav wav AddType image/x-xbitmap xbm AddType image/x-xpixmap xpm AddType image/x-xwindowdump xwd AddType application/zip zip # Redirect, Alias, and ScriptAlias all have the same semantics -- they# match the beginning of a request and take appropriate action.  Use# Redirect for other servers, Alias for the same server, and ScriptAlias# to enable directories for script execution. # Redirect allows you to tell clients about documents which used to exist in# your server&#39;s namespace, but do not anymore. This allows you to tell the# clients where to look for the relocated document.# Example: Redirect /bar http://elsewhere/feh/bar # Aliases: Aliases one path to another.# Example: Alias /path1/bar /path2/foo # Alias /doc /usr/doc # ScriptAlias: Maps a virtual path to a directory for serving scripts# Example: ScriptAlias /htbin/ /www/htbin/ # VirtualHost: Maps a virtual host to a directory.# Example: VirtualHost cz.boa.org /html/htdocs/boa/ # VirtualHost    www.second.company.com /var/www/second_company/ # Auth: HTTP Basic authorization. Format is "Auth <Directory> <PasswdFile>".# Password file should be readable _ONLY_ by root or trusted user(s). This file# is opened before boa gives out privs.# Example: Auth /secret /var/www/secret.passwd Auth / /etc/boa_passwd 

 

/etc/boa_passwd is : 

melvin $1$$xnB8I.j83d1doTGExRA.i. 

$1$$xnB8I.j83d1doTGExRA.i. is copied from /etc/passwd which created by command passwd in uclinux. 

Please give me some advice!!!!!!!!

Look at the auth.c file for the password format. 

The password needs to be created with the command htpasswd (not passwd) which is the password generator used for apache. I think you need apache package installed on your developement host for the command htpasswd. 

In the boa sources EMBED is the default directive. This is fine for embedded systems but the password that is accepted is somewhat strange (only 1 user), 

therefore I changed this in the auth.c file so that also EMBED is compatible to the password generation with htpasswd. 

Read the whole story on my homepage (http://www.8ung.at/nacide_manfred/linuxtutorial.html#boawebserver)

Thank you very much!! 

under microtronix&#39;s boa, passwd can pass. Thank you!! 

 

In NiosII IDE, your boa source can&#39;t pass compile.  

I can&#39;t understand clearly what you said. Could you explain it. for example: 

Make sure you have the openssl include files copied to c:\altera\kits\nios2_51\bin\eclipse\plugins\com.microtronix.nios2linux.uClibc_1.4.0\include 

There is no .h file in opensll which download from downloadplace. 

Thank you very much!!!

The .h file are those in the openssl-0.9.7e package in the include directory, just copy the directory openssl with all .h files into the D:\altera\kits\nios2_51\bin\eclipse\plugins\com.microtronix.nios2linux.uClibc_1.4.0\include directory 

so you will have a folder openssl there.  

Hint: Watch for your compiler messages that will say ...no such file... and search for the .h file missing and copy it to the right place.